lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Merge pull request #6883 from valeriosetti/issue6843

Browse Source 
Improve X.509 cert writing serial number management
This commit is contained in:
Manuel Pégourié-Gonnard
2023-01-30 13:08:57 +01:00
committed by GitHub
parent e28397a376 18b9b035ad
commit aae61257d1
12 changed files with 368 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
tests/suites/test_suite_x509write.function
View File

@ -300,7 +300,7 @@ exit:
void x509_crt_check(char *subject_key_file, char *subject_pwd,
char *subject_name, char *issuer_key_file,
char *issuer_pwd, char *issuer_name,
char *serial_str, char *not_before, char *not_after,
data_t *serial_arg, char *not_before, char *not_after,
int md_type, int key_usage, int set_key_usage,
char *ext_key_usage,
int cert_type, int set_cert_type, int auth_ident,
@ -315,7 +315,9 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
unsigned char check_buf[5000];
unsigned char *p, *end;
unsigned char tag, sz;
mbedtls_mpi serial;
#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
mbedtls_mpi serial_mpi;
#endif
int ret, before_tag, after_tag;
size_t olen = 0, pem_len = 0, buf_index = 0;
int der_len = -1;
@ -327,7 +329,9 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
mbedtls_pk_type_t issuer_key_type;
memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
mbedtls_mpi_init(&serial);
#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
mbedtls_mpi_init(&serial_mpi);
#endif
USE_PSA_INIT();
@ -384,13 +388,18 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
TEST_ASSERT(mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_OPAQUE);
}
TEST_ASSERT(mbedtls_test_read_mpi(&serial, serial_str) == 0);
if (ver != -1) {
mbedtls_x509write_crt_set_version(&crt, ver);
}
TEST_ASSERT(mbedtls_x509write_crt_set_serial(&crt, &serial) == 0);
#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
TEST_ASSERT(mbedtls_mpi_read_binary(&serial_mpi, serial_arg->x,
serial_arg->len) == 0);
TEST_ASSERT(mbedtls_x509write_crt_set_serial(&crt, &serial_mpi) == 0);
#else
TEST_ASSERT(mbedtls_x509write_crt_set_serial_raw(&crt, serial_arg->x,
serial_arg->len) == 0);
#endif
TEST_ASSERT(mbedtls_x509write_crt_set_validity(&crt, not_before,
not_after) == 0);
mbedtls_x509write_crt_set_md_alg(&crt, md_type);
@ -549,7 +558,9 @@ exit:
mbedtls_pk_free(&issuer_key_alt);
mbedtls_pk_free(&subject_key);
mbedtls_pk_free(&issuer_key);
mbedtls_mpi_free(&serial);
#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
mbedtls_mpi_free(&serial_mpi);
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key(key_id);
#endif
@ -557,6 +568,37 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_WRITE_C */
void x509_set_serial_check()
{
mbedtls_x509write_cert ctx;
uint8_t invalid_serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN + 1];
memset(invalid_serial, 0x01, sizeof(invalid_serial));
#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
mbedtls_mpi serial_mpi;
mbedtls_mpi_init(&serial_mpi);
TEST_EQUAL(mbedtls_mpi_read_binary(&serial_mpi, invalid_serial,
sizeof(invalid_serial)), 0);
TEST_EQUAL(mbedtls_x509write_crt_set_serial(&ctx, &serial_mpi),
MBEDTLS_ERR_X509_BAD_INPUT_DATA);
#endif
TEST_EQUAL(mbedtls_x509write_crt_set_serial_raw(&ctx, invalid_serial,
sizeof(invalid_serial)),
MBEDTLS_ERR_X509_BAD_INPUT_DATA);
exit:
#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
mbedtls_mpi_free(&serial_mpi);
#else
;
#endif
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */
void mbedtls_x509_string_to_names(char *name, char *parsed_name, int result
)