From patchwork Mon Aug 19 19:28:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3791 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:21c2:b0:5b1:8b5e:23cb with SMTP id t2csp23053mae; Mon, 19 Aug 2024 12:29:35 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCU+DGoaqOfW3IpDCEpFWPmHWvq33TIwlqku856oqD7rI9YS/4FLzdW5W/+PdPpGfFMZJ6q5HHoYAwo=@openvpn.net X-Google-Smtp-Source: AGHT+IEsuhvfIhd8KSkbzUOul/94JfQhg5MKK7DVaCPisjs2r9izCnLVP0Xxzpjy8xdvtBXiQYzo X-Received: by 2002:a05:6a21:9982:b0:1c4:e645:559b with SMTP id adf61e73a8af0-1c9050929f0mr10296654637.8.1724095774893; Mon, 19 Aug 2024 12:29:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1724095774; cv=none; d=google.com; s=arc-20160816; b=amRqHoQnSgwwAJgqzF4d35mKJ0IGv74o+XsVst5jrUPNyZvxbZa3Ty/TJkLL7kbw3I Xh5zxsEnLZAxLoJSffHD7KMpK600mY4+6z/HgR46V9hNacn/ys7xgG9ovJvOUM31ttws HE9c8JR+8V+PQuezBlwO0tcCxqZ1ATmIKCsD+Cbe0IzF4rQqEaQKJY/8TxD0IczB86pt 0urJa8mC/20lP8tv7Kfxi2zbrQBcpW9fc/5CBUiv0DTqrEh+AQSQT6xHEE0z1x85BP3E wRQdiHhpj4pu8JdmlT4nOosUjTVky2mOSscT4r8/+KgY6XlhvrW7LqTnbOCGjuxacPyD +XGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=im+k5BEvaiFRfiSLZ18RHADvT5nx4pbZMcEr/Q9hyoo=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=RGDjCpinN9DW4SJ0ZFANPodOzv1UIiYb2VjXzNKGjeAXnEtf/S57H/nCwmjmL9qa5w POjqGVw4Ajao9b7GNIXrYRPlE8fzBJp3bAXzvKN34kxnrqf4DDU3NXjvkVAA3X1QOOT6 uuIr2bkFTXDzRBjZSps9/5ORFYTby/i46e6ZhGqJErOkjmat/iLbHFJptW/ikDBrMVrR 57X3BOrOPNP6Hnsf1wUEcfbtxmPbqmeqPammAilEKmuixIc+zVNwiexAHhlC3yQyoMzR 3clZsHKrPv8DERV7JwVS8WOopPJH98OQZRu080KeynyHJqEkyy9EvYsZh6jKDU5f3f0z Gbwg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=LgqBFucd; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Gxik3nIU; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=QEt7IwFs; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 41be03b00d2f7-7c6b61a9080si9942698a12.122.2024.08.19.12.29.34 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Aug 2024 12:29:34 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=LgqBFucd; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Gxik3nIU; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=QEt7IwFs; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1sg83m-0004tw-BL; Mon, 19 Aug 2024 19:28:58 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1sg83l-0004tq-IY for openvpn-devel@lists.sourceforge.net; Mon, 19 Aug 2024 19:28:57 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+BhJOia3C38kfHkUSHhmGLNclVohsduqSdwn0tzytAk=; b=LgqBFucdp3E1SlD+33g4TBpCWW Nqcr3Vcmzjs3qtorV4C69VfnmweI6nX3C/LwLJLj0pWYwqg8UHoHfLZQ5RuICFZgs4yUg5DHD2Q49 yEZSQh2t243fNxNLlmRo+yDMDf1qYPe6QMiR8eAqZi04OEAAGoPVk3JHaf7134py4P6g=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=+BhJOia3C38kfHkUSHhmGLNclVohsduqSdwn0tzytAk=; b=G