Add test for bounds in X509 DER write funcs
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 63f35a6..825a593 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -16,10 +16,11 @@
{
pk_context key;
x509write_csr req;
- unsigned char buf[4000];
+ unsigned char buf[4096];
unsigned char check_buf[4000];
int ret;
size_t olen = 0, pem_len = 0;
+ int der_len = -1;
FILE *f;
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
rnd_pseudo_info rnd_info;
@@ -52,6 +53,17 @@
TEST_ASSERT( olen >= pem_len - 1 );
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+ der_len = x509write_csr_der( &req, buf, sizeof( buf ),
+ rnd_pseudo_rand, &rnd_info );
+ TEST_ASSERT( der_len >= 0 );
+
+ if( der_len == 0 )
+ goto exit;
+
+ ret = x509write_csr_der( &req, buf, (size_t)( der_len - 1 ),
+ rnd_pseudo_rand, &rnd_info );
+ TEST_ASSERT( ret == POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
exit:
x509write_csr_free( &req );
pk_free( &key );
@@ -68,11 +80,12 @@
{
pk_context subject_key, issuer_key;
x509write_cert crt;
- unsigned char buf[4000];
+ unsigned char buf[4096];
unsigned char check_buf[5000];
mpi serial;
int ret;
size_t olen = 0, pem_len = 0;
+ int der_len = -1;
FILE *f;
rnd_pseudo_info rnd_info;
@@ -125,6 +138,17 @@
TEST_ASSERT( olen >= pem_len - 1 );
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+ der_len = x509write_crt_der( &crt, buf, sizeof( buf ),
+ rnd_pseudo_rand, &rnd_info );
+ TEST_ASSERT( der_len >= 0 );
+
+ if( der_len == 0 )
+ goto exit;
+
+ ret = x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ),
+ rnd_pseudo_rand, &rnd_info );
+ TEST_ASSERT( ret == POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
exit:
x509write_crt_free( &crt );
pk_free( &issuer_key );