From patchwork Fri Dec 27 12:44:25 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "cron2 (Code Review)" <gerrit@openvpn.net>
X-Patchwork-Id: 4023
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:998b:b0:5e7:b9eb:58e8 with SMTP id
 d11csp6188006mav;
        Fri, 27 Dec 2024 04:44:41 -0800 (PST)
X-Forwarded-Encrypted: i=2;
 AJvYcCVjdu9UYiWiAcRKHr51Rym3gIywuNg0WtH9fuD4PvH+E9Z2aR9mIu8Xl/iieb/IRgDJbVNV+RMlYaY=@openvpn.net
X-Google-Smtp-Source: 
 AGHT+IGywZuvh7MzhjqDYg/R36tlcd/vBJqWFKyflKtCCMW+c2LIXwxOuJT7HdNCUfMVqurUgNSJ
X-Received: by 2002:a05:6830:4414:b0:717:d48c:593 with SMTP id
 46e09a7af769-720ff6c88d8mr13663421a34.10.1735303480998;
        Fri, 27 Dec 2024 04:44:40 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1735303480; cv=none;
        d=google.com; s=arc-20240605;
        b=VnCHN0IjtDASv61QvFK83UVQcQ+YRNGYqlMR8SNOvRcGCOeQdtrCLfWCnJIhV/F+UU
         IHPyvOdEEQBTS92/Vlup3MvT3g3ZdcIPiLeRkqdAdqBfpe/R/xbXFTfDtbOMC+ayBjuo
         +LVBxccBNX1XPLu2fpXIDE9PCf9IdgTduN1E1Xm00ZbmaOFA+pALpqh/0tH+0KvkQVJX
         5pV3xLpcL9Ny+k9lIGF3nNamQo2yOtZSqcimmfJPOTeDtYKPNM5fPGk1chI5PkZ4aRLz
         O1vPSBbcxvWJ50g4RUNTAWx/VmOl31IaBzynGGo6w9Sfe4HDFgVQLqNWKxbLUm6fKaqu
         ceWA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:cc:reply-to:list-subscribe:list-help:list-post
         :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent
         :mime-version:message-id:references:auto-submitted:to:date:from
         :dkim-signature:dkim-signature:dkim-signature;
        bh=cv8iIuMPdCIYZpRzSccaHg1khSixFb67K4C1X4rZ+aY=;
        fh=GFP4qDxgyJ2WEPo/oeLZg3Mj4NqvY1j2nTvTt7psNwg=;
        b=EZTGG90KR6Zh5J4HChp+37CiISAwXUA/vY12o/5n+vLNXb57yAui+V+VzhKSK31nis
         Zi168CRpMcHSxHZtyYaSRMCha0VFq1C0nw+rWubMRvX9FCk6Q4Pckm9qrTP9b6CDbt7m
         cudHB9kRyT53EYFeo0YlJrdg7zv+Wwrc3aHmxEgwhs3Y33TeqFuWQEQrkLy8v58JVeum
         JYKoQmQtTnP5Dwxjst2wYb2XXvVI7VlC6eiIzbmGr4D+4T0Lb8FxN+upxa5NFR1f6cVp
         M9Q7t+7xVwurce/h/C9LMETZlQKjOc+XiiGPFef+UA5rd9SJWhRsTmXIWCRvZdGjzno5
         uZMw==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=nG8OH+zW;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=AfxtTQJC;
       dkim=neutral (body hash did not verify) header.i=@openvpn.net
 header.s=google header.b=YL0VzNE6;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net;
       dara=fail header.i=@openvpn.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 46e09a7af769-71fc9789caasi10745699a34.31.2024.12.27.04.44.40
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 27 Dec 2024 04:44:40 -0800 (PST)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=nG8OH+zW;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=AfxtTQJC;
       dkim=neutral (body hash did not verify) header.i=@openvpn.net
 header.s=google header.b=YL0VzNE6;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net;
       dara=fail header.i=@openvpn.net
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
	by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1tR9hl-0000nj-Go;
