Azure
/
azure-c-shared-utility
зеркало из https://github.com/Azure/azure-c-shared-utility.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge pull request #628 from Azure/ewertons/openssl-no-engine 

ssl: allow openssl engine support to be optional
This commit is contained in:
Ewerton Scaboro da Silva 2023-05-15 15:54:46 -07:00 коммит произвёл GitHub
Родитель 28e7a52421 dcea390fd5
Коммит 4d50d92255
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
13 изменённых файлов: 162 добавлений и 6 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

13
CMakeLists.txt
Просмотреть файл

@ -29,6 +29,7 @@ option(use_builtin_httpapi "set use_builtin_httpapi to ON to use the built-in ht
option(use_cppunittest "set use_cppunittest to ON to build CppUnitTest tests on Windows (default is OFF)" OFF)
option(suppress_header_searches "do not try to find headers - used when compiler check will fail" OFF)
option(use_custom_heap "use externally defined heap functions instead of the malloc family" OFF)
option(no_openssl_engine "Disables the use of ENGINEs in OpenSSL" OFF)
if(${use_custom_heap})
add_definitions(-DGB_USE_CUSTOM_HEAP)
@ -106,6 +107,10 @@ if(${memory_trace})
endif()
if(${use_openssl})
if(${no_openssl_engine})
add_definitions(-DOPENSSL_NO_ENGINE)
endif()
if("${OPENSSL_ROOT_DIR}" STREQUAL "" AND NOT ("$ENV{OpenSSLDir}" STREQUAL ""))
set(OPENSSL_ROOT_DIR $ENV{OpenSSLDir} CACHE PATH "")
endif()
@ -115,6 +120,14 @@ if(${use_openssl})
if (NOT TARGET OpenSSL::SSL OR NOT TARGET OpenSSL::Crypto OR NOT ${OPENSSL_INCLUDE_DIR})
find_package(OpenSSL REQUIRED)
endif()
# The block below enables the v1 back-compatibility layer in OpenSSL 3,
# if using that version or later. For reference, please check the OpenSSL
# official documentation: https://www.openssl.org/docs/man3.0/man7/openssl_user_macros.html
if (DEFINED OPENSSL_VERSION AND (${OPENSSL_VERSION} GREATER_EQUAL 3))
add_definitions(-DOPENSSL_API_COMPAT=0x10101000L)
endif()
include_directories(${OPENSSL_INCLUDE_DIR})
endif()

1
README.md
Просмотреть файл

@ -86,6 +86,7 @@ In order to turn on/off the tlsio implementations use the following CMAKE option
* `-Duse_installed_dependencies:bool={ON/OFF}` - turns on/off building azure-c-shared-utility using installed dependencies. This package may only be installed if this flag is ON.
* `-Drun_unittests:bool={ON/OFF}` - enables building of unit tests. Default is OFF.
* `-Duse_default_uuid:bool={ON/OFF}` - use the out-of-the-box UUID implementation that comes with the SDK rather than platform specific implementations. Default is OFF.
* `-Dno_openssl_engine:bool={ON/OFF}` - disables the use of ENGINEs in OpenSSL. Default is OFF.
## Porting to new devices

