From patchwork Wed Oct 18 11:43:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "flichtenheld (Code Review)" X-Patchwork-Id: 3397 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7301:ea3:b0:f2:62eb:61c1 with SMTP id mk35csp5038093dyb; Wed, 18 Oct 2023 04:44:22 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFMTNRZcEAzx0E1PwV9EyaTrPY0Kf2im9xm8xX+BD8JpGOrWg1Be95cwukrPhXGOBLcZ9aY X-Received: by 2002:a05:6a20:8f2a:b0:163:d382:ba84 with SMTP id b42-20020a056a208f2a00b00163d382ba84mr5212202pzk.5.1697629462434; Wed, 18 Oct 2023 04:44:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697629462; cv=none; d=google.com; s=arc-20160816; b=so0pBtr1jHJfcW+yKVdm8mDCuIBNPWGY3Z0x+Fyx9FoyrUSaVeenOlk+tzifaa8LM+ GZtrpY+wX4WlTr0z/BwSd+tYq7UHIibd4mt5QP3IBAhwamPMxYYw4cthSvUoXbSK+F2d p9g/bqFwMIDYBJNViM6OqK4qhTuUfVHOMqwdL5sucQYgLh7i+nqPFL3A3T8iKwLbR35h +5nmNnzRI/sEvRpmlH7TBJNjckthNwa0dvdyruBKCb3qVeGUZVOGSoDLUseI/LQn43jy wkSe+9AwCN3OZkLQEMEuNe6Oyb3PtHK+ECF+SVlXJI37b3nJBCbhr39ZyEHn+XB/kKmM fbZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=vi6y+nI17YN2EBvPi/obrykLw3GNIgq1Fbub7PSrkVU=; fh=lm0MLPW7DntlrDqRECIiC9JlE1uPxhepE0URYHIf+eE=; b=l5yeuLKvaNM++L57uITkAB1SWGHHpXnHKyJWTJOFQEB+am3FfRdWgj5x82090KTiWb aUQb+kkQnuaAsdeY3thuVH4GdJHltiotXLAFU3ve1qhQgoz6SspZ7BpDFj8+EzkYpgOv 3dv/Uz4DI9MQ9tcROpIFVyoLuNLZZUz1hUE7PE2Q14zPJaX/a5Sgx6tWUzqF2ZYJv0Sj OsmW0xztMSB08t7/2urWXD0EvLWWiVKLLsWwb55OFBQLie/bs3bg5Zk82PC4miqDNYD9 zLBfqqmAjIzcJPTbZe5JwiglWjwPksRaamraR2+qHZOLNRzCEvTUfvm3bUDYjjOk39lV JkOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=cH6V32rq; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="ScjK/wIw"; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=Rp1hwya7; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id t16-20020a639550000000b005b02d7bb426si262037pgn.282.2023.10.18.04.44.21 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 18 Oct 2023 04:44:22 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=cH6V32rq; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="ScjK/wIw"; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=Rp1hwya7; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1qt4xw-0004Jn-KY; Wed, 18 Oct 2023 11:43:55 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1qt4xu-0004Jg-Pk for openvpn-devel@lists.sourceforge.net; Wed, 18 Oct 2023 11:43:53 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=473NW0Q2b3GzC3kHlnZ43Y6FGmZtCWXLjGQqn4ZL68o=; b=cH6V32rqGmN0+W8Lzrs4zNcLwJ zH1cMU8a02e7jGGeJ9p7wfT8fj6vCOFt/Gz+o5AWbOthDTLM1Yr2B54eGuT21UAwSLeIGrgtO3MMo +Ck2ncFVPnwZJqSiLkzeYA9q3YWakGFaTxTQ60BQqqAvkE/+BiszDOeTq8w8tghz/pTg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=473NW0Q2b3GzC3kHlnZ43Y6FGmZtCWXLjGQqn4ZL68o=; b=S cjK/wIwuX2oU9Uv5WnsHaSptHKkrQ74PVpjVBMnZPS8ylGjKsS4FDX19zsTSNB6NT676vVuHhjJux tlSoSSMM+S8Ga+iE8Knq7BKjyT2k8Z1b8izY7SGruBV5ldVRRCOqocXM8k6YuLMO+9zoOQlqQMzT2 0CrHCjfEfS/J2PYs=; Received: from mail-lj1-f170.google.com ([209.85.208.170]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1qt4xl-0004Cn-0H for openvpn-devel@lists.sourceforge.net; Wed, 18 Oct 2023 11:43:53 +0000 Received: by mail-lj1-f170.google.com with SMTP id 38308e7fff4ca-2c50ec238aeso63281301fa.0 for ; Wed, 18 Oct 2023 