Security-58286.260.20.tar.gz

[apple/security.git] / OSX / libsecurity_smime / regressions / cms-01-basic.c

diff --git a/OSX/libsecurity_smime/regressions/cms-01-basic.c b/OSX/libsecurity_smime/regressions/cms-01-basic.c
index 40f66899d451f801d1cc5609c7f9baa5c3810df0..da6677f27bd73a9c2933477cc2d482e5497ba90a 100644 (file)
--- a/OSX/libsecurity_smime/regressions/cms-01-basic.c
+++ b/OSX/libsecurity_smime/regressions/cms-01-basic.c
@@ -46,6 +46,8 @@
 #include <security_asn1/secerr.h>
 #include <security_asn1/seccomon.h>
 
+#include <unistd.h>
+
 #define TMP_KEYCHAIN_PATH "/tmp/cms_01_test.keychain"
 
 #pragma clang diagnostic push
@@ -94,6 +96,8 @@ static SecKeychainRef setup_keychain(const uint8_t *p12, size_t p12_len, SecIden
     CFReleaseNull(imported_items);
 
 out:
+    CFReleaseNull(oldSearchList);
+    CFReleaseNull(newSearchList);
     return keychain;
 }
 
@@ -389,7 +393,7 @@ static void sign_tests(SecIdentityRef identity, bool isRSA) {
 
 /* Verifying with attributes goes through a different code path than verifying without,
  * so we need to test both. */
-#define kNumberVerifyTests 12
+#define kNumberVerifyTests 13
 static void verify_tests(SecKeychainRef kc, bool isRsa) {
     /* no attributes */
     is(verify_please(kc, (isRsa) ? rsa_md5 : ec_md5,
@@ -417,6 +421,9 @@ static void verify_tests(SecKeychainRef kc, bool isRsa) {
     /***** Once more, with validation errors *****/
 
     /* no attributes */
+    is(verify_please(kc, (isRsa) ? rsa_sinfo_unknown_digest : ec_sinfo_unknown_digest,
+                     (isRsa) ? sizeof(rsa_sinfo_unknown_digest) : sizeof(ec_sinfo_unknown_digest)),
+       errSecInvalidDigestAlgorithm, "Verify unknown digest OID in signer info");
     is(invalidate_and_verify(kc, (isRsa) ? rsa_md5 : ec_md5,
                      (isRsa) ? sizeof(rsa_md5) : sizeof(ec_md5)),
        SECFailure, "Verify invalid MD5, no attributes");
@@ -498,4 +505,4 @@ int cms_01_basic(int argc, char *const *argv)
     cleanup_keychain(kc, identity, certificate);
 
     return 0;
-}
\ No newline at end of file
+}