From 062df01737b06337aac42a60285a218fa0f3d6cb Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Fri, 16 Oct 2020 11:00:00 -0600 Subject: [PATCH] add PKCS12 RC2 test case, example p12 bundle --- certs/renewcerts.sh | 9 ++++++++ certs/test-servercert-rc2.p12 | Bin 0 -> 5461 bytes tests/api.c | 40 ++++++++++++++++++++++++++++++++++ 3 files changed, 49 insertions(+) create mode 100644 certs/test-servercert-rc2.p12 diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh index e40270a18..4cde3aaf1 100755 --- a/certs/renewcerts.sh +++ b/certs/renewcerts.sh @@ -542,6 +542,15 @@ run_renewcerts(){ echo "End of section" echo "---------------------------------------------------------------------" ############################################################ + ###### update the test-servercert-rc2.p12 file ############# + ############################################################ + echo "Updating test-servercert-rc2.p12 (password is \"wolfSSL test\")" + echo "" + echo "wolfSSL test" | openssl pkcs12 -export -in server-cert.pem -inkey server-key.pem -certfile ca-cert.pem -out test-servercert-rc2.p12 -password stdin + check_result $? "Step 1" + echo "End of section" + echo "---------------------------------------------------------------------" + ############################################################ ###### calling gen-ext-certs.sh ################## ############################################################ echo "Calling gen-ext-certs.sh" diff --git a/certs/test-servercert-rc2.p12 b/certs/test-servercert-rc2.p12 new file mode 100644 index 0000000000000000000000000000000000000000..36877cff921ae572a7da2bb6fe54a9eb9e2dd227 GIT binary patch literal 5461 zcmXqL5)EWxWHx9L6=&nrYV&CO&dbQoxS&atgQZE7#h^))!JvtMJ3@+WK@pPmlI3**i0__2#uTOC?Go8~ImG=aO5YbzJh%?FV~n8w1|te}3zoQ4_c1_|H~B z)wPU?_C21q9Dj1O>v}|k<#+YGmz#7x?uF_3>Uj;VGa9t}wBC06yK{vqoGPr{d19_@ zlK0L{hvLpfG}$C`tlcJ4^lVp?$|2ss6fa&==9zYUogAho(?8Y3mDKt?*Ja!0UT0FZ z<O5bHU{r=VkPm)v(YW_^TT>Sa^=9E;XS1z~1euidTUAX9;=lLpw)fG;` zoc*bD-&~fNyhOy7KRxAJZl>hZy!t=ulJ`E2Te)J|B-z5#$J`=jr*qZ_3Z3}7xw$7Z zdXtpQvgjF0bQZN-6V@vU_Y!