19
adapters/httpapi_curl.c
Просмотреть файл

@ -47,8 +47,10 @@ typedef struct HTTP_HANDLE_DATA_TAG
const char* certificates; /*a list of CA certificates*/
#if USE_OPENSSL
OPTION_OPENSSL_KEY_TYPE x509privatekeytype;
#ifndef OPENSSL_NO_ENGINE
char* engineId;
ENGINE* engine;
#endif // OPENSSL_NO_ENGINE
#elif USE_MBEDTLS
mbedtls_x509_crt cert;
mbedtls_pk_context key;
@ -198,8 +200,10 @@ HTTP_HANDLE HTTPAPI_CreateConnection(const char* hostName)
httpHandleData->certificates = NULL;
#ifdef USE_OPENSSL
httpHandleData->x509privatekeytype = KEY_TYPE_DEFAULT;
#ifndef OPENSSL_NO_ENGINE
httpHandleData->engineId = NULL;
httpHandleData->engine = NULL;
#endif // OPENSSL_NO_ENGINE
#elif USE_MBEDTLS
mbedtls_x509_crt_init(&httpHandleData->cert);
mbedtls_pk_init(&httpHandleData->key);
@ -220,6 +224,7 @@ void HTTPAPI_CloseConnection(HTTP_HANDLE handle)
free(httpHandleData->hostURL);
curl_easy_cleanup(httpHandleData->curl);
#ifdef USE_OPENSSL
#ifndef OPENSSL_NO_ENGINE
if (httpHandleData->engine != NULL)
{
ENGINE_free(httpHandleData->engine);
@ -231,6 +236,7 @@ void HTTPAPI_CloseConnection(HTTP_HANDLE handle)
free(httpHandleData->engineId);
httpHandleData->engineId = NULL;
}
#endif // OPENSSL_NO_ENGINE
#elif USE_MBEDTLS
mbedtls_x509_crt_free(&httpHandleData->cert);
mbedtls_pk_free(&httpHandleData->key);
@ -315,6 +321,7 @@ static CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr)
HTTP_HANDLE_DATA *httpHandleData = (HTTP_HANDLE_DATA *)userptr;
#ifdef USE_OPENSSL
/*trying to set the x509 per device certificate*/
#ifndef OPENSSL_NO_ENGINE
if (httpHandleData->x509privatekeytype == KEY_TYPE_ENGINE) {
ENGINE_load_builtin_engines();
httpHandleData->engine = ENGINE_by_id(httpHandleData->engineId);
@ -328,10 +335,18 @@ static CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr)
(httpHandleData->x509certificate != NULL) && (httpHandleData->x509privatekey != NULL) &&
(x509_openssl_add_credentials(ssl_ctx, httpHandleData->x509certificate, httpHandleData->x509privatekey, httpHandleData->x509privatekeytype, httpHandleData->engine) != 0)
)
#else // OPENSSL_NO_ENGINE
if (
(httpHandleData->x509certificate != NULL) && (httpHandleData->x509privatekey != NULL) &&
(x509_openssl_add_credentials(ssl_ctx, httpHandleData->x509certificate, httpHandleData->x509privatekey, httpHandleData->x509privatekeytype) != 0)
)
#endif // OPENSSL_NO_ENGINE
{
LogError("unable to x509_openssl_add_credentials");
result = CURLE_SSL_CERTPROBLEM;
#ifndef OPENSSL_NO_ENGINE
ENGINE_free(httpHandleData->engine);
#endif // OPENSSL_NO_ENGINE
}
/*trying to set CA certificates*/
else if (
@ -341,7 +356,9 @@ static CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr)
{
LogError("failure in x509_openssl_add_certificates");
result = CURLE_SSL_CERTPROBLEM;
#ifndef OPENSSL_NO_ENGINE
ENGINE_free(httpHandleData->engine);
#endif // OPENSSL_NO_ENGINE
}
#elif USE_WOLFSSL
if (
@ -850,6 +867,7 @@ HTTPAPI_RESULT HTTPAPI_SetOption(HTTP_HANDLE handle, const char* optionName, con
result = HTTPAPI_ERROR;
}
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(OPTION_OPENSSL_ENGINE, optionName) == 0)
{
if (mallocAndStrcpy_s((char**)&httpHandleData->engineId, value) != 0)
@ -862,6 +880,7 @@ HTTPAPI_RESULT HTTPAPI_SetOption(HTTP_HANDLE handle, const char* optionName, con
result = HTTPAPI_OK;
}
}
#endif // OPENSSL_NO_ENGINE
#endif
else if (strcmp(SU_OPTION_X509_PRIVATE_KEY, optionName) == 0 || strcmp(OPTION_X509_ECC_KEY, optionName) == 0)
{