xik3nIUK4KQrKljmyogfZb51l23NlH3Dv/9HaZCc14DpVRDYOqNH7d4tFQ1bxxtl3DjBF6uSKSVGv utJVNKNPWBAzch3IWZTb/FaVrkUrz3UgyloHX3S4tkMdmOEDTyE0RfPQHPXPx0WfQ3nOaWBanIc+j aCs/8tIcDNlaMdM0=; Received: from mail-wm1-f49.google.com ([209.85.128.49]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1sg83j-00053E-Vb for openvpn-devel@lists.sourceforge.net; Mon, 19 Aug 2024 19:28:57 +0000 Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-428243f928cso37533305e9.3 for ; Mon, 19 Aug 2024 12:28:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1724095729; x=1724700529; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=+BhJOia3C38kfHkUSHhmGLNclVohsduqSdwn0tzytAk=; b=QEt7IwFsNok0SLnI03zfhrTXeZme31sYmigNNqlcddlJ9ZfD52Tz8/GKAErM5E88m4 O1W/VmGE/JcaOYdcyhOWQxmqjNlxZF6jtUC0hobF8PHVrhAUYa8eqrJUlCBJjyOV56R/ r2mmW0HVC6YCouZtwyJkVRu3BWdxju+7zUvF8s4L3+i8jkTB6TOCkDjtT03WkopaqDul 4kOfaUdMYrvvIOtZF5dx5ZrbyXZcKxXgY3zM6D+5eI4qTpUCXTQb32uOFOqIMskG33vm Vfyf5YPgonWDuoNYlzuFmexaAfkBQH6osgoKypvebX8rJt1AA5HLpLH9dCfsjuYs8xL1 RLwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724095729; x=1724700529; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+BhJOia3C38kfHkUSHhmGLNclVohsduqSdwn0tzytAk=; b=HvMDy3RBTT4UUf7N9wlynG75I3g+dUWgHVXBvrNMZsmn7FeBguAO+ZGtTQwGsQ0wK8 sexQyUdBcbkEkHTxJ0un8PlFkktEsk3JLwNiwp/VvGKlSxD1RhMs64TE4xFYdfIrD4XT Z/YtkCzMnpVNZcUoQAO4yMXwByq9GNDx8iGUnyYbBFmneucupxQSN8jkCJbTydQZRIo6 0pwnKn2nAXbAPLL8/e11hMvrzNmxIKDw5+oFcpil23jlMw/raPJnn0HieeUQG+L1dYOy 1ZEcgrXfN3fIvpkstGnd6ZGDqHPB9vYuMgfOUrIw7GERzQd6mm1mnhjFXMZhMBuMoOlo qwQQ== X-Gm-Message-State: AOJu0YyaA5Z0VSNoRbxUwA+tolU51IhPFevLc+rZ5RQOSrTz2WD06fzt Zv5KJ2pQh3TzF7xdD8dSW8rHXDpiDehrsosBrLuQcVb9hNMX+HVo3YLWQvKlq78= X-Received: by 2002:a05:600c:450b:b0:426:62a0:eb6b with SMTP id 5b1f17b1804b1-429ed7891abmr81590135e9.13.1724095729073; Mon, 19 Aug 2024 12:28:49 -0700 (PDT) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-371898ac074sm11184716f8f.106.2024.08.19.12.28.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Aug 2024 12:28:48 -0700 (PDT) From: "selvanair (Code Review)" X-Google-Original-From: "selvanair (Code Review)" X-Gerrit-PatchSet: 1 Date: Mon, 19 Aug 2024 19:28:48 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: Ic6f089896191145f68ce9a11023587d05dcec4d8 X-Gerrit-Change-Number: 729 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 2fbe2137ff11ec61ec5441a59ebcb7abde1de295 References: Message-ID: <6141bc032f787fc6c79682370ed9c68feb206ce2-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -5.2 (-----) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-5.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.49 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.49 listed in bl.score.senderscore.com] 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openvpn.net] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.49 listed in wl.mailspike.net] -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/, high trust [209.85.128.49 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 T_SCC_BODY_TEXT_LINE No description available. 