^CDRE3?*8JGQUAbnVu} zB^?&hUR$caewni9>CS6kjzlOhy%TNQAkSG5tstC{Fzb2vVF&TGkHwE)kDux?CuB-` zx$gnvmVKoXmPdDKAC{P0{psZGHT+TLlMAf=_V7ME{4M|c?a*ljdfVNPPwUa$T@bY4 z@sHbIW~YDI|6HKZ&Ms3uK$;Y+jzx%Pn;rr(Q`yw@-maJQ4 z9VWi@%FnL`2e#><*Mcjf{4d+jbYlAm|Za7}-#nk?ABYWIUl$zLwJWXimRX&JnE z#}0+pt8Gm!kT8kmiQ@U3_~%igq6l}<;iOw4qCZ5x%hk;~kg@UDzGn>&N`*Z;{zX20 zZYlJH?~!KK9NxXJSND8zadn7${B-sdA0w@ajAu{l$;a$1Nsag3(^fb?@yK%qyZV2> zZ`@5!FP<8&cF<_q^*w#rnV!ulH+gKCeme>9ab~xDYRP@em>!VkQ1J1%`I(T)U$%?w zc69Cc)aAWlq4)f{^rD*+Jo)D=({cWOWbXOAsaY$+x;vK6kf%)HkSvUoqyUu|50E{q!y=k>Y`Y`($Y@vfC;NF$}SS$ z9d^F=i+#^u=RSeMHzgiUve`9Ta>kcKu5kx#|4i3$n0EX02}#WY!~Cq!_oi8{k-rab zn^pYd*kmv3&i4VrRiaic9gbRW=X?E2IdW{*TY+1O58XYzN>u$Z^_7;j zKVk|jzAlk@8qW7walvHwDT0&C_A(2ZSWmt`;qmfRk=>==_CEWwS-JG2H_H|Gf2sy& z*H11v**?>5?x(N0a{Aj}uxRqHDA&*rK68T8qxM@X|D;7R9$jY+H0+bE|6n>fx2~&+k8Q&a-k9NKW&O(Bi204y?VZ0&+;XNx_n}GY*rdqGmB8O z_w8GAn*WwG9(QTBoVSF9)j);uxcndKU=5b$+m;>gJ#R0ZxJHD zYkodF?(^jSiHAI|%kOd5&MGnu3gi;&P}d8Ve|7qxywYpUSwB}tO#IE7(*D?H#c4L~ zovY_940voOx%%Rj#v-*(Zm&KwZ&{%Cv)M>nT#-{?*w_`?=jZveTbTuAdoqT<6{SDU(}_jiZ_Oxu2E^-F8fL z;p?u1Iqe|_S3Ek{S^Kql{>Gbnr*)?nJes4|Y3Fh1~ewkv&i%+%d=V{THJY2m76;f){9?P@4v4g4+dJ7WjS0khbx zJI)Ip;q`v8y!Dk-@~5h2HEN8v#G-VnG!}}S3S4_;@g=!O%V*2(RudHUz1jLvb@Kbh zOZ7{{U+zf#?*77^^ZSLAFU;G|%Eo=)YOx{lomBJR>O)Qywe#bCs|H@~ubR=q8Dta1 z+uNZU|1?wMe2JF+Doz)hTeX}Whwo36l6+-2b>p-wC%^Ec zle?iuIoQ{@Yo7k*`bqm)qfygb*CTmf8oev`xj9KMQu#kuv$FR0CUMynOW)g_e{2@L zi}%`I<*Jny9_16a?Obu&c$Rw8IS)k*nKj{vcS4jfq%*0LyzwEuBxg3B&FFL z8@ct^NyaPjFk_p>u26yb`?UsQ>=Ld;jT#=TA&D_xRKv zJDY8+nIiR2`BC5!>)f;zr8C|=@_GLK-j5mSuckdebzjpY?T|(F*Zl>NZ!po z4|PBKxBEslljyV08Gc{v*F7k?DJXg{ZrSfVDSfYR3k@Ht9=Jba)`PhVCVZRApSSPO z(jN9hX4)y|{4YPgwXo}seY*ayiMvCu%j7?0{1}m!^v57&&+?D@T!kMv=D2s{PFbTG zAEskA>6gIE%@%wIYLoklAH8|<<4`E~p{<@9i!c7Uer@YNC!1w`d*A%1(q6%Kv8~lA z?tY@q{Py{q9{Tw$w>zAX#wPaqd_8aCwGcVohRZdPyk#lJ<6V0K^eST_q)zTR$aJgk z!mddSX-1c~ud%zrx^Cf|E)Gsc#F|a+6SXF<~`KRz2 z!%M=QwoAir=&rtHT-luLq