12
adapters/tlsio_openssl.c
Просмотреть файл

@ -759,11 +759,14 @@ void engine_destroy(TLS_IO_INSTANCE* tls)
{
if(tls->engine != NULL)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE_free(tls->engine); // Release structural reference.
#endif // OPENSSL_NO_ENGINE
tls->engine = NULL;
}
}
#ifndef OPENSSL_NO_ENGINE
int engine_load(TLS_IO_INSTANCE* tls)
{
int result;
@ -782,6 +785,7 @@ int engine_load(TLS_IO_INSTANCE* tls)
return result;
}
#endif // OPENSSL_NO_ENGINE
static void close_openssl_instance(TLS_IO_INSTANCE* tls_io_instance)
{
@ -1081,6 +1085,7 @@ static int create_openssl_instance(TLS_IO_INSTANCE* tlsInstance)
log_ERR_get_error("Failed allocating OpenSSL context.");
result = MU_FAILURE;
}
#ifndef OPENSSL_NO_ENGINE
else if ((tlsInstance->engine_id != NULL) &&
(engine_load(tlsInstance) != 0))
{
@ -1088,6 +1093,7 @@ static int create_openssl_instance(TLS_IO_INSTANCE* tlsInstance)
tlsInstance->ssl_context = NULL;
result = MU_FAILURE;
}
#endif // OPENSSL_NO_ENGINE
else if ((tlsInstance->cipher_list != NULL) &&
(SSL_CTX_set_cipher_list(tlsInstance->ssl_context, tlsInstance->cipher_list)) != 1)
{
@ -1113,8 +1119,12 @@ static int create_openssl_instance(TLS_IO_INSTANCE* tlsInstance)
tlsInstance->ssl_context,
tlsInstance->x509_certificate,
tlsInstance->x509_private_key,
#ifndef OPENSSL_NO_ENGINE
tlsInstance->x509_private_key_type,
tlsInstance->engine) != 0)
#else // OPENSSL_NO_ENGINE
tlsInstance->x509_private_key_type) != 0)
#endif // OPENSSL_NO_ENGINE
)
{
engine_destroy(tlsInstance);
@ -1723,6 +1733,7 @@ int tlsio_openssl_setoption(CONCRETE_IO_HANDLE tls_io, const char* optionName, c
}
}
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(OPTION_OPENSSL_ENGINE, optionName) == 0)
{
ENGINE_load_builtin_engines();
@ -1737,6 +1748,7 @@ int tlsio_openssl_setoption(CONCRETE_IO_HANDLE tls_io, const char* optionName, c
result = 0;
}
}
#endif // OPENSSL_NO_ENGINE
else if (strcmp(OPTION_OPENSSL_PRIVATE_KEY_TYPE, optionName) == 0)
{
const OPTION_OPENSSL_KEY_TYPE type = *(const OPTION_OPENSSL_KEY_TYPE*)value;

19
adapters/x509_openssl.c
Просмотреть файл

@ -11,7 +11,9 @@
#include "openssl/x509.h"
#include "openssl/pem.h"
#include "openssl/err.h"
#ifndef OPENSSL_NO_ENGINE
#include "openssl/engine.h"
#endif // OPENSSL_NO_ENGINE
#ifdef __APPLE__
#ifndef EVP_PKEY_id
@ -219,6 +221,7 @@ int x509_openssl_add_pem_file_key(SSL_CTX* ssl_ctx, const char* x509privatekey)
return result;
}
#ifndef OPENSSL_NO_ENGINE
int x509_openssl_add_engine_key(SSL_CTX* ssl_ctx, const char* x509privatekey_id, ENGINE* engine)
{
int result;
@ -270,13 +273,22 @@ int x509_openssl_add_engine_key(SSL_CTX* ssl_ctx, const char* x509privatekey_id,
return result;
}
#endif // OPENSSL_NO_ENGINE
#ifndef OPENSSL_NO_ENGINE
int x509_openssl_add_credentials(
SSL_CTX* ssl_ctx,
const char* x509certificate,
const char* x509privatekey,
OPTION_OPENSSL_KEY_TYPE x509privatekeytype,
ENGINE* engine)
#else // OPENSSL_NO_ENGINE
int x509_openssl_add_credentials(
SSL_CTX* ssl_ctx,
const char* x509certificate,
const char* x509privatekey,
OPTION_OPENSSL_KEY_TYPE x509privatekeytype)
#endif // OPENSSL_NO_ENGINE
{
int result;
if (ssl_ctx == NULL || x509certificate == NULL || x509privatekey == NULL)
@ -285,11 +297,13 @@ int x509_openssl_add_credentials(
LogError("invalid parameter detected: ssl_ctx=%p, x509certificate=%p, x509privatekey=%p", ssl_ctx, x509certificate, x509privatekey);
result = MU_FAILURE;
}
#ifndef OPENSSL_NO_ENGINE
else if ((x509privatekeytype == KEY_TYPE_ENGINE) && (engine == NULL))
{
LogError("OpenSSL Engine must be configured when KEY_TYPE_ENGINE is used.");
result = MU_FAILURE;
}
#endif // OPENSSL_NO_ENGINE
else
{
// Configure private key.
@ -297,13 +311,16 @@ int x509_openssl_add_credentials(
{
result = x509_openssl_add_pem_file_key(ssl_ctx, x509privatekey);
}
#ifndef OPENSSL_NO_ENGINE
else if (x509privatekeytype == KEY_TYPE_ENGINE)
{
result = x509_openssl_add_engine_key(ssl_ctx, x509privatekey, engine);
}
#endif // OPENSSL_NO_ENGINE
else
{
result = 0;
LogError("Unexpected value of OPTION_OPENSSL_KEY_TYPE (%d)", x509privatekeytype);
result = MU_FAILURE;
}
if (result == 0)

