From patchwork Mon Aug 19 19:28:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3790 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:21c2:b0:5b1:8b5e:23cb with SMTP id t2csp23049mae; Mon, 19 Aug 2024 12:29:34 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWvMc7cEsjv/jLleGizcDDVqHb4LsJdFXPQKW+d98HUCulGUp++z/miK50vA2GG1OfBOEe7TeHTtdU=@openvpn.net X-Google-Smtp-Source: AGHT+IGfrbyrlWXlocVCDWOe9WSMQA/LkPswj9wEmfjrWcxjFKywftuJd7v/OKQGaSOZWPb5bNCG X-Received: by 2002:a17:902:d492:b0:202:371c:3331 with SMTP id d9443c01a7336-202371c3702mr43799715ad.9.1724095774139; Mon, 19 Aug 2024 12:29:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1724095774; cv=none; d=google.com; s=arc-20160816; b=Wc4zxKbJWnR7DaeyuYagw9ED6edVh3iSx+b/HWl6o8EaHsJEoHsNmz0gP5EQr/lLq3 697Ml/pXIEOao4Z16CEHaIyb6xQ2o7ua84FS/UqZMhMp6DoxelVsJPXuf0s4cggG8pLK fb7M7CgWI/XODrx7HHKKZ9tPKt6R4w+I9pUQoVv5BAKTby2xgXo3Po4B/ejz2YNah6Hs i0WLj7HNuJQeqPGNjbnAiHWO3jFfsTrfNl+8vbMAIBBJ2kjS3ILAVnt/xpn9EgSCKx9n InADjh4X+6SGdQOIydLbebNSacSjEMXkOJV6qXcd7fSFBEoXDhTivKyuMmxEdkf0AKOs H+gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=Fx6vLndTDvUpTFGEDr/pPUSy6nKUF8bwehiIXfKRYFI=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=YigwHIuS9swXBjy0TB0KDZt4Ved/pzeUNd5tXDHM87my2fYMxHrUM7v1YpSvz8VRDB nBVhJ3F8VmkyzL+XkJGJrMhMC72v0VpaWH1BlLurAgckT09CuzgKL7LgRaP8Wc7oUtXB buwC/Gm5rjqC5was+iE815NqcV7RyJ6Wk4TBoLLe25NtyPnQw0IL2WwRvn0RZycmd+j+ /B/7+FMU1o82rjqpns03RxVNgTizEDo9hetic0a/7LDBwILOluZ26WloDlq5CUE92sWF bpzTiKR6gDfkPHxN6XQXgb5hmutFpCSs2swji7+CNLiQej83dGQqLhnSoO2hwOKbmMS/ JR9A==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=adgjYwtC; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=a9tCGXVs; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=EufVqY1F; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id d9443c01a7336-201f0305d75si103312145ad.40.2024.08.19.12.29.33 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Aug 2024 12:29:34 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=adgjYwtC; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=a9tCGXVs; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=EufVqY1F; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1sg83n-0003bk-Jd; Mon, 19 Aug 2024 19:29:00 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1sg83l-0003be-JM for openvpn-devel@lists.sourceforge.net; Mon, 19 Aug 2024 19:28:58 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=LkgB81GqFgVFWmxQg/SOsavAtA37Z/MK5Pesi3cjhhQ=; b=adgjYwtCRpHECF5P/UJOb2FFet +Gkdywlm3RcolkzSqc99cphOoAR7D4lrzZKZCecDL4cNwftHjJZw5nGFe6hRjs3ok3aQLZAuJh9AN +GXb7oRRVhQZmeXPcXbpCC5VjOIs/qQgtLK3zFGlas7iDIw/EyVYh/PQYnbO8pNpzq9w=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=LkgB81GqFgVFWmxQg/SOsavAtA37Z/MK5Pesi3cjhhQ=; b=a 9tCGXVsyBedHrCkTVTimVrPSsZ/GP/RolbVdrjyxL4e02irI7qWWV7JWbgeb1pegwU63RUprxWZR4 uBcc6BXatPUhTZTlVISB76eTjqR5mK/DwGHPtCpgrAz9VBNhCQgxQrokRzLdJJDjCtOZhe4DWL5mu ooE6lPXBWjQVRsTY=; Received: from mail-wm1-f41.google.com ([209.85.128.41]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1sg83l-00053L-4a for openvpn-devel@lists.sourceforge.net; Mon, 19 Aug 2024 19:28:58 +0000 Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-4281ca54fd3so37568975e9.2 for ; Mon, 19 Aug 2024 12:28:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1724095730; x=1724700530; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=LkgB81GqFgVFWmxQg/SOsavAtA37Z/MK5Pesi3cjhhQ=; b=EufVqY1FKbP/wZqqkw1qfNLeTLXyOVD8CymPYrtQT3whoHXLOVHnqIKimJ9BnAS19y fMjYiee70LKBOK66exrzeE720HrezKVZWebULSeiN09yB5CUuqRH6nJe9F4syWEwDuaZ v2hS92IBVSiC+iaX8ePocmEVFVRh+4jFSsYw6FW3EYuhMfkWCiD9lOdLSLVDINouuBJo b0vy+15Z8f4qFEpG0wgRMRXN20aweLPWe4LVK1EF3yxNLk6kRjLmT9QnR6WPHbYQH8UO gZtNcuAbV4ZUVq17bTu2HY12rOG6WhLbyvtHpW9gJZL22Nw2I5nBnmTPhKaR/M5HqkO3 8dMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724095730; x=1724700530; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=LkgB81GqFgVFWmxQg/SOsavAtA37Z/MK5Pesi3cjhhQ=; b=s7YUf1ayHnTvQXqb+UBExiX+Yt86xnh1pVnDbIZstC0LvvSAEceOh4s6jhnb67R3yV GOH6HoHWjTJq3PNdBYa1LI73iGZnzqx0NB6NDK3sj/0bhRoxdq0uJHJb3Fq72y0B2OGO 7NnkW8ICVhrQAWe19Ro/5EldZ/V31BRF88aPBca8jE3LaD18DpIDDNGmWlZZ0zLdVZY4 ++YceG1vvsSlViRgnl8mIHeCJiJMUc6t9R+T6gnMfTeJ5a5OnNquDUZmdRJ/J8V7fkF0 SNJskMEQ2bukMIUSCTtHDE7M1KBmlbwcth9jPLPF86pJHHgGQ2xp8CIuSslOAgW+DF/R KXRw== X-Gm-Message-State: AOJu0YyCMopwNxyU9IfA0zM1qU6ok30opJiPl1iq8dEilfMqahFMyPDJ QhihwAH+4xBuFFmlRfhR3sjm9W/vWolrdtGX7nul8RcTM/JNa3LMFVUNTsvN2NNetEeW/wf3QKu c X-Received: by 2002:a05:600c:1f83:b0:428:fb7f:c831 with SMTP id 5b1f17b1804b1-429ed7e23eamr82850695e9.32.1724095730189; Mon, 19 Aug 2024 12:28:50 -0700 (PDT) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-429ded2931asm169521095e9.17.2024.08.19.12.28.