diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 05:43:14 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 05:43:14 +0000 |
| commit | 8dd16259287f58f9273002717ec4d27e97127719 (patch) | |
| tree | 3863e62a53829a84037444beab3abd4ed9dfc7d0 /security/nss/gtests | |
| parent | Releasing progress-linux version 126.0.1-1~progress7.99u1. (diff) | |
| download | firefox-8dd16259287f58f9273002717ec4d27e97127719.tar.xz firefox-8dd16259287f58f9273002717ec4d27e97127719.zip | |
Merging upstream version 127.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/gtests')
| -rw-r--r-- | security/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc | 13 | ||||
| -rw-r--r-- | security/nss/gtests/ssl_gtest/ssl_certificate_compression_unittest.cc | 46 |
2 files changed, 9 insertions, 50 deletions
diff --git a/security/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc b/security/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc index 12adcc5de0..854460508d 100644 --- a/security/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc +++ b/security/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc @@ -657,8 +657,8 @@ class TestAgent { return SECFailure; } - SECITEM_AllocItem(NULL, output, input->len + 2); - if (output == NULL || output->data == NULL) { + if (output == NULL || output->data == NULL || + output->len != input->len + 2) { return SECFailure; } @@ -718,9 +718,8 @@ class TestAgent { return SECFailure; } - SECITEM_AllocItem(NULL, output, input->len - 4); - - if (output == NULL || output->data == NULL) { + if (output == NULL || output->data == NULL || + output->len != input->len - 4) { return SECFailure; } @@ -785,9 +784,9 @@ class TestAgent { std::cerr << "Certificate is too short. " << std::endl; return SECFailure; } - SECITEM_AllocItem(NULL, output, input->len - 1); - if (output == NULL || output->data == NULL) { + if (output == NULL || output->data == NULL || + output->len != input->len - 1) { return SECFailure; } diff --git a/security/nss/gtests/ssl_gtest/ssl_certificate_compression_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_certificate_compression_unittest.cc index 01a02502c1..44c6a7e142 100644 --- a/security/nss/gtests/ssl_gtest/ssl_certificate_compression_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_certificate_compression_unittest.cc @@ -221,6 +221,7 @@ class TLSCertificateToEncodedCertificateChanger : public TlsRecordFilter { static SECStatus SimpleXorCertCompEncode(const SECItem* input, SECItem* output) { SECITEM_CopyItem(NULL, output, input); + PORT_Memcpy(output->data, input->data, output->len); for (size_t i = 0; i < output->len; i++) { output->data[i] ^= 0x55; } @@ -230,7 +231,7 @@ static SECStatus SimpleXorCertCompEncode(const SECItem* input, /* Test decoding function. */ static SECStatus SimpleXorCertCompDecode(const SECItem* input, SECItem* output, size_t expectedLenDecodedCertificate) { - SECITEM_CopyItem(NULL, output, input); + PORT_Memcpy(output->data, input->data, input->len); for (size_t i = 0; i < output->len; i++) { output->data[i] ^= 0x55; } @@ -251,7 +252,7 @@ static SECStatus SimpleXorWithDifferentValueEncode(const SECItem* input, static SECStatus SimpleXorWithDifferentValueDecode( const SECItem* input, SECItem* output, size_t expectedLenDecodedCertificate) { - SECITEM_CopyItem(NULL, output, input); + PORT_Memcpy(output->data, input->data, input->len); for (size_t i = 0; i < output->len; i++) { output->data[i] ^= 0x77; } @@ -1128,47 +1129,6 @@ TEST_F(TlsConnectStreamTls13, CertificateCompression_ReceivedWrongAlgorithm) { SEC_ERROR_CERTIFICATE_COMPRESSION_ALGORITHM_NOT_SUPPORTED); } -static SECStatus SimpleXorCertCompDecode_length_smaller_than_given( - const SECItem* input, SECItem* output, - size_t expectedLenDecodedCertificate) { - SECITEM_MakeItem(NULL, output, input->data, input->len - 1); - return SECSuccess; -} - -/* - * The next test modifies the length of the received certificate - * (uncompressed_length field of CompressedCertificate). - */ -TEST_F(TlsConnectStreamTls13, CertificateCompression_ReceivedWrongLength) { - EnsureTlsSetup(); - auto filterExtension = - MakeTlsFilter<TLSCertificateCompressionCertificateModifier>(server_, 0x6, - 0xff); - SSLCertificateCompressionAlgorithm t = { - 0xff01, "test function", SimpleXorCertCompEncode, - SimpleXorCertCompDecode_length_smaller_than_given}; - - EXPECT_EQ(SECSuccess, - SSLExp_SetCertificateCompressionAlgorithm(server_->ssl_fd(), t)); - EXPECT_EQ(SECSuccess, - SSLExp_SetCertificateCompressionAlgorithm(client_->ssl_fd(), t)); - - ExpectAlert(client_, kTlsAlertBadCertificate); - StartConnect(); - - client_->SetServerKeyBits(server_->server_key_bits()); - client_->Handshake(); - server_->Handshake(); - - ASSERT_TRUE_WAIT((client_->state() != TlsAgent::STATE_CONNECTING), 5000); - ASSERT_EQ(TlsAgent::STATE_ERROR, client_->state()); - - client_->ExpectSendAlert(kTlsAlertCloseNotify); - server_->ExpectReceiveAlert(kTlsAlertCloseNotify); - - client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CERTIFICATE); -} - /* The next test modifies the length of the encoded certificate * (compressed_certificate_message len); * the new length is compressed_certificate_message is equal to 0. |