4
inc/azure_c_shared_utility/x509_openssl.h
Просмотреть файл

@ -14,7 +14,11 @@ extern "C" {
#include "umock_c/umock_c_prod.h"
MOCKABLE_FUNCTION(,int, x509_openssl_add_certificates, SSL_CTX*, ssl_ctx, const char*, certificates);
#ifndef OPENSSL_NO_ENGINE
MOCKABLE_FUNCTION(,int, x509_openssl_add_credentials, SSL_CTX*, ssl_ctx, const char*, x509certificate, const char*, x509privatekey, OPTION_OPENSSL_KEY_TYPE, x509privatekeytype, ENGINE*, engine);
#else // OPENSSL_NO_ENGINE
MOCKABLE_FUNCTION(,int, x509_openssl_add_credentials, SSL_CTX*, ssl_ctx, const char*, x509certificate, const char*, x509privatekey, OPTION_OPENSSL_KEY_TYPE, x509privatekeytype);
#endif // OPENSSL_NO_ENGINE
#ifdef __cplusplus
}

1
jenkins/linux_c_option_test.sh
Просмотреть файл

@ -41,6 +41,7 @@ declare -a arr=(
"-Denable_raw_logging=ON -Dno_logging=ON"
"-Duse_builtin_httpapi=ON"
"-Duse_default_uuid=ON"
"-Dno_openssl_engine=ON"
)
for item in "${arr[@]}"

3
tests/CMakeLists.txt
Просмотреть файл

@ -48,7 +48,8 @@ if(${run_unittests})
#normally, with proper include paths, the below tests can be run under windows too.
if(${use_openssl})
add_subdirectory(x509_openssl_ut)
add_subdirectory(x509_openssl_ut/engine)
add_subdirectory(x509_openssl_ut/no_engine)
endif()
add_subdirectory(string_tokenizer_ut)

6
tests/x509_openssl_ut/CMakeLists.txt → tests/x509_openssl_ut/engine/CMakeLists.txt
Просмотреть файл

@ -3,10 +3,10 @@
cmake_minimum_required (VERSION 3.5)
set(theseTestsName x509_openssl_ut)
set(theseTestsName x509_openssl_ut_engine)
set(${theseTestsName}_test_files
${theseTestsName}.c
../x509_openssl_ut.c
)
if(LINUX)
@ -19,7 +19,7 @@ if(LINUX)
endif()
set(${theseTestsName}_c_files
../../adapters/x509_openssl.c
../../../adapters/x509_openssl.c
)
set(${theseTestsName}_h_files

0
tests/x509_openssl_ut/main.c → tests/x509_openssl_ut/engine/main.c
Просмотреть файл

23
tests/x509_openssl_ut/no_engine/CMakeLists.txt Normal file
Просмотреть файл

@ -0,0 +1,23 @@
#Copyright (c) Microsoft. All rights reserved.
#Licensed under the MIT license. See LICENSE file in the project root for full license information.
cmake_minimum_required (VERSION 3.5)
set(theseTestsName x509_openssl_ut_no_engine)
set(${theseTestsName}_test_files
../x509_openssl_ut.c
)
set(${theseTestsName}_c_files
../../../adapters/x509_openssl.c
)
set(${theseTestsName}_h_files
)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DOPENSSL_NO_ENGINE")
build_c_test_artifacts(${theseTestsName} ON "tests/azure_c_shared_utility_tests")
compile_c_test_artifacts_as(${theseTestsName} C99)