04:43:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1697629418; x=1698234218; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=473NW0Q2b3GzC3kHlnZ43Y6FGmZtCWXLjGQqn4ZL68o=; b=Rp1hwya7Id6qJjEH5D3Umq4LSH3ZVVwNEOLTV6JGKEzFS29A3jZ0vMQqwq7skEGeFc qaFTWMZg3xijtZjZ6XHoP5OfkFL2KStpnOFKKHfbQqHloede/PAUfwMUVq1CUOw92i6Q E3wVlbwLYY33wrfrFxVJv73j1QTB76qZ1ohOjjIaBSvwzDZ7aC/w+u587IRmXdezhlzl oTHHXAeCu1uqbnWVHVbGV9jRb8YcBQ+GxIL38vwFwsDqBSSdz2D7m14ufanO9IcDXyuY aT2Lh+ElCxP5+4WC/94kJiiTucv8yPjOXqSYYDEmGapt54e+l9O2imEwwSvwrouCKZ5F 2IOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697629418; x=1698234218; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=473NW0Q2b3GzC3kHlnZ43Y6FGmZtCWXLjGQqn4ZL68o=; b=MoLrHW1SFR13s0MdOgiw02lhuxoGrwyebDDZH4WGv0t9u8aiL0YCVUWGsxqHBuYGcE oE+T/cWK2YTqjv2N8hj106Ovi7aOHiOvlb1umeY76pj/EPoTRYxuayuY+LZwPZ20aQnz ItmNzDBw6UjJl/0hB9ZmyGPYrOsm2OzD38bY/LQg1G1nqNtAN3i0EhyNB+3/qz9pY1Fe dkb4yy8jufWSNnvuduLF9JQT2RlzVZE/EBiV4TrEtwWWPjb6bgY+1ZQezDX6fsFWCm5R HJL71L7W1Rl3RyOmOsotUG53Orkk4eQiAF9vOgKnbadFCYbEnz2xwPQqQeVuSF6DZl2k Y66g== X-Gm-Message-State: AOJu0YwGGfUAOU/03yxrAmFUD7DDsehOc6MZLCJ1tHa3XVvyY1hZBEZG w3L3lm8sizEdO2k3X7pD0tTVZFU+tTYSMIla0Fg= X-Received: by 2002:a05:651c:200d:b0:2bc:b557:cee9 with SMTP id s13-20020a05651c200d00b002bcb557cee9mr3237339ljo.43.1697629417385; Wed, 18 Oct 2023 04:43:37 -0700 (PDT) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id c16-20020a05600c0ad000b003fee567235bsm1449853wmr.1.2023.10.18.04.43.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 04:43:36 -0700 (PDT) From: "plaisthos (Code Review)" X-Google-Original-From: "plaisthos (Code Review)" X-Gerrit-PatchSet: 1 Date: Wed, 18 Oct 2023 11:43:36 +0000 To: flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I2d353a0cea0a62f289b8c1060244df66dd7a14cb X-Gerrit-Change-Number: 373 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: cbea17944110e1e0fafe537f13693f033f930591 References: Message-ID: <8b4ada7c5b95cbdc9360a721a25529bf713f2189-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.170 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.208.170 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1qt4xl-0004Cn-0H Subject: [Openvpn-devel] [L] Change in openvpn[master]: Remove openssl engine method for loading the key X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1780093510785785524?= X-GMAIL-MSGID: =?utf-8?q?1780093510785785524?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/373?usp=email to review the following change. Change subject: Remove openssl engine method for loading the key ...................................................................... Remove openssl engine method for loading the key This is a contribution for loading engine key. OpenSSL engine is deprecated since OpenSSL 3.0 and James Bottomlehy has not agreed to the proposed license chagne. He is also okay with removing with the feature from the current code base as it is obsolete with OpenSSL 3.0. Change-Id: I2d353a0cea0a62f289b8c1060244df66dd7a14cb --- M .gitignore M configure.ac M src/openvpn/crypto_openssl.c M src/openvpn/crypto_openssl.h M src/openvpn/ssl_openssl.c M tests/unit_tests/Makefile.am D tests/unit_tests/engine-key/Makefile.am D tests/unit_tests/engine-key/check_engine_keys.sh D tests/unit_tests/engine-key/libtestengine.c D tests/unit_tests/engine-key/openssl.cnf.in 