diff options
author | Antonio Quartulli | 2018-07-08 10:45:17 +0800 |
---|---|---|
committer | Gert Doering | 2018-07-24 14:20:46 +0200 |
commit | 5817b49b4ca39f86eabb092c562b72d46d5509f7 (patch) | |
tree | 02bf6338071ee1013232515f05f89765c8ef3551 /tests | |
parent | a5d35a01dcf73e6a93f59d687adb6e5be38c7750 (diff) | |
download | openvpn-5817b49b4ca39f86eabb092c562b72d46d5509f7.zip openvpn-5817b49b4ca39f86eabb092c562b72d46d5509f7.tar.gz |
crypto: always reload tls-auth/crypt key contexts
In preparation to having tls-auth/crypt keys per connection
block, it is important to ensure that such material is always
reloaded upon SIGUSR1, no matter if `persist-key` was specified
or not.
This is required because when moving from one remote to the
other the key may change and thus the key context needs to
be refreshed.
To ensure that the `persist-key` logic will still work
as expected, the tls-auth/crypt key is pre-loaded so that
the keyfile is not required at runtime.
Trac: #720
Cc: Steffan Karger <steffan@karger.me>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20180708024517.27108-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17237.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/unit_tests/openvpn/Makefile.am | 1 | ||||
-rw-r--r-- | tests/unit_tests/openvpn/test_buffer.c | 45 |
2 files changed, 45 insertions, 1 deletions
diff --git a/tests/unit_tests/openvpn/Makefile.am b/tests/unit_tests/openvpn/Makefile.am index 1ff6261..0f7f86b 100644 --- a/tests/unit_tests/openvpn/Makefile.am +++ b/tests/unit_tests/openvpn/Makefile.am @@ -28,7 +28,6 @@ buffer_testdriver_CFLAGS = @TEST_CFLAGS@ -I$(openvpn_srcdir) -I$(compat_srcdir) buffer_testdriver_LDFLAGS = @TEST_LDFLAGS@ -L$(openvpn_srcdir) -Wl,--wrap=parse_line buffer_testdriver_SOURCES = test_buffer.c mock_msg.c \ mock_get_random.c \ - $(openvpn_srcdir)/buffer.c \ $(openvpn_srcdir)/platform.c crypto_testdriver_CFLAGS = @TEST_CFLAGS@ \ diff --git a/tests/unit_tests/openvpn/test_buffer.c b/tests/unit_tests/openvpn/test_buffer.c index d083b78..7c9a9e2 100644 --- a/tests/unit_tests/openvpn/test_buffer.c +++ b/tests/unit_tests/openvpn/test_buffer.c @@ -33,6 +33,7 @@ #include <cmocka.h> #include "buffer.h" +#include "buffer.c" static void test_buffer_strprefix(void **state) @@ -197,6 +198,48 @@ test_buffer_list_aggregate_separator_emptybuffers(void **state) assert_int_equal(BLEN(buf), 0); } +static void +test_buffer_free_gc_one(void **state) +{ + struct gc_arena gc = gc_new(); + struct buffer buf = alloc_buf_gc(1024, &gc); + + assert_ptr_equal(gc.list + 1, buf.data); + free_buf_gc(&buf, &gc); + assert_null(gc.list); + + gc_free(&gc); +} + +static void +test_buffer_free_gc_two(void **state) +{ + struct gc_arena gc = gc_new(); + struct buffer buf1 = alloc_buf_gc(1024, &gc); + struct buffer buf2 = alloc_buf_gc(1024, &gc); + struct buffer buf3 = alloc_buf_gc(1024, &gc); + + struct gc_entry *e; + + e = gc.list; + + assert_ptr_equal(e + 1, buf3.data); + assert_ptr_equal(e->next + 1, buf2.data); + assert_ptr_equal(e->next->next + 1, buf1.data); + + free_buf_gc(&buf2, &gc); + + assert_non_null(gc.list); + + while (e) + { + assert_ptr_not_equal(e + 1, buf2.data); + e = e->next; + } + + gc_free(&gc); +} + int main(void) { @@ -226,6 +269,8 @@ main(void) cmocka_unit_test_setup_teardown(test_buffer_list_aggregate_separator_emptybuffers, test_buffer_list_setup, test_buffer_list_teardown), + cmocka_unit_test(test_buffer_free_gc_one), + cmocka_unit_test(test_buffer_free_gc_two), }; return cmocka_run_group_tests_name("buffer", tests, NULL, NULL); |