diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-31 16:27:03 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-03-31 20:24:30 +0200 |
| commit | 40518eb5fdb2f7f2716e98b8d9f39529d3996fc0 (patch) | |
| tree | bb03f04ffd2f4e36690b86e1aa8a155769189def /tests | |
| parent | d00fd03ec716c70821fee1723de4f22b26b7a99a (diff) | |
| download | gnutls-40518eb5fdb2f7f2716e98b8d9f39529d3996fc0.tar.gz | |
tests: added checks with problematic PKCS#12 files
These check whether parsing of unsupported files (e.g., with RC2-128),
will succeed. This serves as functionality check for gnutls_pkcs8_info.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/cert-tests/Makefile.am | 5 | ||||
| -rw-r--r-- | tests/cert-tests/data/key-corpus-rc2-1.p12 | bin | 0 -> 2528 bytes | |||
| -rw-r--r-- | tests/cert-tests/data/key-corpus-rc2-2.p12 | bin | 0 -> 2556 bytes | |||
| -rw-r--r-- | tests/cert-tests/data/key-corpus-rc2-3.p12 | bin | 0 -> 2530 bytes | |||
| -rwxr-xr-x | tests/cert-tests/pkcs12-corner-cases | 66 |
5 files changed, 69 insertions, 2 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index b309cc013d..a108cbe7f5 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -65,13 +65,14 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/openpgp-invalid1.pub data/openpgp-invalid2.pub data/openpgp-invalid3.pub \ data/openpgp-invalid4.pub data/openpgp-invalid5.pub \ data/openpgp-invalid5.pub data/openpgp-invalid6.pub \ - data/openpgp-invalid7.pub data/openpgp-invalid8.pub + data/openpgp-invalid7.pub data/openpgp-invalid8.pub \ + data/key-corpus-rc2-1.p12 data/key-corpus-rc2-2.p12 data/key-corpus-rc2-3.p12 dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ provable-dh userid sha2-test sha2-dsa-test provable-privkey-dsa2048 \ provable-privkey-rsa2048 provable-privkey-gen-default pkcs7-constraints \ - pkcs7-constraints2 certtool-long-oids pkcs7-cat + pkcs7-constraints2 certtool-long-oids pkcs7-cat pkcs12-corner-cases if WANT_TEST_SUITE dist_check_SCRIPTS += provable-dh-default diff --git a/tests/cert-tests/data/key-corpus-rc2-1.p12 b/tests/cert-tests/data/key-corpus-rc2-1.p12 Binary files differnew file mode 100644 index 0000000000..6934671189 --- /dev/null +++ b/tests/cert-tests/data/key-corpus-rc2-1.p12 diff --git a/tests/cert-tests/data/key-corpus-rc2-2.p12 b/tests/cert-tests/data/key-corpus-rc2-2.p12 Binary files differnew file mode 100644 index 0000000000..77789fb761 --- /dev/null +++ b/tests/cert-tests/data/key-corpus-rc2-2.p12 diff --git a/tests/cert-tests/data/key-corpus-rc2-3.p12 b/tests/cert-tests/data/key-corpus-rc2-3.p12 Binary files differnew file mode 100644 index 0000000000..5f5a7b920a --- /dev/null +++ b/tests/cert-tests/data/key-corpus-rc2-3.p12 diff --git a/tests/cert-tests/pkcs12-corner-cases b/tests/cert-tests/pkcs12-corner-cases new file mode 100755 index 0000000000..0b930009b2 --- /dev/null +++ b/tests/cert-tests/pkcs12-corner-cases @@ -0,0 +1,66 @@ +#!/bin/sh + +# Copyright (C) 2004-2006, 2008, 2010, 2012 Free Software Foundation, +# Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND=$(echo ${VALGRIND}|cut -d ' ' -f 1) + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=6" +fi + +DIFF="${DIFF:-diff}" +TMPFILE="pkcs12-corner.$$.tmp" + + +# Check corner cases in PKCS#12 decoding. Typically the structures tested fail +# in parsing, but we check against crashes, etc. These test cases were taken +# from Hubert Kario's corpus at: https://github.com/redhat-qe-security/keyfile-corpus + +cpassword='Red Hat Enterprise Linux 7.4' + +for p12 in "key-corpus-rc2-1.p12" "key-corpus-rc2-2.p12" "key-corpus-rc2-3.p12";do + set -- ${p12} + file="$1" + ${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "${cpassword}" \ + --infile "${srcdir}/data/${file}" >${TMPFILE} 2>&1 + rc=$? + if test ${rc} != 0 && test ${rc} != 1; then + cat ${TMPFILE} + echo "PKCS12 FATAL ${p12}" + exit 1 + fi +done + +rm -f ${TMPFILE} + +exit 0 |