From patchwork Thu Dec 7 17:49:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3507 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:8d12:b0:fc:24ac:f0cb with SMTP id i18csp3098001dys; Thu, 7 Dec 2023 09:50:55 -0800 (PST) X-Google-Smtp-Source: AGHT+IG8ih0Ah7QDBWNvO85EtSi1lQLjdcaw9xteTlRtdpbF/p/1JAG9v9x49NkE1xvN5U35I8I2 X-Received: by 2002:a05:6a20:da8a:b0:18c:18d4:d932 with SMTP id iy10-20020a056a20da8a00b0018c18d4d932mr5820789pzb.6.1701971455118; Thu, 07 Dec 2023 09:50:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701971455; cv=none; d=google.com; s=arc-20160816; b=WLDiNJUeOc5vPf2ErlB3wvH/GM53gDexqqrh7GgJlOtjg6Qd53KL45q0t3VqROq8mz EV3C5B++VRyMawQlAVtVHtsRWkt+07FEc6X4LLCZ3KMhTVpscInJTsSeJbdFeNXUUWPE ZaMnvqM9OEG1mubwziSWsCI0+JWCYTRAKwgT7BG739DI6HR0r0cQNlX1Tp+0e/3vw9Ad MJ9/BA4HvVqXvxkI/Us5ckcgIDZx4LKzf0q51MqFDJ3SBy/oUMP1ta0cfXQCYBRIcvxX emcQfTfYBBkxeJKviFGmCWkmce4TjPr0iqZtottLUkhrnOGfzj+eEmBRsKnu1hgBX1wx wguQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=vzL5TFasUsSBjKJAwhALraugFQsaZsQQEGRfDIhV1mQ=; fh=lm0MLPW7DntlrDqRECIiC9JlE1uPxhepE0URYHIf+eE=; b=VpHNc+QE+tVnlVDYONiB6ag7ReoAa3wdRqq8WO0LkagArQgnKqoackJ7TvPTmKMuw+ 4g4tpDjdIN3XRa0AI+AJxOHicfCk6naJ4jedHGeVEW1YR8vCsBIrllrtm6H9JpZENnuM oOXVVkn+/spta3ohNLEsywYPvx87yaaOL0a7icDsc/8qIrzW5v6TVkPZ7XdObHtv89tR ihFfhEIjeXqJkD1Ph11nvJJCCbDgL7oSbwX4aqzJQilkFL071VJotOyyM+SSQX6K22dT VC7GuL5iCEArquvaDPRtohgh6kngiSXefUsgGazpNA5duRXJXJvAJUsX4blIQwlW6E8/ uyUQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="QlEgIoN/"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=AsmliPya; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=CyC327c7; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 37-20020a630f65000000b005c690745520si48538pgp.743.2023.12.07.09.50.54 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 07 Dec 2023 09:50:55 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="QlEgIoN/"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=AsmliPya; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=CyC327c7; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rBIVZ-0000bK-0u; Thu, 07 Dec 2023 17:49:57 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rBIVX-0000b7-Tr for openvpn-devel@lists.sourceforge.net; Thu, 07 Dec 2023 17:49:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=m5SVBb2/nJ5Wfm5Bitk4djzfT2JPwYz7WsEsfrMacZo=; b=QlEgIoN/79fxOh8Yay9uwSOOoK hPn4q9CP3kzwvu2ywlEYgSIMMYYpTag/oaN5RPyq+rs2eHE27jbwul2XZBJ/Jkq+Ddk5mHrSWtkTS 70HHGOqH+kR46jO48hVitqjWusMZNBo2fE5B5DWs86pWs1IPf3URMC5M23SQWofyV0GQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=m5SVBb2/nJ5Wfm5Bitk4djzfT2JPwYz7WsEsfrMacZo=; b=A smliPya76rqKh5vmvoRi0NMIHKsQPEx/ze37N1bLGLwfk/2dSZFBCG9aKMm/bHMEvXsehlNjp2VGq 7z5Viwt8Rwkc+bUdSYANrQ6/hAN2ckoYCLB9p/Fp8dFK/W99goJYL+TYDpkYfmrZOEPqr2EaAY9vY chnjegEyctBCQ53Y=; Received: from mail-wr1-f41.google.com ([209.85.221.41]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1rBIVT-0005gq-Qo for openvpn-devel@lists.sourceforge.net; Thu, 07 Dec 2023 17:49:56 +0000 