mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-02 15:04:14 +01:00
Add X.509 CRT test for nested calls for CRT frame / PK acquire
This commit is contained in:
parent
69c303360e
commit
7ab8a2e2a0
@ -935,6 +935,10 @@ X509 Parse Selftest
|
|||||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_selftest:
|
x509_selftest:
|
||||||
|
|
||||||
|
X509 nested acquire
|
||||||
|
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||||
|
x509_nested_acquire:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff"
|
||||||
|
|
||||||
X509 CRT ASN1 (Empty Certificate)
|
X509 CRT ASN1 (Empty Certificate)
|
||||||
x509parse_crt:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT
|
x509parse_crt:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT
|
||||||
|
|
||||||
|
@ -597,6 +597,99 @@ exit:
|
|||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
void x509_nested_acquire( data_t * buf )
|
||||||
|
{
|
||||||
|
/* This tests exercises the behavior of the library when
|
||||||
|
* facing nested calls to mbedtls_x509_crt_xxx_acquire().
|
||||||
|
* This is allowed if !MBEDTLS_X509_ALWAYS_FLUSH or
|
||||||
|
* MBEDTLS_THREADING_C, but forbidden otherwise. */
|
||||||
|
|
||||||
|
mbedtls_x509_crt crt;
|
||||||
|
mbedtls_x509_crt_init( &crt );
|
||||||
|
TEST_ASSERT( mbedtls_x509_crt_parse_der( &crt, buf->x, buf->len ) == 0 );
|
||||||
|
|
||||||
|
/* Nested aquire for CRT frames */
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
mbedtls_x509_crt_frame const *frame1;
|
||||||
|
mbedtls_x509_crt_frame const *frame2;
|
||||||
|
|
||||||
|
/* Perform a (hopefully) innocent acquire-release pair first. */
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_x509_crt_frame_acquire( &crt, &frame1 ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_x509_crt_frame_release( &crt ) == 0 );
|
||||||
|
|
||||||
|
/* Perform two nested acquire calls. */
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_x509_crt_frame_acquire( &crt, &frame1 ) == 0 );
|
||||||
|
|
||||||
|
ret = mbedtls_x509_crt_frame_acquire( &crt, &frame2 );
|
||||||
|
#if defined(MBEDTLS_X509_ALWAYS_FLUSH) && \
|
||||||
|
!defined(MBEDTLS_THREADING_C)
|
||||||
|
TEST_ASSERT( ret == MBEDTLS_ERR_X509_FATAL_ERROR );
|
||||||
|
#else
|
||||||
|
TEST_ASSERT( ret == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_x509_crt_frame_release( &crt ) == 0 );
|
||||||
|
#endif
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_x509_crt_frame_release( &crt ) == 0 );
|
||||||
|
|
||||||
|
ret = mbedtls_x509_crt_frame_release( &crt );
|
||||||
|
|
||||||
|
/* In contexts which use resource counting, we expect an
|
||||||
|
* error on an attempted release() without prior acquire(). */
|
||||||
|
#if defined(MBEDTLS_X509_ALWAYS_FLUSH) && \
|
||||||
|
!defined(MBEDTLS_THREADING_C)
|
||||||
|
TEST_ASSERT( ret == 0 );
|
||||||
|
#else
|
||||||
|
TEST_ASSERT( ret == MBEDTLS_ERR_X509_FATAL_ERROR );
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Nested aquire for PK contexts */
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
mbedtls_pk_context *pk1;
|
||||||
|
mbedtls_pk_context *pk2;
|
||||||
|
|
||||||
|
/* Perform a (hopefully) innocent acquire-release pair first. */
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_x509_crt_pk_acquire( &crt, &pk1 ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_x509_crt_pk_release( &crt ) == 0 );
|
||||||
|
|
||||||
|
/* Perform two nested acquire calls. */
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_x509_crt_pk_acquire( &crt, &pk1 ) == 0 );
|
||||||
|
|
||||||
|
ret = mbedtls_x509_crt_pk_acquire( &crt, &pk2 );
|
||||||
|
#if defined(MBEDTLS_X509_ALWAYS_FLUSH) && \
|
||||||
|
!defined(MBEDTLS_THREADING_C)
|
||||||
|
TEST_ASSERT( ret == MBEDTLS_ERR_X509_FATAL_ERROR );
|
||||||
|
#else
|
||||||
|
TEST_ASSERT( ret == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_x509_crt_pk_release( &crt ) == 0 );
|
||||||
|
#endif
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_x509_crt_pk_release( &crt ) == 0 );
|
||||||
|
|
||||||
|
ret = mbedtls_x509_crt_pk_release( &crt );
|
||||||
|
|
||||||
|
/* In contexts which use resource counting, we expect an
|
||||||
|
* error on an attempted release() without prior acquire(). */
|
||||||
|
#if defined(MBEDTLS_X509_ALWAYS_FLUSH) && \
|
||||||
|
!defined(MBEDTLS_THREADING_C)
|
||||||
|
TEST_ASSERT( ret == 0 );
|
||||||
|
#else
|
||||||
|
TEST_ASSERT( ret == MBEDTLS_ERR_X509_FATAL_ERROR );
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
exit:
|
||||||
|
mbedtls_x509_crt_free( &crt );
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
|
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
|
||||||
void x509parse_crl( data_t * buf, char * result_str, int result )
|
void x509parse_crl( data_t * buf, char * result_str, int result )
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user