}?V5&uChZ4K7WY|$f8BMh$T(0o&01i^PUk(gXZJ~K zd_6A{dA*v`ZnJHrxSWXlTLBGVN-E@lWiMRY$BNMjgBrW~? z*5ae{vTmbGdItPw+>bq$`EaW7#I(!Rf^|lBvg^uR7F=HZ=U8paH7>Tf_5z1EH}0zr zE>P2aUeXlGxn}XP`4fb@A{R4DKG5v@douH@q0zLKMOJKwv$7U`&6--op>3O!#mCnX zcEh2xV4bX8^3?`ls|55dux<&DrTC#{|$1>qJkBT#%aC^i@v0k*g9w~UgH#2^1 zq`j=x$^MngPI~VM{h?nyt9;V``T76eJo^1VL`~ZC#}xI_Q-RHE+ytIp{`EH8nfC(A zH+O{t@^X7BGgm#3Z-~G7QOxpdN|y7Z6|%of%`Sh@DS9#Usk{Flo4JjfHyX9G^@VAE z_^$Z>>busc-A)ru>8LI}v+Nb8ErZdT6*EuQ)Sr6b8n{U*=F;~)Pn^D~KIiYc{hDFh zmxD4l)UO|Hx+nNH??J`en>Cj1(d^C9(}hlNo4WOM(b+C1D-EBYdhs8>3iTO!zLKkG z5xnP-;Gq5GV3O$W3*SE{@)of~`X)L0T{K%VCv(;A$nR@koqjX5>9fSrXZ459)Y#@v z+s_{`^TYg;HEY~?uly?&XEP}ka!%=p+R`NHd+N3T5z zlWh4H@O!WOJkjQgtOcx0f7A|yi+*ppcc|pWtd7%}!HKoPRx2$I`*to$dy%y@vFboT zDCY~?`;PA}9@5_Y>&0e?+vmL({k3j$__<=g+u;>qTi)LIJd3p@^^yh0+2biOrKP_2 z4s80z5b4JGg6q$sid3V>XEkR|{}BH_)vx>66+tF(C(g=4Dj#Qv1Xg6Oz2LYm!Oefd zneu&CA4#k{8Wbk>ZIgND6i$mc}i$q!t!PF8o?rq|9n-KADwIHfH`@<{Zz ziXCkQ>nBG_=A=K|d%>* z$G(Lmci+|4cAYojsN3pWb=v1dFTQxp@;RU@yS>vZBxYm3cwiWJiCJ}$O}kadpP9EO z2OB#+UiomUqW-30_vO{1b7#mO4ObKDH0P^$s(;geVa{EP#OgPzpEek5&0i3hzAsSC zyKv{S-W5L088cU?KRvW~J(tnDr*qWeygwxD2#9!CaJs%~61TvqtEXB5q~!lL+_R=eDa^=e%%u$>n~*Ncv&NaZWw6v~SB7lxqApUhsPLXT>#Bl22YS`rLZQ=+@ST zf`xH*D*cbWT`s--{>PPZCgVSe$#ZUr&5qQ(wxi5&&T92@!QRQ|XS2%*r?T9;{-^VtmCc0`)}( zyXJSlI(5T9m9L_I>I04!*0+S$T-s7u;Lp>%=)PG3)5-E5InSM9CP=B?;kw@Q=j0a7 z@=fBbmtA$#h&N=yc)*<$|8Qc+T!&c=Pd!=EbA{q3_wV-&aI3c^$V>*}o{B@Au0G+Ljq7%7SDcrG)NIZZ&9Pbwui* zFKA*lVrgR4GiYMfGH7B|W8;Q(*SQ#(7BsQEGiYLYh0=>>2KC|pduc9q&uiO?pq9!Gz+niBwH)zU%xwdnoG^^&c|4fj3{(JgjiDth4{|+^Pc+s) zD#k9Uln|?aBI5vGkj#$wi03;#>SesL+V*!#KvWQ_EyH2+ z@7V<*doDy4{c9-CJwA8Sk;%6@FYa7%#jd1;`}OL|XpLxzw^fO+FKHaQKEHCGP-SgH zVPD!Y)3af(bR?oKTwqB^TeZ5qYtNG-jC?Cy}Z8prGW{>ypI(w_x2?JO=4Z0 zIlGBf@Vj{%*Se0qqUT+oa^C)bQty?ipk<&1%abVGB{%oKJfT?C`+8R5%=5o4Ejgje zntyDaUW7&GhW1S!G0Pf%E`FST>cNGe>c7?pe+#d_AzQJg;+u8mexcv(9$uiLSY%$sCF8ChZQezi>qrK!(txSpE;T>;w z?GEeAajd={b>XEeUzL5hyYj8`eVGTHHB+=!Wt^$;>Rfnu`Ri|i>u(?MGO#|C|3hC{ zI6bgFl3m?H_hVH>Yt{j~!uIrv?yn1Zrm5}x^x{TZ(>1PkwrhvpZOgFPxwuj?u~=8_ zZ`h^JZ5aj5x4Q%mJzMm4(wd1uT(<<17m3PfyB=!&(7xPuN?O*w)y!L!5C473kuRFZ zl)Pi>YR=h>n=Yt%*uMEL6}6fDr2kuMOLM)_Rrh1|%zJ-sQ&{%>XZL1o@v-aKU+ndE zPfOidi@Z;^E*fVh_Qzc=-SIwo`g-3P%Nm8|T8bTb9H~`x_WARilt~SX7i%pOjPdEs zTr{DzJMP&Xj&1Y5lsP(v*G^Y`&L4EvA>$)^=lnnW^qMZuk2@)_=CPH-!bidDdggF7 ztcpAKNFl6$p9-f9kLfawtShl^dga6tbnU!Ft>?