Received: by mail-wr1-f41.google.com with SMTP id ffacd0b85a97d-33340c50af9so1230295f8f.3 for ; Thu, 07 Dec 2023 09:49:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1701971385; x=1702576185; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=m5SVBb2/nJ5Wfm5Bitk4djzfT2JPwYz7WsEsfrMacZo=; b=CyC327c7SVGkPi7VZ15zgIdvuXp6KzmDKkF02zn8SMHIPAVUCpYxd3r2aT3IxIgrSP LS4zi131JtVrnvOiCtAqSw1jWZ7bx7696DquZMXAMxqYB+sWFx1j21WDXKi4odb50kzj vstUIAcFkfG5ItouhgWoGb5zcT8N93n51t4X0Ah6aw+lTJ/OoC7jFEchNMkMBUuaMXuX tVDsfPgz3h4l16T5pFpKk4+3m1CVxBDVUenCx0fhm4jenLrB1xR1j0Ps1lyAD6MRv/YB bnI4+G/JEfoxjDxzi/naVsEpa88RbKSNFnwkqlxsiewx8KieIq4w8YJxMqVg58bA1J06 5vYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701971385; x=1702576185; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=m5SVBb2/nJ5Wfm5Bitk4djzfT2JPwYz7WsEsfrMacZo=; b=FFSsAwF+YKvHR3eVCBODFQSwFn3uMjSvADBsiPggtbLSugGFBsErWeAppqf0jMYYYF K5XAdC3ODdGCS0QOUGUg7yl+0u4kAMf5NyP/4PvBU2txB78Xji8pDvBnQiwtWok6cwoJ 1wJy8HmJ0X01gXstXzz0Q63L5rLoX8Nf1xKs7/JZ5CpnRCNLRUXpF8eGadeN9S46BBju nHwwFshx4GawF6RZfALVoW6Hrd9pfxJpOhZgN5tVTRhmbur2Y1id0mJulf3WKobr+0hK 5S5yPxZmhTYCEuyKm4To5tB9pkpPHBGvh6haTwibxSj8Rn/GiUI9iuC6BkauP4UGz1fB xzGw== X-Gm-Message-State: AOJu0Yy05ZCb+NMezekuCBGkQ5W3v5IznfLSH9Y7M3gyC0BNV43tAowo OQBVp2+gimCA44/jnogIyf0EX7bQk4Ut7sA9BBQ= X-Received: by 2002:a05:600c:3b97:b0:40c:295f:575a with SMTP id n23-20020a05600c3b9700b0040c295f575amr500327wms.174.1701971384841; Thu, 07 Dec 2023 09:49:44 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id k15-20020adfb34f000000b003334a1e92dasm179904wrd.70.2023.12.07.09.49.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Dec 2023 09:49:44 -0800 (PST) From: "plaisthos (Code Review)" X-Google-Original-From: "plaisthos (Code Review)" X-Gerrit-PatchSet: 1 Date: Thu, 7 Dec 2023 17:49:43 +0000 To: flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: Ie248d35d063bb6878f3dd42840c77ba0d6fa3381 X-Gerrit-Change-Number: 471 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: a752ad6b8b7e6aa87a0d5c2566d444ed78c4f138 References: Message-ID: <0ee5a85355dd8396798ecf3be8b220540657c733-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.41 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.41 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 T_SCC_BODY_TEXT_LINE No description available. 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1rBIVT-0005gq-Qo Subject: [Openvpn-devel] [L] Change in openvpn[master]: Add test_ssl unit test and test export of PEM to file X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1784646420711104737?= X-GMAIL-MSGID: =?utf-8?q?1784646420711104737?