1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-29 19:48:43 +01:00
gnupg/tests/samplekeys
Werner Koch 08f0b9ea2e
sm: Another partly rewrite of minip12.c
* sm/minip12.c (struct tlv_ctx_s): Add origbuffer and origbufsize.
Remove pop_count.  Rename offset to length.
(dump_tag_info, _dump_tag_info): Rewrite.
(dump_tlv_ctx, _dump_tlv_ctx): Rewrite.
(tlv_new): Init origbuffer.
(_tlv_peek): Add arg ti.
(tlv_peek): New.
(tlv_peek_null): New.
(_tlv_push): Rewrite.
(_tlv_pop): Rewrite.
(tlv_next): New macro.  Move old code to ...
(_tlv_next): this.  Add arg lno.  Pop remaining end tags.
(tlv_popped): Remove.
(tlv_expect_object): Handle ndef.
(tlv_expect_octet_string): Ditto.
(parse_bag_encrypted_data): Use nesting level to control the inner
loop.
(parse_shrouded_key_bag): Likewise.
(parse_bag_data): Handle surplus octet strings.
(p12_parse): Ditto.

* sm/minip12.c (decrypt_block): Strip the padding.
(tlv_expect_top_sequence): Remove.  Replace callers by
tlv_expect_sequence.

* tests/samplekeys/t6752-ov-user-ff.p12: New sample key.
* tests/samplekeys/Description-p12: Add its description
--

This patch improves the BER parser by simplifying it.  Now tlv_next
pops off and thus closes all containers regardless on whether they are
length bounded or ndef.  tlv_set_pending is now always used to undo
the effect of a tlv_next in a loop condition which was terminated by a
nesting level change.

Instead of using the length as seen in the decrypted container we now
remove the padding and let the BER parser do its work.  This might
have a negative effect on pkcs#12 objects which are not correctly
padded but we don't have any example of such broken objects.

GnuPG-bug-id: 6752
2023-10-24 09:22:13 +02:00
..
8D6D17B4B94BBE8304926C016D2C5C7805EB6705.key new test certs and messages 2002-09-03 14:54:18 +00:00
68A638998DFABAC510EA645CE34F9686B2EDF7EA.key Add the STEED Self-Signing Nonthority certificate. 2011-12-20 15:35:42 +01:00
32100C27173EF6E9C4E9A25D3D69F86D37A4F939.key * asschk.c: Added some new features. 2002-08-08 16:32:01 +00:00
cert_g10code_enconly_1.pem new test certs and messages 2002-09-03 14:54:18 +00:00
cert_g10code_pete1.pem * asschk.c: Added some new features. 2002-08-08 16:32:01 +00:00
cert_g10code_test1.pem * asschk.c: Added some new features. 2002-08-08 16:32:01 +00:00
cert_g10code_test_ca.pem new test certs and messages 2002-09-03 14:54:18 +00:00
cert_g10code_theo1.pem * asschk.c: Added some new features. 2002-08-08 16:32:01 +00:00
cert-with-117-akas.pem . 2010-07-23 12:19:35 +00:00
cryptlib-key.p12 More stuff for testing 2004-02-12 09:30:37 +00:00
Description-p12 sm: Another partly rewrite of minip12.c 2023-10-24 09:22:13 +02:00
edward.tester@demo.gnupg.com.p12 sm: Improve the octet string cramming for pkcs#12 2023-10-05 10:32:57 +02:00
gte.pem tryu harder to ignore duplicate specified keyrings and -boxes. 2007-08-24 09:34:39 +00:00
nistp256-openssl-self-signed.p12 sm: Support more HMAC algos in the pkcs#12 parser. 2023-10-06 11:22:59 +02:00
opensc-test.p12 More stuff for testing 2004-02-12 09:30:37 +00:00
ossl-rentec-user.pem More samples 2004-02-17 15:07:27 +00:00
ov-server.p12 More stuff for testing 2004-02-12 09:30:37 +00:00
ov-user.p12 More stuff for testing 2004-02-12 09:30:37 +00:00
README sm: Complete rewrite of the PKCS#12 parser 2023-07-05 14:21:16 +02:00
steed-self-signing-nonthority.pem Add the STEED Self-Signing Nonthority certificate. 2011-12-20 15:35:42 +01:00
t5793-openssl.pfx sm: Complete rewrite of the PKCS#12 parser 2023-07-05 14:21:16 +02:00
t5793-test.pfx sm: Complete rewrite of the PKCS#12 parser 2023-07-05 14:21:16 +02:00
t6752-ov-user-ff.p12 sm: Another partly rewrite of minip12.c 2023-10-24 09:22:13 +02:00
webdeca.der More samples 2004-02-17 15:07:27 +00:00
webderoot.der More samples 2004-02-17 15:07:27 +00:00

This is a collection of keys we use with the regression tests.
For the *.p12 files see Description-p12

ossl-rentec-user.pem  An OpenSSL generated user certificate using a
                      bunch of attributes and DC RDNs.

webderoot.der      trust.web.de Root CA certificate [2004-02-17]
webdeca.der        trust.web.de CA certificate [2004-02-17]


gte.pem            GTE CyberTrust Global Root

cert-with-117-akas.pem  A certificate with 117 subjectAltNames.

steed-self-signing-nonthority.pem
                   The STEED Self-Signing Nonthority.
68A638998DFABAC510EA645CE34F9686B2EDF7EA.key
                   The private Key of The STEED Self-Signing Nonthority.