	Fri, 27 Dec 2024 12:44:37 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <gerrit@openvpn.net>) id 1tR9hk-0000nc-Ax
 for openvpn-devel@lists.sourceforge.net;
 Fri, 27 Dec 2024 12:44:36 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version
 :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:
 From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From:
 Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=xK02GeBk3UUmjE5axkdjoAhBm2CDUBocF0FxkuWmpHQ=; b=nG8OH+zWsld1uiC2MZmV4FEcwE
 IxS9KtljmjnG/4glPtJbrT4HAG4GVoyAcsJz+aTxm/Ic7TbwSV5MxXT7SxFYWhX9lmNbqYUjrshUy
 nbbW8ltWn7uQH59RVjrfi5jOAilyDx6I1VQ797X20F+/nzW9wbKctYdTf5PRjZmOGMdo=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To:
 References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID
 :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:
 Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post:
 List-Owner:List-Archive; bh=xK02GeBk3UUmjE5axkdjoAhBm2CDUBocF0FxkuWmpHQ=; b=A
 fxtTQJCpitxw7JaxVUVJtfTIW0U3kJMDOX4tckkdbo9+QiAVikglZRoOGRrynqEhNouvNEXxQvNZO
 gx3MoCzTO/OZVOUy0e7lRgQZQ16iMTL0LRB5cY5I6MGeiMHjZgxu635ML/SN2vxYiSW1tlZvbjieZ
 By0YF2JNarV85noE=;
Received: from mail-wm1-f53.google.com ([209.85.128.53])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95)
 id 1tR9hi-0001aR-Nc for openvpn-devel@lists.sourceforge.net;
 Fri, 27 Dec 2024 12:44:35 +0000
Received: by mail-wm1-f53.google.com with SMTP id
 5b1f17b1804b1-436326dcb1cso46525085e9.0
 for <openvpn-devel@lists.sourceforge.net>;
 Fri, 27 Dec 2024 04:44:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=openvpn.net; s=google; t=1735303468; x=1735908268;
 darn=lists.sourceforge.net;
 h=user-agent:content-disposition:content-transfer-encoding
 :mime-version:message-id:reply-to:references:subject
 :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc
 :subject:date:message-id:reply-to;
 bh=xK02GeBk3UUmjE5axkdjoAhBm2CDUBocF0FxkuWmpHQ=;
 b=YL0VzNE61OpSCQc5hcItW/YQWouUE42yTzyl5Yn7+WiA3odrdiGeyxXKqrFwSysDpE
 eM4iVMmw3/Wq5EeiZYFCS6+k8z45XU6auyM4F6AzLZtdh3m0U4bJA/c9awsf0nsYQqzR
 YfYwXVAIfN2um7wvmKcXHvmvYu9jXZl3+ilIOW2fWLci8ljmcJdDPokiSblP5Tqntqqz
 fad19VlrKvaJ29eW5fkvbzIHIDsBnWbHBKCw+WQpzGj8pm+Dcz5OvS33hETIDb0XrFF8
 gEb+LpNq7/7tCB++2DmwynF7QIMgrcQP+Iz4boaImN2rbbvI4SHqluqALQ41u9Vs2W4i
 PeuA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1735303468; x=1735908268;
 h=user-agent:content-disposition:content-transfer-encoding
 :mime-version:message-id:reply-to:references:subject
 :list-unsubscribe:list-id:auto-submitted:cc:to:date:from
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=xK02GeBk3UUmjE5axkdjoAhBm2CDUBocF0FxkuWmpHQ=;
 b=CU11+eY8D+sm8Hl5EylV+yEw6V5vh+03jAtomkQ5LEGECmJv9Q1DZcFhcARF+JILP5
 GoB0yW8BVwaHDWWC53TifQopCF6PXLB3MKIRs+9sk/bYYP0lhQfScI/+rYmjz5+UzeM/
 XZ9aZR6HAe0dU+UCcKMcLOJTehScZupCNEnctjsaP3cAWRr1i/aq6/VSqMHccKmPAQIr
 ekvh9C1Y5Ak2sqYWzVPTv09qy3mb6I2ap5BS+setDldZF1PmDpNHZ7OLh5NmSuGB6uot
 zFL0C22ol3Ge3iQ1kah0dtcPp/Q+q3Ra/Zc1Xi0Cd/pdxMVEXy2N5kLUxGPAfKXWbTtw
 2kxg==
X-Gm-Message-State: AOJu0YzaJMxy4QwsxJZs55Egmi708u9Ttn8c959NQDSEi95xTLf/BOr8
 zInOqQk59e8QZyC7QtxUHSVEYCIl1QMsa8xZeaSOCCF8piG6arBU7clJqIvv9kw9FS3KDYS0S+q
 8
X-Gm-Gg: ASbGncvlevoDaSzpbXnP2x5j9+C/ptCYKG5Ll5Ix6seGi48OHgizD7Y3DIpRy5gfjpu
 OyFea6gSo4eMGjJRTgRMuh5TUeY2xOrScIX/SFVI4BUoy59UqeLlrO0+RecKKuiSoaRuAbZ1Isv
 YfoEmDSE/bgTHz0YxLs8FDztYPK+f6bgSfQFJq2DmrNJ74yjFSkHG4zEOpW87z8bxzMb+YpnmVb
 VbyMQp6e6t6AROCJMZHhvUI3zGo9kC7PFJgMz8/7iXN8oxaXuxo+wsIDkhDyFLzgWeWKclxWecA
 mUXcO7LgSpYmodFm5hM+uiwdan2xKUbviocJD+dsHLkXq8h9
X-Received: by 2002:a05:600c:3148:b0:434:f8a0:9dc5 with SMTP id
 5b1f17b1804b1-43668643a7bmr218682985e9.13.1735303468116;
 Fri, 27 Dec 2024 04:44:28 -0800 (PST)
Received: from gerrit.openvpn.in
 (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78])
 by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4366127c508sm264405915e9.33.2024.12.27.04.44.25
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 27 Dec 2024 04:44:26 -0800 (PST)
From: "flichtenheld (Code Review)" <gerrit@openvpn.net>
X-Google-Original-From: "flichtenheld (Code Review)"
 <gerrit@gerrit.openvpn.in>
X-Gerrit-PatchSet: 1
Date: Fri, 27 Dec 2024 12:44:25 +0000
To: plaisthos <arne-openvpn@rfc2549.org>
Auto-Submitted: auto-generated
X-Gerrit-MessageType: newchange
X-Gerrit-Change-Id: I47d95eee8a00b9878331fd6cd6a7db12665f5537
X-Gerrit-Change-Number: 847
X-Gerrit-Project: openvpn
X-Gerrit-ChangeURL: <http://gerrit.openvpn.net/c/openvpn/+/847?usp=email>
X-Gerrit-Commit: 451e0f6a74b41cd8e100144684f1921d5452e0bd
References: 
 <gerrit.1735303463000.I47d95eee8a00b9878331fd6cd6a7db12665f5537@gerrit.openvpn.net>
Message-ID: <c4a63861308d30a80971a6d80ae168cafa3806c8-HTML@gerrit.openvpn.net>
MIME-Version: 1.0
User-Agent: Gerrit/3.8.2
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-2.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: Attention is currently required from: plaisthos. Hello
 plaisthos, I'd like you to do a code review. Please visit
 Content analysis details:   (-0.2 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [209.85.128.53 listed in list.dnswl.org]
 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [209.85.128.53 listed in sa-trusted.bondedsender.org]
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [209.85.128.53 listed in bl.score.senderscore.com]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.128.53 listed in wl.mailspike.net]
 0.0 WEIRD_PORT             URI: Uses non-standard port number for HTTP
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted
 Colors in HTML
X-Headers-End: 1tR9hi-0001aR-Nc
Subject: [Openvpn-devel] [S] Change in openvpn[master]:
 t_server_null_default.rc: Add some tests with --data-ciphers
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Reply-To: frank@lichtenheld.com, arne-openvpn@rfc2549.org,
 openvpn-devel@lists.sourceforge.net
Cc: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1819597583094860180?=
X-GMAIL-MSGID: =?utf-8?q?1819597583094860180?=
X-getmail-filter-classifier: gerrit message type newchange

