diff --git a/libnm-util/crypto.c b/libnm-util/crypto.c index 02ec644cf..813cbc8ee 100644 --- a/libnm-util/crypto.c +++ b/libnm-util/crypto.c @@ -58,7 +58,7 @@ find_tag (const char *tag, const char *buf, gsize len) if (len < taglen) return NULL; - for (i = 0; i < len - taglen; i++) { + for (i = 0; i < len - taglen + 1; i++) { if (memcmp (buf + i, tag, taglen) == 0) return buf + i; } diff --git a/libnm-util/tests/Makefile.am b/libnm-util/tests/Makefile.am index 2d78b972d..e805199f8 100644 --- a/libnm-util/tests/Makefile.am +++ b/libnm-util/tests/Makefile.am @@ -65,21 +65,43 @@ check-local: test-settings-defaults test-crypto test-need-secrets $(abs_builddir)/test-need-secrets $(abs_builddir)/test-general -# Cert with 8 bytes of tail padding - $(abs_builddir)/test-crypto \ - $(top_srcdir)/libnm-util/tests/certs/test_ca_cert.pem \ +# Normal CA certificate + $(abs_builddir)/test-crypto --cert \ + $(top_srcdir)/libnm-util/tests/certs/test_ca_cert.pem + +# Another CA certificate + $(abs_builddir)/test-crypto --cert \ + $(top_srcdir)/libnm-util/tests/certs/test2_ca_cert.pem + +# CA certificate without an ending newline + $(abs_builddir)/test-crypto --cert \ + $(top_srcdir)/libnm-util/tests/certs/ca-no-ending-newline.pem + +# Combined user cert and private key + $(abs_builddir)/test-crypto --cert \ + $(top_srcdir)/libnm-util/tests/certs/test_key_and_cert.pem + +# Another combined user cert and private key + $(abs_builddir)/test-crypto --cert \ + $(top_srcdir)/libnm-util/tests/certs/test2_key_and_cert.pem + +# Private key with 8 bytes of tail padding + $(abs_builddir)/test-crypto --key \ $(top_srcdir)/libnm-util/tests/certs/test_key_and_cert.pem \ - $(top_srcdir)/libnm-util/tests/certs/test_key_and_cert.pem \ - "test" \ + "test" + +# Private key with 6 bytes of tail padding + $(abs_builddir)/test-crypto --key \ + $(top_srcdir)/libnm-util/tests/certs/test2_key_and_cert.pem \ + "12345testing" + +# PKCS#12 file + $(abs_builddir)/test-crypto --p12 \ $(top_srcdir)/libnm-util/tests/certs/test-cert.p12 \ "test" -# Cert with only 6 bytes of tail padding - $(abs_builddir)/test-crypto \ - $(top_srcdir)/libnm-util/tests/certs/test2_ca_cert.pem \ - $(top_srcdir)/libnm-util/tests/certs/test2_key_and_cert.pem \ - $(top_srcdir)/libnm-util/tests/certs/test2_key_and_cert.pem \ - "12345testing" \ +# Another PKCS#12 file + $(abs_builddir)/test-crypto --p12 \ $(top_srcdir)/libnm-util/tests/certs/test2-cert.p12 \ "12345testing" diff --git a/libnm-util/tests/certs/Makefile.am b/libnm-util/tests/certs/Makefile.am index b5c82aec5..b0dda3658 100644 --- a/libnm-util/tests/certs/Makefile.am +++ b/libnm-util/tests/certs/Makefile.am @@ -13,5 +13,6 @@ EXTRA_DIST = \ test-cert.p12 \ test2_ca_cert.pem \ test2_key_and_cert.pem \ - test2-cert.p12 + test2-cert.p12 \ + ca-no-ending-newline.pem diff --git a/libnm-util/tests/certs/ca-no-ending-newline.pem b/libnm-util/tests/certs/ca-no-ending-newline.pem new file mode 100644 index 000000000..664e299aa --- /dev/null +++ b/libnm-util/tests/certs/ca-no-ending-newline.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD +VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv +bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv +b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV +UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU +cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds +b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH +iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS +r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4 +04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r +GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9 +3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P +lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/ +-----END CERTIFICATE----- \ No newline at end of file diff --git a/libnm-util/tests/test-crypto.c b/libnm-util/tests/test-crypto.c index de4d6290e..a5466bc83 100644 --- a/libnm-util/tests/test-crypto.c +++ b/libnm-util/tests/test-crypto.c @@ -282,37 +282,30 @@ int main (int argc, char **argv) { GError *error = NULL; char *progname; - const char *ca_cert; - const char *client_cert; - const char *priv_key; - const char *priv_key_password; - const char *pk12; - const char *pk12_password; - ASSERT (argc == 7, "test-crypto", - "wrong number of arguments (expected ca-cert, client-cert, " - "private-key, private-key-password, pkcs12-cert, pkcs12-password)"); + ASSERT (argc > 2, "test-crypto", + "wrong number of arguments (expected at least an operation and an object)"); if (!crypto_init (&error)) FAIL ("crypto-init", "failed to initialize crypto: %s", error->message); - ca_cert = argv[1]; - client_cert = argv[2]; - priv_key = argv[3]; - priv_key_password = argv[4]; - pk12 = argv[5]; - pk12_password = argv[6]; + if (!strcmp (argv[1], "--cert")) + test_load_cert (argv[2], "cert"); + else if (!strcmp (argv[1], "--key")) { + ASSERT (argc == 4, "test-crypto", + "wrong number of arguments (--key )"); - test_load_cert (ca_cert, "ca-cert"); - test_load_cert (client_cert, "client-cert"); - test_load_private_key (priv_key, priv_key_password, FALSE, "private-key"); - test_load_private_key (priv_key, "blahblahblah", TRUE, "private-key-bad-password"); - test_load_pkcs12 (pk12, pk12_password, FALSE, "pkcs12-private-key"); - test_load_pkcs12 (pk12, "blahblahblah", TRUE, "pkcs12-private-key-bad-password"); - test_is_pkcs12 (pk12, FALSE, "is-pkcs12"); - test_is_pkcs12 (priv_key, TRUE, "is-pkcs12-not-pkcs12"); - - test_encrypt_private_key (priv_key, priv_key_password, "private-key"); + test_load_private_key (argv[2], argv[3], FALSE, "private-key"); + test_load_private_key (argv[2], "blahblahblah", TRUE, "private-key-bad-password"); + test_encrypt_private_key (argv[2], argv[3], "private-key-rencrypt"); + test_is_pkcs12 (argv[2], TRUE, "is-pkcs12-not-pkcs12"); + } else if (!strcmp (argv[1], "--p12")) { + test_is_pkcs12 (argv[2], FALSE, "is-pkcs12"); + test_load_pkcs12 (argv[2], argv[3], FALSE, "pkcs12-private-key"); + test_load_pkcs12 (argv[2], "blahblahblah", TRUE, "pkcs12-private-key-bad-password"); + } else { + ASSERT (argc > 2, "test-crypto", "unknown test type (not --cert, --key, or --p12)"); + } crypto_deinit ();