From 5b89f50a813271d68b8efe58f0515b480b1356c7 Mon Sep 17 00:00:00 2001 From: Dengke Tang Date: Wed, 21 Feb 2024 16:28:34 -0800 Subject: [PATCH] Test for duplicate key import (#627) --- tests/CMakeLists.txt | 1 + tests/tls_handler_test.c | 46 ++++++++++++++++++++++++++++++++++------ 2 files changed, 41 insertions(+), 6 deletions(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index a1da0c5d9..5fbdb96aa 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -208,6 +208,7 @@ if(NOT BYO_CRYPTO) # Misc non-badssl tls tests add_net_test_case(test_concurrent_cert_import) + add_net_test_case(test_duplicate_cert_import) add_test_case(tls_channel_echo_and_backpressure_test) add_net_test_case(tls_client_channel_negotiation_error_socket_closed) add_net_test_case(tls_client_channel_negotiation_success) diff --git a/tests/tls_handler_test.c b/tests/tls_handler_test.c index fb1b6a4d5..1a7f94ddf 100644 --- a/tests/tls_handler_test.c +++ b/tests/tls_handler_test.c @@ -2124,14 +2124,9 @@ static void s_import_cert(void *ctx) { # endif /* !AWS_OS_IOS */ } -# define NUM_PAIRS 1 +# define NUM_PAIRS 2 static int s_test_concurrent_cert_import(struct aws_allocator *allocator, void *ctx) { (void)ctx; - /* temporarily disable this on apple until we can fix importing to be more robust */ - /* temporarily disable this on linux until we can make CRYPTO_zalloc behave and stop angering ASan */ -# if defined(__APPLE__) || defined(__linux__) - return AWS_OP_SUCCESS; -# endif aws_io_library_init(allocator); @@ -2178,6 +2173,45 @@ static int s_test_concurrent_cert_import(struct aws_allocator *allocator, void * AWS_TEST_CASE(test_concurrent_cert_import, s_test_concurrent_cert_import) +static int s_test_duplicate_cert_import(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + aws_io_library_init(allocator); + struct aws_byte_buf cert_buf = {0}; + struct aws_byte_buf key_buf = {0}; + +# if !defined(AWS_OS_IOS) + + ASSERT_SUCCESS(aws_byte_buf_init_from_file(&cert_buf, allocator, "testcert0.pem")); + ASSERT_SUCCESS(aws_byte_buf_init_from_file(&key_buf, allocator, "testkey.pem")); + struct aws_byte_cursor cert_cur = aws_byte_cursor_from_buf(&cert_buf); + struct aws_byte_cursor key_cur = aws_byte_cursor_from_buf(&key_buf); + struct aws_tls_ctx_options tls_options = {0}; + AWS_FATAL_ASSERT( + AWS_OP_SUCCESS == aws_tls_ctx_options_init_client_mtls(&tls_options, allocator, &cert_cur, &key_cur)); + + /* import happens in here */ + struct aws_tls_ctx *tls = aws_tls_client_ctx_new(allocator, &tls_options); + AWS_FATAL_ASSERT(tls); + aws_tls_ctx_release(tls); + /* import the same certs twice */ + tls = aws_tls_client_ctx_new(allocator, &tls_options); + AWS_FATAL_ASSERT(tls); + aws_tls_ctx_release(tls); + + aws_tls_ctx_options_clean_up(&tls_options); +# endif /* !AWS_OS_IOS */ + + /* clean up */ + aws_byte_buf_clean_up(&cert_buf); + aws_byte_buf_clean_up(&key_buf); + aws_io_library_clean_up(); + + return AWS_OP_SUCCESS; +} + +AWS_TEST_CASE(test_duplicate_cert_import, s_test_duplicate_cert_import) + static int s_tls_destroy_null_context(struct aws_allocator *allocator, void *ctx) { (void)allocator; (void)ctx;