mbedtls/ChangeLog.d/fix-oid-to-string-bugs.txt

Bugfix
   * Fix bug in conversion from OID to string in
     mbedtls_oid_get_numeric_string(). OIDs such as 2.40.0.25 are now printed
     correctly.
   * Reject OIDs with overlong-encoded subidentifiers when converting
     them to a string.
   * Reject OIDs with subidentifier values exceeding UINT_MAX.  Such
     subidentifiers can be valid, but Mbed TLS cannot currently handle them.
   * Reject OIDs that have unterminated subidentifiers, or (equivalently)
     have the most-significant bit set in their last byte.
Add ChangeLog for OID-to-string fixes Signed-off-by: David Horstmann <david.horstmann@arm.com> 2023-02-15 14:07:49 +01:00			`Bugfix`
			`* Fix bug in conversion from OID to string in`
			`mbedtls_oid_get_numeric_string(). OIDs such as 2.40.0.25 are now printed`
			`correctly.`
			`* Reject OIDs with overlong-encoded subidentifiers when converting`
Fix segfault in mbedtls_oid_get_numeric_string When passed an empty OID, mbedtls_oid_get_numeric_string would read one byte from the zero-sized buffer and return an error code that depends on its value. This is demonstrated by the test suite changes, which check that an OID with length zero and an invalid buffer pointer does not cause Mbed TLS to segfault. Also check that second and subsequent subidentifiers are terminated, and add a test case for that. Furthermore, stop relying on integer division by 40, use the same loop for both the first and subsequent subidentifiers, and add additional tests. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> 2023-03-11 23:45:28 +01:00			`them to a string.`
			`* Reject OIDs with subidentifier values exceeding UINT_MAX. Such`
			`subidentifiers can be valid, but Mbed TLS cannot currently handle them.`
			`* Reject OIDs that have unterminated subidentifiers, or (equivalently)`
			`have the most-significant bit set in their last byte.`