From 5ff986cb0a51c90dfab16b2e57f9466c9f58b8d4 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 6 Apr 2023 09:22:20 +0200 Subject: [PATCH 01/14] Provide makefile rules to generate cerst for authorityKeyId, subjectKeyId tests Signed-off-by: Przemek Stekiel --- tests/data_files/Makefile | 21 ++++++++++++++++++ .../authorityKeyId_subjectKeyId.conf | 11 +++++++++ .../authorityKeyId_subjectKeyId.crt.der | Bin 0 -> 536 bytes ...subjectKeyId_issuer_tag1_malformed.crt.der | Bin 0 -> 536 bytes ...subjectKeyId_issuer_tag2_malformed.crt.der | Bin 0 -> 536 bytes ...d_subjectKeyId_keyid_tag_malformed.crt.der | Bin 0 -> 536 bytes ...eyId_subjectKeyId_length_malformed.crt.der | Bin 0 -> 536 bytes ...ubjectKeyId_sequence_tag_malformed.crt.der | Bin 0 -> 536 bytes ...tyKeyId_subjectKeyId_tag_malformed.crt.der | Bin 0 -> 536 bytes 9 files changed, 32 insertions(+) create mode 100644 tests/data_files/authorityKeyId_subjectKeyId.conf create mode 100644 tests/data_files/authorityKeyId_subjectKeyId.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_tag_malformed.crt.der diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index ea8e0c96a..702aefb6d 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -550,6 +550,27 @@ crl_cat_rsa-ec.pem:crl.pem crl-ec-sha256.pem all_final += crl_cat_ec-rsa.pem crl_cat_rsa-ec.pem +authorityKeyId_subjectKeyId.crt.der: + $(OPENSSL) req -x509 -nodes -days 7300 -key server5.key -outform DER -out authorityKeyId_subjectKeyId.crt.der -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' + +authorityKeyId_subjectKeyId_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/04145061A58FD407D9D782010CE5657F8C6346A713BE/01145061A58FD407D9D782010CE5657F8C6346A713BE/" | xxd -r -p > $@ + +authorityKeyId_subjectKeyId_length_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/306D80145061A58FD407/306C80145061A58FD407/" | xxd -r -p > $@ + +authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/6F306D80145061A58FD4/6F006D80145061A58FD4/" | xxd -r -p > $@ + +authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/306D80145061A58FD407/306D00145061A58FD407/" | xxd -r -p > $@ + +authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/A13FA43D303B310B3009/003FA43D303B310B3009/" | xxd -r -p > $@ + +authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/A43D303B310B30090603/003D303B310B30090603/" | xxd -r -p > $@ + ################################################################ #### Generate various RSA keys ################################################################ diff --git a/tests/data_files/authorityKeyId_subjectKeyId.conf b/tests/data_files/authorityKeyId_subjectKeyId.conf new file mode 100644 index 000000000..208082d20 --- /dev/null +++ b/tests/data_files/authorityKeyId_subjectKeyId.conf @@ -0,0 +1,11 @@ +[req] +distinguished_name = req_distinguished_name +x509_extensions = v3_req +prompt = no +[req_distinguished_name] +countryName = NL +organizationalUnitName = PolarSSL +commonName = PolarSSL Test CA +[v3_req] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always diff --git a/tests/data_files/authorityKeyId_subjectKeyId.crt.der b/tests/data_files/authorityKeyId_subjectKeyId.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..dbbe51866b15d91efa225450b203d954d4d098d6 GIT binary patch literal 536 zcmXqLViGZEV%)ianTe5!NyIYY{k^b~d-By~Vl&V8#W49PObIgJV&l+i^EhYA!pvk~ zZOCoF$;KSY!Y0h*=VK^nzz^bZ^Kb;@=Oh*d2m2UG8i<30n0W+XLJA?N#U%>Pjs|k# zyhg?bCI)5(=7ts~hEd|YCLpdMluMc6kp{wS>|l2?F+v^8%*f8{#K2;HChTSzr(9H# z-SJ4>{|b5UYJRd!EV-~&Wb5|~rO2d7eoq;0C=337rGLpJHdbtJSI433a^BFhU0Qs< z7*A|@`+srcEQ7}B2C_hJ$?~y?v4{jDF73aPjs|k# zyhg?bCI)5(=7ts~hEd|YCLpdMluMc6kp{wS>|l2?F+v^8%*f8{#K2;HChTSzr(9H# z-SJ4>{|b5UYJRd!EV-~&Wb5|~rO2d7eoq;0C=337rGLpJHdbtJSI433a^BFhU0Qs< z7*A|@`+srcEQ7}B2C_hJ$?~y?v4{jDF73a_R1}mV?5qJEBlps(x&e| smEY8XN-j+9JE-{V+mamPjs|k# zyhg?bCI)5(=7ts~hEd|YCLpdMluMc6kp{wS>|l2?F+v^8%*f8{#K2;HChTSzr(9H# z-SJ4>{|b5UYJRd!EV-~&Wb5|~rO2d7eoq;0C=337rGLpJHdbtJSI433a^BFhU0Qs< z7*A|@`+srcEQ7}B2C_hJ$?~y?v4{jDF73a_R1}mV?5qJEBlps(x&e| smEY8XN-j+9JE-{V+mamPjs|k# zyhg?bCI)5(=7ts~hEd|YCLpdMluMc6kp{wS>|l2?F+v^8%*f8{#K2;HChTSzr(9H# z-SJ4>{|b5UYJRd!EV-~&Wb5|~rO2d7eoq;0C=337rGLpJHdbtJSI433a^BFhU0Qs< z7*A|@`+srcEQ7}B2C_hJ$?~y?v4{jDF73a%fS^xk5 literal 0 HcmV?d00001 diff --git a/tests/data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..3f9e8709637e02b2a3a2288656955418a1c2f9b5 GIT binary patch literal 536 zcmXqLViGZEV%)ianTe5!NyIYY{k^b~d-By~Vl&V8#W49PObIgJV&l+i^EhYA!pvk~ zZOCoF$;KSY!Y0h*=VK^nzz^bZ^Kb;@=Oh*d2m2UG8i<30n0W+XLJA?N#U%>Pjs|k# zyhg?bCI)5(=7ts~hEd|YCLpdMluMc6kp{wS>|l2?F+v^8%*f8{#K2;HChTSzr(9H# z-SJ4>{|b5UYJRd!EV-~&Wb5|~rO2d7eoq;0C=337rGLpJHdbtJSI433a^BFhU0Qs< z7*A|@`+srcEQ7}B2C_hJ$?~y?v4{jDF73aPjs|k# zyhg?bCI)5(=7ts~hEd|YCLpdMluMc6kp{wS>|l2?F+v^8%*f8{#K2;HChTSzr(9H# z-SJ4>{|b5UYJRd!EV-~&Wb5|~rO2d7eoq;0C=337rGLpJHdbtJSI433a^BFhU0Qs< z7*A|@`+srcEQ7}B2C_hJ$?~y?v4{jDF73aPjs|k# zyhg?bCI)5(=7ts~hEd|YCLpdMluMc6kp{wS>|l2?F+v^8%*f8{#K2;HChTSzr(9H# z-SJ4>{|b5UYJRd!EV-~&Wb5|~rO2d7eoq;0C=337rGLpJHdbtJSI433a^BFhU0Qs< z7*A|@`+srcEQ7}B2C_hJ$?~y?F^U8vF73a Date: Thu, 6 Apr 2023 09:23:25 +0200 Subject: [PATCH 02/14] Use generated certs in DER format in tests Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_x509parse.data | 16 ++++++++-------- tests/suites/test_suite_x509parse.function | 10 +++++----- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 36f1df1ba..ffd2ed54c 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3303,27 +3303,27 @@ x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_SUBJECT_ALT_ X509 CRT parse Subject Key Id - Correct Subject Key ID depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":20:0 +x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId.crt.der":20:0 X509 CRT parse Subject Key Id - Wrong OCTET_STRING tag depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId_tag_malformed.crt.der":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Correct Authority Key ID depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":20:"NL/PolarSSL/PolarSSL Test CA/":1:0 +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId.crt.der":20:"NL/PolarSSL/PolarSSL Test CA/":20:0 X509 CRT parse Authority Key Id - Wrong Length depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c30598014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CRT parse Authority Key Id - Wrong Sequence tag depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c005a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong KeyId Tag depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a0014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong KeyId Tag Length depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C @@ -3331,11 +3331,11 @@ x509_crt_parse_authoritykeyid:"3082039F30820287A00302010202142121EA5121F25E38DF2 X509 CRT parse Authority Key Id - Wrong Issuer Tag 1 depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff003fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 2 depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13f003d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG # clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376: test for bad sequence of names in authorityCertIssuer X509 CRT parse Authority Key Id - Wrong Issuer sequence diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index f215a8069..bea4722c3 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1550,14 +1550,14 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ -void x509_crt_parse_subjectkeyid(data_t *buf, int subjectKeyIdLength_arg, int ref_ret) +void x509_crt_parse_subjectkeyid(char *file, int subjectKeyIdLength, int ref_ret) { size_t subjectKeyIdLength = subjectKeyIdLength_arg; mbedtls_x509_crt crt; mbedtls_x509_crt_init(&crt); - TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == ref_ret); + TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, file) == ref_ret); if (ref_ret == 0) { TEST_ASSERT(crt.subject_key_id.tag == MBEDTLS_ASN1_OCTET_STRING); @@ -1573,8 +1573,8 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ -void x509_crt_parse_authoritykeyid(data_t *buf, - int keyIdLength_arg, +void x509_crt_parse_authoritykeyid(char *file, + int keyIdLength, char *authorityKeyId_issuer, int serialLength_arg, int ref_ret) @@ -1590,7 +1590,7 @@ void x509_crt_parse_authoritykeyid(data_t *buf, mbedtls_x509_crt_init(&crt); - TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == ref_ret); + TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, file) == ref_ret); if (ref_ret == 0) { /* KeyId test */ From 0ad1006606af403b63de5d625857da009bd510b6 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 6 Apr 2023 11:11:58 +0200 Subject: [PATCH 03/14] Check values in tests Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_x509parse.data | 16 ++++++++-------- tests/suites/test_suite_x509parse.function | 17 +++++++++++------ 2 files changed, 19 insertions(+), 14 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index ffd2ed54c..d73476a88 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3303,27 +3303,27 @@ x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_SUBJECT_ALT_ X509 CRT parse Subject Key Id - Correct Subject Key ID depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId.crt.der":20:0 +x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId.crt.der":"5061A58FD407D9D782010CE5657F8C6346A713BE":0 X509 CRT parse Subject Key Id - Wrong OCTET_STRING tag depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId_tag_malformed.crt.der":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId_tag_malformed.crt.der":"5061A58FD407D9D782010CE5657F8C6346A713BE":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Correct Authority Key ID depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId.crt.der":20:"NL/PolarSSL/PolarSSL Test CA/":20:0 +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId.crt.der":"5061A58FD407D9D782010CE5657F8C6346A713BE":"NL/PolarSSL/PolarSSL Test CA/":"3960EFDE5674DE1F7B761699CF8E5C024E209452":0 X509 CRT parse Authority Key Id - Wrong Length depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CRT parse Authority Key Id - Wrong Sequence tag depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong KeyId Tag depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong KeyId Tag Length depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C @@ -3331,11 +3331,11 @@ x509_crt_parse_authoritykeyid:"3082039F30820287A00302010202142121EA5121F25E38DF2 X509 CRT parse Authority Key Id - Wrong Issuer Tag 1 depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 2 depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG # clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376: test for bad sequence of names in authorityCertIssuer X509 CRT parse Authority Key Id - Wrong Issuer sequence diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index bea4722c3..89155e958 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1550,7 +1550,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ -void x509_crt_parse_subjectkeyid(char *file, int subjectKeyIdLength, int ref_ret) +void x509_crt_parse_subjectkeyid(char *file, data_t *subjectKeyId, int ref_ret) { size_t subjectKeyIdLength = subjectKeyIdLength_arg; mbedtls_x509_crt crt; @@ -1561,7 +1561,8 @@ void x509_crt_parse_subjectkeyid(char *file, int subjectKeyIdLength, int ref_ret if (ref_ret == 0) { TEST_ASSERT(crt.subject_key_id.tag == MBEDTLS_ASN1_OCTET_STRING); - TEST_ASSERT(crt.subject_key_id.len == subjectKeyIdLength); + TEST_ASSERT(memcmp(crt.subject_key_id.p, subjectKeyId->x, subjectKeyId->len) == 0); + TEST_ASSERT(crt.subject_key_id.len == subjectKeyId->len); } else { TEST_ASSERT(crt.subject_key_id.tag == 0); TEST_ASSERT(crt.subject_key_id.len == 0); @@ -1574,9 +1575,9 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ void x509_crt_parse_authoritykeyid(char *file, - int keyIdLength, + data_t* keyId, char *authorityKeyId_issuer, - int serialLength_arg, + data_t* serial, int ref_ret) { mbedtls_x509_crt crt; @@ -1595,7 +1596,8 @@ void x509_crt_parse_authoritykeyid(char *file, if (ref_ret == 0) { /* KeyId test */ TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == MBEDTLS_ASN1_OCTET_STRING); - TEST_ASSERT(crt.authority_key_id.keyIdentifier.len == keyIdLength); + TEST_ASSERT(memcmp(crt.authority_key_id.keyIdentifier.p, keyId->x, keyId->len) == 0); + TEST_ASSERT(crt.authority_key_id.keyIdentifier.len == keyId->len); /* Issuer test */ mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer; @@ -1618,7 +1620,10 @@ void x509_crt_parse_authoritykeyid(char *file, /* Serial test */ TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.tag == MBEDTLS_ASN1_INTEGER); - TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.len == serialLength); + TEST_ASSERT(memcmp(crt.authority_key_id.authorityCertSerialNumber.p, + serial->x, serial->len) == 0); + TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.len == serial->len); + } else { TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == 0); TEST_ASSERT(crt.authority_key_id.keyIdentifier.len == 0); From 1969f6a453300ab9cb3f46f58acc014ef083c08a Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 18 Apr 2023 08:38:16 +0200 Subject: [PATCH 04/14] Test optional fields in authorityKeyId Signed-off-by: Przemek Stekiel --- tests/data_files/Makefile | 11 +++- tests/data_files/authorityKeyId_empty.crt.der | Bin 0 -> 412 bytes .../authorityKeyId_no_issuer_serial.crt.der | Bin 0 -> 412 bytes .../authorityKeyId_no_keyid.crt.der | Bin 0 -> 512 bytes .../authorityKeyId_subjectKeyId.conf | 7 +++ tests/suites/test_suite_x509parse.data | 12 +++++ tests/suites/test_suite_x509parse.function | 47 +++++++++++------- 7 files changed, 57 insertions(+), 20 deletions(-) create mode 100644 tests/data_files/authorityKeyId_empty.crt.der create mode 100644 tests/data_files/authorityKeyId_no_issuer_serial.crt.der create mode 100644 tests/data_files/authorityKeyId_no_keyid.crt.der diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 702aefb6d..461ad8bc9 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -551,7 +551,16 @@ crl_cat_rsa-ec.pem:crl.pem crl-ec-sha256.pem all_final += crl_cat_ec-rsa.pem crl_cat_rsa-ec.pem authorityKeyId_subjectKeyId.crt.der: - $(OPENSSL) req -x509 -nodes -days 7300 -key server5.key -outform DER -out authorityKeyId_subjectKeyId.crt.der -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' + $(OPENSSL) req -x509 -nodes -days 7300 -key server5.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' + +authorityKeyId_no_keyid.crt.der: + $(OPENSSL) req -x509 -nodes -days 7300 -key server5.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_keyid' + +authorityKeyId_no_issuer_serial.crt.der: + $(OPENSSL) req -x509 -nodes -days 7300 -key server5.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_issuer_serial' + +authorityKeyId_empty.crt.der: + $(OPENSSL) req -x509 -nodes -days 7300 -key server5.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_empty' authorityKeyId_subjectKeyId_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der hexdump -ve '1/1 "%.2X"' $< | sed "s/04145061A58FD407D9D782010CE5657F8C6346A713BE/01145061A58FD407D9D782010CE5657F8C6346A713BE/" | xxd -r -p > $@ diff --git a/tests/data_files/authorityKeyId_empty.crt.der b/tests/data_files/authorityKeyId_empty.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..8ddf78d9fc07b3ae28095a3d3b669b788bbb3051 GIT binary patch literal 412 zcmXqLVw_>n#Av^OnTe5!Nkr7#?ea!Lk~V&)Nm2`Pl67MCbEI~vG| z^BNf&m>60Zm>HNGm_~{7nt-^*P%dSLM;ZvTv4h>o#0YgTGb1~*69bF+nXsE>oN`e` zcE=-i|10FZtNF<`vE;&9k*(h|lp>QR`8{R0p)C0SmHs7@*jTZ>T^)zA%Xvf3c4_hb zVmz_s?f=D!2J!~7Ku^i?v52vV1SBr)zrud=dJ`kh)71K&WVhwQ`;fzk*`2|_g-Jnw z;rHit8<{tYT=_D`Uck0^i^)cfH-Bve722O|Sn#Av^OnTe5!NyPh#^gRF2)xA>%eYZ=0IIi{SrbLGU7aNCGo5wj@7G@>` zYeQ}WPB!LH7B*ofKOaLu1AY*Pn};JHKPRy$IM~Nf(m)&}#LOcA6H*9CEiO@Tb~KO^ z=QT1mFfp_+Ff%YSHHs4FH34yrp> z?2bq3{#VF*SM!r?V#$TIB3r*_C`Bes@_Wi~Ls{_uEB#9*v9V%%yE+bKm-B|6?b71= z#du=N+y9Fd4de}Efu54(V-aH!2}oSpe}(<#^(IE1r>XTl$!^Pq_aTQ7vpa)<3zI_N z_x%S~aA@;~Ig0OGu;I63%r6c@=YOgG=j@H_45V+lF)0|AezZFIF8ZkU+zS=%>V!Z literal 0 HcmV?d00001 diff --git a/tests/data_files/authorityKeyId_no_keyid.crt.der b/tests/data_files/authorityKeyId_no_keyid.