diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-08-23 14:03:00 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-09-04 14:52:35 -0400 |
| commit | 7163389b550a36fa017f700713405fc3c89dc234 (patch) | |
| tree | 50bafc5964a7a9eac229d3b47635f1bb1050689f /src/lib/tls | |
| parent | 02086a216f15fd8c45e603a8d9bab482f60753f4 (diff) | |
| download | tor-7163389b550a36fa017f700713405fc3c89dc234.tar.gz tor-7163389b550a36fa017f700713405fc3c89dc234.zip | |
Several unit tests to improve test coverage of x509*.c
Diffstat (limited to 'src/lib/tls')
| -rw-r--r-- | src/lib/tls/x509.c | 3 | ||||
| -rw-r--r-- | src/lib/tls/x509_nss.c | 4 | ||||
| -rw-r--r-- | src/lib/tls/x509_openssl.c | 8 |
3 files changed, 10 insertions, 5 deletions
diff --git a/src/lib/tls/x509.c b/src/lib/tls/x509.c index cff1c1302c..c88298b6cf 100644 --- a/src/lib/tls/x509.c +++ b/src/lib/tls/x509.c @@ -118,6 +118,7 @@ tor_x509_cert_new,(tor_x509_cert_impl_t *x509_cert)) crypto_pk_t *pk = tor_tls_cert_get_key(cert); if (pk) { if (crypto_pk_get_common_digests(pk, &cert->pkey_digests) < 0) { + log_warn(LD_CRYPTO, "unable to compute digests of certificate key"); crypto_pk_free(pk); goto err; } @@ -128,10 +129,8 @@ tor_x509_cert_new,(tor_x509_cert_impl_t *x509_cert)) return cert; err: - /* LCOV_EXCL_START for the same reason as the exclusion above */ tor_free(cert); log_err(LD_CRYPTO, "Couldn't wrap encoded X509 certificate."); tor_x509_cert_impl_free_(x509_cert); return NULL; - /* LCOV_EXCL_STOP */ } diff --git a/src/lib/tls/x509_nss.c b/src/lib/tls/x509_nss.c index 35b3d2542b..68aebbb69a 100644 --- a/src/lib/tls/x509_nss.c +++ b/src/lib/tls/x509_nss.c @@ -62,9 +62,11 @@ tor_tls_create_certificate_internal(crypto_pk_t *rsa, validity = CERT_CreateValidity(((PRTime)start_time) * PRTIME_PER_SEC, ((PRTime)end_time) * PRTIME_PER_SEC); - if (! validity) { + if (BUG(! validity)) { + /* LCOV_EXCL_START */ crypto_nss_log_errors(LOG_WARN, "creating a validity object"); goto err; + /* LCOV_EXCL_STOP */ } unsigned long serial_number; diff --git a/src/lib/tls/x509_openssl.c b/src/lib/tls/x509_openssl.c index 28a30b66e1..f315b88f36 100644 --- a/src/lib/tls/x509_openssl.c +++ b/src/lib/tls/x509_openssl.c @@ -327,11 +327,15 @@ tor_tls_cert_is_valid(int severity, if (check_rsa_1024 && cert_key) { RSA *rsa = EVP_PKEY_get1_RSA(cert_key); #ifdef OPENSSL_1_1_API - if (rsa && RSA_bits(rsa) == 1024) + if (rsa && RSA_bits(rsa) == 1024) { #else - if (rsa && BN_num_bits(rsa->n) == 1024) + if (rsa && BN_num_bits(rsa->n) == 1024) { #endif key_ok = 1; + } else { + log_fn(severity, LD_CRYPTO, "Invalid certificate: Key is not RSA1024."); + } + if (rsa) RSA_free(rsa); } else if (cert_key) { |