Add X.509 CRT test for nested calls for CRT frame / PK acquire

This commit is contained in:
Hanno Becker 2019-06-28 15:52:54 +01:00
parent 69c303360e
commit 7ab8a2e2a0
2 changed files with 97 additions and 0 deletions

View File

@ -935,6 +935,10 @@ X509 Parse Selftest
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_selftest: x509_selftest:
X509 nested acquire
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509_nested_acquire:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff"
X509 CRT ASN1 (Empty Certificate) X509 CRT ASN1 (Empty Certificate)
x509parse_crt:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT x509parse_crt:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT

View File

@ -597,6 +597,99 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
void x509_nested_acquire( data_t * buf )
{
/* This tests exercises the behavior of the library when
* facing nested calls to mbedtls_x509_crt_xxx_acquire().
* This is allowed if !MBEDTLS_X509_ALWAYS_FLUSH or
* MBEDTLS_THREADING_C, but forbidden otherwise. */
mbedtls_x509_crt crt;
mbedtls_x509_crt_init( &crt );
TEST_ASSERT( mbedtls_x509_crt_parse_der( &crt, buf->x, buf->len ) == 0 );
/* Nested aquire for CRT frames */
{
int ret;
mbedtls_x509_crt_frame const *frame1;
mbedtls_x509_crt_frame const *frame2;
/* Perform a (hopefully) innocent acquire-release pair first. */
TEST_ASSERT( mbedtls_x509_crt_frame_acquire( &crt, &frame1 ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_frame_release( &crt ) == 0 );
/* Perform two nested acquire calls. */
TEST_ASSERT( mbedtls_x509_crt_frame_acquire( &crt, &frame1 ) == 0 );
ret = mbedtls_x509_crt_frame_acquire( &crt, &frame2 );
#if defined(MBEDTLS_X509_ALWAYS_FLUSH) && \
!defined(MBEDTLS_THREADING_C)
TEST_ASSERT( ret == MBEDTLS_ERR_X509_FATAL_ERROR );
#else
TEST_ASSERT( ret == 0 );
TEST_ASSERT( mbedtls_x509_crt_frame_release( &crt ) == 0 );
#endif
TEST_ASSERT( mbedtls_x509_crt_frame_release( &crt ) == 0 );
ret = mbedtls_x509_crt_frame_release( &crt );
/* In contexts which use resource counting, we expect an
* error on an attempted release() without prior acquire(). */
#if defined(MBEDTLS_X509_ALWAYS_FLUSH) && \
!defined(MBEDTLS_THREADING_C)
TEST_ASSERT( ret == 0 );
#else
TEST_ASSERT( ret == MBEDTLS_ERR_X509_FATAL_ERROR );
#endif
}
/* Nested aquire for PK contexts */
{
int ret;
mbedtls_pk_context *pk1;
mbedtls_pk_context *pk2;
/* Perform a (hopefully) innocent acquire-release pair first. */
TEST_ASSERT( mbedtls_x509_crt_pk_acquire( &crt, &pk1 ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_pk_release( &crt ) == 0 );
/* Perform two nested acquire calls. */
TEST_ASSERT( mbedtls_x509_crt_pk_acquire( &crt, &pk1 ) == 0 );
ret = mbedtls_x509_crt_pk_acquire( &crt, &pk2 );
#if defined(MBEDTLS_X509_ALWAYS_FLUSH) && \
!defined(MBEDTLS_THREADING_C)
TEST_ASSERT( ret == MBEDTLS_ERR_X509_FATAL_ERROR );
#else
TEST_ASSERT( ret == 0 );
TEST_ASSERT( mbedtls_x509_crt_pk_release( &crt ) == 0 );
#endif
TEST_ASSERT( mbedtls_x509_crt_pk_release( &crt ) == 0 );
ret = mbedtls_x509_crt_pk_release( &crt );
/* In contexts which use resource counting, we expect an
* error on an attempted release() without prior acquire(). */
#if defined(MBEDTLS_X509_ALWAYS_FLUSH) && \
!defined(MBEDTLS_THREADING_C)
TEST_ASSERT( ret == 0 );
#else
TEST_ASSERT( ret == MBEDTLS_ERR_X509_FATAL_ERROR );
#endif
}
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
void x509parse_crl( data_t * buf, char * result_str, int result ) void x509parse_crl( data_t * buf, char * result_str, int result )
{ {