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..952f7b026900cd4caf0a1b168705bf6f96625885 GIT binary patch literal 512 zcmXqLV*F#!#JG3?GZP~dlStqJMmN>jvCAIHo!d}xWx}FqyC1$a;9}#@YV$Z}%fifL zU~R~4z{$oO%EBhhf2DuPBsNxTZ&$~m>~h}Fvt3$z zzZg$!dHa8HV~as!qk$~YTe5sCVk{y7iA(#hu;0Ai#K`kBwZ13WZMpD1g9MPYGE1aE z_(J<7wiNlLiC{c1yE7QLFezxv5{llCwMFROk7qXFKep@=^6{H>|FDF6@D=VV^f_UfAsyCgx0LE6L^#A|> literal 0 HcmV?d00001 diff --git a/tests/data_files/authorityKeyId_subjectKeyId.conf b/tests/data_files/authorityKeyId_subjectKeyId.conf index 208082d20..7237724c1 100644 --- a/tests/data_files/authorityKeyId_subjectKeyId.conf +++ b/tests/data_files/authorityKeyId_subjectKeyId.conf @@ -9,3 +9,10 @@ commonName = PolarSSL Test CA [v3_req] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always +[v3_req_authorityKeyId_no_keyid] +subjectKeyIdentifier = hash +authorityKeyIdentifier = issuer:always +[v3_req_authorityKeyId_no_issuer_serial] +subjectKeyIdentifier = hash +[v3_req_authorityKeyId_empty] +subjectKeyIdentifier = hash diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index d73476a88..a46e47d7b 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3313,6 +3313,18 @@ X509 CRT parse Authority Key Id - Correct Authority Key ID depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId.crt.der":"5061A58FD407D9D782010CE5657F8C6346A713BE":"NL/PolarSSL/PolarSSL Test CA/":"3960EFDE5674DE1F7B761699CF8E5C024E209452":0 +X509 CRT parse Authority Key Id - Correct Authority Key ID (no keyid) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_no_keyid.crt.der":"":"NL/PolarSSL/PolarSSL Test CA/":"51C00146259B5DA6E11ECEB078D490A296BBE1ED":0 + +X509 CRT parse Authority Key Id - Correct Authority Key ID (no issuer and serial) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_no_issuer_serial.crt.der":"5061A58FD407D9D782010CE5657F8C6346A713BE":"":"":0 + +X509 CRT parse Authority Key Id - Correct Authority Key ID (empty) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_empty.crt.der":"":"":"":0 + X509 CRT parse Authority Key Id - Wrong Length depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 89155e958..71ab32cbd 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1595,34 +1595,43 @@ void x509_crt_parse_authoritykeyid(char *file, if (ref_ret == 0) { /* KeyId test */ - TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == MBEDTLS_ASN1_OCTET_STRING); - TEST_ASSERT(memcmp(crt.authority_key_id.keyIdentifier.p, keyId->x, keyId->len) == 0); - TEST_ASSERT(crt.authority_key_id.keyIdentifier.len == keyId->len); + if (crt.authority_key_id.keyIdentifier.len > 0) + { + TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == MBEDTLS_ASN1_OCTET_STRING); + TEST_ASSERT(memcmp(crt.authority_key_id.keyIdentifier.p, keyId->x, keyId->len) == 0); + TEST_ASSERT(crt.authority_key_id.keyIdentifier.len == keyId->len); + } /* Issuer test */ - mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer; + if (crt.authority_key_id.authorityCertIssuer.buf.len > 0) + { + mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer; - TEST_ASSERT(mbedtls_x509_parse_subject_alt_name(&issuerPtr->buf, &san) == 0); + TEST_ASSERT(mbedtls_x509_parse_subject_alt_name(&issuerPtr->buf, &san) == 0); - pname = &san.san.directory_name; + pname = &san.san.directory_name; - while (pname != NULL) { - for (issuerCounter = 0; issuerCounter < pname->val.len; issuerCounter++) { - result |= - (authorityKeyId_issuer[bufferCounter++] != pname->val.p[issuerCounter]); + while (pname != NULL) { + for (issuerCounter = 0; issuerCounter < pname->val.len; issuerCounter++) { + result |= + (authorityKeyId_issuer[bufferCounter++] != pname->val.p[issuerCounter]); + } + bufferCounter++; /* Skipping the slash */ + pname = pname->next; } - bufferCounter++; /* Skipping the slash */ - pname = pname->next; + mbedtls_x509_free_subject_alt_name(&san); + TEST_ASSERT(result == 0); } - mbedtls_x509_free_subject_alt_name(&san); - TEST_ASSERT(result == 0); /* Serial test */ - TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.tag == - MBEDTLS_ASN1_INTEGER); - TEST_ASSERT(memcmp(crt.authority_key_id.authorityCertSerialNumber.p, - serial->x, serial->len) == 0); - TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.len == serial->len); + if (crt.authority_key_id.authorityCertSerialNumber.len > 0) + { + TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.tag == + MBEDTLS_ASN1_INTEGER); + TEST_ASSERT(memcmp(crt.authority_key_id.authorityCertSerialNumber.p, + serial->x, serial->len) == 0); + TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.len == serial->len); + } } else { TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == 0); From a6a0a7929a207e7ac841e274af350fd4196eaa57 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 24 Apr 2023 10:18:52 +0200 Subject: [PATCH 05/14] Use TEST_EQUAL instead of TEST_ASSERT in tests Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_x509parse.function | 40 +++++++++++----------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 71ab32cbd..b557858f9 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1557,15 +1557,15 @@ void x509_crt_parse_subjectkeyid(char *file, data_t *subjectKeyId, int ref_ret) mbedtls_x509_crt_init(&crt); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, file) == ref_ret); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret); if (ref_ret == 0) { - TEST_ASSERT(crt.subject_key_id.tag == MBEDTLS_ASN1_OCTET_STRING); - TEST_ASSERT(memcmp(crt.subject_key_id.p, subjectKeyId->x, subjectKeyId->len) == 0); - TEST_ASSERT(crt.subject_key_id.len == subjectKeyId->len); + TEST_EQUAL(crt.subject_key_id.tag, MBEDTLS_ASN1_OCTET_STRING); + TEST_EQUAL(memcmp(crt.subject_key_id.p, subjectKeyId->x, subjectKeyId->len), 0); + TEST_EQUAL(crt.subject_key_id.len, subjectKeyId->len); } else { - TEST_ASSERT(crt.subject_key_id.tag == 0); - TEST_ASSERT(crt.subject_key_id.len == 0); + TEST_EQUAL(crt.subject_key_id.tag, 0); + TEST_EQUAL(crt.subject_key_id.len, 0); } exit: @@ -1591,15 +1591,15 @@ void x509_crt_parse_authoritykeyid(char *file, mbedtls_x509_crt_init(&crt); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, file) == ref_ret); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret); if (ref_ret == 0) { /* KeyId test */ if (crt.authority_key_id.keyIdentifier.len > 0) { - TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == MBEDTLS_ASN1_OCTET_STRING); - TEST_ASSERT(memcmp(crt.authority_key_id.keyIdentifier.p, keyId->x, keyId->len) == 0); - TEST_ASSERT(crt.authority_key_id.keyIdentifier.len == keyId->len); + TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, MBEDTLS_ASN1_OCTET_STRING); + TEST_EQUAL(memcmp(crt.authority_key_id.keyIdentifier.p, keyId->x, keyId->len), 0); + TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, keyId->len); } /* Issuer test */ @@ -1607,7 +1607,7 @@ void x509_crt_parse_authoritykeyid(char *file, { mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer; - TEST_ASSERT(mbedtls_x509_parse_subject_alt_name(&issuerPtr->buf, &san) == 0); + TEST_EQUAL(mbedtls_x509_parse_subject_alt_name(&issuerPtr->buf, &san), 0); pname = &san.san.directory_name; @@ -1620,25 +1620,25 @@ void x509_crt_parse_authoritykeyid(char *file, pname = pname->next; } mbedtls_x509_free_subject_alt_name(&san); - TEST_ASSERT(result == 0); + TEST_EQUAL(result, 0); } /* Serial test */ if (crt.authority_key_id.authorityCertSerialNumber.len > 0) { - TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.tag == + TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, MBEDTLS_ASN1_INTEGER); - TEST_ASSERT(memcmp(crt.authority_key_id.authorityCertSerialNumber.p, - serial->x, serial->len) == 0); - TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.len == serial->len); + TEST_EQUAL(memcmp(crt.authority_key_id.authorityCertSerialNumber.p, + serial->x, serial->len), 0); + TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, serial->len); } } else { - TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == 0); - TEST_ASSERT(crt.authority_key_id.keyIdentifier.len == 0); + TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, 0); + TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, 0); - TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.tag == 0); - TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.len == 0); + TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, 0); + TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, 0); } exit: From b1f0b536d7cbde529995fa924ce19aad3167b4f8 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 5 May 2023 16:07:10 +0200 Subject: [PATCH 06/14] Add test for invalid KeyIdentifier tag length + adapt error code Signed-off-by: Przemek Stekiel --- tests/data_files/Makefile | 3 +++ ...d_subjectKeyId_keyid_tag_len_malformed.crt.der | Bin 0 -> 536 bytes tests/suites/test_suite_x509parse.data | 4 ++-- 3 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 461ad8bc9..3b23ec6f1 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -574,6 +574,9 @@ authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der: authorityKeyId_subje authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der hexdump -ve '1/1 "%.2X"' $< | sed "s/306D80145061A58FD407/306D00145061A58FD407/" | xxd -r -p > $@ +authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/306D80145061A58FD407/306D80FF5061A58FD407/" | xxd -r -p > $@ + authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der hexdump -ve '1/1 "%.2X"' $< | sed "s/A13FA43D303B310B3009/003FA43D303B310B3009/" | xxd -r -p > $@ diff --git a/tests/data_files/authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..1e290420df659e8f272a2ef8533db5d49532a582 GIT binary patch literal 536 zcmXqLViGZEV%)ianTe5!NyIYY{k^b~d-By~Vl&V8#W49PObIgJV&l+i^EhYA!pvk~ zZOCoF$;KSY!Y0h*=VK^nzz^bZ^Kb;@=Oh*d2m2UG8i<30n0W+XLJA?N#U%>Pjs|k# zyhg?bCI)5(=7ts~hEd|YCLpdMluMc6kp{wS>|l2?F+v^8%*f8{#K2;HChTSzr(9H# z-SJ4>{|b5UYJRd!EV-~&Wb5|~rO2d7eoq;0C=337rGLpJHdbtJSI433a^BFhU0Qs< z7*A|@`+srcEQ7}B2C_hJ$?~y?v4{jDF73ajC~ys>J{R literal 0 HcmV?d00001 diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index a46e47d7b..6c7270bf5 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3338,8 +3338,8 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong KeyId Tag Length -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"3082039F30820287A00302010202142121EA5121F25E38DF2697F6851A9B43490DE495300D06092A864886F70D01010B0500303B310B3009060355040613024E4C3111300F060355040B0C08506F6C617253534C3119301706035504030C10506F6C617253534C2054657374204341301E170D3233303530363138333231315A170D3433303530313138333231315A303B310B3009060355040613024E4C3111300F060355040B0C08506F6C617253534C3119301706035504030C10506F6C617253534C205465737420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100C14DA3DDE7CD1DD104D74972B899AC0E78E43A3C4ACF3A1316D05AE4CDA30088A7EE1E6B96A752B490EF2D727A3E249AFCB634AC24F577E026648C9CB0287DA1DAEA8CE6C91C96BCFEC10452B336D4A3FAE1B176D890C161B4665236A22653AAAB745E077D1982DB2AD81FA0D90D1C2D4966F75B257346E80B8A4F690CB50090E1DA8210667DAE542B8B657991A1E261C3CD404908EE680CF18B86D246BFD0B8AA11031E7F56A81A1E44180F0F858BDA8B445EE218C6622FC7668DFA5DD87DF327892901C5900E3F27F130C84A0EEFD6DEC7C7276BC7053D7AC4023C9A1D3E0FE834985BCB734B5296D811A22C808869395AD30FB0DE592F11C7F7EA120130970203010001A3819A308197301D0603551D0E04160414A505E864B8DCDF600F50124D60A864AF4D8B439330760603551D23046F306D80FFA505E864B8DCDF600F50124D60A864AF4D8B4393A13FA43D303B310B3009060355040613024E4C3111300F060355040B0C08506F6C617253534C3119301706035504030C10506F6C617253534C205465737420434182142121EA5121F25E38DF2697F6851A9B43490DE495300D06092A864886F70D01010B05000382010100409122DCB6D31ABA0B65F2DD7A590F30E43864F9293B889223BF320177D24B50EE202D5A88406BE68D2BD0047B72016376F64D0420BE1D639159E9B54666587434966364EF855B37155D5891C68A02D90E44206F27C7D78DE2E3BF5373521F8BBA8390151814004D099D2B46080A9E0C467B1E0D8B93BAC1E1B3AE4FD20FD83E285BA7168DC81D80B468AEB21D645490F0B87A65DDE17DAD1AF46EDF9126565592291FE159434A9D93DFFFA65F658C6DBCD02D56E591CD4B9390878288B890497E56998C845D3ED4145DAAD6A16556C2FDEAE780BE297531842B2A565824BD85128D4E459B0F370DBEC9E190FABA7D88C1514B3B6935F421B4FBC393D733A785":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_INVALID_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_INVALID_LENGTH X509 CRT parse Authority Key Id - Wrong Issuer Tag 1 depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C From 2c64e90e027a15e4c04ef21d65d287515cc1ee32 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Sat, 6 May 2023 20:55:56 +0200 Subject: [PATCH 07/14] Use RSA keys in generated certificates Signed-off-by: Przemek Stekiel --- tests/data_files/Makefile | 18 +++++----- tests/data_files/authorityKeyId_empty.crt.der | Bin 412 -> 809 bytes .../authorityKeyId_no_issuer_serial.crt.der | Bin 412 -> 809 bytes .../authorityKeyId_no_keyid.crt.der | Bin 512 -> 909 bytes .../authorityKeyId_subjectKeyId.crt.der | Bin 536 -> 931 bytes ...subjectKeyId_issuer_tag1_malformed.crt.der | Bin 536 -> 931 bytes ...subjectKeyId_issuer_tag2_malformed.crt.der | Bin 536 -> 931 bytes ...bjectKeyId_keyid_tag_len_malformed.crt.der | Bin 536 -> 931 bytes ...d_subjectKeyId_keyid_tag_malformed.crt.der | Bin 536 -> 931 bytes ...eyId_subjectKeyId_length_malformed.crt.der | Bin 536 -> 931 bytes ...ubjectKeyId_sequence_tag_malformed.crt.der | Bin 536 -> 931 bytes ...tyKeyId_subjectKeyId_tag_malformed.crt.der | Bin 536 -> 931 bytes tests/suites/test_suite_x509parse.data | 34 +++++++++--------- 13 files changed, 26 insertions(+), 26 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 3b23ec6f1..30c65ff54 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -551,31 +551,31 @@ crl_cat_rsa-ec.pem:crl.pem crl-ec-sha256.pem all_final += crl_cat_ec-rsa.pem crl_cat_rsa-ec.pem authorityKeyId_subjectKeyId.crt.der: - $(OPENSSL) req -x509 -nodes -days 7300 -key server5.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' + $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' authorityKeyId_no_keyid.crt.der: - $(OPENSSL) req -x509 -nodes -days 7300 -key server5.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_keyid' + $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_keyid' authorityKeyId_no_issuer_serial.crt.der: - $(OPENSSL) req -x509 -nodes -days 7300 -key server5.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_issuer_serial' + $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_issuer_serial' authorityKeyId_empty.crt.der: - $(OPENSSL) req -x509 -nodes -days 7300 -key server5.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_empty' + $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_empty' authorityKeyId_subjectKeyId_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der - hexdump -ve '1/1 "%.2X"' $< | sed "s/04145061A58FD407D9D782010CE5657F8C6346A713BE/01145061A58FD407D9D782010CE5657F8C6346A713BE/" | xxd -r -p > $@ + hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0114A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@ authorityKeyId_subjectKeyId_length_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der - hexdump -ve '1/1 "%.2X"' $< | sed "s/306D80145061A58FD407/306C80145061A58FD407/" | xxd -r -p > $@ + hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306C8014A505E864B8DC/" | xxd -r -p > $@ authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der - hexdump -ve '1/1 "%.2X"' $< | sed "s/6F306D80145061A58FD4/6F006D80145061A58FD4/" | xxd -r -p > $@ + hexdump -ve '1/1 "%.2X"' $< | sed "s/6F306D8014A505E864B8/6F006D8014A505E864B8/" | xxd -r -p > $@ authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der - hexdump -ve '1/1 "%.2X"' $< | sed "s/306D80145061A58FD407/306D00145061A58FD407/" | xxd -r -p > $@ + hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306D0014A505E864B8DC/" | xxd -r -p > $@ authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der - hexdump -ve '1/1 "%.2X"' $< | sed "s/306D80145061A58FD407/306D80FF5061A58FD407/" | xxd -r -p > $@ + hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306D80FFA505E864B8DC/" | xxd -r -p > $@ authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der hexdump -ve '1/1 "%.2X"' $< | sed "s/A13FA43D303B310B3009/003FA43D303B310B3009/" | xxd -r -p > $@ diff --git a/tests/data_files/authorityKeyId_empty.crt.der b/tests/data_files/authorityKeyId_empty.crt.der index 8ddf78d9fc07b3ae28095a3d3b669b788bbb3051..e4a208661045ff15c87f970685a73490c6419f8a 100644 GIT binary patch delta 696 zcmV;p0!RIv1E~fwFoFXmFoFUNpaTK{0s<5l%YrLKras6<^{K>;?