From 1e5fec6a797426355404e8e588a5b8acf1f2b514 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Apr 2023 18:13:48 +0200 Subject: [PATCH] Improve testing of mbedtls_x509_crt_parse_file Check the number of certificates found, as was done in the test of mbedtls_x509_crt_parse_path(). Signed-off-by: Gilles Peskine --- tests/suites/test_suite_x509parse.data | 14 ++++++------ tests/suites/test_suite_x509parse.function | 26 ++++++++++++++++++++++ 2 files changed, 33 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index a6b001fb15..e9f12bec0f 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -2021,11 +2021,11 @@ x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b05003 X509 CRT ASN1 (inv extBasicConstraint, pathlen is INT_MAX) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1 -x509parse_crt_file:"data_files/server1_pathlen_int_max.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH +mbedtls_x509_crt_parse_file:"data_files/server1_pathlen_int_max.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH:0 X509 CRT ASN1 (pathlen is INT_MAX-1) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1 -x509parse_crt_file:"data_files/server1_pathlen_int_max-1.crt":0 +mbedtls_x509_crt_parse_file:"data_files/server1_pathlen_int_max-1.crt":0:1 X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen inv length encoding) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 @@ -3053,23 +3053,23 @@ mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_type X509 File parse (no issues) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -x509parse_crt_file:"data_files/server7_int-ca.crt":0 +mbedtls_x509_crt_parse_file:"data_files/server7_int-ca.crt":0:2 X509 File parse (extra space in one certificate) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -x509parse_crt_file:"data_files/server7_pem_space.crt":1 +mbedtls_x509_crt_parse_file:"data_files/server7_pem_space.crt":1:1 X509 File parse (all certificates fail) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_RSA_C -x509parse_crt_file:"data_files/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_BASE64_INVALID_CHARACTER +mbedtls_x509_crt_parse_file:"data_files/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_BASE64_INVALID_CHARACTER:0 X509 File parse (trailing spaces, OK) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -x509parse_crt_file:"data_files/server7_trailing_space.crt":0 +mbedtls_x509_crt_parse_file:"data_files/server7_trailing_space.crt":0:2 X509 File parse (Algorithm Params Tag mismatch) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -x509parse_crt_file:"data_files/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH +mbedtls_x509_crt_parse_file:"data_files/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH:0 X509 Get time (UTC no issues) depends_on:MBEDTLS_X509_USE_C diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 73e6803556..0bf01d887c 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1279,6 +1279,32 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ +void mbedtls_x509_crt_parse_file(char *crt_path, int ret, int nb_crt) +{ + mbedtls_x509_crt chain, *cur; + int i; + + mbedtls_x509_crt_init(&chain); + USE_PSA_INIT(); + + TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, crt_path), ret); + + /* Check how many certs we got */ + for (i = 0, cur = &chain; cur != NULL; cur = cur->next) { + if (cur->raw.p != NULL) { + i++; + } + } + + TEST_EQUAL(i, nb_crt); + +exit: + mbedtls_x509_crt_free(&chain); + USE_PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ void mbedtls_x509_crt_parse_path(char *crt_path, int ret, int nb_crt) {