diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-01-02 21:06:40 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-01-02 21:06:40 +0100 |
commit | f4a12fc67689a830e9da1c87fd11afe5bc09deb3 (patch) | |
tree | 211ae0cd022a6c11b0026ecc7761a550c584583c /security/nss/gtests/mozpkix_gtest | |
parent | f7d30133221896638f7bf4f66c504255c4b14f48 (diff) | |
download | UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.gz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.lz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.xz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.zip |
Issue #1338 - Part 2: Update NSS to 3.48-RTM
Diffstat (limited to 'security/nss/gtests/mozpkix_gtest')
10 files changed, 90 insertions, 16 deletions
diff --git a/security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp b/security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp index 899b849fc..1623d76bb 100644 --- a/security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp +++ b/security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp @@ -43,6 +43,7 @@ '<(DEPTH)/lib/base/base.gyp:nssb', '<(DEPTH)/lib/dev/dev.gyp:nssdev', '<(DEPTH)/lib/pki/pki.gyp:nsspki', + '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix', '<(DEPTH)/lib/mozpkix/mozpkix.gyp:mozpkix', '<(DEPTH)/lib/mozpkix/mozpkix.gyp:mozpkix-testlib', ], diff --git a/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp index e17321075..c1c81b3a7 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp +++ b/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp @@ -152,10 +152,14 @@ private: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, + Time validityBeginning, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { + // All of the certificates in this test for which this is called have a + // validity period that begins "one day before now". + EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning); return Success; } @@ -301,10 +305,14 @@ public: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, + Time validityBeginning, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { + // All of the certificates in this test for which this is called have a + // validity period that begins "one day before now". + EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning); return Success; } @@ -321,7 +329,7 @@ public: { } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { @@ -442,10 +450,14 @@ public: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, + Time validityBeginning, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { + // All of the certificates in this test for which this is called have a + // validity period that begins "one day before now". + EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning); return Success; } @@ -665,10 +677,14 @@ private: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, + Time validityBeginning, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { + // All of the certificates in this test for which this is called have a + // validity period that begins "one day before now". + EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning); return Success; } @@ -723,7 +739,7 @@ class RevokedEndEntityTrustDomain final : public MultiplePathTrustDomain { public: Result CheckRevocation(EndEntityOrCA endEntityOrCA, const CertID&, Time, - Duration, /*optional*/ const Input*, + Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { if (endEntityOrCA == EndEntityOrCA::MustBeEndEntity) { @@ -828,10 +844,14 @@ private: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, + Time validityBeginning, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { + // All of the certificates in this test for which this is called have a + // validity period that begins "one day before now". + EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning); return Success; } diff --git a/security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp index 762fac146..71399a26b 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp +++ b/security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp @@ -70,7 +70,7 @@ private: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { diff --git a/security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp index 00ccffb04..54e19fc3d 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp +++ b/security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp @@ -92,7 +92,7 @@ private: return checker.Check(issuerCert, nullptr, keepGoing); } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, const Input*, const Input*) override { return Success; diff --git a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp index 0aef3d5c1..9fd1e52f1 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp +++ b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp @@ -558,7 +558,7 @@ private: return checker.Check(derCert, nullptr, keepGoing); } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, const Input*, const Input*) override { return Success; diff --git a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp index 136f8719a..b87f0a772 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp +++ b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp @@ -166,8 +166,8 @@ void ASSERT_SimpleCase(uint8_t unusedBits, uint8_t bits, KeyUsage usage) // Test that none of the other non-padding bits are mistaken for the given // key usage in the single-byte value case. - NAMED_SIMPLE_KU(notGood, unusedBits, - static_cast<uint8_t>((~bits >> unusedBits) << unusedBits)); + uint8_t paddingBits = (static_cast<uint8_t>(~bits) >> unusedBits) << unusedBits; + NAMED_SIMPLE_KU(notGood, unusedBits, paddingBits); ASSERT_BAD(CheckKeyUsage(EndEntityOrCA::MustBeEndEntity, ¬Good, usage)); ASSERT_BAD(CheckKeyUsage(EndEntityOrCA::MustBeCA, ¬Good, usage)); diff --git a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp index 70e6fd410..e1f35e5b4 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp +++ b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp @@ -302,7 +302,7 @@ public: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { diff --git a/security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp index cf91fa2c6..c66f06e6a 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp +++ b/security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp @@ -191,8 +191,10 @@ TEST_F(pkixder_input_tests, ReadByteWrapAroundPointer) // a null pointer is undefined behavior according to the C++ language spec., // but this should catch the problem on at least some compilers, if not all of // them. - const uint8_t* der = nullptr; - --der; + uintptr_t derint = -1; + auto der = reinterpret_cast<const uint8_t*>(derint); + ASSERT_EQ(sizeof(der), sizeof(derint)) + << "underflow of pointer might not work"; Input buf; ASSERT_EQ(Success, buf.Init(der, 0)); Reader input(buf); @@ -359,6 +361,7 @@ TEST_F(pkixder_input_tests, Skip_WrapAroundPointer) // but this should catch the problem on at least some compilers, if not all of // them. const uint8_t* der = nullptr; + // coverity[FORWARD_NULL] --der; Input buf; ASSERT_EQ(Success, buf.Init(der, 0)); diff --git a/security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp index 260c735ec..0dc8555d9 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp +++ b/security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp @@ -1224,3 +1224,53 @@ TEST_F(pkixder_universal_types_tests, OID) ASSERT_EQ(Success, OID(reader, expectedOID)); } + +TEST_F(pkixder_universal_types_tests, SkipOptionalImplicitPrimitiveTag) +{ + const uint8_t DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1[] = { + 0x81, + 0x04, + 0x00, + 0x0A, + 0x0B, + 0x0C, + }; + Input input(DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1); + Reader reader(input); + + ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 1)); + ASSERT_TRUE(reader.AtEnd()); +} + +TEST_F(pkixder_universal_types_tests, SkipOptionalImplicitPrimitiveTagMismatch) +{ + const uint8_t DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1[] = { + 0x81, + 0x04, + 0x00, + 0x0A, + 0x0B, + 0x0C, + }; + Input input(DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1); + Reader reader(input); + + ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 2)); + ASSERT_FALSE(reader.AtEnd()); +} + +TEST_F(pkixder_universal_types_tests, NoSkipOptionalImplicitConstructedTag) +{ + const uint8_t DER_IMPLICIT_SEQUENCE_WITH_CLASS_NUMBER_1[] = { + 0xA1, + 0x03, + 0x05, + 0x01, + 0x00, + }; + Input input(DER_IMPLICIT_SEQUENCE_WITH_CLASS_NUMBER_1); + Reader reader(input); + + ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 1)); + ASSERT_FALSE(reader.AtEnd()); +} diff --git a/security/nss/gtests/mozpkix_gtest/pkixgtest.h b/security/nss/gtests/mozpkix_gtest/pkixgtest.h index bb3491d44..0a203c5e1 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixgtest.h +++ b/security/nss/gtests/mozpkix_gtest/pkixgtest.h @@ -100,7 +100,7 @@ class EverythingFailsByDefaultTrustDomain : public TrustDomain { Result::FATAL_ERROR_LIBRARY_FAILURE); } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { ADD_FAILURE(); |