Test for duplicate key import (#627)

awslabs · Feb 22, 2024 · 5b89f50 · 5b89f50
1 parent 105c3d4
commit 5b89f50
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 6 deletions.
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
@@ -208,6 +208,7 @@ if(NOT BYO_CRYPTO)
 
     # Misc non-badssl tls tests
     add_net_test_case(test_concurrent_cert_import)
+    add_net_test_case(test_duplicate_cert_import)
     add_test_case(tls_channel_echo_and_backpressure_test)
     add_net_test_case(tls_client_channel_negotiation_error_socket_closed)
     add_net_test_case(tls_client_channel_negotiation_success)

diff --git a/tests/tls_handler_test.c b/tests/tls_handler_test.c
@@ -2124,14 +2124,9 @@ static void s_import_cert(void *ctx) {
 #    endif /* !AWS_OS_IOS */
 }
 
-#    define NUM_PAIRS 1
+#    define NUM_PAIRS 2
 static int s_test_concurrent_cert_import(struct aws_allocator *allocator, void *ctx) {
     (void)ctx;
-    /* temporarily disable this on apple until we can fix importing to be more robust */
-    /* temporarily disable this on linux until we can make CRYPTO_zalloc behave and stop angering ASan */
-#    if defined(__APPLE__) || defined(__linux__)
-    return AWS_OP_SUCCESS;
-#    endif
 
     aws_io_library_init(allocator);
 
@@ -2178,6 +2173,45 @@ static int s_test_concurrent_cert_import(struct aws_allocator *allocator, void *
 
 AWS_TEST_CASE(test_concurrent_cert_import, s_test_concurrent_cert_import)
 
+static int s_test_duplicate_cert_import(struct aws_allocator *allocator, void *ctx) {
+    (void)ctx;
+
+    aws_io_library_init(allocator);
+    struct aws_byte_buf cert_buf = {0};
+    struct aws_byte_buf key_buf = {0};
+
+#    if !defined(AWS_OS_IOS)
+
+    ASSERT_SUCCESS(aws_byte_buf_init_from_file(&cert_buf, allocator, "testcert0.pem"));
+    ASSERT_SUCCESS(aws_byte_buf_init_from_file(&key_buf, allocator, "testkey.pem"));
+    struct aws_byte_cursor cert_cur = aws_byte_cursor_from_buf(&cert_buf);
+    struct aws_byte_cursor key_cur = aws_byte_cursor_from_buf(&key_buf);
+    struct aws_tls_ctx_options tls_options = {0};
+    AWS_FATAL_ASSERT(
+        AWS_OP_SUCCESS == aws_tls_ctx_options_init_client_mtls(&tls_options, allocator, &cert_cur, &key_cur));
+
+    /* import happens in here */
+    struct aws_tls_ctx *tls = aws_tls_client_ctx_new(allocator, &tls_options);
+    AWS_FATAL_ASSERT(tls);
+    aws_tls_ctx_release(tls);
+    /* import the same certs twice */
+    tls = aws_tls_client_ctx_new(allocator, &tls_options);
+    AWS_FATAL_ASSERT(tls);
+    aws_tls_ctx_release(tls);
+
+    aws_tls_ctx_options_clean_up(&tls_options);
+#    endif /* !AWS_OS_IOS */
+
+    /* clean up */
+    aws_byte_buf_clean_up(&cert_buf);
+    aws_byte_buf_clean_up(&key_buf);
+    aws_io_library_clean_up();
+
+    return AWS_OP_SUCCESS;
+}
+
+AWS_TEST_CASE(test_duplicate_cert_import, s_test_duplicate_cert_import)
+
 static int s_tls_destroy_null_context(struct aws_allocator *allocator, void *ctx) {
     (void)allocator;
     (void)ctx;