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Aug 2024 12:28:49 -0700 (PDT) From: "selvanair (Code Review)" X-Google-Original-From: "selvanair (Code Review)" X-Gerrit-PatchSet: 1 Date: Mon, 19 Aug 2024 19:28:49 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I7615116b5251319aa1f13d671bab7013f3a043ea X-Gerrit-Change-Number: 730 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: d9a4184958726088f0a94c768ea4a431e74dd76e References: Message-ID: <332ae535c38386d882f4a5d5556305eb7cdfe933-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openvpn.net] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.41 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.41 listed in bl.score.senderscore.com] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.41 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 T_SCC_BODY_TEXT_LINE No description available. 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1sg83l-00053L-4a Subject: [Openvpn-devel] [S] Change in openvpn[master]: Add a test for loading certificate and key using file: URI X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: selva.nair@gmail.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1807845450163585643?= X-GMAIL-MSGID: =?utf-8?q?1807845450163585643?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/730?usp=email to review the following change. Change subject: Add a test for loading certificate and key using file: URI ...................................................................... Add a test for loading certificate and key using file: URI We do not load any providers, so only file: URI internally supported by OpenSSL 3+ is tested. On non-OpenSSL 3 builds the test prints "SKIPPED". Change-Id: I7615116b5251319aa1f13d671bab7013f3a043ea Signed-off-by: Selva Nair --- M tests/unit_tests/openvpn/test_ssl.c 1 file changed, 43 insertions(+), 0 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/30/730/1 diff --git a/tests/unit_tests/openvpn/test_ssl.c b/tests/unit_tests/openvpn/test_ssl.c index 651f302..260a7ba 100644 --- a/tests/unit_tests/openvpn/test_ssl.c +++ b/tests/unit_tests/openvpn/test_ssl.c @@ -66,6 +66,10 @@ } #endif +#if defined(ENABLE_CRYPTO_OPENSSL) && (OPENSSL_VERSION_NUMBER > 0x30000000L) +#define HAVE_OPENSSL_STORE +#endif + /* stubs for some unused functions instead of pulling in too many dependencies */ bool get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix, @@ -234,6 +238,44 @@ tls_ctx_free(&ctx); } +/* test loading cert and key using file:/path URI */ +static void +test_load_certificate_and_key_uri(void **state) +{ + (void) state; + +#if !defined(HAVE_OPENSSL_STORE) + skip(); +#endif /* HAVE_OPENSSL_STORE */ + + struct tls_root_ctx ctx = { 0 }; + const char *certfile = global_state.certfile; + const char *keyfile = global_state.keyfile; + struct gc_arena *gc = &global_state.gc; + + struct buffer certuri = alloc_buf_gc(6 + strlen(certfile) + 1, gc); /* 6 bytes for "file:/" */ + struct buffer keyuri = alloc_buf_gc(6 + strlen(keyfile) + 1, gc); /* 6 bytes for "file:/" */ + + /* Windows temp file path starts with drive letter -- add a leading slash for URI */ + const char *lead = ""; +#ifdef _WIN32 + lead = "/"; +#endif /* _WIN32 */ + assert_true(buf_printf(&certuri, "file:%s%s", lead, certfile)); + assert_true(buf_printf(&keyuri, "file:%s%s", lead, keyfile)); + + /* On Windows replace any '\' in path by '/' required for URI */ +#ifdef _WIN32 + string_mod(BSTR(&certuri), CC_ANY, CC_BACKSLASH, '/'); + string_mod(BSTR(&keyuri), CC_ANY, CC_BACKSLASH, '/'); +#endif /* _WIN32 */ + + tls_ctx_client_new(&ctx); + tls_ctx_load_cert_file(&ctx, BSTR(&certuri), false); + assert_int_equal(tls_ctx_load_priv_file(&ctx, BSTR(&keyuri), false), 0); + tls_ctx_free(&ctx); +} + static void init_implicit_iv(struct crypto_options *co) { @@ -452,6 +494,7 @@ const struct CMUnitTest tests[] = { cmocka_unit_test(crypto_pem_encode_certificate), cmocka_unit_test(test_load_certificate_and_key), + cmocka_unit_test(test_load_certificate_and_key_uri), cmocka_unit_test(test_data_channel_roundtrip_aes_128_gcm), cmocka_unit_test(test_data_channel_roundtrip_aes_192_gcm), cmocka_unit_test(test_data_channel_roundtrip_aes_256_gcm),