{=cVQ0U|IB1_>&L zNQU^SVWQ?4!D1D*Y>Wt>e9G1NP!30vXHq@i~ z;jwnukilWJW>PkyCR2Z^t8`umeHnt=D%c;O*$o^mNoMz3C38mT3yM!^47C7|;o5=_ zW__+yD~n}$k)h&Y!_7cR2<~VM@r#DiM!(Rwsu2Soe^#g(9z+-q4~2``i$q@H7{+2R z$7YTCUD$o|Cy6Nm#gGm^C-E@IN)GSV-p9u$YsUpWdc*=enjL>W59lN0>JkAkmjVL;00E;RFdr}-1_Mxe0ym}s|B!R+| zKv>^Kp-0V?CLTcctCp%%?rm<6eQodIGk?$J#Rfov&vu}Nm e>XO$-HpGU_^t*U7$Xr#g+OLDH2@V&l+i^EhYA z!pt?7n}ms>g@KuYxq)evIIoGZfr+6pggdd%zCO}Gn2jB*o{15vk(rU5*@=P0 z{7l%*GETXuBD>>}y8jjO-qrkMn^A z+2y>UXS=lcelecd^7j8?MFV*QSvKZSSw0pq7LkC&rTtgfZ(eU=ZE=&sg3%@_F+sM3GSE1498iVnRI he{I$yx?#Hri}6Cf&s!I7643v$KD?~9*{?)V4*&VQ0U|IB1_>&L zNQU^SVWQ?4!D1D*Y>Wt>e9G1NP!30vXHq@i~ z;jwnukilWJW>PkyCR2Z^t8`umeHnt=D%c;O*$o^mNoMz3C38mT3yM!^47C7|;o5=_ zW__+yD~n}$k)h&Y!_7cR2<~VM@r#DiM!(Rwsu2Soe^#g(9z+-q4~2``i$q@H7{+2R z$7YTCUD$o|Cy6Nm#gGm^C-E@IN)GSV-p9u$YsUpWdc*=enjL>W59lN0>JkAkmjVL;00E;RFdr}-1_Mm%5bRjSY9^chbdKj_l(+1fIhVqCdIKlc@9x4&z^=TwnPzDr;Eq&+tmR-=7hIU*9%Dv*JDi#M%s{H) ztlstZydOUDAh?$YUMZnUDGi`i!BB^d=hZuN+VR`9YB*%s5(CLFzIdj5cGz(smqFrf eBF{>`*cD^0^%u#&jf(^eNV}5ZMI{!=cKWA@bXCQscjY+|{^rO|u hchN_+=YII_lig6)wRUrvX4Kre+>kR<_c|=R2mp;pY?S~2 diff --git a/tests/data_files/authorityKeyId_no_keyid.crt.der b/tests/data_files/authorityKeyId_no_keyid.crt.der index 952f7b026900cd4caf0a1b168705bf6f96625885..c6d0d7e9869897115c705c46801b28c1334c581b 100644 GIT binary patch delta 723 zcmZo*>18)EXkzX(Xksc{z|6$R#3WMM_~~NCKjWV%AJ)acX!&*dXuQfT170>xtu~Lg z@4SqR+^h@}^<5-Q4J-@|4b2RUqQrSkj15c;jG^3#`gZkAj7rE_7+D#Zn;7{S44N3Z zn3@_wLAo<%!muHmbAVrAoX-bz^PLe!J9iy1nWzmvoDCYa3va#Zd3I7}+Ma(0S%Nm3U0M9=;l{EX6AmVBNeePt zq!wJiYIR8*d#z;CZLJ&f3vTkt=z6Aok5(;qd%@l1pUJb8VZy^(O#*4P>q4}-EEiL_FvesN|0HuK5T`QoQniMe{1)xZkM=6633GCkEiwiioH?$ zS-n$}@#q9Td-ab7C%pLHU%PkwxO(<+R@5IukP^1LNYx7K6q{16elaP+2|}F&2@ftS?e_+_|5?A0XtL zup(u>Z@2U0$)1dU^+ZGpFoYQy1Wa?v*BtB$dR$CLO& z+C|~syI8*WpMQDDL*kHW$7$dyW*tJtn{#|qI`N_H6?!wv>Uxs!swH@z%b9DykNVpc- z>Ti3&Z8$l-dGQlZzV4EU+h_T7_Yu z%^G=Y^ZZ1cw_CP%%v{28t4ZvKc-&3*Hup*G%&Xlam-S7*aY1Y5U(Xr_cLlMwX(oEB jny$*WA8k0_rF#CjW75N()s;(+E533`zfo5hx9=waf<`xD delta 324 zcmeBWZ(z|kXkz>W#ETa&GchtTi3A>CbW@!jyX>LdxeXOpCM=q^`{7#yE;bIWHji_* zEX+(3`|Tzcut}I0S{Rram>HQyiSwEm8<-dxL%0+B?CT>9gxT1^>X{g!8krf{nVlF| z%+G|~EaQ}mDzZBssrz3c?_JGLwuvPd){1QXo}m<(G|BHN!wqG@|F85fnZ(A5?d|F~ zlwHmndbUf8?-%2VEpPuXZfr4VY&4K%V-A(&V-aH!2}oSpe}(<#^(IE1r>XTl$!^Pq z_e~aO^2;RT4Q6)+0~aO*jafp`8?v?t-TU#(Cj7^iT|z#7v+f_3a1Xx1U8TM&^b3=M mc=n_n&7pyJ)3;9G5qb9b*ZZ#XUO%$**Iy9tJX-apa~A+obAJ*5 diff --git a/tests/data_files/authorityKeyId_subjectKeyId.crt.der b/tests/data_files/authorityKeyId_subjectKeyId.crt.der index dbbe51866b15d91efa225450b203d954d4d098d6..4186b499eddad9401a12564f52bda63193073a86 100644 GIT binary patch literal 931 zcmXqLVxDi%#MHiknTe5!NhE{C;4HiEGyAg#0@e60I33z5v~8CGFB_*;n@8JsUPeZ4 zRt5uWLv903Hs(+kHen_|A45R{eh`P7ha(_AC$T6v*vC-PKpZ5*%p(93QV2;cE>UoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3Dddf-u}P-;hr;3{xJCnw6DDtcy{@lO_6uf4Hq8h zPJ85L|MCsrf<+Z6K`WEwl3(9>_F|{4Z)&E^_NlIle3xu$roZ~LGT;%{;g5w|PV9KN zVC89TyVhUpE}q<;BlvV(`#P(dS5hxq%oN^y$cYuX^Uo>6x-jPLBI8v|iCIhHe3q|^ q*(DdM-!}Jxi^!2S%Z_=IS7l7G`15j6S8mFrtcdC(wr*;!D!l;bvTd&b literal 536 zcmXqLViGZEV%)ianTe5!NyIYY{k^b~d-By~Vl&V8#W49PObIgJV&l+i^EhYA!pvk~ zZOCoF$;KSY!Y0h*=VK^nzz^bZ^Kb;@=Oh*d2m2UG8i<30n0W+XLJA?N#U%>Pjs|k# zyhg?bCI)5(=7ts~hEd|YCLpdMluMc6kp{wS>|l2?F+v^8%*f8{#K2;HChTSzr(9H# z-SJ4>{|b5UYJRd!EV-~&Wb5|~rO2d7eoq;0C=337rGLpJHdbtJSI433a^BFhU0Qs< z7*A|@`+srcEQ7}B2C_hJ$?~y?v4{jDF73aUoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3bU@rPTVl9_kCoOa9K z=(5QsnPc6Zk`JbaTW&b+kpp{8-$*=D`d$H5jH#O5{`&3s&zDqVW(_j5r8Ssef@W;X}Cw4qs zu=2FFUF)xP7f)`_5q!F?eVtX!E2)<)W(sdUr3QRz&p?TQ@aVm0kb?XKfAu literal 536 zcmXqLViGZEV%)ianTe5!NyIYY{k^b~d-By~Vl&V8#W49PObIgJV&l+i^EhYA!pvk~ zZOCoF$;KSY!Y0h*=VK^nzz^bZ^Kb;@=Oh*d2m2UG8i<30n0W+XLJA?N#U%>Pjs|k# zyhg?bCI)5(=7ts~hEd|YCLpdMluMc6kp{wS>|l2?F+v^8%*f8{#K2;HChTSzr(9H# z-SJ4>{|b5UYJRd!EV-~&Wb5|~rO2d7eoq;0C=337rGLpJHdbtJSI433a^BFhU0Qs< z7*A|@`+srcEQ7}B2C_hJ$?~y?v4{jDF73a_R1}mV?5qJEBlps(x&e| smEY8XN-j+9JE-{V+mamUoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3bU@rPTVl9_kCoOa9K z=(5QsnPc6Zk`JbaTW&b+kpp{8-$*=D`d$H5jH#O5{`&3s&zDqVW(_j5r8Ssef@W;X}Cw4qs zu=2FFUF)xP7f)`_5q!F?eVtX!E2)<)W(sdUr3QRz&p?TQ@aVm0kbPjs|k# zyhg?bCI)5(=7ts~hEd|YCLpdMluMc6kp{wS>|l2?F+v^8%*f8{#K2;HChTSzr(9H# z-SJ4>{|b5UYJRd!EV-~&Wb5|~rO2d7eoq;0C=337rGLpJHdbtJSI433a^BFhU0Qs< z7*A|@`+srcEQ7}B2C_hJ$?~y?v4{jDF73a_R1}mV?5qJEBlps(x&e| smEY8XN-j+9JE-{V+mamUoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3OdB(3>o_w2eW0_>ktH&R1eM)BD^>W%R zf1}GLn`EB-66@dDsH^|7vgCh`)|CD4JRh!9U&hM&YxhUl%bI+9W_>9R-FbI`tEDc} z43D#uX4w4dQ92}gZVv06!1JPjs|k# zyhg?bCI)5(=7ts~hEd|YCLpdMluMc6kp{wS>|l2?F+v^8%*f8{#K2;HChTSzr(9H# z-SJ4>{|b5UYJRd!EV-~&Wb5|~rO2d7eoq;0C=337rGLpJHdbtJSI433a^BFhU0Qs< z7*A|@`+srcEQ7}B2C_hJ$?~y?v4{jDF73ajC~ys>J{R diff --git a/tests/data_files/authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der index be798cc12b1e3475c850b8c22c9f617f7d6db4a8..3e360868aac1050372418e61c4ff22717804204f 100644 GIT binary patch literal 931 zcmXqLVxDi%#MHiknTe5!NhE{C;4HiEGyAg#0@e60I33z5v~8CGFB_*;n@8JsUPeZ4 zRt5uWLv903Hs(+kHen_|A45R{eh`P7ha(_AC$T6v*vC-PKpZ5*%p(93QV2;cE>UoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3Dddf-u}P-;hr;3{xJCnw6DDtcy{@lO_6uf4Hq8h zPJ85L|MCsrf<+Z6K`WEwl3(9>_F|{4Z)&E^_NlIle3xu$roZ~LGT;%{;g5w|PV9KN zVC89TyVhUpE}q<;BlvV(`#P(dS5hxq%oN^y$cYuX^Uo>6x-jPLBI8v|iCIhHe3q|^ q*(DdM-!}Jxi^!2S%Z_=IS7l7G`15j6S8mFrtcdC(wr*;!D!l+FGHova literal 536 zcmXqLViGZEV%)ianTe5!NyIYY{k^b~d-By~Vl&V8#W49PObIgJV&l+i^EhYA!pvk~ zZOCoF$;KSY!Y0h*=VK^nzz^bZ^Kb;@=Oh*d2m2UG8i<30n0W+XLJA?N#U%>Pjs|k# zyhg?bCI)5(=7ts~hEd|YCLpdMluMc6kp{wS>|l2?F+v^8%*f8{#K2;HChTSzr(9H# z-SJ4>{|b5UYJRd!EV-~&Wb5|~rO2d7eoq;0C=337rGLpJHdbtJSI433a^BFhU0Qs< z7*A|@`+srcEQ7}B2C_hJ$?~y?v4{jDF73a%fS^xk5 diff --git a/tests/data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der index 3f9e8709637e02b2a3a2288656955418a1c2f9b5..55d5dd061947db0948e4508866442f2bb6413e48 100644 GIT binary patch literal 931 zcmXqLVxDi%#MHiknTe5!NhE{C;4HiEGyAg#0@e60I33z5v~8CGFB_*;n@8JsUPeZ4 zRt5uWLv903Hs(+kHen_|A45R{eh`P7ha(_AC$T6v*vC-PKpZ5*%p(93QV2;cE>UoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3Dddf-u}P-;hr;3{xJCnw6DDtcy{@lO_6uf4Hq8h zPJ85L|MCsrf<+Z6K`WEwl3(9>_F|{4Z)&E^_NlIle3xu$roZ~LGT;%{;g5w|PV9KN zVC89TyVhUpE}q<;BlvV(`#P(dS5hxq%oN^y$cYuX^Uo>6x-jPLBI8v|iCIhHe3q|^ q*(DdM-!}Jxi^!2S%Z_=IS7l7G`15j6S8mFrtcdC(wr*;!D!l;aFm0{? literal 536 zcmXqLViGZEV%)ianTe5!NyIYY{k^b~d-By~Vl&V8#W49PObIgJV&l+i^EhYA!pvk~ zZOCoF$;KSY!Y0h*=VK^nzz^bZ^Kb;@=Oh*d2m2UG8i<30n0W+XLJA?N#U%>Pjs|k# zyhg?bCI)5(=7ts~hEd|YCLpdMluMc6kp{wS>|l2?F+v^8%*f8{#K2;HChTSzr(9H# z-SJ4>{|b5UYJRd!EV-~&Wb5|~rO2d7eoq;0C=337rGLpJHdbtJSI433a^BFhU0Qs< z7*A|@`+srcEQ7}B2C_hJ$?~y?v4{jDF73aUoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3Dddf-u}P-;hr;3{xJCnw6DDtcy{@lO_6uf4Hq8h zPJ85L|MCsrf<+Z6K`WEwl3(9>_F|{4Z)&E^_NlIle3xu$roZ~LGT;%{;g5w|PV9KN zVC89TyVhUpE}q<;BlvV(`#P(dS5hxq%oN^y$cYuX^Uo>6x-jPLBI8v|iCIhHe3q|^ q*(DdM-!}Jxi^!2S%Z_=IS7l7G`15j6S8mFrtcdC(wr*;!D!l-oB5i*F literal 536 zcmXqLViGZEV%)ianTe5!NyIYY{k^b~d-By~Vl&V8#W49PObIgJV&l+i^EhYA!pvk~ zZOCoF$;KSY!Y0h*=VK^nzz^bZ^Kb;@=Oh*d2m2UG8i<30n0W+XLJA?N#U%>Pjs|k# zyhg?bCI)5(=7ts~hEd|YCLpdMluMc6kp{wS>|l2?F+v^8%*f8{#K2;HChTSzr(9H# z-SJ4>{|b5UYJRd!EV-~&Wb5|~rO2d7eoq;0C=337rGLpJHdbtJSI433a^BFhU0Qs< z7*A|@`+srcEQ7}B2C_hJ$?~y?v4{jDF73aUoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3Dddf-u}P-;hr;3{xJCnw6DDtcy{@lO_6uf4Hq8h zPJ85L|MCsrf<+Z6K`WEwl3(9>_F|{4Z)&E^_NlIle3xu$roZ~LGT;%{;g5w|PV9KN zVC89TyVhUpE}q<;BlvV(`#P(dS5hxq%oN^y$cYuX^Uo>6x-jPLBI8v|iCIhHe3q|^ q*(DdM-!