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1sg83j-00053E-Vb Subject: [Openvpn-devel] [M] Change in openvpn[master]: Add a test for loading certificate and key to ssl context X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: selva.nair@gmail.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1807845451124624948?= X-GMAIL-MSGID: =?utf-8?q?1807845451124624948?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/729?usp=email to review the following change. Change subject: Add a test for loading certificate and key to ssl context ...................................................................... Add a test for loading certificate and key to ssl context The test certificate used in test_ssl.c is updated to use 2048 bit RSA and the matching key is added. Tests include loading certificate and key as inlined pem as well as from files. Note that loading the key also checks that it matches the certificate, providing an indirect test that the latter was loaded correctly. Change-Id: Ic6f089896191145f68ce9a11023587d05dcec4d8 Signed-off-by: Selva Nair --- M tests/unit_tests/openvpn/test_ssl.c 1 file changed, 113 insertions(+), 13 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/29/729/1 diff --git a/tests/unit_tests/openvpn/test_ssl.c b/tests/unit_tests/openvpn/test_ssl.c index da375af..651f302 100644 --- a/tests/unit_tests/openvpn/test_ssl.c +++ b/tests/unit_tests/openvpn/test_ssl.c @@ -79,18 +79,58 @@ return; } -const char *unittest_cert = "-----BEGIN CERTIFICATE-----\n" - "MIIBuTCCAUCgAwIBAgIUTLtjSBzx53qZRvZ6Ur7D9kgoOHkwCgYIKoZIzj0EAwIw\n" - "EzERMA8GA1UEAwwIdW5pdHRlc3QwIBcNMjMxMTIxMDk1NDQ3WhgPMjA3ODA4MjQw\n" - "OTU0NDdaMBMxETAPBgNVBAMMCHVuaXR0ZXN0MHYwEAYHKoZIzj0CAQYFK4EEACID\n" - "YgAEHYB2hn2xx3f4lClXDtdi36P19pMZA+kI1Dkv/Vn10vBZ/j9oa+P99T8duz/e\n" - "QlPeHpesNJO4fX8iEDj6+vMeWejOT7jAQ4MmG5EZjpcBKxCfwFooEvzu8bVujUcu\n" - "wTQEo1MwUTAdBgNVHQ4EFgQUPcgBEVXjF5vYfDsInoE3dF6UfQswHwYDVR0jBBgw\n" - "FoAUPcgBEVXjF5vYfDsInoE3dF6UfQswDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjO\n" - "PQQDAgNnADBkAjBLPAGrQAyinigqiu0RomoV8TVaknVLFSq6H6A8jgvzfsFCUK1O\n" - "dvNZhFPM6idKB+oCME2JLOBANCSV8o7aJzq7SYHKwPyb1J4JFlwKe/0Jpv7oh9b1\n" - "IJbuaM9Z/VSKbrIXGg==\n" - "-----END CERTIFICATE-----\n"; +static const char *const unittest_cert = + "-----BEGIN