Add may-fail mode to mbedtls_x509_string_to_names output tests

Due to differing validations amongst X.509 library functions, there are inputs that mbedtls_x509_string_to_names() accepts, but it produces output that some library functions can't parse. Accept this for now. Do call the functions, even when we don't care about their return code: we're ok with returning errors, but not with e.g. a buffer overflow. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-07-29 11:41:15 +03:00 · 2023-09-21 18:01:05 +02:00
parent 7077781af5
commit c94500b56b
2 changed files with 55 additions and 43 deletions
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@ -125,6 +125,12 @@ static int csr_set_extended_key_usage(mbedtls_x509write_csr *ctx,
    return ret;
 }
 #endif  /* MBEDTLS_X509_CSR_WRITE_C */
+
+/* Due to inconsistencies in the input size limits applied by different
+ * library functions, some write-parse tests may fail. */
+#define MAY_FAIL_GET_NAME       0x0001
+#define MAY_FAIL_DN_GETS        0x0002
+
 /* END_HEADER */

 /* BEGIN_DEPENDENCIES
@ -687,8 +693,8 @@ exit:
 /* END_CASE */

 /* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */
-void mbedtls_x509_string_to_names(char *name, char *parsed_name, int result
-                                  )
+void mbedtls_x509_string_to_names(char *name, char *parsed_name,
+                                  int result, int may_fail)
 {
    int ret;
    size_t len = 0;
@ -715,11 +721,21 @@ void mbedtls_x509_string_to_names(char *name, char *parsed_name, int result

    TEST_EQUAL(mbedtls_asn1_get_tag(&c, buf + sizeof(buf), &len,
                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE), 0);
-    TEST_EQUAL(mbedtls_x509_get_name(&c, buf + sizeof(buf), &parsed), 0);
+    ret = mbedtls_x509_get_name(&c, buf + sizeof(buf), &parsed);
+    if ((may_fail & MAY_FAIL_GET_NAME) && ret < 0) {
+        /* Validation inconsistency between mbedtls_x509_string_to_names() and
+         * mbedtls_x509_get_name(). Accept it for now. */
+        goto exit;
+    }
+    TEST_EQUAL(ret, 0);

    ret = mbedtls_x509_dn_gets((char *) out, sizeof(out), &parsed);
+    if ((may_fail & MAY_FAIL_DN_GETS) && ret < 0) {
+        /* Validation inconsistency between mbedtls_x509_string_to_names() and
+         * mbedtls_x509_dn_gets(). Accept it for now. */
+        goto exit;
+    }
    TEST_LE_S(1, ret);
-
    TEST_ASSERT(strcmp((char *) out, parsed_name) == 0);

 exit: