OpenVPN
test_ssl.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2023 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27 
28 #include "syshead.h"
29 
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <stdarg.h>
33 #include <string.h>
34 #include <setjmp.h>
35 #include <cmocka.h>
36 
37 #include "crypto.h"
38 #include "options.h"
39 #include "ssl_backend.h"
40 #include "options_util.h"
41 
42 #include "mock_msg.h"
43 #include "mss.h"
44 #include "ssl_verify_backend.h"
45 #include "win32.h"
46 #include "test_common.h"
47 
48 /* Mock function to be allowed to include win32.c which is required for
49  * getting the temp directory */
50 #ifdef _WIN32
51 struct signal_info siginfo_static; /* GLOBAL */
52 
53 const char *
54 strerror_win32(DWORD errnum, struct gc_arena *gc)
55 {
56  ASSERT(false);
57 }
58 
59 void
60 throw_signal(const int signum)
61 {
62  ASSERT(false);
63 }
64 #endif
65 
66 
67 const char *unittest_cert = "-----BEGIN CERTIFICATE-----\n"
68  "MIIBuTCCAUCgAwIBAgIUTLtjSBzx53qZRvZ6Ur7D9kgoOHkwCgYIKoZIzj0EAwIw\n"
69  "EzERMA8GA1UEAwwIdW5pdHRlc3QwIBcNMjMxMTIxMDk1NDQ3WhgPMjA3ODA4MjQw\n"
70  "OTU0NDdaMBMxETAPBgNVBAMMCHVuaXR0ZXN0MHYwEAYHKoZIzj0CAQYFK4EEACID\n"
71  "YgAEHYB2hn2xx3f4lClXDtdi36P19pMZA+kI1Dkv/Vn10vBZ/j9oa+P99T8duz/e\n"
72  "QlPeHpesNJO4fX8iEDj6+vMeWejOT7jAQ4MmG5EZjpcBKxCfwFooEvzu8bVujUcu\n"
73  "wTQEo1MwUTAdBgNVHQ4EFgQUPcgBEVXjF5vYfDsInoE3dF6UfQswHwYDVR0jBBgw\n"
74  "FoAUPcgBEVXjF5vYfDsInoE3dF6UfQswDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjO\n"
75  "PQQDAgNnADBkAjBLPAGrQAyinigqiu0RomoV8TVaknVLFSq6H6A8jgvzfsFCUK1O\n"
76  "dvNZhFPM6idKB+oCME2JLOBANCSV8o7aJzq7SYHKwPyb1J4JFlwKe/0Jpv7oh9b1\n"
77  "IJbuaM9Z/VSKbrIXGg==\n"
78  "-----END CERTIFICATE-----\n";
79 
80 static const char *
81 get_tmp_dir()
82 {
83  const char *ret;
84 #ifdef _WIN32
85  ret = win_get_tempdir();
86 #else
87  ret = "/tmp";
88 #endif
89  assert_non_null(ret);
90  return ret;
91 }
92 
93 static void
94 crypto_pem_encode_certificate(void **state)
95 {
96  struct gc_arena gc = gc_new();
97 
98  struct tls_root_ctx ctx = { 0 };
99  tls_ctx_client_new(&ctx);
100  tls_ctx_load_cert_file(&ctx, unittest_cert, true);
101 
102  openvpn_x509_cert_t *cert = NULL;
103 
104  /* we do not have methods to fetch certificates from ssl contexts, use
105  * internal TLS library methods for the unit test */
106 #ifdef ENABLE_CRYPTO_OPENSSL
107  cert = SSL_CTX_get0_certificate(ctx.ctx);
108 #elif defined(ENABLE_CRYPTO_MBEDTLS)
109  cert = ctx.crt_chain;
110 #endif
111 
112  const char *tmpfile = platform_create_temp_file(get_tmp_dir(), "ut_pem", &gc);
113  backend_x509_write_pem(cert, tmpfile);
114 
115  struct buffer exported_pem = buffer_read_from_file(tmpfile, &gc);
116  assert_string_equal(BSTR(&exported_pem), unittest_cert);
117 
118  tls_ctx_free(&ctx);
119  unlink(tmpfile);
120  gc_free(&gc);
121 }
122 
123 int
124 main(void)
125 {
126  openvpn_unit_test_setup();
127 
128  const struct CMUnitTest tests[] = {
129  cmocka_unit_test(crypto_pem_encode_certificate)
130  };
131 
132 #if defined(ENABLE_CRYPTO_OPENSSL)
133  tls_init_lib();
134 #endif
135 
136  int ret = cmocka_run_group_tests_name("crypto tests", tests, NULL, NULL);
137 
138 #if defined(ENABLE_CRYPTO_OPENSSL)
139  tls_free_lib();
140 #endif
141 
142  return ret;
143 }
buffer_read_from_file
struct buffer buffer_read_from_file(const char *filename, struct gc_arena *gc)
buffer_read_from_file - copy the content of a file into a buffer
Definition: buffer.c:1385
platform_create_temp_file
const char * platform_create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc)
Create a temporary file in directory, returns the filename of the created file.
Definition: platform.c:554
tls_ctx_load_cert_file
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Use Windows cryptoapi for key and cert, and add to library-specific TLS context.
Definition: ssl_openssl.c:970
ssl_backend.h
gc_new
static struct gc_arena gc_new(void)
Definition: buffer.h:1031
ssl_verify_backend.h
tls_init_lib
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
Definition: ssl_openssl.c:85
win32.h
openvpn_unit_test_setup
static void openvpn_unit_test_setup()
Sets up the environment for unit tests like making both stderr and stdout non-buffered to avoid messa...
Definition: test_common.h:36
test_common.h
BSTR
#define BSTR(buf)
Definition: buffer.h:129
tls_ctx_client_new
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
Definition: ssl_openssl.c:128
throw_signal
void throw_signal(const int signum)
Throw a hard signal.
Definition: test_ssl.c:60
tls_free_lib
void tls_free_lib(void)
Free any global SSL library-specific data structures.
Definition: ssl_openssl.c:99
options.h
backend_x509_write_pem
result_t backend_x509_write_pem(openvpn_x509_cert_t *cert, const char *filename)
Definition: ssl_verify_openssl.c:324
crypto_pem_encode_certificate
static void crypto_pem_encode_certificate(void **state)
Definition: test_ssl.c:94
options_util.h
ASSERT
#define ASSERT(x)
Definition: error.h:201
unittest_cert
const char * unittest_cert
Definition: test_ssl.c:67
siginfo_static
struct signal_info siginfo_static
Definition: test_ssl.c:51
crypto.h
tls_ctx_free
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
Definition: ssl_openssl.c:146
buffer
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
mock_msg.h
strerror_win32
const char * strerror_win32(DWORD errnum, struct gc_arena *gc)
Definition: test_ssl.c:54
syshead.h
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
get_tmp_dir
static const char * get_tmp_dir()
Definition: test_ssl.c:81
openvpn_x509_cert_t
X509 openvpn_x509_cert_t
Definition: openvpn-plugin.h:40
main
int main(void)
Definition: test_ssl.c:124
tls_root_ctx
Structure that wraps the TLS context.
Definition: ssl_mbedtls.h:104
signal_info
Definition: sig.h:41
gc_free
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1039
win_get_tempdir
const char * win_get_tempdir(void)
Definition: win32-util.c:152
mss.h
config.h
tls_root_ctx::ctx
SSL_CTX * ctx
Definition: ssl_openssl.h:40
Generated by   doxygen 1.8.17