tests: added check for the decoding of certificates with long OIDs

That is, OIDs which have an element which exceeds 2^32.

3 files changed, 238 insertions, 2 deletions

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index ccfdf7d999..5880db5c3e 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -43,7 +43,7 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem
 	templates/template-krb5name.tmpl \
 	data/template-krb5name.pem data/template-krb5name-full.pem data/template-test-ecc.key \
 	data/template-rsa-sha3-256.pem data/template-rsa-sha3-512.pem data/template-rsa-sha3-224.pem \
-	data/template-rsa-sha3-384.pem \
+	data/template-rsa-sha3-384.pem data/long-oids.pem \
 	data/name-constraints-ip2.pem data/chain-md5.pem data/gost-cert.pem \
 	templates/template-tlsfeature.tmpl data/userid.pem \
 	data/template-tlsfeature.pem data/template-tlsfeature.csr \
@@ -65,7 +65,7 @@ dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \
 	pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \
 	provable-dh userid sha2-test sha2-dsa-test provable-privkey-dsa2048 \
 	provable-privkey-rsa2048 provable-privkey-gen-default pkcs7-constraints \
-	pkcs7-constraints2
+	pkcs7-constraints2 certtool-long-oids
 
 if WANT_TEST_SUITE
 dist_check_SCRIPTS += provable-dh-default
diff --git a/tests/cert-tests/certtool-long-oids b/tests/cert-tests/certtool-long-oids
new file mode 100755
index 0000000000..31ea796c84
--- /dev/null
+++ b/tests/cert-tests/certtool-long-oids
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+# This checks whether OIDs > 2^32 are correctly decoded.
+
+srcdir="${srcdir:-.}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
+DIFF="${DIFF:-diff -b -B}"
+OUTFILE="out.$$.pem"
+TMPFILE1="out1.$$.pem"
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=3"
+fi
+
+${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/long-oids.pem"|grep -v "Not After:" >$OUTFILE
+rc=$?
+
+if test "${rc}" != 0;then
+	echo "Could not read cert with long OIDs"
+	exit 1
+fi
+
+cat "${srcdir}/data/long-oids.pem" |grep -v "Not After:" >${TMPFILE1}
+$DIFF ${TMPFILE1} ${OUTFILE}
+if test $? != 0;then
+	echo "Error in parsing cert with long OIDs"
+	exit 1
+fi
+
+rm -f "$OUTFILE" "${TMPFILE1}" "${TMPFILE2}"
+
+exit 0
diff --git a/tests/cert-tests/data/long-oids.pem b/tests/cert-tests/data/long-oids.pem
new file mode 100644
index 0000000000..90a86be7c6
--- /dev/null
+++ b/tests/cert-tests/data/long-oids.pem
@@ -0,0 +1,184 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 35738caf21eabd2d
+	Issuer: CN=sat-r220-10.lab.eng.rdu2.redhat.com,OU=SomeOrgUnit,O=Katello,L=Raleigh,ST=North Carolina,C=US
+	Validity:
+		Not Before: Fri Jul 01 18:54:17 UTC 2016
+		Not After: Wed Dec 01 13:00:00 UTC 2049
+	Subject: CN=8a88801755a7c9070155a7cfbe360004
+	Subject Public Key Algorithm: RSA
+	Algorithm Security Level: Medium (2048 bits)
+		Modulus (bits 2048):
+			00:dc:70:8b:9c:84:e9:3e:79:8f:03:e5:5f:21:f0:29
+			9e:d9:94:4e:0f:37:45:47:42:da:2a:e0:da:f5:8b:fa
+			e1:f8:62:51:14:9d:9e:e0:c7:69:d0:3d:fc:25:2f:b6
+			10:45:bd:0d:bc:92:86:54:bb:4e:7d:d4:92:75:65:ba
+			48:a4:64:a1:eb:f7:e7:dc:c0:d7:0a:5e:36:13:0e:4e
+			35:cc:2c:c6:f3:e7:e7:e5:32:8a:0c:f7:47:28:7a:02
+			c2:68:66:19:3a:ba:ca:31:e2:dd:43:be:26:4c:80:12
+			0c:ae:44:40:eb:69:7d:9e:58:d3:ab:af:69:e6:54:ae
+			7d:80:ee:2c:10:e9:bb:5e:6b:89:15:2e:2c:72:26:ba
+			7f:e5:a3:66:c5:98:c6:57:bf:05:1e:55:93:a6:16:83
+			a6:88:79:8f:4e:b5:7e:70:eb:f0:a9:a6:d5:f9:1f:e6
+			ab:70:06:43:e0:de:82:ad:0e:04:17:2b:69:82:40:98
+			84:14:00:2a:a2:da:61:7b:35:ac:71:05:43:6f:55:3a
+			28:4b:d1:a4:eb:3b:f5:03:c2:f8:3c:fd:0a:c4:99:1d
+			a7:7d:08:5c:d1:15:70:73:b9:dc:5c:f2:fe:2c:c6:21
+			8a:be:bd:52:37:64:04:e5:06:3e:c6:62:a1:e9:8e:cb
+			c1
+		Exponent (bits 24):
+			01:00:01
+	Extensions:
+		Unknown extension 2.16.840.1.113730.1.1 (not critical):
+			ASCII: ....
