From 0b2423403c1233c0848530dc06cf1ba36707e484 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 17 Feb 2016 10:11:21 +0000 Subject: [PATCH] x509: trailing bytes in DER: add integration tests --- tests/data_files/server5-der0.crt | Bin 0 -> 547 bytes tests/data_files/server5-der1a.crt | Bin 0 -> 548 bytes tests/data_files/server5-der1b.crt | Bin 0 -> 548 bytes tests/data_files/server5-der2.crt | Bin 0 -> 549 bytes tests/data_files/server5-der4.crt | Bin 0 -> 551 bytes tests/data_files/server5-der8.crt | Bin 0 -> 555 bytes tests/data_files/server5-der9.crt | Bin 0 -> 556 bytes tests/ssl-opt.sh | 58 +++++++++++++++++++++++++++++ 8 files changed, 58 insertions(+) create mode 100644 tests/data_files/server5-der0.crt create mode 100644 tests/data_files/server5-der1a.crt create mode 100644 tests/data_files/server5-der1b.crt create mode 100644 tests/data_files/server5-der2.crt create mode 100644 tests/data_files/server5-der4.crt create mode 100644 tests/data_files/server5-der8.crt create mode 100644 tests/data_files/server5-der9.crt diff --git a/tests/data_files/server5-der0.crt b/tests/data_files/server5-der0.crt new file mode 100644 index 0000000000000000000000000000000000000000..08d8dd311b525fd51171a1019ad3194dad91580a GIT binary patch literal 547 zcmXqLVv;v#VqCg_nTe5!iILNQi;Y98&EuRc3p0~}ogudYCmVAp3!5;LpO2xS0Y8Yt zCCm|!pOaV=9PDE#V;}_*Vipz#3l$gVD1@XImngV8D>yqE$cghB8XH&|nHZXy8X1^G ziSrtPxJFQ}feAtLg$x8B=5yxcCnx4)dUQv4h>n#0YgPGb1~*69bF+nXsE> zoN`e`cE=-i|10FZtNF<`vE;&9k*(h|lp>QR`8{R0p)C0SmHs7@*jTZ>T^)zA%Xvf3 zc4_hbVmz_s?f=D%a}642fxRp%%)(^AU?2;$U6zkUj720MacTb*_M6w67;`VyonyI+c^Rf1A}TbXwv-X(%>vG8}Y%RF~v@ z<^^)(FlR6rq%s*Y%+iUuzU=m*rzyN2cKY4Do_I~z@c8QDhTWGh7Ym21ox~lx`of;? z>-3*3RMa$`y2{Ry$w1Mpe(tf@W8ACNKdH)Ee?0%uR8{2p(~r})Mm~-ctx4NCq53$Z RfPe8Z2E`yPzK_SR0ss?|s)_&r literal 0 HcmV?d00001 diff --git a/tests/data_files/server5-der1a.crt b/tests/data_files/server5-der1a.crt new file mode 100644 index 0000000000000000000000000000000000000000..015017b17db1c360392790665896ea46dc0feac2 GIT binary patch literal 548 zcmXqLVv;v#VqCg_nTe5!iILNQi;Y98&EuRc3p0~}ogudYCmVAp3!5;LpO2xS0Y8Yt zCCm|!pOaV=9PDE#V;}_*Vipz#3l$gVD1@XImngV8D>yqE$cghB8XH&|nHZXy8X1^G ziSrtPxJFQ}feAtLg$x8B=5yxcCnx4)dUQv4h>n#0YgPGb1~*69bF+nXsE> zoN`e`cE=-i|10FZtNF<`vE;&9k*(h|lp>QR`8{R0p)C0SmHs7@*jTZ>T^)zA%Xvf3 zc4_hbVmz_s?f=D%a}642fxRp%%)(^AU?2;$U6zkUj720MacTb*_M6w67;`VyonyI+c^Rf1A}TbXwv-X(%>vG8}Y%RF~v@ z<^^)(FlR6rq%s*Y%+iUuzU=m*rzyN2cKY4Do_I~z@c8QDhTWGh7Ym21ox~lx`of;? z>-3*3RMa$`y2{Ry$w1Mpe(tf@W8ACNKdH)Ee?0%uR8{2p(~r})Mm~-ctx4NCq53$Z SfPe8Z2E`yPzK_SRG5`R+9IA={ literal 0 HcmV?d00001 diff --git a/tests/data_files/server5-der1b.crt b/tests/data_files/server5-der1b.crt new file