OID subidentifiers are encoded as follow. For every byte:
* The top bit is 1 if there is another byte to come, 0 if this is the
last byte.
* The other 7 bits form 7 bits of the number. These groups of 7 are
concatenated together in big-endian order.
Overlong encodings are explicitly disallowed by the BER/DER/X690
specification. For example, the number 1 cannot be encoded as:
0x80 0x80 0x01
It must be encoded as:
0x01
Enforce this in Mbed TLS' OID DER-to-string parser.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The first 2 components of an OID are combined together into the same
subidentifier via the formula:
subidentifier = (component1 * 40) + component2
The current code extracts component1 and component2 using division and
modulo as one would expect. However, there is a subtlety in the
specification[1]:
>This packing of the first two object identifier components recognizes
>that only three values are allocated from the root node, and at most
>39 subsequent values from nodes reached by X = 0 and X = 1.
If the root node (component1) is 2, the subsequent node (component2)
may be greater than 38. For example, the following are real OIDs:
* 2.40.0.25, UPU standard S25
* 2.49.0.0.826.0, Met Office
* 2.999, Allocated example OID
This has 2 implications that the current parsing code does not take
account of:
1. The second component may be > 39, so (subidentifier % 40) is not
correct in all circumstances.
2. The first subidentifier (containing the first 2 components) may be
more than one byte long. Currently we assume it is just 1 byte.
Improve parsing code to deal with these cases correctly.
[1] Rec. ITU-T X.690 (02/2021), 8.19.4
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This commit rename `--files` options to `--subset` and
it means to check a subset of the files known to git.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
IAR was warning that conditional execution could bypass initialisation of
variables, although those same variables were not used uninitialised. Fix
this along with some other IAR warnings.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
The lstrlenW() function isn't available to UWP apps, and isn't necessary, since
when given -1, WideCharToMultiByte() will process the terminating null character
itself (and the length returned by the function includes this character).
Resolves#2994
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
The only remaining occurrences of TEST_ASSERT are now pointer comparison,
to NULL or to a reference md_info. That is, the output of the following
command is empty:
grep TEST_ASSERT tests/suites/test_suite_md.function |
egrep -v '= NULL|== md_info|md_info =='
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Since PSK cipher suites do not allow client certificate verification,
PSK test cases should be executed under VERIFY=NO. SUB_VERIFIES is
used to constrain verification option for PSK tests.
With aforementioned change, the latter check of
$VERIFY=YES && $TYPE!=PSK is redundant so it's removed.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
With the introduction of PSK_TESTS,
- Either `compat.sh -V NO` or `compat.sh -V YES` runs the PSK tests
- `compat.sh` or `compat.sh -V "NO YES"` runs PSK tests only once
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
There is no need to provide CA file in PSK. Thus VERIFY is
meaningless for PSK. This change omits the arguments passed to
the client and server for $VERIFY=YES.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Make testing and coding standards separate bullet points.
For the coding standards, add a "must", since some of it is now enforced on
the CI.
For tests, don't ask for "fully tested before submission": we don't expect
contributors to run all the tests locally. Ask for basic local testing, and
remind users to check CI results after submission.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
- ASN.1 parsing functions check that length don't exceed buffer bounds,
so checks `p + len > end` are redundant.
- If `p + len == end`, this is erroneous because we expect further fields,
which is automatically caught by the next ASN.1 parsing call.
Hence, the two branches handling `p + len >= end` in x509_get_other_name()
can be removed.
Further, zeroization of the `other_name` structure isn't necessary
because it's not confidential (and it's also not performed on other
error conditions in this function).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
