From patchwork Mon Mar 27 11:49:37 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Selva Nair <selva.nair@gmail.com>
X-Patchwork-Id: 3168
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7301:10f:b0:b2:6796:f29 with SMTP id gj15csp1351156dyb;
        Mon, 27 Mar 2023 04:50:47 -0700 (PDT)
X-Google-Smtp-Source: 
 AKy350YfZLDmSwcBK9wdqr6mWNHi32Z+MVOTpmO7lK3ZnJUxtzmGe2ALXQ+uLyLnjMWuyrMdnj7w
X-Received: by 2002:a17:90b:4ac5:b0:23a:f4b4:630 with SMTP id
 mh5-20020a17090b4ac500b0023af4b40630mr11907141pjb.23.1679917847038;
        Mon, 27 Mar 2023 04:50:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1679917847; cv=none;
        d=google.com; s=arc-20160816;
        b=dG0ze6GkKKbj476HDSMbPe0ahkpaSb1ckjMrCq2VUUhHn/qyKpR2Sw++73i5D+mVcW
         OEjjjXWCj6manEclBcxmsAtEslnYu3icrbIZUizMuU9Xfc85BQh7RiU+fYgRilUHnzHR
         4fnzgUp4+0wSL1G4aVWeVp6WcT85/8XxWn6ygX5NRf1PFQmoYyhTU24UndT8bwG4wao7
         XvVK/I8nGiYCvw+2eRAqTesQYgVZarEPVBTmKIJx8lgo0pE/a+w0oTc0c9/goYl0/YPm
         pGKpUmzISHZFNkz0HpTSFVTwvYKyiq/KzzW+06TAv2524ZSPgOWeN1WayfS5eRL7F7Op
         PVBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=errors-to:content-transfer-encoding:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:message-id:date:to:from:dkim-signature:dkim-signature
         :dkim-signature;
        bh=7wxO9u91ixp+cb3swdZxkm4gY8RZ38an/1O8ORQZx9A=;
        b=lEX19OAVW+KeirHeH3r/ZlQ+3CREWxm1H+eHRrz9V3GSFCEdImHFN0DeqZ6VROpb0r
         IhEutGVjp6CbKpMcX/bE/3jNUDNGvxRyMVSt24eNjcvbvWxgIZ+IPBZ/IVy6+ILS10iv
         Qf2dIM8bc07kdDR9r+hliIshOcT9OYQtREIbwiowVrTVgZ7dCmj5jt2sm9IkWZIQNPkI
         8+0S2IL4VFAw1KhYuOX7+d5UJYW2HkyCIK7Hzm9s7KWCfVlSUX8waKXVwr9GFNHXclZ8
         J65BwQe/GI7nRefZ6rTppF8W1nGkWVJCO80BKQwyunYgBBiH5P0RqGVDFsUxF0ZAqiqX
         Pljw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=WKl1DbTj;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=exdFgwdJ;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20210112 header.b="A/Whi9LG";
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 a8-20020a17090a854800b002309f0bd759si6055245pjw.92.2023.03.27.04.50.46
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 27 Mar 2023 04:50:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=WKl1DbTj;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=exdFgwdJ;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20210112 header.b="A/Whi9LG";
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com)
	by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1pglMJ-0002Ym-Gt;
	Mon, 27 Mar 2023 11:49:54 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <selva.nair@gmail.com>) id 1pglMI-0002Yg-LI
 for openvpn-devel@lists.sourceforge.net;
 Mon, 27 Mar 2023 11:49:53 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id:
 Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=Eqvichqp576Hc0YLliuGUK4g40/0HBn5Sbn6oLYBe0k=; b=WKl1DbTjtUedNxFkj62MdvXFrs
 ojkhUdgJDxyCxRvSpZ5IH5ayd/qT/FAtLohEE9LV2CDxhZsj05MSuJZEDJv1lTfDgL5W/gdz+Wh8y
 fzZL1Q1/ueU+m1WuqKMv4jyaCTbX3VKMol16eqau7PuE2FnKrwxx9dFZMJAEkPKN2PMU=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From
 :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:
 Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
 References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:
 List-Owner:List-Archive; bh=Eqvichqp576Hc0YLliuGUK4g40/0HBn5Sbn6oLYBe0k=; b=e
 xdFgwdJyzu+rzBmB0yk9GaWoq6Zko3PNdCkxfJNWzmLfpREcaK16S6ReYAMSvqtdA9Bo7nnWhEWnz
 qMM+09hnORwVF5OFBaIxCuOhNr1fV0Zx0YSG8f32zWMFefpiOUnpGZeyKimwViKJxSID8/jWfZeyA
 5QrEM0kTm3goj9Jc=;
Received: from mail-yw1-f182.google.com ([209.85.128.182])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95)
 id 1pglMD-0002wG-Hw for openvpn-devel@lists.sourceforge.net;
 Mon, 27 Mar 2023 11:49:53 +0000
Received: by mail-yw1-f182.google.com with SMTP id
 00721157ae682-54601d90118so9744557b3.12
 for <openvpn-devel@lists.sourceforge.net>;
 Mon, 27 Mar 2023 04:49:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20210112; t=1679917783;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=Eqvichqp576Hc0YLliuGUK4g40/0HBn5Sbn6oLYBe0k=;
 b=A/Whi9LGM5MddqGamfZsrVPoOjP0KCsH+TEpsbHBf1Rr18fOz3VuryHT6uUuPM9wxp
 v7u7Kr7utcLe3TwHXWYQyh9qEpAuJQ/CgUxaOMQmk1/KUrzVGkB4veK6ztnHefkRa4f1
 5waWb9Sr7HRI6T6XPMFrBjede0XMXHBaQ4pT/qmZhx25UuOvKYirJITVMRpkVsdrl5vh
 Yo0pDSsjk8S2JId3Irtr57Lq9yyoCTclm8h8xBu/6k8HJIS/U2+unPECf+pSeZnfHLk7
 bK8USnlEqjM5AY6XrB47XIGsO+jqdxW6Z7LYKaHj4YPMujduG3Hu4nv0ycXtnuAgwJHx
 WY6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112; t=1679917783;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=Eqvichqp576Hc0YLliuGUK4g40/0HBn5Sbn6oLYBe0k=;
 b=mSghzvQqAFyPFOHfyaBSUAJarN5YB55DUJkqBHS+v4KaRgjI4aAhSHQPHG1g9C6+2z
 gKOT+sW0AswyLKYyBQGl4cJL+BrAC1Wb8cj2E+LyNZkWO4Q8JPeESBeRgMjnI6WgXo+r
 ULpL5Z0FfJnUYr7gSXRWNtQaJePfzZ0yr4biaICTe5IHOgSVPCLdw+O8Ouu9185To93Y
 h0m2bOlbJMNVNfC5FcbS6MYCF5srAvSqLhJ3k/7ggVT/FvgporpCyZ0oKDW6a9gwLLsg
 RX+VM8jjwTWMO5iaT0mu7+4rlM6kZBTdJBkHMSjSsgSHC5Yja73Eg24GHbC1bi37Wl3K
 04Fg==
X-Gm-Message-State: AAQBX9cpzpnpsT16b+klMWyyNgclqsNNNoyA8Yq2pz9B6NKgkgBW24E1
 6nuerZUX8DNpvH4aNWcFKbzEnIBePjY=
X-Received: by 2002:a05:690c:ed4:b0:53c:6fca:a1c4 with SMTP id
 cs20-20020a05690c0ed400b0053c6fcaa1c4mr13614440ywb.2.1679917783677;
 Mon, 27 Mar 2023 04:49:43 -0700 (PDT)
Received: from uranus.sansel.ca
 (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66])
 by smtp.gmail.com with ESMTPSA id
 q9-20020a81cb09000000b00545a08184d0sm1895815ywi.96.2023.03.27.04.49.43
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 27 Mar 2023 04:49:43 -0700 (PDT)
From: selva.nair@gmail.com
To: openvpn-devel@lists.sourceforge.net
Date: Mon, 27 Mar 2023 07:49:37 -0400
Message-Id: <20230327114937.28246-1-selva.nair@gmail.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-2.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  From: Selva Nair - Do not use non-literal initializers for
 static objects - Replace empty initializer {} by {0} Signed-off-by: Selva
 Nair --- To be applied after the test-pkcs11 patch set
 Content analysis details:   (-0.2 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [209.85.128.182 listed in list.dnswl.org]
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider [selva.nair[at]gmail.com]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.128.182 listed in wl.mailspike.net]
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
X-Headers-End: 1pglMD-0002wG-Hw
Subject: [Openvpn-devel] [PATCH] Make cert_data.h and
 test_cryptoapi/pkcs11.c MSVC compliant
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1761521536311935783?=
X-GMAIL-MSGID: =?utf-8?q?1761521536311935783?=