Attention is currently required from: plaisthos.

Hello plaisthos,

I'd like you to do a code review.
Please visit

    http://gerrit.openvpn.net/c/openvpn/+/847?usp=email

to review the following change.


Change subject: t_server_null_default.rc: Add some tests with --data-ciphers
......................................................................

t_server_null_default.rc: Add some tests with --data-ciphers

Trying to verify some of the negotiation parts.

Change-Id: I47d95eee8a00b9878331fd6cd6a7db12665f5537
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
---
M tests/t_server_null_default.rc
1 file changed, 30 insertions(+), 2 deletions(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/47/847/1

diff --git a/tests/t_server_null_default.rc b/tests/t_server_null_default.rc
index cbf4877..c05f7eb 100755
--- a/tests/t_server_null_default.rc
+++ b/tests/t_server_null_default.rc
@@ -1,3 +1,4 @@
+# -*- shell-script -*-
 # Notes regarding --dev null server and client configurations:
 #
 # The t_server_null_server.sh exits when all client pid files have gone
@@ -33,7 +34,7 @@
 SERVER_CERT_OPTS="--ca ${CA} --dh ${DH} --cert ${SERVER_CERT} --key ${SERVER_KEY} --tls-auth ${TA} 0"
 SERVER_CONF_BASE="${SERVER_BASE_OPTS} ${SERVER_CIPHER_OPTS} ${SERVER_CERT_OPTS}"
 
-TEST_SERVER_LIST="1 2"
+TEST_SERVER_LIST="1 2 3"
 
 SERVER_NAME_1="t_server_null_server-1194_udp"
 SERVER_SERVER_1="--server 10.29.41.0 255.255.255.0"
@@ -47,13 +48,19 @@
 SERVER_EXEC_2="${SERVER_EXEC}"
 SERVER_CONF_2="${SERVER_CONF_BASE} ${SERVER_SERVER_2} --lport 1195 --proto tcp --management 127.0.0.1 ${SERVER_MGMT_PORT_2}"
 
+SERVER_NAME_3="t_server_null_server-1196_udp"
+SERVER_SERVER_3="--server 10.29.43.0 255.255.255.0"
+SERVER_MGMT_PORT_3="11196"
+SERVER_EXEC_3="${SERVER_EXEC}"
+SERVER_CONF_3="${SERVER_CONF_BASE} ${SERVER_SERVER_3} --lport 1196 --proto udp --management 127.0.0.1 ${SERVER_MGMT_PORT_3} --cipher AES-192-CBC --data-ciphers DEFAULT:AES-192-CBC"
+
 # Test client configurations
 CLIENT_EXEC="${top_builddir}/src/openvpn/openvpn"
 CLIENT_BASE_OPTS="--client --dev null --ifconfig-noexec --nobind --remote-cert-tls server --persist-tun --verb 3 --resolv-retry infinite --connect-retry-max 3 --server-poll-timeout 5 --explicit-exit-notify 3 --script-security 2 --up ${srcdir}/null_client_up.sh"
 CLIENT_CIPHER_OPTS=""
 CLIENT_CERT_OPTS="--ca ${CA} --cert ${CLIENT_CERT} --key ${CLIENT_KEY} --tls-auth ${TA} 1"
 
-TEST_RUN_LIST="1 2 3"
+TEST_RUN_LIST="1 2 3 4a 4b 4c"
 CLIENT_CONF_BASE="${CLIENT_BASE_OPTS} ${CLIENT_CIPHER_OPTS} ${CLIENT_CERT_OPTS}"
 
 TEST_NAME_1="t_server_null_client.sh-openvpn_current_udp"
@@ -70,3 +77,24 @@
 SHOULD_PASS_3="no"
 CLIENT_EXEC_3="${CLIENT_EXEC}"
 CLIENT_CONF_3="${CLIENT_CONF_BASE} --remote 127.0.0.1 11194 udp --proto udp"
+
+# --data-cipher list against server with defaults
+# --cipher ignored
+TEST_NAME_4a="t_server_null_client.sh-openvpn_current_udp_dc1"
+SHOULD_PASS_4a="yes"
+CLIENT_EXEC_4a="${CLIENT_EXEC}"
+CLIENT_CONF_4a="${CLIENT_CONF_BASE} --remote 127.0.0.1 1194 udp --proto udp --cipher AES-128-CBC --data-ciphers AES-192-CBC:DEFAULT"
+
+# specific --data-cipher against server that supports that cipher
+# --cipher ignored
+TEST_NAME_4b="t_server_null_client.sh-openvpn_current_udp_dc3"
+SHOULD_PASS_4b="yes"
+CLIENT_EXEC_4b="${CLIENT_EXEC}"
+CLIENT_CONF_4b="${CLIENT_CONF_BASE} --remote 127.0.0.1 1196 udp --proto udp --cipher AES-128-CBC --data-ciphers AES-192-CBC"
+
+# specific --data-cipher against server that doesn't support that cipher
+# --cipher ignored
+TEST_NAME_4c="t_server_null_client.sh-openvpn_current_udp_dc3_fail"
+SHOULD_PASS_4c="no"
+CLIENT_EXEC_4c="${CLIENT_EXEC}"
+CLIENT_CONF_4c="${CLIENT_CONF_BASE} --remote 127.0.0.1 1196 udp --proto udp --cipher AES-192-CBC --data-ciphers AES-128-CBC"