11
tests/x509_openssl_ut/no_engine/main.c Normal file
Просмотреть файл

@ -0,0 +1,11 @@
// Copyright (c) Microsoft. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
#include "testrunnerswitcher.h"
int main(void)
{
size_t failedTestCount = 0;
RUN_TEST_SUITE(x509_openssl_unittests, failedTestCount);
return failedTestCount;
}

56
tests/x509_openssl_ut/x509_openssl_ut.c
Просмотреть файл

@ -34,7 +34,9 @@ static void my_gballoc_free(void* s)
#include "openssl/bio.h"
#include "openssl/rsa.h"
#include "openssl/evp.h"
#ifndef OPENSSL_NO_ENGINE
#include "openssl/engine.h"
#endif // OPENSSL_NO_ENGINE
#include "azure_c_shared_utility/x509_openssl.h"
#include "umock_c/umocktypes_charptr.h"
@ -117,10 +119,12 @@ MOCKABLE_FUNCTION(, long, SSL_CTX_ctrl, SSL_CTX*, ctx, int, cmd, long, larg, voi
MOCKABLE_FUNCTION(, unsigned long, ERR_peek_last_error);
MOCKABLE_FUNCTION(, void, ERR_clear_error);
#ifndef OPENSSL_NO_ENGINE
MOCKABLE_FUNCTION(, int, ENGINE_init, ENGINE*, e);
MOCKABLE_FUNCTION(, int, ENGINE_set_default, ENGINE*, e, unsigned int, flags);
MOCKABLE_FUNCTION(, EVP_PKEY*, ENGINE_load_private_key, ENGINE*, e, const char*, key_id, UI_METHOD*, ui_method, void*, callback_data);
MOCKABLE_FUNCTION(, int, ENGINE_finish, ENGINE*, e);
#endif // OPENSSL_NO_ENGINE
#ifndef __APPLE__
MOCKABLE_FUNCTION(, int, EVP_PKEY_id, const EVP_PKEY*, pkey);
@ -222,7 +226,9 @@ typedef struct replace_evp_pkey_st_tag
#define TEST_X509_STORE (X509_STORE *)"le store"
#define TEST_BIO_METHOD (BIO_METHOD*)"le method"
#define TEST_BIO (BIO*)"le bio"
#ifndef OPENSSL_NO_ENGINE
#define TEST_ENGINE (ENGINE*)"the engine"
#endif // OPENSSL_NO_ENGINE
#define TEST_KEY_ID "the key id"
static const char* TEST_PUBLIC_CERTIFICATE = "PUBLIC CERTIFICATE";
@ -285,10 +291,12 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
REGISTER_GLOBAL_MOCK_RETURNS(SSL_CTX_use_PrivateKey, 1, 0);
REGISTER_GLOBAL_MOCK_HOOK(SSL_CTX_ctrl, my_SSL_CTX_ctrl);
#ifndef OPENSSL_NO_ENGINE
REGISTER_GLOBAL_MOCK_RETURNS(ENGINE_init, 1, 0);
REGISTER_GLOBAL_MOCK_RETURNS(ENGINE_set_default, 1, 0);
REGISTER_GLOBAL_MOCK_RETURNS(ENGINE_load_private_key, g_evp_pkey, NULL);
REGISTER_GLOBAL_MOCK_RETURNS(ENGINE_finish, 1, 0);
#endif // OPENSSL_NO_ENGINE
}
TEST_SUITE_CLEANUP(TestClassCleanup)
@ -376,6 +384,7 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
setup_load_certificate_chain_mocks();
}
#ifndef OPENSSL_NO_ENGINE
static void setup_add_credentials_engine()
{
// x509_openssl_add_pem_file_key
@ -387,6 +396,7 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
STRICT_EXPECTED_CALL(ENGINE_finish(TEST_ENGINE));
setup_load_certificate_chain_mocks();
}
#endif // OPENSSL_NO_ENGINE
/*Tests_SRS_X509_OPENSSL_02_001: [ If any argument is NULL then x509_openssl_add_credentials shall fail and return a non-zero value. ]*/
TEST_FUNCTION(x509_openssl_add_credentials_with_NULL_SSL_CTX_fails)
@ -394,7 +404,11 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
//arrange
//act
#ifndef OPENSSL_NO_ENGINE
int result = x509_openssl_add_credentials(NULL, TEST_PUBLIC_CERTIFICATE, "privatekey", KEY_TYPE_DEFAULT, NULL);