}Jxi^!2S%Z_=IS7l7G`15j6S8mFrtcdC(wr*;!D!l;W%x$ay literal 536 zcmXqLViGZEV%)ianTe5!NyIYY{k^b~d-By~Vl&V8#W49PObIgJV&l+i^EhYA!pvk~ zZOCoF$;KSY!Y0h*=VK^nzz^bZ^Kb;@=Oh*d2m2UG8i<30n0W+XLJA?N#U%>Pjs|k# zyhg?bCI)5(=7ts~hEd|YCLpdMluMc6kp{wS>|l2?F+v^8%*f8{#K2;HChTSzr(9H# z-SJ4>{|b5UYJRd!EV-~&Wb5|~rO2d7eoq;0C=337rGLpJHdbtJSI433a^BFhU0Qs< z7*A|@`+srcEQ7}B2C_hJ$?~y?F^U8vF73a Date: Mon, 8 May 2023 16:03:33 +0200 Subject: [PATCH 08/14] Add more test cases Signed-off-by: Przemek Stekiel --- tests/data_files/Makefile | 9 +++++++++ ...ityKeyId_subjectKeyId_sn_len_malformed.crt.der | Bin 0 -> 931 bytes ...ityKeyId_subjectKeyId_sn_tag_malformed.crt.der | Bin 0 -> 931 bytes ...tyKeyId_subjectKeyId_tag_len_malformed.crt.der | Bin 0 -> 931 bytes tests/suites/test_suite_x509parse.data | 14 +++++++++++++- 5 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_sn_len_malformed.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_tag_len_malformed.crt.der diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 30c65ff54..14cf5ae8d 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -565,6 +565,9 @@ authorityKeyId_empty.crt.der: authorityKeyId_subjectKeyId_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0114A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@ +authorityKeyId_subjectKeyId_tag_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0413A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@ + authorityKeyId_subjectKeyId_length_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306C8014A505E864B8DC/" | xxd -r -p > $@ @@ -583,6 +586,12 @@ authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der: authorityKeyId_subjec authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der hexdump -ve '1/1 "%.2X"' $< | sed "s/A43D303B310B30090603/003D303B310B30090603/" | xxd -r -p > $@ +authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/8214680430CD074DE63F/8114680430CD074DE63F/" | xxd -r -p > $@ + +authorityKeyId_subjectKeyId_sn_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/8214680430CD074DE63F/8213680430CD074DE63F/" | xxd -r -p > $@ + ################################################################ #### Generate various RSA keys ################################################################ diff --git a/tests/data_files/authorityKeyId_subjectKeyId_sn_len_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_sn_len_malformed.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..009fcf292c1290801e5d51d55ca9d2c809b24e6e GIT binary patch literal 931 zcmXqLVxDi%#MHiknTe5!NhE{C;4HiEGyAg#0@e60I33z5v~8CGFB_*;n@8JsUPeZ4 zRt5uWLv903Hs(+kHen_|A45R{eh`P7ha(_AC$T6v*vC-PKpZ5*%p(93QV2;cE>UoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3;_#H;463;Cb1sjp^A7uipN@{^6c8PyR6Z2(+)g6?k^}n@y2-(hV0L z=uUg&X8-aH--1OIDM2ffn@($o+J2lUHdw#npaXUTg(*Re8`Cvx%1B{!@4l$?IPn@b;(V5` ri`gX?s^2#Ef{VzJHp`BAlUHR-vH0_HQCDutq^yYQBerg8t}49%=80{t literal 0 HcmV?d00001 diff --git a/tests/data_files/authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..93fb1e30bfcd360f43470868e26a66c2f359838e GIT binary patch literal 931 zcmXqLVxDi%#MHiknTe5!NhE{C;4HiEGyAg#0@e60I33z5v~8CGFB_*;n@8JsUPeZ4 zRt5uWLv903Hs(+kHen_|A45R{eh`P7ha(_AC$T6v*vC-PKpZ5*%p(93QV2;cE>UoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3Dddf-u}P-;hr;3{xJCnw6DDtcy{@lO_6uf4Hq8h zPJ85L|MCsrf<+Z6K`WEwl3(9>_F|{4Z)&E^_NlIle3xu$roZ~LGT;%{;g5w|PV9KN zVC89TyVhUpE}q<;BlvV(`#P(dS5hxq%oN^y$cYuX^Uo>6x-jPLBI8v|iCIhHe3q|^ q*(DdM-!}Jxi^!2S%Z_=IS7l7G`15j6S8mFrtcdC(wr*;!D!l;ah;6O_ literal 0 HcmV?d00001 diff --git a/tests/data_files/authorityKeyId_subjectKeyId_tag_len_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_tag_len_malformed.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..89e1f4b98e71e995df31cd5f08592c2bac434f84 GIT binary patch literal 931 zcmXqLVxDi%#MHiknTe5!NhE{C;4HiEGyAg#0@e60I33z5v~8CGFB_*;n@8JsUPeZ4 zRt5uWLv903Hs(+kHen_|A45R{eh`P7ha(_AC$T6v*vC-PKpZ5*%p(93QV2;cE>UoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3;_#H;463;Cb1sjp^A7uipN@{^6c8PyR6Z2(+)g6?k^}n@y2-(hV0L z=uUg&X8-aH--1OIDM2ffn@($o+J2lUHdw#npaXUTg(*Re8`Cvx%1B{!@4l$?IPn@b;(V5` ri`gX?s^2#Ef{VzJHp`BAlUHR-vH0_HQCDutq^yYQBerg8t}49%<`HeK literal 0 HcmV?d00001 diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 25576f48a..365a58c54 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3309,6 +3309,10 @@ X509 CRT parse Subject Key Id - Wrong OCTET_STRING tag depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId_tag_malformed.crt.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +X509 CRT parse Subject Key Id - Wrong OCTET_STRING tag +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C +x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId_tag_len_malformed.crt.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + X509 CRT parse Authority Key Id - Correct Authority Key ID depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId.crt.der":"A505E864B8DCDF600F50124D60A864AF4D8B4393":"NL/PolarSSL/PolarSSL Test CA/":"680430CD074DE63FCDC051260FD042C2B512B6BA":0 @@ -3349,7 +3353,15 @@ X509 CRT parse Authority Key Id - Wrong Issuer Tag 2 depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +X509 CRT parse Authority Key Id - Wrong Serial Number Tag +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +X509 CRT parse Authority Key Id - Wrong Serial Number Tag length +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_sn_len_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + # clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376: test for bad sequence of names in authorityCertIssuer X509 CRT parse Authority Key Id - Wrong Issuer sequence depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"308201883082016FA0030201020209202020202020202020300D06092A864886F70D010104050030233110300E0603202020130720202020202020310F300D06032020201306202020202020301E170D3131303530383230353934385A170D3134303530373230353934385A30233110300E0603202020130720202020202020310F300D06032020201306202020202020305C300D06092A864886F70D0101010500034B003048024120202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020FF02032020FFA38185308182301D060320202004162020202020202020202020202020202020202020202030530603551D23044C304A80142020202020202020202020202020202020202020A12AA42530233110300E0603202020130720202020202020310F300D0603202020130620202020202082002020202020202020202020202020202020202020202020202020202020202020202020202020202020202020":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA +x509_crt_parse_authoritykeyid:"308201883082016FA0030201020209202020202020202020300D06092A864886F70D010104050030233110300E0603202020130720202020202020310F300D06032020201306202020202020301E170D3131303530383230353934385A170D3134303530373230353934385A30233110300E0603202020130720202020202020310F300D06032020201306202020202020305C300D06092A864886F70D0101010500034B003048024120202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020FF02032020FFA38185308182301D060320202004162020202020202020202020202020202020202020202030530603551D23044C304A80142020202020202020202020202020202020202020A12AA42530233110300E0603202020130720202020202020310F300D0603202020130620202020202082002020202020202020202020202020202020202020202020202020202020202020202020202020202020202020":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA \ No newline at end of file From 9a1c42896629d290b37a0589df3de58b55b11cea Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 8 May 2023 16:21:58 +0200 Subject: [PATCH 09/14] Fix after rebase (remove redundant variables in tests) Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_x509parse.function | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index b557858f9..4c938b3e4 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1552,7 +1552,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ void x509_crt_parse_subjectkeyid(char *file, data_t *subjectKeyId, int ref_ret) { - size_t subjectKeyIdLength = subjectKeyIdLength_arg; mbedtls_x509_crt crt; mbedtls_x509_crt_init(&crt); @@ -1583,8 +1582,6 @@ void x509_crt_parse_authoritykeyid(char *file, mbedtls_x509_crt crt; int bufferCounter = 0; size_t issuerCounter = 0; - size_t keyIdLength = keyIdLength_arg; - size_t serialLength = serialLength_arg; unsigned int