From: Selva Nair <selva.nair@gmail.com>

- Do not use non-literal initializers for static objects
- Replace empty initializer {} by {0}

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-By: Frank Lichtenheld <frank@lichtenheld.com>
---
To be applied after the test-pkcs11 patch set

 tests/unit_tests/openvpn/cert_data.h      |  6 ++---
 tests/unit_tests/openvpn/test_cryptoapi.c | 24 ++++++++++++++------
 tests/unit_tests/openvpn/test_pkcs11.c    | 27 ++++++++++++++++-------
 3 files changed, 39 insertions(+), 18 deletions(-)

diff --git a/tests/unit_tests/openvpn/cert_data.h b/tests/unit_tests/openvpn/cert_data.h
index 33de35ec..0886b071 100644
--- a/tests/unit_tests/openvpn/cert_data.h
+++ b/tests/unit_tests/openvpn/cert_data.h
@@ -79,7 +79,7 @@ static const char *const cert2 =
     "HeTsAlHjfFEReVDiNCI9vMQLKFKKWnAorT2+iyRueA3bt2gchf863BBhZvJddL7Q\n"
     "KBa0osXw+eGBRAwsm7m1qCho3b3fN2nFAa+k07ptRkOeablmFdXE81nVlA==\n"
     "-----END CERTIFICATE-----\n";
-static const char *const key2 = key1;
+#define key2 key1
 static const char *const hash2 = "FA18FD34BAABE47D6E2910E080F421C109CA97F5";
 static const char *const cname2 = "ovpn-test-ec2";
 
@@ -159,8 +159,8 @@ static const char *const cert4 =
     "353PpJJ9s2b/Fqoc4d7udqhQogA7jqbayTKhJxbT134l2NzqDROzuS0kXbX8bXCi\n"
     "mXSa4c8=\n"
     "-----END CERTIFICATE-----\n";
-static const char *const key4 = key3;
+#define key4 key3
 static const char *const hash4 = "E1401D4497C944783E3D62CDBD2A1F69F5E5071E";
-static const char *const cname4 = cname3; /* same CN as that of cert3 */
+#define cname4 cname3 /* same CN as that of cert3 */
 
 #endif /* CERT_DATA_H */
diff --git a/tests/unit_tests/openvpn/test_cryptoapi.c b/tests/unit_tests/openvpn/test_cryptoapi.c
index c8468103..2150b77c 100644
--- a/tests/unit_tests/openvpn/test_cryptoapi.c
+++ b/tests/unit_tests/openvpn/test_cryptoapi.c
@@ -99,17 +99,26 @@ static struct test_cert
     const char *const friendly_name;    /* identifies certs loaded to the store -- keep unique */
     const char *hash;                   /* SHA1 fingerprint */
     int valid;                          /* nonzero if certificate has not expired */
-} certs[] = {
-    {cert1,  key1,  cname1,  "OVPN TEST CA1",  "OVPN Test Cert 1",  hash1,  1},
-    {cert2,  key2,  cname2,  "OVPN TEST CA2",  "OVPN Test Cert 2",  hash2,  1},
-    {cert3,  key3,  cname3,  "OVPN TEST CA1",  "OVPN Test Cert 3",  hash3,  1},
-    {cert4,  key4,  cname4,  "OVPN TEST CA2",  "OVPN Test Cert 4",  hash4,  0},
-    {}
-};
+} certs[5];
 
 static bool certs_loaded;
 static HCERTSTORE user_store;
 
