Test and fix x509_oid functions

This commit is contained in:
Manuel Pégourié-Gonnard 2014-03-28 16:06:35 +01:00
parent 6c1a73e061
commit 7afdb88216
8 changed files with 91 additions and 10 deletions

View file

@ -19,6 +19,8 @@ Bugfix
Gergely Budai).
* Fix #include path in ecdsa.h which wasn't accepted by some compilers.
(found by Gergely Budai)
* oid_get_numeric_string() used to truncate the output without returning an
error if the output buffer was just 1 byte too small.
= PolarSSL 1.3.5 released on 2014-03-26
Features

View file

@ -60,7 +60,7 @@
* CAMELLIA 2 0x0024-0x0026
* XTEA 1 0x0028-0x0028
* BASE64 2 0x002A-0x002C
* OID 1 0x002E-0x002E
* OID 1 0x002E-0x002E 0x000B-0x000B
* PADLOCK 1 0x0030-0x0030
* DES 1 0x0032-0x0032
* CTR_DBRG 4 0x0034-0x003A

View file

@ -44,6 +44,7 @@
#endif
#define POLARSSL_ERR_OID_NOT_FOUND -0x002E /**< OID is not found. */
#define POLARSSL_ERR_OID_BUF_TOO_SMALL -0x000B /**< output buffer is too small */
/*
* Top level OID tuples
@ -376,7 +377,8 @@ typedef struct {
* \param size size of the buffer
* \param oid OID to translate
*
* \return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL or actual length used
* \return Length of the string written (excluding final NULL) or
* POLARSSL_ERR_OID_BUF_TO_SMALL in case of error
*/
int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid );

View file

@ -212,6 +212,8 @@ int x509_serial_gets( char *buf, size_t size, const x509_buf *serial );
/**
* \brief Give an known OID, return its descriptive string.
* (Deprecated. Use oid_get_extended_key_usage() instead.)
* Warning: only works for extended_key_usage OIDs!
*
* \param oid buffer containing the oid
*
@ -228,8 +230,8 @@ const char *x509_oid_get_description( x509_buf *oid );
* \param size Maximum size of buffer
* \param oid Buffer containing the OID
*
* \return The amount of data written to the buffer, or -1 in
* case of an error.
* \return Length of the string written (exluding final NULL) or
* POLARSSL_ERR_OID_BUF_TO_SMALL in case of error
*/
int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );

View file

@ -655,6 +655,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
#if defined(POLARSSL_OID_C)
if( use_ret == -(POLARSSL_ERR_OID_NOT_FOUND) )
snprintf( buf, buflen, "OID - OID is not found" );
if( use_ret == -(POLARSSL_ERR_OID_BUF_TOO_SMALL) )
snprintf( buf, buflen, "OID - output buffer is too small" );
#endif /* POLARSSL_OID_C */
#if defined(POLARSSL_PADLOCK_C)

View file

@ -590,16 +590,14 @@ static int compat_snprintf(char *str, size_t size, const char *format, ...)
#define snprintf compat_snprintf
#endif
#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
#define SAFE_SNPRINTF() \
{ \
if( ret == -1 ) \
return( -1 ); \
return POLARSSL_ERR_OID_BUF_TOO_SMALL; \
\
if ( (unsigned int) ret > n ) { \
if ( (unsigned int) ret >= n ) { \
p[n - 1] = '\0'; \
return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
return POLARSSL_ERR_OID_BUF_TOO_SMALL; \
} \
\
n -= (unsigned int) ret; \
@ -630,7 +628,7 @@ int oid_get_numeric_string( char *buf, size_t size,
{
/* Prevent overflow in value. */
if ( ( ( value << 7 ) >> 7 ) != value )
return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
return( POLARSSL_ERR_OID_BUF_TOO_SMALL );
value <<= 7;
value += oid->p[i] & 0x7F;

View file

@ -802,3 +802,27 @@ x509_crt_parse_path:"data_files/dir2":0:2
X509 CRT parse path #4 (two certs, one non-cert)
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_SHA256_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED
x509_crt_parse_path:"data_files/dir3":1:2
X509 OID description #1
x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication"
X509 OID description #2
x509_oid_desc:"2B0601050507030f":"notfound"
X509 OID description #3
x509_oid_desc:"2B0601050507030100":"notfound"
X509 OID numstring #1 (wide buffer)
x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":20:17
X509 OID numstring #2 (buffer just fits)
x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":18:17
X509 OID numstring #3 (buffer too small)
x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":17:POLARSSL_ERR_OID_BUF_TOO_SMALL
X509 OID numstring #4 (larger number)
x509_oid_numstr:"2A864886F70D":"1.2.840.113549":15:14
X509 OID numstring #5 (arithmetic overflow)
x509_oid_numstr:"2A8648F9F8F7F6F5F4F3F2F1F001":"":100:POLARSSL_ERR_OID_BUF_TOO_SMALL

View file

@ -265,6 +265,57 @@ void x509_crt_parse_path( char *crt_path, int ret, int nb_crt )
}
/* END_CASE */
/* BEGIN_CASE */
void x509_oid_desc( char *oid_str, char *ref_desc )
{
x509_buf oid;
const char *desc;
unsigned char buf[20];
memset( buf, 0, sizeof buf );
oid.tag = ASN1_OID;
oid.len = unhexify( buf, oid_str );
oid.p = buf;
desc = x509_oid_get_description( &oid );
if( strcmp( ref_desc, "notfound" ) == 0 )
TEST_ASSERT( desc == NULL );
else
{
TEST_ASSERT( desc != NULL );
TEST_ASSERT( strcmp( desc, ref_desc ) == 0 );
}
}
/* END_CASE */
/* BEGIN_CASE */
void x509_oid_numstr( char *oid_str, char *numstr, int blen, int ret )
{
x509_buf oid;
unsigned char oid_buf[20];
char num_buf[100];
memset( oid_buf, 0x00, sizeof oid_buf );
memset( num_buf, 0x2a, sizeof num_buf );
oid.tag = ASN1_OID;
oid.len = unhexify( oid_buf, oid_str );
oid.p = oid_buf;
TEST_ASSERT( (size_t) blen <= sizeof num_buf );
TEST_ASSERT( x509_oid_get_numeric_string( num_buf, blen, &oid ) == ret );
if( ret >= 0 )
{
TEST_ASSERT( num_buf[ret] == 0 );
TEST_ASSERT( strcmp( num_buf, numstr ) == 0 );
}
}
/* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C:POLARSSL_SELF_TEST */
void x509_selftest()
{