=!mHYm<7<+PK^x;X57PhR7?>zRY z{5k(_n^*BG=f7)Uy;5;WO_^V+_4N0vp+{X$TSsKlsCLK00))gpFKD}w)1!3q%~M?b^dm&Z`bD{`P;ew(Fxa z8Y@zM2i>cCJt@0oNm%53p)+%(9!#qFe6nNuuD1zS+22SkEo^nTtTpqOp{jv0ymaIg zH56kJS-Nyz;vMOY4bn;7;*wv){rWBzvlti}C>n6Gv1;=%GfA;Bu!tl_B<(NA5cAu8 c?*W6KQ!~et&I^-SIJQcc@|o<3Yyy>%0G8`+`~Uy| literal 0 HcmV?d00001 diff --git a/tests/api.c b/tests/api.c index be8c37bde..8b6a5b671 100644 --- a/tests/api.c +++ b/tests/api.c @@ -4819,6 +4819,9 @@ static void test_wolfSSL_PKCS12(void) byte buffer[6000]; char file[] = "./certs/test-servercert.p12"; char order[] = "./certs/ecc-rsa-server.p12"; +#ifdef WC_RC2 + char rc2p12[] = "./certs/test-servercert-rc2.p12"; +#endif char pass[] = "a password"; #ifdef HAVE_ECC WOLFSSL_X509_NAME* subject; @@ -5062,6 +5065,43 @@ static void test_wolfSSL_PKCS12(void) PKCS12_free(pkcs12); #endif /* HAVE_ECC */ +#ifdef WC_RC2 + /* test PKCS#12 with RC2 encryption */ + f = XFOPEN(rc2p12, "rb"); + AssertTrue(f != XBADFILE); + bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); + XFCLOSE(f); + + AssertNotNull(bio = BIO_new_mem_buf((void*)buffer, bytes)); + AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); + + /* check verify MAC fail case */ + ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL); + AssertIntEQ(ret, 0); + AssertNull(pkey); + AssertNull(cert); + + /* check parse iwth not extra certs kept */ + ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL); + AssertIntEQ(ret, WOLFSSL_SUCCESS); + AssertNotNull(pkey); + AssertNotNull(cert); + + /* check parse with extra certs kept */ + ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca); + AssertIntEQ(ret, WOLFSSL_SUCCESS); + AssertNotNull(pkey); + AssertNotNull(cert); + AssertNotNull(ca); + + wolfSSL_EVP_PKEY_free(pkey); + wolfSSL_X509_free(cert); + sk_X509_free(ca); + + BIO_free(bio); + PKCS12_free(pkcs12); +#endif /* WC_RC2 */ + /* Test i2d_PKCS12_bio */ f = XFOPEN(file, "rb"); AssertTrue((f != XBADFILE));