result = 0; mbedtls_x509_subject_alternative_name san; mbedtls_x509_name *pname = NULL; From 05d5c3e7348b331a0d92d7abfba9fad136629b3b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 16 May 2023 16:24:44 +0200 Subject: [PATCH 10/14] Further test improvements Signed-off-by: Przemek Stekiel --- tests/data_files/Makefile | 4 ++-- .../authorityKeyId_no_authorityKeyId.crt.der | Bin 0 -> 809 bytes .../authorityKeyId_no_issuer_serial.crt.der | Bin 809 -> 0 bytes .../authorityKeyId_subjectKeyId.conf | 2 +- tests/suites/test_suite_x509parse.data | 10 +++++----- tests/suites/test_suite_x509parse.function | 17 ++++++++++++----- 6 files changed, 20 insertions(+), 13 deletions(-) create mode 100644 tests/data_files/authorityKeyId_no_authorityKeyId.crt.der delete mode 100644 tests/data_files/authorityKeyId_no_issuer_serial.crt.der diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 14cf5ae8d..8ec84c104 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -556,8 +556,8 @@ authorityKeyId_subjectKeyId.crt.der: authorityKeyId_no_keyid.crt.der: $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_keyid' -authorityKeyId_no_issuer_serial.crt.der: - $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_issuer_serial' +authorityKeyId_no_authorityKeyId.crt.der: + $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_no_authorityKeyId' authorityKeyId_empty.crt.der: $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_empty' diff --git a/tests/data_files/authorityKeyId_no_authorityKeyId.crt.der b/tests/data_files/authorityKeyId_no_authorityKeyId.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..452d9d135d91032b4b7062e6e110de5902ecb25a GIT binary patch literal 809 zcmXqLVpcV1V&YxE%*4pVB*NGB^XQcMu`@YjAFhe`X!kZ$-z>p^myJ`a&7|-ctAPy2@<`IAiDTJgJmnb+p z8pw(B8W|gy8k!jzn;ICIMv3#9fVhTGE@g%{F)ATDmXVc#xrvdV!Jvtei>Zl`k>Q~4 z;=9k!%3fr-?pd^B<{G|=CssCI=dFarE<`;!yO^P4`8&DnY0HDQOn9$bRAr|!>(4fm zH7Z}rAE>4D%-Nt(yYSYlo@XazrtSH6kR@od*_Fk=9&RkVG2vk1mb4(VMQXvTR+q%F z*Ge|s*193T;3lt(u4mf!Xw_o37u;R`nLJw=COo{=B#>6SE=0RKwQ}OZM~R2eI(Txt z%i#Ig-FC@s|Aif^1exXP!&XSixk&Kyw|3v^c8Pl=aV$yycv|nT*c-K<)jKsAk51sT zSN~{m!i(?ywR^{pt7ji)wXHhBWHU?Fj{k+pjOf$F-a*rD2rklT=*YB;y3D`fUZlR@ z@$avM7!9T~F*7nSE><*meK))y%|?%Yq{4-oQASdp^cx7&F#av%a@ z92kg<3=@??i(JK{YW=)C1RYoUeyZZ-z!rV_QZd{3ttIn^ukziX>vHJ0jIhuMmw)}C|oF(#Pd%bzF`4__*f7NB*9&Zrm z*x7DeYg(SZeRf>2UH_aV@xLt{#I0JBuARIm>$>j6^Q6QHGTxIs58j@>=OW`@hLwva zwi*AP8&wrpvGqK2zx-t9xoQy{$;G~GDk8pY1` S`-&ef2)HW0$b#x7~kA1m!`NJ*iz+kBX0G9@cw%Mab>2!?>_XI&vx^xzmcNtBp0+$_%Y^s3MOAhxv;J%| zS)=l`{DE3Z&zub!wF_^(>UnljX4;;A2U&tPn_XG_>*2<-8xsyDZb=I=Tcj4eYIR8* zd#z;CZLJ&f3vTkt=z6Aok5(;qd%@l1pUJb8VZy^(O#*4P>q4}-EEiL_FvesN|0HuK5T`QoQniMe{1)xZkM=6633GCkEiwiioH?$S-n$}@#q9T zd-ab7C%pLHU%PkwxO(<+R@>V`ihTtNdhK@|jsLT8t?nUYg z9{>JIh|yp=6Eh`Hs{K)dLh_Q$)Wqpyd3}BL^Zd z#({yz$RN2r@$wJ#ZD;KMXS-IhI7P|axX-&yv1CcnB5}tP(P!)b&XS(CYu*B_?wh9y zR(y_#Gke^w8Cvtb=ax@{-BwYxqZ@51`2q{n-fdrXdFh*(78g|2!;*qlbamdFarM($ zhff?~ek$LWY~CgFRc}ee?qe~FyP0_Q3oUHBbIByeu2MoX_DNopbmH3B4K6%8w`c5o z`}h#^fpvR!%uLHve9#xtwB~8Jc+8B)a>;JB)^le5JmawH;hKA2zwME?`=qdAI(wYv zLN86;1)&E6+Iyd0wJyH(@%Gj%i 0) + if (keyId->len > 0) { TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, MBEDTLS_ASN1_OCTET_STRING); TEST_EQUAL(memcmp(crt.authority_key_id.keyIdentifier.p, keyId->x, keyId->len), 0); TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, keyId->len); + } else { + TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, 0); + TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, 0); } + /* Issuer test */ - if (crt.authority_key_id.authorityCertIssuer.buf.len > 0) + if (strlen(authorityKeyId_issuer) > 0) { mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer; @@ -1621,13 +1625,16 @@ void x509_crt_parse_authoritykeyid(char *file, } /* Serial test */ - if (crt.authority_key_id.authorityCertSerialNumber.len > 0) + if (serial->len > 0) { TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, MBEDTLS_ASN1_INTEGER); TEST_EQUAL(memcmp(crt.authority_key_id.authorityCertSerialNumber.p, serial->x, serial->len), 0); TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, serial->len); + } else { + TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, 0); + TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, 0); } } else { From ff9c2996f3da3faa1d2bf90fc580aa2fe9198130 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 16 May 2023 19:14:19 +0200 Subject: [PATCH 11/14] Fix code style Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_x509parse.function | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 7163632a8..c93644353 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1574,9 +1574,9 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */ void x509_crt_parse_authoritykeyid(char *file, - data_t* keyId, + data_t *keyId, char *authorityKeyId_issuer, - data_t* serial, + data_t *serial, int ref_ret) { mbedtls_x509_crt crt; @@ -1592,8 +1592,7 @@ void x509_crt_parse_authoritykeyid(char *file, if (ref_ret == 0) { /* KeyId test */ - if (keyId->len > 0) - { + if (keyId->len > 0) { TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, MBEDTLS_ASN1_OCTET_STRING); TEST_EQUAL(memcmp(crt.authority_key_id.keyIdentifier.p, keyId->x, keyId->len), 0); TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, keyId->len); @@ -1604,8 +1603,7 @@ void x509_crt_parse_authoritykeyid(char *file, /* Issuer test */ - if (strlen(authorityKeyId_issuer) > 0) - { + if (strlen(authorityKeyId_issuer) > 0) { mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer; TEST_EQUAL(mbedtls_x509_parse_subject_alt_name(&issuerPtr->buf, &san), 0); @@ -1625,12 +1623,11 @@ void x509_crt_parse_authoritykeyid(char *file, } /* Serial test */ - if (serial->len > 0) - { + if (serial->len > 0) { TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, - MBEDTLS_ASN1_INTEGER); + MBEDTLS_ASN1_INTEGER); TEST_EQUAL(memcmp(crt.authority_key_id.authorityCertSerialNumber.p, - serial->x, serial->len), 0); + serial->x, serial->len), 0); TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, serial->len); } else { TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, 0); From 401c8e3a971ae976ea5b4518abc40d4210de5e7b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 18 May 2023 12:11:28 +0200 Subject: [PATCH 12/14] Adapt test (use path instead of bytes) after rebase Signed-off-by: Przemek Stekiel --- ...inimized-fuzz_x509crt-6666050834661376.crt.der | Bin 0 -> 396 bytes tests/suites/test_suite_x509parse.data | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) create mode 100644 tests/data_files/clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376.crt.der diff --git a/tests/data_files/clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376.crt.der b/tests/data_files/clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..64a490011cf252d4c703bf47a322ccfaff8fa63a GIT binary patch literal 396 zcmXqLV(c(zV$5H_%*4pV#Hj!S2E1&XT5TR}-+37sSy&kilnn(8_}G|%(!