Copy updated test certificates and related data (keys, CSR, etc.) from
development. This replaces certificates that will expire on 2023-09-07,
causing the unit tests to fail. This also adds new data files that are not
used, and moves some files.
The replacement data is good until 2023-12-31.
The update causes some parsing unit tests to fail because the new
certificates have a different expiry date. This will be fixed in a
subsequent commit.
```
git checkout dc2d7cce02 -- tests/data_files tests/src/test_certs.h tests/src/certs.c
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The test file was created by manually modifying
tests/data_files/pkcs7_data_without_cert_signed.der, using
ASN.1 JavaScript decoder https://lapo.it/asn1js/
Changes made:
The SignerInfos set was truncated to zero length.
All the parent sequences, sets, etc were then adjusted
for their new reduced length.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit adds well-formed reproducers for the memory management
issues fixed in the following commits:
290f01b3f5e7f8c616d0f7641544ea
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
The contentInfo field of PKCS7 Signed Data structures can
optionally contain the content of the signature. Per RFC 2315
it can also contain any of the PKCS7 data types. Add test and
comments making it clear that the current implementation
only supports the DATA content type and the data must be empty.
Return codes should be clear whether content was invalid or
unsupported.
Identification and fix provided by:
- Demi Marie Obenour <demiobenour@gmail.com>
- Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Nick Child <nick.child@ibm.com>
Previously, a loop in pkcs7_get_signers_info_set was not
getting covered by tests. This was because when there are
two or less signers, the loop will not execute.
Therefore, add new data files for another signer and use
three signers to generate a new pkcs7 DER file. Add a test
case to make sure that verification is still successfula and
use the test script to create ASN1 errors throoughout the
stucture:
./generate_pkcs7_tests.py ../data_files/pkcs7_data_3_signed.der
This results in the loop being executed.
Signed-off-by: Nick Child <nick.child@ibm.com>
Additionally fix the generation of test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der which was incorectly malformed.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
- added 2 new certificates: 1 for testing a serial which is full lenght
and another one for a serial which starts with 0x80
- added also proper Makefile and openssl configuration file to generate
these 2 new certificates
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The already existing "x509_csr_check()" function is extended in order
to support/test also CSR's extensions. The test is performed by
adding an extended key usage.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Windows tests are failing pkcs7 verification due to differnt line
endings. Therefore, add make instuctions for building the data
files with Windows EOF instead. As a result, regenerate other data
files so that verification works.
Add these CRLF EOF files to the exception in check_files to ignore
the line endings.
Signed-off-by: Nick Child <nick.child@ibm.com>