10 files changed, 0 insertions(+), 279 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/73/373/1 diff --git a/.gitignore b/.gitignore index ed03aaa..a1da366 100644 --- a/.gitignore +++ b/.gitignore @@ -57,10 +57,6 @@ t_client.rc t_client_ips.rc tests/unit_tests/**/*_testdriver -tests/unit_tests/engine-key/client.key -tests/unit_tests/engine-key/log.txt -tests/unit_tests/engine-key/openssl.cnf -tests/unit_tests/engine-key/passwd src/openvpn/openvpn include/openvpn-plugin.h diff --git a/configure.ac b/configure.ac index 266b66f..128ab86 100644 --- a/configure.ac +++ b/configure.ac @@ -1532,7 +1532,6 @@ tests/unit_tests/openvpn/Makefile tests/unit_tests/plugins/Makefile tests/unit_tests/plugins/auth-pam/Makefile - tests/unit_tests/engine-key/Makefile sample/Makefile ]) AC_CONFIG_FILES([tests/t_client.sh], [chmod +x tests/t_client.sh]) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 22c6d68..fe1254f 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -1374,66 +1374,6 @@ return CRYPTO_memcmp(a, b, size); } -#if HAVE_OPENSSL_ENGINE -static int -ui_reader(UI *ui, UI_STRING *uis) -{ - SSL_CTX *ctx = UI_get0_user_data(ui); - - if (UI_get_string_type(uis) == UIT_PROMPT) - { - pem_password_cb *cb = SSL_CTX_get_default_passwd_cb(ctx); - void *d = SSL_CTX_get_default_passwd_cb_userdata(ctx); - char password[64]; - - cb(password, sizeof(password), 0, d); - UI_set_result(ui, uis, password); - - return 1; - } - return 0; -} -#endif - -EVP_PKEY * -engine_load_key(const char *file, SSL_CTX *ctx) -{ -#if HAVE_OPENSSL_ENGINE - UI_METHOD *ui; - EVP_PKEY *pkey; - - if (!engine_persist) - { - return NULL; - } - - /* this will print out the error from BIO_read */ - crypto_msg(M_INFO, "PEM_read_bio failed, now trying engine method to load private key"); - - ui = UI_create_method("openvpn"); - if (!ui) - { - crypto_msg(M_FATAL, "Engine UI creation failed"); - return NULL; - } - - UI_method_set_reader(ui, ui_reader); - - ENGINE_init(engine_persist); - pkey = ENGINE_load_private_key(engine_persist, file, ui, ctx); - ENGINE_finish(engine_persist); - if (!pkey) - { - crypto_msg(M_FATAL, "Engine could not load key file"); - } - - UI_destroy_method(ui); - return pkey; -#else /* if HAVE_OPENSSL_ENGINE */ - return NULL; -#endif /* if HAVE_OPENSSL_ENGINE */ -} - #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) bool ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret, diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h index 32849fd..c5a5393 100644 --- a/src/openvpn/crypto_openssl.h +++ b/src/openvpn/crypto_openssl.h @@ -118,16 +118,4 @@ msg((flags), __VA_ARGS__); \ } while (false) -/** - * Load a key file from an engine - * - * @param file The engine file to load - * @param ui The UI method for the password prompt - * @param data The data to pass to the UI method - * - * @return The private key if successful or NULL if not - */ -EVP_PKEY * -engine_load_key(const char *file, SSL_CTX *ctx); - #endif /* CRYPTO_OPENSSL_H_ */ diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 4c08add..23e7623 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -1057,10 +1057,6 @@ pkey = PEM_read_bio_PrivateKey(in, NULL, SSL_CTX_get_default_passwd_cb(ctx->ctx), SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx)); - if (!pkey) - { - pkey = engine_load_key(priv_key_file, ctx->ctx); - } if (!pkey || !SSL_CTX_use_PrivateKey(ssl_ctx, pkey)) { diff --git a/tests/unit_tests/Makefile.am b/tests/unit_tests/Makefile.am index f27cd90..33fefaa 100644 --- a/tests/unit_tests/Makefile.am +++ b/tests/unit_tests/Makefile.am @@ -2,7 +2,4 @@ if ENABLE_UNITTESTS SUBDIRS = example_test openvpn plugins -if OPENSSL_ENGINE -SUBDIRS += engine-key -endif endif diff --git a/tests/unit_tests/engine-key/Makefile.am b/tests/unit_tests/engine-key/Makefile.am deleted file mode 100644 index 0c28885..0000000 --- a/tests/unit_tests/engine-key/Makefile.am +++ /dev/null @@ -1,31 +0,0 @@ -AUTOMAKE_OPTIONS = foreign - -check_LTLIBRARIES = libtestengine.la -conffiles = openssl.cnf -EXTRA_DIST = \ - openssl.cnf.in \ - check_engine_keys.sh - -TESTS_ENVIRONMENT = srcdir="$(abs_srcdir)"; \ - builddir="$(abs_builddir)"; \ - top_builddir="$(top_builddir)"; \ - top_srcdir="$(top_srcdir)"; \ - export srcdir builddir top_builddir top_srcdir; - -if !CROSS_COMPILING -TESTS = check_engine_keys.sh -endif -check_engine_keys.sh: $(conffiles) - -CLEANFILES = \ - client.key \ - passwd \ - log.txt \ - $(conffiles) - -openssl.cnf: $(srcdir)/openssl.cnf.in - sed "s|ABSBUILDDIR|$(abs_builddir)|" < $(srcdir)/openssl.cnf.in > $@ - -libtestengine_la_SOURCES = libtestengine.c -libtestengine_la_LDFLAGS = @TEST_LDFLAGS@ -rpath /lib -shrext .so -libtestengine_la_CFLAGS = @TEST_CFLAGS@ -I$(openvpn_srcdir) -I$(compat_srcdir) diff --git a/tests/unit_tests/engine-key/check_engine_keys.sh b/tests/unit_tests/engine-key/check_engine_keys.sh deleted file mode 100755 index 12dd230..0000000 --- a/tests/unit_tests/engine-key/check_engine_keys.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh - -OPENSSL_CONF="${builddir}/openssl.cnf" -export OPENSSL_CONF - -password='AT3S4PASSWD' - -key="${builddir}/client.key" -pwdfile="${builddir}/passwd" - -# create an engine key for us -sed 's/PRIVATE KEY/TEST ENGINE KEY/' < ${top_srcdir}/sample/sample-keys/client.key > ${key} -echo "$password" > $pwdfile - -# our version of grep to output log.txt on failure in case it's an openssl -# error mismatch and the grep expression needs updating -loggrep() { - egrep -q "$1" log.txt || { echo '---- begin log.txt ----'; cat log.txt; echo '--- end log.txt ---'; return 1; } -} - -# note here we've induced a mismatch in the client key and the server -# cert which openvpn should report and die. Check that it does. Note -# also that this mismatch depends on openssl not openvpn, so it is -# somewhat fragile -${top_builddir}/src/openvpn/openvpn --cd ${top_srcdir}/sample --config sample-config-files/loopback-server --engine testengine --key ${key} --askpass $pwdfile > log.txt 2>&1 - -# first off check we died because of a key mismatch. If this doesn't -# pass, suspect openssl of returning different messages and update the -# test accordingly -loggrep '(x509 certificate routines:(X509_check_private_key)?:key values mismatch|func\(128\):reason\(116\))' log.txt || { echo "Key mismatch not detected"; exit 1; } - -# now look for the engine prints (these are under our control) -loggrep 'ENGINE: engine_init called' || { echo "Engine initialization not detected"; exit 1; } -loggrep 'ENGINE: engine_load_key called' || { echo "Key was not loaded from engine"; exit 1; } -loggrep "ENGINE: engine_load_key got password ${password}" || { echo "Key password was not retrieved by the engine"; exit 1; } -exit 0 diff --git a/tests/unit_tests/engine-key/libtestengine.c b/tests/unit_tests/engine-key/libtestengine.c deleted file mode 100644 index 8bcfa92..0000000 --- a/tests/unit_tests/engine-key/libtestengine.c +++ /dev/null @@ -1,116 +0,0 @@ -#include -#include -#include -#include - -static char *engine_id = "testengine"; -static char *engine_name = "Engine for testing openvpn engine key support"; - -static int is_initialized = 0; - -static int -engine_init(ENGINE *e) -{ - is_initialized = 1; - fprintf(stderr, "ENGINE: engine_init called\n"); - return 1; -} - -static int -engine_finish(ENGINE *e) -{ - fprintf(stderr, "ENGINE: engine_finsh called\n"); - is_initialized = 0; - return 1; -} - -static EVP_PKEY * -engine_load_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *cb_data) -{ - BIO *b; - EVP_PKEY *pkey; - PKCS8_PRIV_KEY_INFO *p8inf; - UI *ui; - char auth[256]; - - fprintf(stderr, "ENGINE: engine_load_key called\n"); - - if (!is_initialized) - { - fprintf(stderr, "Load Key called without correct initialization\n"); - return NULL; - } - b = BIO_new_file(key_id, "r"); - if (!b) - { - fprintf(stderr, "File %s does not exist or cannot be read\n", key_id); - return 0; - } - /* Basically read an EVP_PKEY private key file with different - * PEM guards --- we are a test engine */ - p8inf = PEM_ASN1_read_bio((d2i_of_void *)d2i_PKCS8_PRIV_KEY_INFO, - "TEST ENGINE KEY", b, - NULL, NULL, NULL); - BIO_free(b); - if (!p8inf) - { - fprintf(stderr, "Failed to read engine private key\n"); - return NULL; - } - pkey = EVP_PKCS82PKEY(p8inf); - - /* now we have a private key, pretend it had a password - * this verifies the password makes it through openvpn OK */ - ui = UI_new(); - - if (ui_method) - { - UI_set_method(ui, ui_method); - } - - UI_add_user_data(ui, cb_data); - - if (UI_add_input_string(ui, "enter test engine key", - UI_INPUT_FLAG_DEFAULT_PWD, - auth, 0, sizeof(auth)) == 0) - { - fprintf(stderr, "UI_add_input_string failed\n"); - goto out; - } - - if (UI_process(ui)) - { - fprintf(stderr, "UI_process failed\n"); - goto out; - } - - fprintf(stderr, "ENGINE: engine_load_key got password %s\n", auth); - -out: - UI_free(ui); - - return pkey; -} - - -static int -engine_bind_fn(ENGINE *e, const char *id) -{ - if (id && strcmp(id, engine_id) != 0) - { - return 0; - } - if (!ENGINE_set_id(e, engine_id) - || !ENGINE_set_name(e, engine_name) - || !ENGINE_set_init_function(e, engine_init) - || !ENGINE_set_finish_function(e, engine_finish) - || !ENGINE_set_load_privkey_function(e, engine_load_key)) - { - return 0; - } - return 1; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(engine_bind_fn) diff --git a/tests/unit_tests/engine-key/openssl.cnf.in b/tests/unit_tests/engine-key/openssl.cnf.in deleted file mode 100644 index 5eda9fa..0000000 --- a/tests/unit_tests/engine-key/openssl.cnf.in +++ /dev/null @@ -1,12 +0,0 @@ -HOME = . -openssl_conf = openssl_init - -[req] -[openssl_init] -engines = engines_section - -[engines_section] -testengine = testengine_section - -[testengine_section] -dynamic_path = ABSBUILDDIR/.libs/libtestengine.so