%UeHHQ2^ zMPLy&h=_rlIIp3hfvJIok%6hDiA5BUYXan&L%GBm5`%0tBP#>5H-mu(lOxPw~0n@?1mWxvoVLtDzo?)cr}P%Q?gKNi7HW^X=1>p9hVpYkuf^A literal 0 HcmV?d00001 diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index e6d2c534d..51b92dadc 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3361,7 +3361,7 @@ X509 CRT parse Authority Key Id - Wrong Serial Number Tag length depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_sn_len_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -# clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376: test for bad sequence of names in authorityCertIssuer +# clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376: test for bad sequence of names in authorityCertIssuer (see issue #7576) X509 CRT parse Authority Key Id - Wrong Issuer sequence depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"308201883082016FA0030201020209202020202020202020300D06092A864886F70D010104050030233110300E0603202020130720202020202020310F300D06032020201306202020202020301E170D3131303530383230353934385A170D3134303530373230353934385A30233110300E0603202020130720202020202020310F300D06032020201306202020202020305C300D06092A864886F70D0101010500034B003048024120202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020FF02032020FFA38185308182301D060320202004162020202020202020202020202020202020202020202030530603551D23044C304A80142020202020202020202020202020202020202020A12AA42530233110300E0603202020130720202020202020310F300D0603202020130620202020202082002020202020202020202020202020202020202020202020202020202020202020202020202020202020202020":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA \ No newline at end of file +x509_crt_parse_authoritykeyid:"data_files/clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA From 0b683a9a57785de66a3f052fef608bc6b82dde17 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 24 May 2023 16:06:30 +0200 Subject: [PATCH 13/14] Remove redundant test and add tests: keyid only (without issuer) Signed-off-by: Przemek Stekiel --- tests/data_files/Makefile | 6 +++--- tests/data_files/authorityKeyId_empty.crt.der | Bin 809 -> 0 bytes tests/data_files/authorityKeyId_no_issuer.crt.der | Bin 0 -> 842 bytes tests/data_files/authorityKeyId_subjectKeyId.conf | 5 +++-- tests/suites/test_suite_x509parse.data | 8 ++++---- 5 files changed, 10 insertions(+), 9 deletions(-) delete mode 100644 tests/data_files/authorityKeyId_empty.crt.der create mode 100644 tests/data_files/authorityKeyId_no_issuer.crt.der diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 8ec84c104..f8144319f 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -556,12 +556,12 @@ authorityKeyId_subjectKeyId.crt.der: authorityKeyId_no_keyid.crt.der: $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_keyid' +authorityKeyId_no_issuer.crt.der: + $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_issuer' + authorityKeyId_no_authorityKeyId.crt.der: $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_no_authorityKeyId' -authorityKeyId_empty.crt.der: - $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_empty' - authorityKeyId_subjectKeyId_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0114A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@ diff --git a/tests/data_files/authorityKeyId_empty.crt.der b/tests/data_files/authorityKeyId_empty.crt.der deleted file mode 100644 index e4a208661045ff15c87f970685a73490c6419f8a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 809 zcmXqLVpcV1V&YxE%*4pVBqDygN!xXq-3hm^E06TOFI)6#QhbB~FB_*;n@8JsUPeZ4 zRt5uWLv903Hs(+kHen_|A45R{eh`P7ha(_AC$T6v*vC-PKpZ5*%p(93QV2;cE>UoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3Z@2Sg5_+R&W4*o2AO#)>tf13t$okbxG?zi zTLUv2pT=v?1b>#lcM?y`{q}#og6i$F%zUT!RLLz@X*@K=A>zK}fblu(TNZZ*jyDN-O U#DuQDwZ8f3=GnUq7INPO0BpBHZ2$lO diff --git a/tests/data_files/authorityKeyId_no_issuer.crt.der b/tests/data_files/authorityKeyId_no_issuer.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..175ee3f303e9902b474aa4f5b00e27ab17acbe94 GIT binary patch literal 842 zcmXqLVs3A58`n1a0KM%Bo+k+`xr_Zh=YWfc?4iW3L&Y*B?``t z26E!OM#cuFMka>FCT51_QR2KNK(3)BluMc6O^iy&j%8$JU~XdMXE11Dpu?ta8&Ms!?SpH5fd)o4#Efe1B7FF4)%=)v< zWR1$#@&{@uJ##i_)GoaBs^{5BnQ43e9b^gGY<6YwuZJ7UZcI3sxFs#fY>`^A!Mb-Ax4AgOw5c7jEkKN91LWE@gvK}BE}-Jl=Vf*jyv}g_ydG|6IP_G_w9C`Y#&g53 zfAK%-WfB(Kcya6E<&)km6Og(0@0Oaqe}s5JFKgaDnM~2FyR&_z0$ZE6-BFnJyKJBF zq0oi4o4wczBpz!Gr_xUYyUB3>LZ)eW@v-14Yw5 ee0P!9&|39-UxDh1mU#^~SL|xM{>9T~dkX-^Oh`EZ literal 0 HcmV?d00001 diff --git a/tests/data_files/authorityKeyId_subjectKeyId.conf b/tests/data_files/authorityKeyId_subjectKeyId.conf index 94ab20e15..296fac863 100644 --- a/tests/data_files/authorityKeyId_subjectKeyId.conf +++ b/tests/data_files/authorityKeyId_subjectKeyId.conf @@ -12,7 +12,8 @@ authorityKeyIdentifier = keyid:always,issuer:always [v3_req_authorityKeyId_no_keyid] subjectKeyIdentifier = hash authorityKeyIdentifier = issuer:always +[v3_req_authorityKeyId_no_issuer] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always [v3_req_no_authorityKeyId] subjectKeyIdentifier = hash -[v3_req_authorityKeyId_empty] -subjectKeyIdentifier = hash diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 51b92dadc..b49824be8 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3321,14 +3321,14 @@ X509 CRT parse Authority Key Id - Correct Authority Key ID (no keyid) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_no_keyid.crt.der":"":"NL/PolarSSL/PolarSSL Test CA/":"7581F2D168FE33F964F0AE5FE884FAD3C55F24DA":0 +X509 CRT parse Authority Key Id - Correct Authority Key ID (no issuer) +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C +x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_no_issuer.crt.der":"A505E864B8DCDF600F50124D60A864AF4D8B4393":"":"":0 + X509 CRT parse Authority Key Id - no Authority Key ID depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_no_authorityKeyId.crt.der":"":"":"":0 -X509 CRT parse Authority Key Id - Correct Authority Key ID (empty) -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_empty.crt.der":"":"":"":0 - X509 CRT parse Authority Key Id - Wrong Length depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH From b3eaf8c2edd7cd9ffb06a38f71afa51e49a454c3 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 14 Jun 2023 14:25:21 +0200 Subject: [PATCH 14/14] Use predefined serial numer in certificates Signed-off-by: Przemek Stekiel --- tests/data_files/Makefile | 4 ++-- .../data_files/authorityKeyId_no_keyid.crt.der | Bin 909 -> 909 bytes .../authorityKeyId_subjectKeyId.crt.der | Bin 931 -> 931 bytes tests/suites/test_suite_x509parse.data | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index f8144319f..eeb0b0f03 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -551,10 +551,10 @@ crl_cat_rsa-ec.pem:crl.pem crl-ec-sha256.pem all_final += crl_cat_ec-rsa.pem crl_cat_rsa-ec.pem authorityKeyId_subjectKeyId.crt.der: - $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' + $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' -set_serial 593828494303792449134898749208168108403991951034 authorityKeyId_no_keyid.crt.der: - $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_keyid' + $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_keyid' -set_serial 593828494303792449134898749208168108403991951034 authorityKeyId_no_issuer.crt.der: $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_issuer' diff --git a/tests/data_files/authorityKeyId_no_keyid.crt.der b/tests/data_files/authorityKeyId_no_keyid.crt.der index c6d0d7e9869897115c705c46801b28c1334c581b..4ac5f00763d4d6c721d11392ea99ef36dde72208 100644 GIT binary patch delta 371 zcmeBW?`2muXkzX(Xksc{z|6$R#3YizVsMt-_nH0K1A%J%7n}}l7239IqH?f=nW2fH zk&&UXVU#$piLrs1fhB~yvF|!#JvL1Sylk9WZ60mkc^MhGSs9p{7#SIIyVmN-zs)}= z9k;_P>F#m;m1&y7TaU;uZ@X;rHdU<@fz7vGS?!(@6K)(4`!s5FVXnK2wz~E~Y=` zg>#n~Q@#G{os+GXOzJtC`L(91a)~q}_uG|b`8vGD(ykFHk)0cP_AF}uE}tr^IMrCA zMxEKcrBfwvgVw^Ut7q}Rb(rgI-nFX-QY?u+rgnYEj?= delta 371 zcmeBW?`2muXkzX(Xksc{z|6$R#3WMM_~~NCKjWV%AJ)acX!&*dXuQg;iORterUn*< zhK6PaMp5FtCdLM)2F4KX#=h%}_1H8S@Un4gwRyCC=VfH%W@TV*Vq|0xFwH4nd(fxO zO2ko7A~`Q3_4y*L)n)CjI>r(nPvQ@07lnK8V)@>G{^cbPi9@Cxt9grbFF)x=SK%pXJlx>wVR!l6@+k zZ@0+z6|%9%daf>+^3h<2U_(m2hM%T3YvirX^Al~}ZrR>3a|y?-Cb1vlaW~!D+$Xg& zuXc}I);Ime1+AHXJ!=@;6~x-6ndq%*x+>d#wBdZ0>iOf2Ne_EgS1vuS_{t^yMqOdt GzMlZ!Zlvx2 diff --git a/tests/data_files/authorityKeyId_subjectKeyId.crt.der b/tests/data_files/authorityKeyId_subjectKeyId.crt.der index 4186b499eddad9401a12564f52bda63193073a86..a6ca46958f2ac0ddb88b6d2a203fd3e0bb1cf92b 100644 GIT binary patch delta 293 zcmV+=0owkf2crj&b{94=G%+$VG%+$-7Y#HsFg7qbF)}hVF|myn0)JEo5*U_giLdxN z32nxYrM@n(cmeQ#sA|~LKc2u^HrC@R_LMr1-~+dt535)3pwMSBdvB;O$GHjJZN!<} zl{85(HM-F*nF#&v{o=H)Y+XepwQq?pcp^Q8g^k1hm>aLocZX_VV8glgA~dZjsbZ~t zeeACAAF_{vJyE+emw)g=)Q18L1u^V=nW|y33hfrVaRy3w$~t9;oD?v!O-RK&V?ycy zV2e4-Ev=-)UA`XxRO85exaoJect(eR^{x1Co5*pw_4qV#NEkiY0J0SN=!n_U{>#Q! r)2xE(|BjH(Oz6VEBLow_F*nO}qL4=&+P8T9TOI|0K~1N*i2^-{%c6|K delta 293 zcmV+=0owkf2crj&b{91;I59CXHZU?;7Y#HsFf}kUF)=YVFtLpm0)Lgy0rj-x_L$hF z8C>e)@Y?cY1G?#!+D|gmG_oA#`WBD5fh{lTd3675DwMzON#Us{rUec9yYU^XRYO!Z)q1D^}ui?DRYVX5vOa>3{4FprUwWQmJAdW9!`J=(#;jWobOOl|>;A(mZ^Z>inrt;tIp@ zakR*|;h?F@D?Ww#uF=W2Y!T(Ihpsw&>Kf^UHX!WqY+V%G{z7Owaa`@9GpYh%YNTFF rr>