openvpn/tests
Arne Schwabe 4357bb3754 Ensure tls-crypt keys are not setup twice
Commit 82ee2fe4b4 already did this when the session id stayed the same
but forgot the other code path that could also lead to tls-crypt keys to be
setup.

This approach was a bit too fragile as it missed some other code path
that might trigger the same behaviour. This commit changes the logic
to directly infer if the key is already initialised instead of taking
a proxy (like key state as the previous commit did).

The fix in commit 7a6ab5773 (#121, #127) made sure that we do not try
to extract the tls-crypt-v2 key multiple times and made the unit test
basically not work as the extraction was skipped and then could also
not fail anymore. I could work around it in the unit test but improving
tls_wrap_free felt preferable.

(Backported from master commit e287547d85151)

CVE: 2026-13698
Reported-By: Max Fillinger <maximilian.fillinger@sentyron.com>
Github: OpenVPN/openvpn-private-issues#137
Github: OpenVPN/openvpn-private-issues#138
Github: OpenVPN/openvpn-private-issues#147 (2.6 backport)

Change-Id: I3b5e4e84762aa253d46e69103f7b1e84ebefca1d
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-By: Max Fillinger <maximilian.fillinger@sentyron.com>
Acked-By: Gert Doering <gert@greenie.muc.de>
2026-06-30 15:25:19 +02:00
..
unit_tests Ensure tls-crypt keys are not setup twice 2026-06-30 15:25:19 +02:00
Makefile.am Update Copyright statements to 2024 2024-03-18 18:49:36 +01:00
ntlm_support.c Update Copyright statements to 2024 2024-03-18 18:49:36 +01:00
t_client.rc-sample t_client.sh: Allow to skip tests 2024-03-11 17:17:55 +01:00
t_client.sh.in tests: Allow to override openvpn binary used 2025-12-08 22:37:24 +01:00
t_cltsrv-down.sh build: standard directory layout 2012-03-22 22:07:08 +01:00
t_cltsrv.sh tests: Allow to override openvpn binary used 2025-12-08 22:37:24 +01:00
t_lpback.sh tests: Allow to override openvpn binary used 2025-12-08 22:37:24 +01:00
t_net.sh tests: Allow to override openvpn binary used 2025-12-08 22:37:24 +01:00
update_t_client_ips.sh Prevent generation of duplicate EXPECT_IFCONFIG entries 2016-11-08 15:09:52 +01:00