CERTIFICATE-----\n" + "MIIDYzCCAkugAwIBAgIRALrXTx4lqa8QgF7uGjISxmcwDQYJKoZIhvcNAQELBQAw\n" + "GDEWMBQGA1UEAwwNT1ZQTiBURVNUIENBMTAgFw0yMzAzMTMxNjA5MThaGA8yMTIz\n" + "MDIxNzE2MDkxOFowGTEXMBUGA1UEAwwOb3Zwbi10ZXN0LXJzYTEwggEiMA0GCSqG\n" + "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7xFoR6fmoyfsJIQDKKgbYgFw0MzVuDAmp\n" + "Rx6KTEihgTchkQx9fHddWbKiOUbcEnQi3LNux7P4QVl/4dRR3skisBug6Vd5LXeB\n" + "GZqmpu5XZiF4DgLz1lX21G0aOogFWkie2qGEcso40159x9FBDl5A3sLP18ubeex0\n" + "pd/BzDFv6SLOTyVWO/GCNc8IX/i0uN4mLvoVU00SeqwTPnS+CRXrSq4JjGDJLsXl\n" + "0/PlxkjsgU0yOOA0Z2d8Fzk3wClwP6Hc49BOMWKstUIhLbG2DcIv8l29EuEj2w3j\n" + "u/7gkewol96XQ2twpPvpoVAaiVh/m7hQUcQORQCD6eJcDjOZVCArAgMBAAGjgaQw\n" + "gaEwCQYDVR0TBAIwADAdBgNVHQ4EFgQUqYnRaBHrZmKLtMZES5AuwqzJkGYwUwYD\n" + "VR0jBEwwSoAU3MLDNDOK13DqflQ8ra7FeGBXK06hHKQaMBgxFjAUBgNVBAMMDU9W\n" + "UE4gVEVTVCBDQTGCFD55ErHXpK2JXS3WkfBm0NB1r3vKMBMGA1UdJQQMMAoGCCsG\n" + "AQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAZVcXrezA9Aby\n" + "sfUNHAsMxrex/EO0PrIPSrmSmc9sCiD8cCIeB6kL8c5iPPigoWW0uLA9zteDRFes\n" + "ez+Z8wBY6g8VQ0tFPURDooUg5011GZPDcuw7/PsI4+I2J9q6LHEp+6Oo4faSn/kl\n" + "yWYCLjM4FZdGXbOijDacQJiN6HcRv0UdodBrEVRf7YHJJmMCbCI7ZUGW2zef/+rO\n" + "e4Lkxh0MLYqCkNKH5ZfoGTC4Oeb0xKykswAanqgR60r+upaLU8PFuI2L9M3vc6KU\n" + "F6MgVGSxl6eylJgDYckvJiAbmcp2PD/LRQQOxQA0yqeAMg2cbdvclETuYD6zoFfu\n" + "Y8aO7dvDlw==\n" + "-----END CERTIFICATE-----\n"; + +static const char *const unittest_key = + "-----BEGIN PRIVATE KEY-----\n" + "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7xFoR6fmoyfsJ\n" + "IQDKKgbYgFw0MzVuDAmpRx6KTEihgTchkQx9fHddWbKiOUbcEnQi3LNux7P4QVl/\n" + "4dRR3skisBug6Vd5LXeBGZqmpu5XZiF4DgLz1lX21G0aOogFWkie2qGEcso40159\n" + "x9FBDl5A3sLP18ubeex0pd/BzDFv6SLOTyVWO/GCNc8IX/i0uN4mLvoVU00SeqwT\n" + "PnS+CRXrSq4JjGDJLsXl0/PlxkjsgU0yOOA0Z2d8Fzk3wClwP6Hc49BOMWKstUIh\n" + "LbG2DcIv8l29EuEj2w3ju/7gkewol96XQ2twpPvpoVAaiVh/m7hQUcQORQCD6eJc\n" + "DjOZVCArAgMBAAECggEACqkuWAAJ3cyCBVWrXs8eDmLTWV9i9DmYvtS75ixIn2rf\n" + "v3cl12YevN0f6FgKLuqZT3Vqdqq+DCVhuIIQ9QkKMH8BQpSdE9NCCsFyZ23o8Gtr\n" + "EQ7ymfecb+RFwYx7NpqWrvZI32VJGArgPZH/zorLTTGYrAZbmBtHEqRsXOuEDw97\n" + "slwwcWaa9ztaYC8/N/7fgsnydaCFSaOByRlWuyvSmHvn6ZwLv8ANOshY6fstC0Jb\n" + "BW0GpSe9eZPjpl71VT2RtpghqLV5+iAoFDHoT+eZvBospcUGtfcZSU7RrBjKB8+a\n" + "U1d6hwKhduVs2peIQzl+FiOSdWriLcsZv79q4sBhsQKBgQDUDVTf5BGJ8apOs/17\n" + "YVk+Ad8Ey8sXvsfk49psmlCRa8Z4g0LVXfrP94qzhtl8U5kE9hs3nEF4j/kX1ZWG\n" + "k11tdsNTZN5x5bbAgEgPA6Ap6J/uto0HS8G0vSv0lyBymdKA3p/i5Dx+8Nc9cGns\n" + "LGI9MvviLX7pQFIkvbaCkdKwYwKBgQDirowjWZnm7BgVhF0G1m3DY9nQTYYU185W\n" + "UESaO5/nVzwUrA+FypJamD+AvmlSuY8rJeQAGAS6nQr9G8/617r+GwJnzRtxC6Vl\n" + "4OF5BJRsD70oX4CFOOlycMoJ8tzcYVH7NI8KVocjxb+QW82hqSvEwSsvnwwn3eOW\n" + "nr5u5vIHmQKBgCuc3lL6Dl1ntdZgEIdau0cUjXDoFUo589TwxBDIID/4gaZxoMJP\n" + "hPFXAVDxMDPw4azyjSB/47tPKTUsuYcnMfT8kynIujOEwnSPLcLgxQU5kgM/ynuw\n" + "qhNpQOwaVRMc7f2RTCMXPBYDpNE/GJn5eu8JWGLpZovEreBeoHX0VffvAoGAVrWn\n" + "+3mxykhzaf+oyg3KDNysG+cbq+tlDVVE+K5oG0kePVYX1fjIBQmJ+QhdJ3y9jCbB\n" + "UVveqzeZVXqHEw/kgoD4aZZmsdZfnVnpRa5/y9o1ZDUr50n+2nzUe/u/ijlb77iK\n" + "Is04gnGJNoI3ZWhdyrSNfXjcYH+bKClu9OM4n7kCgYAorc3PAX7M0bsQrrqYxUS8\n" + "56UU0YdhAgYitjM7Fm/0iIm0vDpSevxL9js4HnnsSMVR77spCBAGOCCZrTcI3Ejg\n" + "xKDYzh1xlfMRjJBuBu5Pd55ZAv9NXFGpsX5SO8fDZQJMwpcbQH36+UdqRRFDpjJ0\n" + "ZbX6nKcJ7jciJVKJds59Jg==\n" + "-----END