summaryrefslogtreecommitdiffstats
path: root/security/nss/gtests/mozpkix_gtest
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/gtests/mozpkix_gtest')
-rw-r--r--security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp1
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp34
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp2
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp2
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp2
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp4
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp2
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp7
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp50
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixgtest.h2
10 files changed, 90 insertions, 16 deletions
diff --git a/security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp b/security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp
index 899b849fc..1623d76bb 100644
--- a/security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp
+++ b/security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp
@@ -43,6 +43,7 @@
'<(DEPTH)/lib/base/base.gyp:nssb',
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
+ '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
'<(DEPTH)/lib/mozpkix/mozpkix.gyp:mozpkix',
'<(DEPTH)/lib/mozpkix/mozpkix.gyp:mozpkix-testlib',
],
diff --git a/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp
index e17321075..c1c81b3a7 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp
+++ b/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp
@@ -152,10 +152,14 @@ private:
return Success;
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
+ Time validityBeginning, Duration,
/*optional*/ const Input*, /*optional*/ const Input*)
override
{
+ // All of the certificates in this test for which this is called have a
+ // validity period that begins "one day before now".
+ EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
return Success;
}
@@ -301,10 +305,14 @@ public:
return Success;
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
+ Time validityBeginning, Duration,
/*optional*/ const Input*, /*optional*/ const Input*)
override
{
+ // All of the certificates in this test for which this is called have a
+ // validity period that begins "one day before now".
+ EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
return Success;
}
@@ -321,7 +329,7 @@ public:
{
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
/*optional*/ const Input*, /*optional*/ const Input*)
override
{
@@ -442,10 +450,14 @@ public:
return Success;
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
+ Time validityBeginning, Duration,
/*optional*/ const Input*, /*optional*/ const Input*)
override
{
+ // All of the certificates in this test for which this is called have a
+ // validity period that begins "one day before now".
+ EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
return Success;
}
@@ -665,10 +677,14 @@ private:
return Success;
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
+ Time validityBeginning, Duration,
/*optional*/ const Input*,
/*optional*/ const Input*) override
{
+ // All of the certificates in this test for which this is called have a
+ // validity period that begins "one day before now".
+ EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
return Success;
}
@@ -723,7 +739,7 @@ class RevokedEndEntityTrustDomain final : public MultiplePathTrustDomain
{
public:
Result CheckRevocation(EndEntityOrCA endEntityOrCA, const CertID&, Time,
- Duration, /*optional*/ const Input*,
+ Time, Duration, /*optional*/ const Input*,
/*optional*/ const Input*) override
{
if (endEntityOrCA == EndEntityOrCA::MustBeEndEntity) {
@@ -828,10 +844,14 @@ private:
return Success;
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
+ Time validityBeginning, Duration,
/*optional*/ const Input*, /*optional*/ const Input*)
override
{
+ // All of the certificates in this test for which this is called have a
+ // validity period that begins "one day before now".
+ EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
return Success;
}
diff --git a/security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp
index 762fac146..71399a26b 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp
+++ b/security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp
@@ -70,7 +70,7 @@ private:
return Success;
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
/*optional*/ const Input*, /*optional*/ const Input*)
override
{
diff --git a/security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp
index 00ccffb04..54e19fc3d 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp
+++ b/security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp
@@ -92,7 +92,7 @@ private:
return checker.Check(issuerCert, nullptr, keepGoing);
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
const Input*, const Input*) override
{
return Success;
diff --git a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp
index 0aef3d5c1..9fd1e52f1 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp
+++ b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp
@@ -558,7 +558,7 @@ private:
return checker.Check(derCert, nullptr, keepGoing);
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
const Input*, const Input*) override
{
return Success;
diff --git a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp
index 136f8719a..b87f0a772 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp
+++ b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp
@@ -166,8 +166,8 @@ void ASSERT_SimpleCase(uint8_t unusedBits, uint8_t bits, KeyUsage usage)
// Test that none of the other non-padding bits are mistaken for the given
// key usage in the single-byte value case.
