From ca0e38b5fd97def8bd379d260bf476c3d7aed4f3 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 7 Apr 2017 14:42:10 +0200 Subject: tests: added checks with certificates that contain invalid time field Signed-off-by: Nikos Mavrogiannopoulos --- tests/cert-tests/Makefile.am | 6 ++-- tests/cert-tests/cert-time | 46 +++++++++++++++++++++++++++ tests/cert-tests/data/invalid-date-day.der | Bin 0 -> 1063 bytes tests/cert-tests/data/invalid-date-hour.der | Bin 0 -> 1063 bytes tests/cert-tests/data/invalid-date-mins.der | Bin 0 -> 1063 bytes tests/cert-tests/data/invalid-date-month.der | Bin 0 -> 1063 bytes tests/cert-tests/data/invalid-date-secs.der | Bin 0 -> 1063 bytes 7 files changed, 50 insertions(+), 2 deletions(-) create mode 100755 tests/cert-tests/cert-time create mode 100644 tests/cert-tests/data/invalid-date-day.der create mode 100644 tests/cert-tests/data/invalid-date-hour.der create mode 100644 tests/cert-tests/data/invalid-date-mins.der create mode 100644 tests/cert-tests/data/invalid-date-month.der create mode 100644 tests/cert-tests/data/invalid-date-secs.der diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index f6addc2528..9dd08920a4 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -70,7 +70,9 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/openpgp-invalid7.pub data/openpgp-invalid8.pub \ data/key-corpus-rc2-1.p12 data/key-corpus-rc2-2.p12 data/key-corpus-rc2-3.p12 \ data/pkcs7-chain.pem data/pkcs7-chain-root.pem \ - data/pkcs7-chain-endcert-key.pem data/openssl-invalid-time-format.pem + data/pkcs7-chain-endcert-key.pem data/openssl-invalid-time-format.pem \ + data/invalid-date-hour.der data/invalid-date-mins.der \ + data/invalid-date-secs.der data/invalid-date-month.der data/invalid-date-day.der dist_check_SCRIPTS = pathlen aki certtool invalid-sig email crq \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ @@ -78,7 +80,7 @@ dist_check_SCRIPTS = pathlen aki certtool invalid-sig email crq \ provable-dh userid sha2-test sha2-dsa-test provable-privkey-dsa2048 \ provable-privkey-rsa2048 provable-privkey-gen-default pkcs7-constraints \ pkcs7-constraints2 certtool-long-oids pkcs7-cat pkcs12-corner-cases \ - pkcs7-list-sign + pkcs7-list-sign cert-time if WANT_TEST_SUITE dist_check_SCRIPTS += provable-dh-default diff --git a/tests/cert-tests/cert-time b/tests/cert-tests/cert-time new file mode 100755 index 0000000000..6ee2a226e6 --- /dev/null +++ b/tests/cert-tests/cert-time @@ -0,0 +1,46 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +DIFF="${DIFF:-diff -b -B}" + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +# Check whether certificates with invalid time fields are accepted +for file in invalid-date-hour.der invalid-date-mins.der invalid-date-secs.der invalid-date-month.der invalid-date-day.der;do + ${VALGRIND} "${CERTTOOL}" --inder -i --infile "${srcdir}/data/$file" + rc=$? + + if test "${rc}" = "0";then + echo "file $file was accepted" + exit 1 + fi +done + +exit 0 diff --git a/tests/cert-tests/data/invalid-date-day.der b/tests/cert-tests/data/invalid-date-day.der new file mode 100644 index 0000000000..76e7ec1c9b Binary files /dev/null and b/tests/cert-tests/data/invalid-date-day.der differ diff --git a/tests/cert-tests/data/invalid-date-hour.der b/tests/cert-tests/data/invalid-date-hour.der new file mode 100644 index 0000000000..5bdf8ebda8 Binary files /dev/null and b/tests/cert-tests/data/invalid-date-hour.der differ diff --git a/tests/cert-tests/data/invalid-date-mins.der b/tests/cert-tests/data/invalid-date-mins.der new file mode 100644 index 0000000000..47054ddd34 Binary files /dev/null and b/tests/cert-tests/data/invalid-date-mins.der differ diff --git a/tests/cert-tests/data/invalid-date-month.der b/tests/cert-tests/data/invalid-date-month.der new file mode 100644 index 0000000000..e3cbf73d36 Binary files /dev/null and b/tests/cert-tests/data/invalid-date-month.der differ diff --git a/tests/cert-tests/data/invalid-date-secs.der b/tests/cert-tests/data/invalid-date-secs.der new file mode 100644 index 0000000000..f796a30dbc Binary files /dev/null and b/tests/cert-tests/data/invalid-date-secs.der differ -- cgit v1.2.1