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/471?usp=email to review the following change. Change subject: Add test_ssl unit test and test export of PEM to file ...................................................................... Add test_ssl unit test and test export of PEM to file This introduces a number of mock function to be able to compile ssl_verify_*.c and ssl_mbedtls.c/ssl_openssl.c into a unit and adds quite a number of files to that unit. But it allows similar unit tests (in term of dependencies) to be added in the future. Change-Id: Ie248d35d063bb6878f3dd42840c77ba0d6fa3381 Signed-off-by: Arne Schwabe --- M .github/workflows/build.yaml M CMakeLists.txt M tests/unit_tests/openvpn/Makefile.am A tests/unit_tests/openvpn/mock_management.c A tests/unit_tests/openvpn/mock_ssl_dependencies.c A tests/unit_tests/openvpn/test_ssl.c 6 files changed, 315 insertions(+), 2 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/71/471/1 diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 4393f5c..39ecef9 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -85,7 +85,7 @@ fail-fast: false matrix: arch: [x86, x64] - test: [argv, auth_token, buffer, cryptoapi, crypto, misc, ncp, packet_id, pkt, provider, tls_crypt] + test: [argv, auth_token, buffer, cryptoapi, crypto, ssl, misc, ncp, packet_id, pkt, provider, tls_crypt] runs-on: windows-latest name: "mingw unittest ${{ matrix.test }} - ${{ matrix.arch }} - OSSL" diff --git a/CMakeLists.txt b/CMakeLists.txt index 8c24cca..24fd9cc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -557,6 +557,7 @@ "test_auth_token" "test_buffer" "test_crypto" + "test_ssl" "test_misc" "test_ncp" "test_packet_id" @@ -671,6 +672,34 @@ src/openvpn/mss.c ) + target_sources(test_ssl PRIVATE + src/openvpn/crypto_mbedtls.c + src/openvpn/crypto_openssl.c + src/openvpn/ssl_openssl.c + src/openvpn/ssl_mbedtls.c + src/openvpn/ssl_verify_openssl.c + src/openvpn/ssl_verify_mbedtls.c + src/openvpn/crypto.c + src/openvpn/argv.c + src/openvpn/base64.c + src/openvpn/env_set.c + src/openvpn/run_command.c + src/openvpn/otime.c + src/openvpn/packet_id.c + src/openvpn/mtu.c + src/openvpn/mss.c + src/openvpn/env_set.c + src/openvpn/options_util.c + tests/unit_tests/openvpn/mock_management.c + tests/unit_tests/openvpn/mock_ssl_dependencies.c + src/openvpn/xkey_provider.c + src/openvpn/xkey_helper.c + src/openvpn/ssl_util.c + src/openvpn/cryptoapi.c + src/openvpn/win32.c + src/openvpn/block_dns.c + ) + target_sources(test_misc PRIVATE tests/unit_tests/openvpn/mock_get_random.c src/openvpn/options_util.c diff --git a/tests/unit_tests/openvpn/Makefile.am b/tests/unit_tests/openvpn/Makefile.am index ef45b11..5d3eb70 100644 --- a/tests/unit_tests/openvpn/Makefile.am +++ b/tests/unit_tests/openvpn/Makefile.am @@ -7,7 +7,8 @@ endif test_binaries += crypto_testdriver packet_id_testdriver auth_token_testdriver ncp_testdriver misc_testdriver \ - pkt_testdriver + pkt_testdriver ssl_testdriver + if HAVE_LD_WRAP_SUPPORT if !WIN32 test_binaries += tls_crypt_testdriver @@ -67,6 +68,29 @@ $(top_srcdir)/src/openvpn/win32-util.c \ $(top_srcdir)/src/openvpn/mss.c +ssl_testdriver_CFLAGS = @TEST_CFLAGS@ \ + -I$(top_srcdir)/include -I$(top_srcdir)/src/compat -I$(top_srcdir)/src/openvpn +ssl_testdriver_LDFLAGS = @TEST_LDFLAGS@ +ssl_testdriver_SOURCES = test_crypto.c mock_msg.c mock_msg.h \ + mock_management.c mock_ssl_dependencies.c \ + $(top_srcdir)/src/openvpn/buffer.c \ + $(top_srcdir)/src/openvpn/crypto.c \ + $(top_srcdir)/src/openvpn/crypto_mbedtls.c \ + $(top_srcdir)/src/openvpn/crypto_openssl.c \ + $(top_srcdir)/src/openvpn/otime.c \ + $(top_srcdir)/src/openvpn/packet_id.c \ + $(top_srcdir)/src/openvpn/platform.c \ + $(top_srcdir)/src/openvpn/mtu.c \ + $(top_srcdir)/src/openvpn/win32-util.c \ + $(top_srcdir)/src/openvpn/mss.c \ + $(top_srcdir)/src/openvpn/xkey_provider.c \ + $(top_srcdir)/src/openvpn/xkey_helper.c \ + $(top_srcdir)/src/openvpn/ssl_util.c \ + $(top_srcdir)/src/openvpn/base64.c \ + $(top_srcdir)/src/openvpn/cryptoapi.c \ + $(top_srcdir)/src/openvpn/win32.c + + packet_id_testdriver_CFLAGS = @TEST_CFLAGS@ \ -I$(top_srcdir)/include -I$(top_srcdir)/src/compat -I$(top_srcdir)/src/openvpn packet_id_testdriver_LDFLAGS = @TEST_LDFLAGS@ diff --git a/tests/unit_tests/openvpn/mock_management.c b/tests/unit_tests/openvpn/mock_management.c new file mode 100644 index 0000000..5fed45d --- /dev/null +++ b/tests/unit_tests/openvpn/mock_management.c @@ -0,0 +1,54 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2017-2021 Fox Crypto B.V. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/* Minimal set of mocked management function/globals to get unit tests to + * compile */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "syshead.h" + +#include "manage.h" + +#ifdef ENABLE_MANAGEMENT + +struct management *management; /* GLOBAL */ + +void +management_auth_failure(struct management *man, const char *type, const char *reason) +{ + ASSERT(false); +} + +char * +management_query_pk_sig(struct management *man, const char *b64_data, + const char *algorithm) +{ + (void) man; + (void) b64_data; + (void) algorithm; + return NULL; +} +#endif diff --git a/tests/unit_tests/openvpn/mock_ssl_dependencies.c b/tests/unit_tests/openvpn/mock_ssl_dependencies.c new file mode 100644 index 0000000..292e9fb --- /dev/null +++ b/tests/unit_tests/openvpn/mock_ssl_dependencies.c @@ -0,0 +1,67 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2017-2021 Fox Crypto B.V. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/* Minimal set of mocked management function/globals to get unit tests to + * compile */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "syshead.h" + +#include +#include + + +#include "ssl.h" +#include "ssl_verify.h" + +int +parse_line(const char *line, char **p, const int n, const char *file, + const int line_num, int msglevel, struct gc_arena *gc) +{ + /* Dummy function to get the linker happy, should never be called */ + assert_true(false); + return 0; +} + + +int +pem_password_callback(char *buf, int size, int rwflag, void *u) +{ + return 0; +} + +void +cert_hash_remember(struct tls_session *session, const int cert_depth, + const struct buffer *cert_hash) +{ + assert_false(true); +} + +result_t +verify_cert(struct tls_session *session, openvpn_x509_cert_t *cert, int cert_depth) +{ + return FAILURE; +} diff --git a/tests/unit_tests/openvpn/test_ssl.c b/tests/unit_tests/openvpn/test_ssl.c new file mode 100644 index 0000000..62c9cde --- /dev/null +++ b/tests/unit_tests/openvpn/test_ssl.c @@ -0,0 +1,139 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2016-2021 Fox Crypto B.V. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "syshead.h" + +#include +#include +#include +#include +#include +#include + +#include "crypto.h" +#include "options.h" +#include "ssl_backend.h" +#include "options_util.h" + +#include "mock_msg.h" +#include "mss.h" +#include "ssl_verify_backend.h" +#include "win32.h" + +/* Mock function to be allowed to include win32.c which is required for + * getting the temp directory */ +#ifdef _WIN32 +struct signal_info siginfo_static; /* GLOBAL */ + +const char * +strerror_win32(DWORD errnum, struct gc_arena *gc) +{ + ASSERT(false); +} + +void +throw_signal(const int signum) +{ + ASSERT(false); +} +#endif + + +const char *unittest_cert = "-----BEGIN CERTIFICATE-----\n" + "MIIBuTCCAUCgAwIBAgIUTLtjSBzx53qZRvZ6Ur7D9kgoOHkwCgYIKoZIzj0EAwIw\n" + "EzERMA8GA1UEAwwIdW5pdHRlc3QwIBcNMjMxMTIxMDk1NDQ3WhgPMjA3ODA4MjQw\n" + "OTU0NDdaMBMxETAPBgNVBAMMCHVuaXR0ZXN0MHYwEAYHKoZIzj0CAQYFK4EEACID\n" + "YgAEHYB2hn2xx3f4lClXDtdi36P19pMZA+kI1Dkv/Vn10vBZ/j9oa+P99T8duz/e\n" + "QlPeHpesNJO4fX8iEDj6+vMeWejOT7jAQ4MmG5EZjpcBKxCfwFooEvzu8bVujUcu\n" + "wTQEo1MwUTAdBgNVHQ4EFgQUPcgBEVXjF5vYfDsInoE3dF6UfQswHwYDVR0jBBgw\n" + "FoAUPcgBEVXjF5vYfDsInoE3dF6UfQswDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjO\n" + "PQQDAgNnADBkAjBLPAGrQAyinigqiu0RomoV8TVaknVLFSq6H6A8jgvzfsFCUK1O\n" + "dvNZhFPM6idKB+oCME2JLOBANCSV8o7aJzq7SYHKwPyb1J4JFlwKe/0Jpv7oh9b1\n" + "IJbuaM9Z/VSKbrIXGg==\n" + "-----END CERTIFICATE-----\n"; + +static const char * +get_tmp_dir() +{ + const char *ret; +#ifdef _WIN32 + ret = win_get_tempdir(); +#else + ret = "/tmp"; +#endif + assert_non_null(ret); + return ret; +} + +static void +crypto_pem_encode_certificate(void **state) +{ + struct gc_arena gc = gc_new(); + + struct tls_root_ctx ctx = { 0 }; + tls_ctx_client_new(&ctx); + tls_ctx_load_cert_file(&ctx, unittest_cert, true); + + openvpn_x509_cert_t *cert = NULL; + + /* we do not have methods to fetch certificates from ssl contexts, use + * internal TLS library methods for the unit test */ +#ifdef ENABLE_CRYPTO_OPENSSL + cert = SSL_CTX_get0_certificate(ctx.ctx); +#elif defined(ENABLE_CRYPTO_MBEDTLS) + cert = ctx.crt_chain; +#endif + + const char *tmpfile = platform_create_temp_file(get_tmp_dir(), "ut_pem", &gc); + backend_x509_write_pem(cert, tmpfile); + + struct buffer exported_pem = buffer_read_from_file(tmpfile, &gc); + assert_string_equal(BSTR(&exported_pem), unittest_cert); + + unlink(tmpfile); + gc_free(&gc); +} + +int +main(void) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test(crypto_pem_encode_certificate) + }; + +#if defined(ENABLE_CRYPTO_OPENSSL) + OpenSSL_add_all_algorithms(); +#endif + + int ret = cmocka_run_group_tests_name("crypto tests", tests, NULL, NULL); + +#if defined(ENABLE_CRYPTO_OPENSSL) + EVP_cleanup(); +#endif + + return ret; +}