|
@@ -83,6 +83,12 @@ static X509 *insta_cert = NULL, *instaca_cert = NULL;
|
|
|
static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH];
|
|
|
static OSSL_CMP_MSG *ir_unprotected, *ir_rmprotection;
|
|
|
|
|
|
+/* secret value used for IP_waitingStatus_PBM.der */
|
|
|
+static const unsigned char sec_1[] = {
|
|
|
+ '9', 'p', 'p', '8', '-', 'b', '3', '5', 'i', '-', 'X', 'd', '3',
|
|
|
+ 'Q', '-', 'u', 'd', 'N', 'R'
|
|
|
+};
|
|
|
+
|
|
|
static int flip_bit(ASN1_BIT_STRING *bitstr)
|
|
|
{
|
|
|
int bit_num = 7;
|
|
@@ -147,20 +153,15 @@ static int execute_validate_cert_path_test(CMP_VFY_TEST_FIXTURE *fixture)
|
|
|
return res;
|
|
|
}
|
|
|
|
|
|
-static int test_validate_msg_mac_alg_protection(void)
|
|
|
+static int test_validate_msg_mac_alg_protection(int miss, int wrong)
|
|
|
{
|
|
|
- /* secret value belonging to cmp-test/CMP_IP_waitingStatus_PBM.der */
|
|
|
- const unsigned char sec_1[] = {
|
|
|
- '9', 'p', 'p', '8', '-', 'b', '3', '5', 'i', '-', 'X', 'd', '3',
|
|
|
- 'Q', '-', 'u', 'd', 'N', 'R'
|
|
|
- };
|
|
|
-
|
|
|
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
|
|
|
fixture->cert = NULL;
|
|
|
|
|
|
- fixture->expected = 1;
|
|
|
- if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1,
|
|
|
- sizeof(sec_1)))
|
|
|
+ fixture->expected = !miss && !wrong;
|
|
|
+ if (!TEST_true(miss ? OSSL_CMP_CTX_set0_trusted(fixture->cmp_ctx, NULL)
|
|
|
+ : OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1,
|
|
|
+ wrong ? 4 : sizeof(sec_1)))
|
|
|
|| !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) {
|
|
|
tear_down(fixture);
|
|
|
fixture = NULL;
|
|
@@ -169,6 +170,21 @@ static int test_validate_msg_mac_alg_protection(void)
|
|
|
return result;
|
|
|
}
|
|
|
|
|
|
+static int test_validate_msg_mac_alg_protection_ok(void)
|
|
|
+{
|
|
|
+ return test_validate_msg_mac_alg_protection(0, 0);
|
|
|
+}
|
|
|
+
|
|
|
+static int test_validate_msg_mac_alg_protection_missing(void)
|
|
|
+{
|
|
|
+ return test_validate_msg_mac_alg_protection(1, 0);
|
|
|
+}
|
|
|
+
|
|
|
+static int test_validate_msg_mac_alg_protection_wrong(void)
|
|
|
+{
|
|
|
+ return test_validate_msg_mac_alg_protection(0, 1);
|
|
|
+}
|
|
|
+
|
|
|
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
|
|
static int test_validate_msg_mac_alg_protection_bad(void)
|
|
|
{
|
|
@@ -240,12 +256,17 @@ static int test_validate_msg_signature_trusted_expired(void)
|
|
|
}
|
|
|
#endif
|
|
|
|
|
|
-static int test_validate_msg_signature_srvcert_wrong(void)
|
|
|
+static int test_validate_msg_signature_srvcert(int bad_sig, int miss, int wrong)
|
|
|
{
|
|
|
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
|
|
|
- fixture->expected = 0;
|
|
|
+ fixture->cert = srvcert;
|
|
|
+ fixture->expected = !bad_sig && !wrong && !miss;
|
|
|
if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
|
|
|
- || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, clcert))) {
|
|
|
+ || !TEST_true(miss ? OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
|
|
|
+ sec_1, sizeof(sec_1))
|
|
|
+ : OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx,
|
|
|
+ wrong? clcert : srvcert))
|
|
|
+ || (bad_sig && !flip_bit(fixture->msg->protection))) {
|
|
|
tear_down(fixture);
|
|
|
fixture = NULL;
|
|
|
}
|
|
@@ -253,31 +274,26 @@ static int test_validate_msg_signature_srvcert_wrong(void)
|
|
|
return result;
|
|
|
}
|
|
|
|
|
|
-static int test_validate_msg_signature_srvcert(int bad_sig)
|
|
|
+static int test_validate_msg_signature_srvcert_missing(void)
|
|
|
{
|
|
|
- SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
|
|
|
- fixture->cert = srvcert;
|
|
|
- fixture->expected = !bad_sig;
|
|
|
- if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
|
|
|
- || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))
|
|
|
- || (bad_sig && !flip_bit(fixture->msg->protection))) {
|
|
|
- tear_down(fixture);
|
|
|
- fixture = NULL;
|
|
|
- }
|
|
|
- EXECUTE_TEST(execute_validate_msg_test, tear_down);
|
|
|
- return result;
|
|
|
+ return test_validate_msg_signature_srvcert(0, 1, 0);
|
|
|
+}
|
|
|
+
|
|
|
+static int test_validate_msg_signature_srvcert_wrong(void)
|
|
|
+{
|
|
|
+ return test_validate_msg_signature_srvcert(0, 0, 1);
|
|
|
}
|
|
|
|
|
|
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
|
|
static int test_validate_msg_signature_bad(void)
|
|
|
{
|
|
|
- return test_validate_msg_signature_srvcert(1);
|
|
|
+ return test_validate_msg_signature_srvcert(1, 0, 0);
|
|
|
}
|
|
|
#endif
|
|
|
|
|
|
static int test_validate_msg_signature_sender_cert_srvcert(void)
|
|
|
{
|
|
|
- return test_validate_msg_signature_srvcert(0);
|
|
|
+ return test_validate_msg_signature_srvcert(0, 0, 0);
|
|
|
}
|
|
|
|
|
|
static int test_validate_msg_signature_sender_cert_untrusted(void)
|
|
@@ -650,6 +666,7 @@ int setup_tests(void)
|
|
|
ADD_TEST(test_validate_msg_signature_trusted_ok);
|
|
|
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
|
|
ADD_TEST(test_validate_msg_signature_trusted_expired);
|
|
|
+ ADD_TEST(test_validate_msg_signature_srvcert_missing);
|
|
|
#endif
|
|
|
ADD_TEST(test_validate_msg_signature_srvcert_wrong);
|
|
|
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
|
@@ -667,8 +684,10 @@ int setup_tests(void)
|
|
|
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
|
|
ADD_TEST(test_validate_msg_unprotected_request);
|
|
|
#endif
|
|
|
- ADD_TEST(test_validate_msg_mac_alg_protection);
|
|
|
+ ADD_TEST(test_validate_msg_mac_alg_protection_ok);
|
|
|
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
|
|
+ ADD_TEST(test_validate_msg_mac_alg_protection_missing);
|
|
|
+ ADD_TEST(test_validate_msg_mac_alg_protection_wrong);
|
|
|
ADD_TEST(test_validate_msg_mac_alg_protection_bad);
|
|
|
#endif
|
|
|
|