#else // OPENSSL_NO_ENGINE
int result = x509_openssl_add_credentials(NULL, TEST_PUBLIC_CERTIFICATE, "privatekey", KEY_TYPE_DEFAULT);
#endif // OPENSSL_NO_ENGINE
//assert
ASSERT_ARE_NOT_EQUAL(int, 0, result);
@ -408,7 +422,11 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
//arrange
//act
#ifndef OPENSSL_NO_ENGINE
int result = x509_openssl_add_credentials(TEST_SSL_CTX, NULL, "privatekey", KEY_TYPE_DEFAULT, NULL);
#else // OPENSSL_NO_ENGINE
int result = x509_openssl_add_credentials(TEST_SSL_CTX, NULL, "privatekey", KEY_TYPE_DEFAULT);
#endif // OPENSSL_NO_ENGINE
//assert
ASSERT_ARE_NOT_EQUAL(int, 0, result);
@ -422,7 +440,11 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
//arrange
//act
int result = x509_openssl_add_credentials(TEST_SSL_CTX, TEST_PUBLIC_CERTIFICATE, NULL, KEY_TYPE_DEFAULT, NULL);
#ifndef OPENSSL_NO_ENGINE
int result = x509_openssl_add_credentials(TEST_SSL_CTX, TEST_PUBLIC_CERTIFICATE, NULL, KEY_TYPE_DEFAULT, TEST_ENGINE);
#else // OPENSSL_NO_ENGINE
int result = x509_openssl_add_credentials(TEST_SSL_CTX, TEST_PUBLIC_CERTIFICATE, NULL, KEY_TYPE_DEFAULT);
#endif // OPENSSL_NO_ENGINE
//assert
ASSERT_ARE_NOT_EQUAL(int, 0, result);
@ -435,7 +457,11 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
//arrange
//act
#ifndef OPENSSL_NO_ENGINE
int result = x509_openssl_add_credentials(TEST_SSL_CTX, NULL, "privatekey", KEY_TYPE_ENGINE, TEST_ENGINE);
#else
int result = x509_openssl_add_credentials(TEST_SSL_CTX, NULL, "privatekey", KEY_TYPE_DEFAULT);
#endif // OPENSSL_NO_ENGINE
//assert
ASSERT_ARE_NOT_EQUAL(int, 0, result);
@ -448,7 +474,11 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
//arrange
//act
#ifndef OPENSSL_NO_ENGINE
int result = x509_openssl_add_credentials(TEST_SSL_CTX, TEST_PUBLIC_CERTIFICATE, NULL, KEY_TYPE_ENGINE, TEST_ENGINE);
#else
int result = x509_openssl_add_credentials(TEST_SSL_CTX, TEST_PUBLIC_CERTIFICATE, NULL, KEY_TYPE_DEFAULT);
#endif // OPENSSL_NO_ENGINE
//assert
ASSERT_ARE_NOT_EQUAL(int, 0, result);
@ -456,6 +486,7 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
//cleanup
}
#ifndef OPENSSL_NO_ENGINE
TEST_FUNCTION(x509_openssl_engine_add_credentials_with_NULL_engine_fails)
{
//arrange
@ -468,6 +499,7 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
//cleanup
}
#endif // OPENSSL_NO_ENGINE
/*Tests_SRS_X509_OPENSSL_02_002: [ x509_openssl_add_credentials shall use BIO_new_mem_buf to create a memory BIO from the x509 certificate. ] */
/*Tests_SRS_X509_OPENSSL_02_003: [ x509_openssl_add_credentials shall use PEM_read_bio_X509 to read the x509 certificate. ] */
@ -481,7 +513,11 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
setup_add_credentials_pem_file(true);
//act
#ifndef OPENSSL_NO_ENGINE
int result = x509_openssl_add_credentials(TEST_SSL_CTX_STRUCTURE, TEST_PUBLIC_CERTIFICATE, TEST_PRIVATE_CERTIFICATE, KEY_TYPE_DEFAULT, NULL);
#else // OPENSSL_NO_ENGINE
int result = x509_openssl_add_credentials(TEST_SSL_CTX_STRUCTURE, TEST_PUBLIC_CERTIFICATE, TEST_PRIVATE_CERTIFICATE, KEY_TYPE_DEFAULT);