- NAMED_SIMPLE_KU(notGood, unusedBits,
- static_cast<uint8_t>((~bits >> unusedBits) << unusedBits));
+ uint8_t paddingBits = (static_cast<uint8_t>(~bits) >> unusedBits) << unusedBits;
+ NAMED_SIMPLE_KU(notGood, unusedBits, paddingBits);
ASSERT_BAD(CheckKeyUsage(EndEntityOrCA::MustBeEndEntity, &notGood, usage));
ASSERT_BAD(CheckKeyUsage(EndEntityOrCA::MustBeCA, &notGood, usage));
diff --git a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp
index 70e6fd410..e1f35e5b4 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp
+++ b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp
@@ -302,7 +302,7 @@ public:
return Success;
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
/*optional*/ const Input*,
/*optional*/ const Input*) override
{
diff --git a/security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp
index cf91fa2c6..c66f06e6a 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp
+++ b/security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp
@@ -191,8 +191,10 @@ TEST_F(pkixder_input_tests, ReadByteWrapAroundPointer)
// a null pointer is undefined behavior according to the C++ language spec.,
// but this should catch the problem on at least some compilers, if not all of
// them.
- const uint8_t* der = nullptr;
- --der;
+ uintptr_t derint = -1;
+ auto der = reinterpret_cast<const uint8_t*>(derint);
+ ASSERT_EQ(sizeof(der), sizeof(derint))
+ << "underflow of pointer might not work";
Input buf;
ASSERT_EQ(Success, buf.Init(der, 0));
Reader input(buf);
@@ -359,6 +361,7 @@ TEST_F(pkixder_input_tests, Skip_WrapAroundPointer)
// but this should catch the problem on at least some compilers, if not all of
// them.
const uint8_t* der = nullptr;
+ // coverity[FORWARD_NULL]
--der;
Input buf;
ASSERT_EQ(Success, buf.Init(der, 0));
diff --git a/security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp
index 260c735ec..0dc8555d9 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp
+++ b/security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp
@@ -1224,3 +1224,53 @@ TEST_F(pkixder_universal_types_tests, OID)
ASSERT_EQ(Success, OID(reader, expectedOID));
}
+
+TEST_F(pkixder_universal_types_tests, SkipOptionalImplicitPrimitiveTag)
+{
+ const uint8_t DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1[] = {
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x0A,
+ 0x0B,
+ 0x0C,
+ };
+ Input input(DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1);
+ Reader reader(input);
+
+ ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 1));
+ ASSERT_TRUE(reader.AtEnd());
+}
+
+TEST_F(pkixder_universal_types_tests, SkipOptionalImplicitPrimitiveTagMismatch)
+{
+ const uint8_t DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1[] = {
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x0A,
+ 0x0B,
+ 0x0C,
+ };
+ Input input(DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1);
+ Reader reader(input);
+
+ ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 2));
+ ASSERT_FALSE(reader.AtEnd());
+}
+
+TEST_F(pkixder_universal_types_tests, NoSkipOptionalImplicitConstructedTag)
+{
+ const uint8_t DER_IMPLICIT_SEQUENCE_WITH_CLASS_NUMBER_1[] = {
+ 0xA1,
+ 0x03,
+ 0x05,
+ 0x01,
+ 0x00,
+ };
+ Input input(DER_IMPLICIT_SEQUENCE_WITH_CLASS_NUMBER_1);
+ Reader reader(input);
+
+ ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 1));
+ ASSERT_FALSE(reader.AtEnd());
+}
diff --git a/security/nss/gtests/mozpkix_gtest/pkixgtest.h b/security/nss/gtests/mozpkix_gtest/pkixgtest.h
index bb3491d44..0a203c5e1 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixgtest.h
+++ b/security/nss/gtests/mozpkix_gtest/pkixgtest.h
@@ -100,7 +100,7 @@ class EverythingFailsByDefaultTrustDomain : public TrustDomain {
Result::FATAL_ERROR_LIBRARY_FAILURE);
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
/*optional*/ const Input*,
/*optional*/ const Input*) override {
ADD_FAILURE();