feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fixes for API unit test with WOLFSSL_NO_ASN_STRICT. Fix spelling error.

Browse Source
This commit is contained in:
David Garske
2021-10-22 09:59:16 -07:00
parent 6e7dee3283
commit 4c0527490d
2 changed files with 28 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
tests/api.c
View File

@@ -1727,9 +1727,13 @@ static void test_wolfSSL_CertManagerNameConstraint2(void)
wolfSSL_X509_sign(x509, priv, EVP_sha256()); wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif #endif
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
#ifndef WOLFSSL_NO_ASN_STRICT
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
#else
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
/* check that it still fails if one bad altname and one good altname is in /* check that it still fails if one bad altname and one good altname is in
* the certificate */ * the certificate */
@@ -1748,8 +1752,13 @@ static void test_wolfSSL_CertManagerNameConstraint2(void)
wolfSSL_X509_sign(x509, priv, EVP_sha256()); wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif #endif
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
#ifndef WOLFSSL_NO_ASN_STRICT
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
#else
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
/* check it fails with switching position of bad altname */ /* check it fails with switching position of bad altname */
wolfSSL_X509_free(x509); wolfSSL_X509_free(x509);
@@ -1767,8 +1776,13 @@ static void test_wolfSSL_CertManagerNameConstraint2(void)
wolfSSL_X509_sign(x509, priv, EVP_sha256()); wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif #endif
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
#ifndef WOLFSSL_NO_ASN_STRICT
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
#else
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
wolfSSL_CertManagerFree(cm); wolfSSL_CertManagerFree(cm);
wolfSSL_X509_free(x509); wolfSSL_X509_free(x509);
@@ -1795,8 +1809,13 @@ static void test_wolfSSL_CertManagerNameConstraint2(void)
wolfSSL_X509_sign(x509, priv, EVP_sha256()); wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif #endif
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
#ifndef WOLFSSL_NO_ASN_STRICT
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
#else
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
wolfSSL_CertManagerFree(cm); wolfSSL_CertManagerFree(cm);
wolfSSL_X509_free(x509); wolfSSL_X509_free(x509);
wolfSSL_X509_free(ca); wolfSSL_X509_free(ca);
@@ -8542,7 +8561,7 @@ static void test_wolfSSL_URI(void)
wolfSSL_FreeX509(x509); wolfSSL_FreeX509(x509);
x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM); x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM);
#ifndef IGNORE_NAME_CONSTRAINTS #if !defined(IGNORE_NAME_CONSTRAINTS) && !defined(WOLFSSL_NO_ASN_STRICT)
AssertNull(x509); AssertNull(x509);
#else #else
AssertNotNull(x509); AssertNotNull(x509);

17
wolfcrypt/src/asn.c
View File

@@ -13501,7 +13501,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
int permittedDns = 0; int permittedDns = 0;
base = signer->permittedNames; base = signer->permittedNames;
do { do {
/* Looking for perrmittedNames that are for DNS. */ /* Looking for permittedNames that are for DNS. */
if (base->type == ASN_DNS_TYPE) { if (base->type == ASN_DNS_TYPE) {
permittedDns = 1; permittedDns = 1;
matchDns = MatchBaseName(ASN_DNS_TYPE, matchDns = MatchBaseName(ASN_DNS_TYPE,
@@ -13509,8 +13509,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
base->name, base->nameSz); base->name, base->nameSz);
} }
base = base->next; base = base->next;
} } while (base != NULL && !matchDns);
while (base != NULL && !matchDns);
/* If we found an DNS type permittedName then name must have had a /* If we found an DNS type permittedName then name must have had a
* match. */ * match. */
if (permittedDns && !matchDns) if (permittedDns && !matchDns)
@@ -13529,7 +13528,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
int permittedEmail = 0; int permittedEmail = 0;
base = signer->permittedNames; base = signer->permittedNames;
do { do {
/* Looking for perrmittedNames that are for email. */ /* Looking for permittedNames that are for email. */
if (base->type == ASN_RFC822_TYPE) { if (base->type == ASN_RFC822_TYPE) {
permittedEmail = 1; permittedEmail = 1;
matchEmail = MatchBaseName(ASN_DNS_TYPE, matchEmail = MatchBaseName(ASN_DNS_TYPE,
@@ -13537,8 +13536,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
base->name, base->nameSz); base->name, base->nameSz);
} }
base = base->next; base = base->next;
} } while ((base != NULL) && !matchEmail);
while ((base != NULL) && !matchEmail);
/* If we found an email type permittedName then name must have had a /* If we found an email type permittedName then name must have had a
* match. */ * match. */
if (permittedEmail && !matchEmail) if (permittedEmail && !matchEmail)
@@ -13556,7 +13554,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
permittedDir = 0; permittedDir = 0;
base = signer->permittedNames; base = signer->permittedNames;
while (base != NULL && !matchDir) { while (base != NULL && !matchDir) {
/* Looking for perrmittedNames that are for directoryName. */ /* Looking for permittedNames that are for directoryName. */
if (base->type == ASN_DIR_TYPE) { if (base->type == ASN_DIR_TYPE) {
permittedDir = 1; permittedDir = 1;
if (cert->subjectRawLen >= base->nameSz && if (cert->subjectRawLen >= base->nameSz &&
@@ -13586,15 +13584,14 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
int matchAltDir = 0; int matchAltDir = 0;
base = signer->permittedNames; base = signer->permittedNames;
do { do {
/* Looking for perrmittedNames that are for directoryName. */ /* Looking for permittedNames that are for directoryName. */
if (base->type == ASN_DIR_TYPE) { if (base->type == ASN_DIR_TYPE) {
if (XMEMCMP(name->name, base->name, base->nameSz) == 0) { if (XMEMCMP(name->name, base->name, base->nameSz) == 0) {
matchAltDir = 1; matchAltDir = 1;
} }
} }
base = base->next; base = base->next;
} } while ((base != NULL) && !matchAltDir);
while ((base != NULL) && !matchAltDir);
/* If we found an dir name type permittedName then name must have /* If we found an dir name type permittedName then name must have
* had a match. */ * had a match. */
if (permittedDir && !matchAltDir) if (permittedDir && !matchAltDir)