#endif // OPENSSL_NO_ENGINE
//assert
ASSERT_ARE_EQUAL(int, 0, result);
@ -495,7 +531,11 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
setup_add_credentials_pem_file(false);
//act
#ifndef OPENSSL_NO_ENGINE
int result = x509_openssl_add_credentials(TEST_SSL_CTX_STRUCTURE, TEST_PUBLIC_CERTIFICATE, TEST_PRIVATE_CERTIFICATE, KEY_TYPE_DEFAULT, NULL);
#else // OPENSSL_NO_ENGINE
int result = x509_openssl_add_credentials(TEST_SSL_CTX_STRUCTURE, TEST_PUBLIC_CERTIFICATE, TEST_PRIVATE_CERTIFICATE, KEY_TYPE_DEFAULT);
#endif // OPENSSL_NO_ENGINE
//assert
ASSERT_ARE_EQUAL(int, 0, result);
@ -504,6 +544,7 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
//cleanup
}
#ifndef OPENSSL_NO_ENGINE
TEST_FUNCTION(x509_openssl_engine_add_credentials_happy_path)
{
setup_add_credentials_engine();
@ -517,6 +558,7 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
//cleanup
}
#endif // OPENSSL_NO_ENGINE
void x509_openssl_add_credentials_fails(bool is_rsa, bool use_engine)
{
@ -530,10 +572,12 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
{
setup_add_credentials_pem_file(is_rsa);
}
#ifndef OPENSSL_NO_ENGINE
else
{
setup_add_credentials_engine();
}
#endif // OPENSSL_NO_ENGINE
umock_c_negative_tests_snapshot();
@ -566,11 +610,13 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
calls_cannot_fail = is_rsa ? calls_cannot_fail_rsa : calls_cannot_fail_ecc;
calls_cannot_fail_size = is_rsa ? sizeof(calls_cannot_fail_rsa) / sizeof(calls_cannot_fail_rsa[0]) : sizeof(calls_cannot_fail_ecc) / sizeof(calls_cannot_fail_ecc[0]);
}
#ifndef OPENSSL_NO_ENGINE
else
{
calls_cannot_fail = calls_cannot_fail_engine;
calls_cannot_fail_size = sizeof(calls_cannot_fail_engine) / sizeof(calls_cannot_fail_engine[0]);
}
#endif // OPENSSL_NO_ENGINE
//act
int result;
@ -592,12 +638,18 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
if (!use_engine)
{
#ifndef OPENSSL_NO_ENGINE
result = x509_openssl_add_credentials(TEST_SSL_CTX_STRUCTURE, TEST_PUBLIC_CERTIFICATE, TEST_PRIVATE_CERTIFICATE, KEY_TYPE_DEFAULT, NULL);
#else // OPENSSL_NO_ENGINE
result = x509_openssl_add_credentials(TEST_SSL_CTX_STRUCTURE, TEST_PUBLIC_CERTIFICATE, TEST_PRIVATE_CERTIFICATE, KEY_TYPE_DEFAULT);
#endif // OPENSSL_NO_ENGINE
}
#ifndef OPENSSL_NO_ENGINE
else
{
result = x509_openssl_add_credentials(TEST_SSL_CTX_STRUCTURE, TEST_PUBLIC_CERTIFICATE, TEST_KEY_ID, KEY_TYPE_ENGINE, TEST_ENGINE);
}
#endif // OPENSSL_NO_ENGINE
//assert
ASSERT_ARE_NOT_EQUAL(int, 0, result, tmp_msg);
@ -619,10 +671,12 @@ BEGIN_TEST_SUITE(x509_openssl_unittests)
x509_openssl_add_credentials_fails(/* is_rsa: */ false, /* use_engine: */ false);
}
#ifndef OPENSSL_NO_ENGINE
TEST_FUNCTION(x509_openssl_add_engine_credentials_fails)
{
x509_openssl_add_credentials_fails(/* is_rsa: */ false, /* use_engine: */ true);
}
#endif // OPENSSL_NO_ENGINE
/*Tests_SRS_X509_OPENSSL_02_010: [ If ssl_ctx is NULL then x509_openssl_add_certificates shall fail and return a non-zero value. ]*/
TEST_FUNCTION(x509_openssl_add_certificates_with_NULL_ssl_ctx_fails)