libnm-util: handle PEM files without an ending newline (rh #507315)

Due to an off-by-one bug if the ending PEM tag was the last thing
in the file, it would get missed.  Add some testcases for that too.

libnm-util/crypto.c

@@ -58,7 +58,7 @@ find_tag (const char *tag, const char *buf, gsize len)
 	if (len < taglen)
 		return NULL;
 
-	for (i = 0; i < len - taglen; i++) {
+	for (i = 0; i < len - taglen + 1; i++) {
 		if (memcmp (buf + i, tag, taglen) == 0)
 			return buf + i;
 	}

libnm-util/tests/Makefile.am

@@ -65,21 +65,43 @@ check-local: test-settings-defaults test-crypto test-need-secrets
 	$(abs_builddir)/test-need-secrets
 	$(abs_builddir)/test-general
 
-# Cert with 8 bytes of tail padding
-	$(abs_builddir)/test-crypto \
-		$(top_srcdir)/libnm-util/tests/certs/test_ca_cert.pem \
+# Normal CA certificate
+	$(abs_builddir)/test-crypto --cert \
+		$(top_srcdir)/libnm-util/tests/certs/test_ca_cert.pem
+
+# Another CA certificate
+	$(abs_builddir)/test-crypto --cert \
+		$(top_srcdir)/libnm-util/tests/certs/test2_ca_cert.pem
+
+# CA certificate without an ending newline
+	$(abs_builddir)/test-crypto --cert \
+		$(top_srcdir)/libnm-util/tests/certs/ca-no-ending-newline.pem
+
+# Combined user cert and private key
+	$(abs_builddir)/test-crypto --cert \
+		$(top_srcdir)/libnm-util/tests/certs/test_key_and_cert.pem
+
+# Another combined user cert and private key
+	$(abs_builddir)/test-crypto --cert \
+		$(top_srcdir)/libnm-util/tests/certs/test2_key_and_cert.pem
+
+# Private key with 8 bytes of tail padding
+	$(abs_builddir)/test-crypto --key \
 		$(top_srcdir)/libnm-util/tests/certs/test_key_and_cert.pem \
-		$(top_srcdir)/libnm-util/tests/certs/test_key_and_cert.pem \
-		"test" \
+		"test"
+
+# Private key with 6 bytes of tail padding
+	$(abs_builddir)/test-crypto --key \
+		$(top_srcdir)/libnm-util/tests/certs/test2_key_and_cert.pem \
+		"12345testing"
+
+# PKCS#12 file
+	$(abs_builddir)/test-crypto --p12 \
 		$(top_srcdir)/libnm-util/tests/certs/test-cert.p12 \
 		"test"
 
-# Cert with only 6 bytes of tail padding
-	$(abs_builddir)/test-crypto \
-		$(top_srcdir)/libnm-util/tests/certs/test2_ca_cert.pem \
-		$(top_srcdir)/libnm-util/tests/certs/test2_key_and_cert.pem \
-		$(top_srcdir)/libnm-util/tests/certs/test2_key_and_cert.pem \
-		"12345testing" \
+# Another PKCS#12 file
+	$(abs_builddir)/test-crypto --p12 \
 		$(top_srcdir)/libnm-util/tests/certs/test2-cert.p12 \
 		"12345testing"
 

libnm-util/tests/certs/Makefile.am

@@ -13,5 +13,6 @@ EXTRA_DIST = \
 	test-cert.p12 \
 	test2_ca_cert.pem \
 	test2_key_and_cert.pem \
-	test2-cert.p12
+	test2-cert.p12 \
+	ca-no-ending-newline.pem
 

libnm-util/tests/certs/ca-no-ending-newline.pem

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
+bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv
+b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
+cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds
+b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH
+iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS
+r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4
+04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r
+GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
+3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P
+lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
+-----END CERTIFICATE-----

libnm-util/tests/test-crypto.c

@@ -282,37 +282,30 @@ int main (int argc, char **argv)
 {
 	GError *error = NULL;
 	char *progname;
-	const char *ca_cert;
-	const char *client_cert;
-	const char *priv_key;
-	const char *priv_key_password;
-	const char *pk12;
-	const char *pk12_password;
 
-	ASSERT (argc == 7, "test-crypto",
-	        "wrong number of arguments (expected ca-cert, client-cert, "
-	        "private-key, private-key-password, pkcs12-cert, pkcs12-password)");
+	ASSERT (argc > 2, "test-crypto",
+	        "wrong number of arguments (expected at least an operation and an object)");
 
 	if (!crypto_init (&error))
 		FAIL ("crypto-init", "failed to initialize crypto: %s", error->message);
 
-	ca_cert = argv[1];
-	client_cert = argv[2];
-	priv_key = argv[3];
-	priv_key_password = argv[4];
-	pk12 = argv[5];
-	pk12_password = argv[6];
+	if (!strcmp (argv[1], "--cert"))
+		test_load_cert (argv[2], "cert");
+	else if (!strcmp (argv[1], "--key")) {
+		ASSERT (argc == 4, "test-crypto",
+		        "wrong number of arguments (--key <key file> <password>)");
 
-	test_load_cert (ca_cert, "ca-cert");
-	test_load_cert (client_cert, "client-cert");
-	test_load_private_key (priv_key, priv_key_password, FALSE, "private-key");
-	test_load_private_key (priv_key, "blahblahblah", TRUE, "private-key-bad-password");
-	test_load_pkcs12 (pk12, pk12_password, FALSE, "pkcs12-private-key");
-	test_load_pkcs12 (pk12, "blahblahblah", TRUE, "pkcs12-private-key-bad-password");
-	test_is_pkcs12 (pk12, FALSE, "is-pkcs12");
-	test_is_pkcs12 (priv_key, TRUE, "is-pkcs12-not-pkcs12");
-
-	test_encrypt_private_key (priv_key, priv_key_password, "private-key");
+		test_load_private_key (argv[2], argv[3], FALSE, "private-key");
+		test_load_private_key (argv[2], "blahblahblah", TRUE, "private-key-bad-password");
+		test_encrypt_private_key (argv[2], argv[3], "private-key-rencrypt");
+		test_is_pkcs12 (argv[2], TRUE, "is-pkcs12-not-pkcs12");
+	} else if (!strcmp (argv[1], "--p12")) {
+		test_is_pkcs12 (argv[2], FALSE, "is-pkcs12");
+		test_load_pkcs12 (argv[2], argv[3], FALSE, "pkcs12-private-key");
+		test_load_pkcs12 (argv[2], "blahblahblah", TRUE, "pkcs12-private-key-bad-password");
+	} else {
+		ASSERT (argc > 2, "test-crypto", "unknown test type (not --cert, --key, or --p12)");
+	}
 
 	crypto_deinit ();