+			Hexdump: 030205a0
+		Key Usage (not critical):
+			Digital signature.
+			Key encipherment.
+			Data encipherment.
+		Authority Key Identifier (not critical):
+			caca62860405f0f59b38d22c3c8c650fc6baa53c
+		Subject Key Identifier (not critical):
+			0e8d7b53ba5a9e9244e56458a1db8347053e32d3
+		Key Purpose (not critical):
+			TLS WWW Client.
+		Unknown extension 1.3.6.1.4.1.2312.9.1.1467399257435.1 (not critical):
+			ASCII: ..mordor_ueber_product
+			Hexdump: 0c146d6f72646f725f75656265725f70726f64756374
+		Unknown extension 1.3.6.1.4.1.2312.9.1.1467399257435.3 (not critical):
+			ASCII: ..
+			Hexdump: 0c00
+		Unknown extension 1.3.6.1.4.1.2312.9.1.1467399257435.2 (not critical):
+			ASCII: ..
+			Hexdump: 0c00
+		Unknown extension 1.3.6.1.4.1.2312.9.1.1467399257435.5 (not critical):
+			ASCII: ..
+			Hexdump: 0c00
+		Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1 (not critical):
+			ASCII: ..yum
+			Hexdump: 0c0379756d
+		Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.1 (not critical):
+			ASCII: ..ueber_content
+			Hexdump: 0c0d75656265725f636f6e74656e74
+		Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.2 (not critical):
+			ASCII: ..1467399257435_ueber_content
+			Hexdump: 0c1b313436373339393235373433355f75656265725f636f6e74656e74
+		Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.5 (not critical):
+			ASCII: ..Custom
+			Hexdump: 0c06437573746f6d
+		Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.6 (not critical):
+			ASCII: ../mordor
+			Hexdump: 0c072f6d6f72646f72
+		Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.7 (not critical):
+			ASCII: ..
+			Hexdump: 0c00
+		Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.8 (not critical):
+			ASCII: ..1
+			Hexdump: 0c0131
+		Unknown extension 1.3.6.1.4.1.2312.9.4.1 (not critical):
+			ASCII: ..mordor_ueber_product
+			Hexdump: 0c146d6f72646f725f75656265725f70726f64756374
+		Unknown extension 1.3.6.1.4.1.2312.9.4.2 (not critical):
+			ASCII: ..
+			Hexdump: 0c00
+		Unknown extension 1.3.6.1.4.1.2312.9.4.3 (not critical):
+			ASCII: ..1467399257435
+			Hexdump: 0c0d31343637333939323537343335
+		Unknown extension 1.3.6.1.4.1.2312.9.4.5 (not critical):
+			ASCII: ..1
+			Hexdump: 0c0131
+		Unknown extension 1.3.6.1.4.1.2312.9.4.6 (not critical):
+			ASCII: ..2016-07-01T18:54:17Z
+			Hexdump: 0c14323031362d30372d30315431383a35343a31375a
+		Unknown extension 1.3.6.1.4.1.2312.9.4.7 (not critical):
+			ASCII: ..2049-12-01T13:00:00Z
+			Hexdump: 0c14323034392d31322d30315431333a30303a30305a
+		Unknown extension 1.3.6.1.4.1.2312.9.4.12 (not critical):
+			ASCII: ..0
+			Hexdump: 0c0130
+		Unknown extension 1.3.6.1.4.1.2312.9.4.14 (not critical):
+			ASCII: ..0
+			Hexdump: 0c0130
+		Unknown extension 1.3.6.1.4.1.2312.9.4.11 (not critical):
+			ASCII: ..1
+			Hexdump: 0c0131
+		Unknown extension 1.3.6.1.4.1.2312.9.5.1 (not critical):
+			ASCII: .$9453f8e6-84b2-482e-a3ea-01c3b3e266a5
+			Hexdump: 0c2439343533663865362d383462322d343832652d613365612d303163336233653236366135
+	Signature Algorithm: RSA-SHA1
+	Signature:
+		f7:4d:f3:30:53:cd:35:bf:49:07:29:9b:f0:7a:aa:49
+		60:da:ce:14:45:b5:32:8f:da:c3:ce:6b:ec:bf:20:c0
+		05:a3:3a:89:c4:7d:66:34:fc:f3:16:b8:f3:03:da:fc
+		82:4a:b8:97:f8:67:3d:c2:8c:78:b4:6d:b8:bb:18:ec
+		36:ee:c4:28:79:da:fe:a1:1f:af:0b:3f:e4:75:de:83
+		ff:6b:f9:11:60:09:57:ea:85:34:ed:60:e2:94:8b:d6
+		f2:21:9b:da:97:99:f3:0d:a9:0f:b5:3b:3a:8f:96:8d
+		0b:df:30:17:03:e6:47:c3:71:32:09:18:bc:c0:a9:83
+		7e:b7:5f:5c:bb:eb:0a:18:3f:a9:40:98:ae:57:ab:99
+		3d:47:1b:98:8a:dc:6e:85:a2:ea:5e:21:80:a9:b5:48
+		c9:1d:63:c1:1b:e6:01:a1:bd:84:38:7f:1a:43:a5:d4
+		7f:41:5b:f6:88:33:b0:f1:b8:8f:e1:39:69:6f:60:13
+		d3:5d:70:de:95:0d:2f:a9:89:6c:d4:3a:eb:22:59:e6
+		31:67:71:a5:ed:fb:cb:20:11:0c:31:2e:e0:98:9a:3b
+		9c:7b:a2:74:6f:87:97:a1:d9:82:7f:7d:62:6b:45:6c
+		0b:5e:25:43:8a:20:16:7d:e5:84:18:3f:7c:da:fc:f9
+Other Information:
+	SHA1 fingerprint:
+		562de99ca9cd44ea93399ddfe902189f54fc1a4e
+	SHA256 fingerprint:
+		2c17e1d8f33d7d4f6737978f74338b6f5007247a6c1dfdc2336095837979a130
+	Public Key ID:
+		d2e82f7dcb5150dd512201753aa90bec77b39a7d
+	Public key's random art:
+		+--[ RSA 2048]----+
+		|          .o=ooo+|
+		|           . =...|
+		|          . +    |
+		|       +   o .   |
+		|      o S . .    |
+		|     . o . o     |
+		|      ... + o    |
+		|      ...o.= oE  |
+		|       ...=oo.   |
+		+-----------------+
+
+-----BEGIN CERTIFICATE-----
+MIIG3DCCBcSgAwIBAgIINXOMryHqvS0wDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNV
+BAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UEBxMHUmFsZWln
+aDEQMA4GA1UEChMHS2F0ZWxsbzEUMBIGA1UECxMLU29tZU9yZ1VuaXQxLDAqBgNV
+BAMTI3NhdC1yMjIwLTEwLmxhYi5lbmcucmR1Mi5yZWRoYXQuY29tMB4XDTE2MDcw
+MTE4NTQxN1oXDTQ5MTIwMTEzMDAwMFowKzEpMCcGA1UEAxMgOGE4ODgwMTc1NWE3
+YzkwNzAxNTVhN2NmYmUzNjAwMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDccIuchOk+eY8D5V8h8Cme2ZRODzdFR0LaKuDa9Yv64fhiURSdnuDHadA9
+/CUvthBFvQ28koZUu0591JJ1ZbpIpGSh6/fn3MDXCl42Ew5ONcwsxvPn5+Uyigz3
+Ryh6AsJoZhk6usox4t1DviZMgBIMrkRA62l9nljTq69p5lSufYDuLBDpu15riRUu
+LHImun/lo2bFmMZXvwUeVZOmFoOmiHmPTrV+cOvwqabV+R/mq3AGQ+Degq0OBBcr
+aYJAmIQUACqi2mF7NaxxBUNvVTooS9Gk6zv1A8L4PP0KxJkdp30IXNEVcHO53Fzy
+/izGIYq+vVI3ZATlBj7GYqHpjsvBAgMBAAGjggOeMIIDmjARBglghkgBhvhCAQEE
+BAMCBaAwCwYDVR0PBAQDAgSwMIHDBgNVHSMEgbswgbiAFMrKYoYEBfD1mzjSLDyM
+ZQ/GuqU8oYGUpIGRMIGOMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fy
+b2xpbmExEDAOBgNVBAcTB1JhbGVpZ2gxEDAOBgNVBAoTB0thdGVsbG8xFDASBgNV
+BAsTC1NvbWVPcmdVbml0MSwwKgYDVQQDEyNzYXQtcjIyMC0xMC5sYWIuZW5nLnJk
+dTIucmVkaGF0LmNvbYIJAKTnyuu+Q13MMB0GA1UdDgQWBBQOjXtTulqekkTlZFih
+24NHBT4y0zATBgNVHSUEDDAKBggrBgEFBQcDAjAqBhArBgEEAZIICQGq2r6++lsB
+BBYMFG1vcmRvcl91ZWJlcl9wcm9kdWN0MBYGECsGAQQBkggJAaravr76WwMEAgwA
+MBYGECsGAQQBkggJAaravr76WwIEAgwAMBYGECsGAQQBkggJAaravr76WwUEAgwA
+MBkGECsGAQQBkggJAqravr76cgEEBQwDeXVtMCQGESsGAQQBkggJAqravr76cgEB
+BA8MDXVlYmVyX2NvbnRlbnQwMgYRKwYBBAGSCAkCqtq+vvpyAQIEHQwbMTQ2NzM5
+OTI1NzQzNV91ZWJlcl9jb250ZW50MB0GESsGAQQBkggJAqravr76cgEFBAgMBkN1
+c3RvbTAeBhErBgEEAZIICQKq2r6++nIBBgQJDAcvbW9yZG9yMBcGESsGAQQBkggJ
+Aqravr76cgEHBAIMADAYBhErBgEEAZIICQKq2r6++nIBCAQDDAExMCQGCisGAQQB
+kggJBAEEFgwUbW9yZG9yX3VlYmVyX3Byb2R1Y3QwEAYKKwYBBAGSCAkEAgQCDAAw
+HQYKKwYBBAGSCAkEAwQPDA0xNDY3Mzk5MjU3NDM1MBEGCisGAQQBkggJBAUEAwwB
+MTAkBgorBgEEAZIICQQGBBYMFDIwMTYtMDctMDFUMTg6NTQ6MTdaMCQGCisGAQQB
+kggJBAcEFgwUMjA0OS0xMi0wMVQxMzowMDowMFowEQYKKwYBBAGSCAkEDAQDDAEw
+MBEGCisGAQQBkggJBA4EAwwBMDARBgorBgEEAZIICQQLBAMMATEwNAYKKwYBBAGS
+CAkFAQQmDCQ5NDUzZjhlNi04NGIyLTQ4MmUtYTNlYS0wMWMzYjNlMjY2YTUwDQYJ
+KoZIhvcNAQEFBQADggEBAPdN8zBTzTW/SQcpm/B6qklg2s4URbUyj9rDzmvsvyDA
+BaM6icR9ZjT88xa48wPa/IJKuJf4Zz3CjHi0bbi7GOw27sQoedr+oR+vCz/kdd6D
+/2v5EWAJV+qFNO1g4pSL1vIhm9qXmfMNqQ+1OzqPlo0L3zAXA+ZHw3EyCRi8wKmD
+frdfXLvrChg/qUCYrlermT1HG5iK3G6FoupeIYCptUjJHWPBG+YBob2EOH8aQ6XU
+f0Fb9ogzsPG4j+E5aW9gE9NdcN6VDS+piWzUOusiWeYxZ3Gl7fvLIBEMMS7gmJo7
+nHuidG+Hl6HZgn99YmtFbAteJUOKIBZ95YQYP3za/Pk=
+-----END CERTIFICATE-----