+/* Fill-in certs[] array */
+void
+init_cert_data()
+{
+    struct test_cert certs_local[] = {
+        {cert1,  key1,  cname1,  "OVPN TEST CA1",  "OVPN Test Cert 1",  hash1,  1},
+        {cert2,  key2,  cname2,  "OVPN TEST CA2",  "OVPN Test Cert 2",  hash2,  1},
+        {cert3,  key3,  cname3,  "OVPN TEST CA1",  "OVPN Test Cert 3",  hash3,  1},
+        {cert4,  key4,  cname4,  "OVPN TEST CA2",  "OVPN Test Cert 4",  hash4,  0},
+        {0}
+    };
+    assert(sizeof(certs_local) == sizeof(certs));
+    memcpy(certs, certs_local, sizeof(certs_local));
+}
+
 /* Lookup a certificate in our certificate/key db */
 static struct test_cert *
 lookup_cert(const char *friendly_name)
@@ -131,6 +140,7 @@ import_certs(void **state)
     {
         return;
     }
+    init_cert_data();
     user_store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER
                                |CERT_STORE_OPEN_EXISTING_FLAG, L"MY");
     assert_non_null(user_store);
diff --git a/tests/unit_tests/openvpn/test_pkcs11.c b/tests/unit_tests/openvpn/test_pkcs11.c
index ea394bea..df5f8c7e 100644
--- a/tests/unit_tests/openvpn/test_pkcs11.c
+++ b/tests/unit_tests/openvpn/test_pkcs11.c
@@ -112,13 +112,7 @@ static struct test_cert
     const char *const friendly_name;    /* identifies certs loaded to the store -- keep unique */
     uint8_t hash[HASHSIZE];             /* SHA1 fingerprint: computed and filled in later */
     char *p11_id;                       /* PKCS#11 id -- filled in later */
-} certs[] = {
-    {cert1,  key1,  cname1,  "OVPN TEST CA1",  "OVPN Test Cert 1",  {},  NULL},
-    {cert2,  key2,  cname2,  "OVPN TEST CA2",  "OVPN Test Cert 2",  {},  NULL},
-    {cert3,  key3,  cname3,  "OVPN TEST CA1",  "OVPN Test Cert 3",  {},  NULL},
-    {cert4,  key4,  cname4,  "OVPN TEST CA2",  "OVPN Test Cert 4",  {},  NULL},
-    {}
-};
+} certs[5];
 
 static bool pkcs11_id_management;
 static char softhsm2_tokens_path[] = "softhsm2_tokens_XXXXXX";
@@ -127,6 +121,21 @@ int num_certs;
 static const char *pkcs11_id_current;
 struct env_set *es;
 
+/* Fill-in certs[] array */
+void
+init_cert_data()
+{
+    struct test_cert certs_local[] = {
+        {cert1,  key1,  cname1,  "OVPN TEST CA1",  "OVPN Test Cert 1",  {0},  NULL},
+        {cert2,  key2,  cname2,  "OVPN TEST CA2",  "OVPN Test Cert 2",  {0},  NULL},
+        {cert3,  key3,  cname3,  "OVPN TEST CA1",  "OVPN Test Cert 3",  {0},  NULL},
+        {cert4,  key4,  cname4,  "OVPN TEST CA2",  "OVPN Test Cert 4",  {0},  NULL},
+        {0}
+    };
+    assert(sizeof(certs_local) == sizeof(certs));
+    memcpy(certs, certs_local, sizeof(certs_local));
+}
+
 /* Intercept get_user_pass for PIN and other prompts */
 bool
 get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix,
@@ -173,6 +182,7 @@ init(void **state)
     umask(0077);  /* ensure all files and directories we create get user only access */
     char config[256];
 
+    init_cert_data();
     if (!mkdtemp(softhsm2_tokens_path))
     {
         fail_msg("make tmpdir using template <%s> failed (error = %d)", softhsm2_tokens_path, errno);
@@ -416,7 +426,8 @@ test_tls_ctx_use_pkcs11(void **state)
         assert_non_null(pubkey);
         assert_non_null(privkey);
 #ifdef HAVE_XKEY_PROVIDER
-        digest_sign_verify(privkey, pubkey); /* this will exercise signing via pkcs11 backend */
+        /* this will exercise signing via pkcs11 backend */
+        assert_int_equal(digest_sign_verify(privkey, pubkey), 1);
 #else
         if (!SSL_CTX_check_private_key(tls_ctx.ctx))
         {