PRIVATE KEY-----\n"; static const char * get_tmp_dir(void) @@ -105,6 +145,44 @@ return ret; } +static struct +{ + struct gc_arena gc; + const char *certfile; + const char *keyfile; +} global_state; + +static int +init(void **state) +{ + (void) state; + global_state.gc = gc_new(); + global_state.certfile = platform_create_temp_file(get_tmp_dir(), "cert", &global_state.gc); + global_state.keyfile = platform_create_temp_file(get_tmp_dir(), "key", &global_state.gc); + + int certfd = open(global_state.certfile, O_RDWR); + int keyfd = open(global_state.keyfile, O_RDWR); + if (certfd < 0 || keyfd < 0) + { + fail_msg("make tmpfile for certificate or key data failed (error = %d)", errno); + } + assert_int_equal(write(certfd, unittest_cert, strlen(unittest_cert)), strlen(unittest_cert)); + assert_int_equal(write(keyfd, unittest_key, strlen(unittest_key)), strlen(unittest_key)); + close(certfd); + close(keyfd); + return 0; +} + +static int +cleanup(void **state) +{ + (void) state; + unlink(global_state.certfile); + unlink(global_state.keyfile); + gc_free(&global_state.gc); + return 0; +} + static void crypto_pem_encode_certificate(void **state) { @@ -136,6 +214,27 @@ } static void +test_load_certificate_and_key(void **state) +{ + (void) state; + struct tls_root_ctx ctx = { 0 }; + + /* test loading of inlined cert and key. + * loading the key also checks that it matches the loaded certificate + */ + tls_ctx_client_new(&ctx); + tls_ctx_load_cert_file(&ctx, unittest_cert, true); + assert_int_equal(tls_ctx_load_priv_file(&ctx, unittest_key, true), 0); + tls_ctx_free(&ctx); + + /* test loading of cert and key from file */ + tls_ctx_client_new(&ctx); + tls_ctx_load_cert_file(&ctx, global_state.certfile, false); + assert_int_equal(tls_ctx_load_priv_file(&ctx, global_state.keyfile, false), 0); + tls_ctx_free(&ctx); +} + +static void init_implicit_iv(struct crypto_options *co) { cipher_ctx_t *cipher = co->key_ctx_bi.encrypt.cipher; @@ -352,6 +451,7 @@ const struct CMUnitTest tests[] = { cmocka_unit_test(crypto_pem_encode_certificate), + cmocka_unit_test(test_load_certificate_and_key), cmocka_unit_test(test_data_channel_roundtrip_aes_128_gcm), cmocka_unit_test(test_data_channel_roundtrip_aes_192_gcm), cmocka_unit_test(test_data_channel_roundtrip_aes_256_gcm), @@ -366,7 +466,7 @@ tls_init_lib(); #endif - int ret = cmocka_run_group_tests_name("ssl tests", tests, NULL, NULL); + int ret = cmocka_run_group_tests_name("ssl tests", tests, init, cleanup); #if defined(ENABLE_CRYPTO_OPENSSL) tls_free_lib();