diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-09-12 10:23:48 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-09-12 10:25:28 +0200 |
commit | b3c508908e78455cd5588c2cb0663d0386182a96 (patch) | |
tree | 3de87105c781312b5ed466ffdcbd7acde6c46479 | |
parent | 767c893992ffec5664f74a69ff76d2835903e975 (diff) | |
download | gnutls-b3c508908e78455cd5588c2cb0663d0386182a96.tar.gz |
tests: check key mismatch on gnutls_certificate_set_*key
That is, check whether these functions can successfully
recover from such condition, without leaks or double freeing.
-rw-r--r-- | tests/set_key.c | 51 | ||||
-rw-r--r-- | tests/set_x509_key.c | 45 |
2 files changed, 92 insertions, 4 deletions
diff --git a/tests/set_key.c b/tests/set_key.c index deae8a335b..7229a20510 100644 --- a/tests/set_key.c +++ b/tests/set_key.c @@ -158,6 +158,56 @@ static void basic(void) success("success"); } +static void failure_mode(void) +{ + gnutls_certificate_credentials_t x509_cred; + gnutls_pcert_st pcert_list[16]; + gnutls_privkey_t key; + unsigned pcert_list_size; + const char *names[] = {"localhost", "localhost2"}; + int ret; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + assert(gnutls_privkey_init(&key)>=0); + + pcert_list_size = sizeof(pcert_list)/sizeof(pcert_list[0]); + ret = gnutls_pcert_list_import_x509_raw(pcert_list, &pcert_list_size, + &server_cert, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("error in gnutls_pcert_list_import_x509_raw: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_privkey_import_x509_raw(key, &server_ecc_key, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) { + fail("error in key import: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_certificate_set_key(x509_cred, names, 2, pcert_list, + pcert_list_size, key); + if (ret < 0) { + success("expected error in gnutls_certificate_set_key: %s\n", gnutls_strerror(ret)); + goto cleanup; + } + + fail("gnutls_certificate_set_key succeeded unexpectedly\n"); + + cleanup: + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} + static void auto_parse(void) { gnutls_certificate_credentials_t x509_cred, clicred; @@ -244,5 +294,6 @@ static void auto_parse(void) void doit(void) { basic(); +// failure_mode(); auto_parse(); } diff --git a/tests/set_x509_key.c b/tests/set_x509_key.c index aa540144a8..306bcd0809 100644 --- a/tests/set_x509_key.c +++ b/tests/set_x509_key.c @@ -84,7 +84,7 @@ static void compare(const gnutls_datum_t *der, const void *ipem) return; } -static unsigned import_key(gnutls_certificate_credentials_t xcred, const gnutls_datum_t *skey, const gnutls_datum_t *cert) +static int import_key(gnutls_certificate_credentials_t xcred, const gnutls_datum_t *skey, const gnutls_datum_t *cert) { gnutls_x509_privkey_t key; gnutls_x509_crt_t *crt_list; @@ -107,8 +107,9 @@ static unsigned import_key(gnutls_certificate_credentials_t xcred, const gnutls_ ret = gnutls_certificate_set_x509_key(xcred, crt_list, crt_list_size, key); if (ret < 0) { - fail("error in gnutls_certificate_set_x509_key: %s\n", gnutls_strerror(ret)); - exit(1); + success("error in gnutls_certificate_set_x509_key: %s\n", gnutls_strerror(ret)); + idx = ret; + goto cleanup; } /* return index */ @@ -125,6 +126,7 @@ static unsigned import_key(gnutls_certificate_credentials_t xcred, const gnutls_ compare(&tcert, cert->data+i); } + cleanup: gnutls_x509_privkey_deinit(key); for (i=0;i<crt_list_size;i++) { gnutls_x509_crt_deinit(crt_list[i]); @@ -134,7 +136,7 @@ static unsigned import_key(gnutls_certificate_credentials_t xcred, const gnutls_ return idx; } -void doit(void) +static void basic(void) { gnutls_certificate_credentials_t x509_cred; gnutls_certificate_credentials_t clicred; @@ -178,3 +180,38 @@ void doit(void) success("success"); } +static void failure_mode(void) +{ + gnutls_certificate_credentials_t x509_cred; + int ret; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_time_function(mytime); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + + ret = import_key(x509_cred, &server_key, &server_ecc_cert); + if (ret >= 0) { + fail("gnutls_certificate_set_x509_key: succeeded!\n"); + } + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} + +void doit(void) +{ + basic(); + failure_mode(); +} |