mode 100644 index 0000000000000000000000000000000000000000..6340d9e2ed9fb5e60822f52182c08cddf98f4417 GIT binary patch literal 548 zcmXqLVv;v#VqCg_nTe5!iILNQi;Y98&EuRc3p0~}ogudYCmVAp3!5;LpO2xS0Y8Yt zCCm|!pOaV=9PDE#V;}_*Vipz#3l$gVD1@XImngV8D>yqE$cghB8XH&|nHZXy8X1^G ziSrtPxJFQ}feAtLg$x8B=5yxcCnx4)dUQv4h>n#0YgPGb1~*69bF+nXsE> zoN`e`cE=-i|10FZtNF<`vE;&9k*(h|lp>QR`8{R0p)C0SmHs7@*jTZ>T^)zA%Xvf3 zc4_hbVmz_s?f=D%a}642fxRp%%)(^AU?2;$U6zkUj720MacTb*_M6w67;`VyonyI+c^Rf1A}TbXwv-X(%>vG8}Y%RF~v@ z<^^)(FlR6rq%s*Y%+iUuzU=m*rzyN2cKY4Do_I~z@c8QDhTWGh7Ym21ox~lx`of;? z>-3*3RMa$`y2{Ry$w1Mpe(tf@W8ACNKdH)Ee?0%uR8{2p(~r})Mm~-ctx4NCq53$Z SfPe8Z2E`yPzK_SR9s~fs-K$Fg literal 0 HcmV?d00001 diff --git a/tests/data_files/server5-der2.crt b/tests/data_files/server5-der2.crt new file mode 100644 index 0000000000000000000000000000000000000000..c6e320a369c20c3ee8c54d3caa1d5af0a7225206 GIT binary patch literal 549 zcmXqLVv;v#VqCg_nTe5!iILNQi;Y98&EuRc3p0~}ogudYCmVAp3!5;LpO2xS0Y8Yt zCCm|!pOaV=9PDE#V;}_*Vipz#3l$gVD1@XImngV8D>yqE$cghB8XH&|nHZXy8X1^G ziSrtPxJFQ}feAtLg$x8B=5yxcCnx4)dUQv4h>n#0YgPGb1~*69bF+nXsE> zoN`e`cE=-i|10FZtNF<`vE;&9k*(h|lp>QR`8{R0p)C0SmHs7@*jTZ>T^)zA%Xvf3 zc4_hbVmz_s?f=D%a}642fxRp%%)(^AU?2;$U6zkUj720MacTb*_M6w67;`VyonyI+c^Rf1A}TbXwv-X(%>vG8}Y%RF~v@ z<^^)(FlR6rq%s*Y%+iUuzU=m*rzyN2cKY4Do_I~z@c8QDhTWGh7Ym21ox~lx`of;? z>-3*3RMa$`y2{Ry$w1Mpe(tf@W8ACNKdH)Ee?0%uR8{2p(~r})Mm~-ctx4NCq53$Z TfPe8Z2E`yPzK_SR?&JahYB8%# literal 0 HcmV?d00001 diff --git a/tests/data_files/server5-der4.crt b/tests/data_files/server5-der4.crt new file mode 100644 index 0000000000000000000000000000000000000000..4af05cce1ed05ea02e9fac3fed3a0904b44799b0 GIT binary patch literal 551 zcmXqLVv;v#VqCg_nTe5!iILNQi;Y98&EuRc3p0~}ogudYCmVAp3!5;LpO2xS0Y8Yt zCCm|!pOaV=9PDE#V;}_*Vipz#3l$gVD1@XImngV8D>yqE$cghB8XH&|nHZXy8X1^G ziSrtPxJFQ}feAtLg$x8B=5yxcCnx4)dUQv4h>n#0YgPGb1~*69bF+nXsE> zoN`e`cE=-i|10FZtNF<`vE;&9k*(h|lp>QR`8{R0p)C0SmHs7@*jTZ>T^)zA%Xvf3 zc4_hbVmz_s?f=D%a}642fxRp%%)(^AU?2;$U6zkUj720MacTb*_M6w67;`VyonyI+c^Rf1A}TbXwv-X(%>vG8}Y%RF~v@ z<^^)(FlR6rq%s*Y%+iUuzU=m*rzyN2cKY4Do_I~z@c8QDhTWGh7Ym21ox~lx`of;? z>-3*3RMa$`y2{Ry$w1Mpe(tf@W8ACNKdH)Ee?0%uR8{2p(~r})Mm~-ctx4NCq53$Z VfPe8Z2E`yPzK_SRE*F>*4*yqE$cghB8XH&|nHZXy8X1^G ziSrtPxJFQ}feAtLg$x8B=5yxcCnx4)dUQv4h>n#0YgPGb1~*69bF+nXsE> zoN`e`cE=-i|10FZtNF<`vE;&9k*(h|lp>QR`8{R0p)C0SmHs7@*jTZ>T^)zA%Xvf3 zc4_hbVmz_s?f=D%a}642fxRp%%)(^AU?2;$U6zkUj720MacTb*_M6w67;`VyonyI+c^Rf1A}TbXwv-X(%>vG8}Y%RF~v@ z<^^)(FlR6rq%s*Y%+iUuzU=m*rzyN2cKY4Do_I~z@c8QDhTWGh7Ym21ox~lx`of;? z>-3*3RMa$`y2{Ry$w1Mpe(tf@W8ACNKdH)Ee?0%uR8{2p(~r})Mm~-ctx4NCq53$Z ZfPe8Z2E`yPzK_SRE?NFxU9D;rKLC6Lu2cX3 literal 0 HcmV?d00001 diff --git a/tests/data_files/server5-der9.crt b/tests/data_files/server5-der9.crt new file mode 100644 index 0000000000000000000000000000000000000000..4947f1f83fad41a48cee838ccf8cfdf2f2100e29 GIT binary patch literal 556 zcmXqLVv;v#VqCg_nTe5!iILNQi;Y98&EuRc3p0~}ogudYCmVAp3!5;LpO2xS0Y8Yt zCCm|!pOaV=9PDE#V;}_*Vipz#3l$gVD1@XImngV8D>yqE$cghB8XH&|nHZXy8X1^G ziSrtPxJFQ}feAtLg$x8B=5yxcCnx4)dUQv4h>n#0YgPGb1~*69bF+nXsE> zoN`e`cE=-i|10FZtNF<`vE;&9k*(h|lp>QR`8{R0p)C0SmHs7@*jTZ>T^)zA%Xvf3 zc4_hbVmz_s?f=D%a}642fxRp%%)(^AU?2;$U6zkUj720MacTb*_M6w67;`VyonyI+c^Rf1A}TbXwv-X(%>vG8}Y%RF~v@ z<^^)(FlR6rq%s*Y%+iUuzU=m*rzyN2cKY4Do_I~z@c8QDhTWGh7Ym21ox~lx`of;? z>-3*3RMa$`y2{Ry$w1Mpe(tf@W8ACNKdH)Ee?0%uR8{2p(~r})Mm~-ctx4NCq53$Z afPe8Z2E`yPzK_SRp8sKBT=suSl_mf!qOWiO literal 0 HcmV?d00001 diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c0b6f94d6..e1ecbca33 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1554,6 +1554,64 @@ run_test "Renego ext: gnutls client unsafe, server break legacy" \ -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ -S "server hello, secure renegotiation extension" +# Tests for silently dropping trailing extra bytes in .der certificates + +requires_gnutls +run_test "DER format: no trailing bytes" \ + "$P_SRV crt_file=data_files/server5-der0.crt \ + key_file=data_files/server5.key" \ + "$G_CLI " \ + 0 \ + -c "Handshake was completed" \ + +requires_gnutls +run_test "DER format: with a trailing zero byte" \ + "$P_SRV crt_file=data_files/server5-der1a.crt \ + key_file=data_files/server5.key" \ + "$G_CLI " \ + 0 \ + -c "Handshake was completed" \ + +requires_gnutls +run_test "DER format: with a trailing random byte" \ + "$P_SRV crt_file=data_files/server5-der1b.crt \ + key_file=data_files/server5.key" \ + "$G_CLI " \ + 0 \ + -c "Handshake was completed" \ + +requires_gnutls +run_test "DER format: with 2 trailing random bytes" \ + "$P_SRV crt_file=data_files/server5-der2.crt \ + key_file=data_files/server5.key" \ + "$G_CLI " \ + 0 \ + -c "Handshake was completed" \ + +requires_gnutls +run_test "DER format: with 4 trailing random bytes" \ + "$P_SRV crt_file=data_files/server5-der4.crt \ + key_file=data_files/server5.key" \ + "$G_CLI " \ + 0 \ + -c "Handshake was completed" \ + +requires_gnutls +run_test "DER format: with 8 trailing random bytes" \ + "$P_SRV crt_file=data_files/server5-der8.crt \ + key_file=data_files/server5.key" \ + "$G_CLI " \ + 0 \ + -c "Handshake was completed" \ + +requires_gnutls +run_test "DER format: with 9 trailing random bytes" \ + "$P_SRV crt_file=data_files/server5-der9.crt \ + key_file=data_files/server5.key" \ + "$G_CLI " \ + 0 \ + -c "Handshake was completed" \ + # Tests for auth_mode run_test "Authentication: server badcert, client required" \