testing the NISCC test cases

-- testing client certs, use good server cert --------

1. Set up server KC

   % rm -f ~/Library/Keychains/nisccServer
   % certtool i server_crt.pem k=nisccServer r=server_key.pem c
   
2. Run server (from testcases dir)

   % sslServer l k=nisccServer P=1300 a rootca.crt u=t
   
   -- not u=t --> try auth
   
3. Run client no auth 

   % sv localhost P=1300 H a rootca.crt
   
   -- note 'H' - disable host name verify since server common name = 
      "Simple Server"
	  
4. Set up client keychain

   % rm -f ~/Library/Keychains/nisccClient
   % certtool i client_crt.pem k=nisccClient r=client_key.pem c
   
5. Run client w/auth

   % sv localhost P=1300 H a rootca.crt k=nisccClient
   
6. Bad client

   # just once
   % pemtool d client_key.pem client_key.der
   #
   % rm -f ~/Library/Keychains/nisccClient
   % certtool i simple_client/00035377 k=nisccClient r=client_key.der c
   % sv localhost P=1300 H k=nisccClient x
   
   ...note 'x' avoids client checking its own bogus cert, and we don't have to specify 
      an anchor
   
   result on client side = errSSLPeerCertUnknown
   clientCertState = ClientCertRejected
   
   result on server side = errSSLXCertChainInvalid
   clientCertState = ClientCertRejected

7. Mods needed to uses these certs

  -- modified dbTool to allow importing a bad cert (via DL/DB, not Sec*)
  -- wrote simple client app, clxutils/NISCC/TLS_SSL/nisccSimpleClient
  
  -- also SecureTransport needs the following mod to ignore bad certs on client side

===================================================================
RCS file: /cvs/root/Security/SecureTransport/sslKeychain.cpp,v
retrieving revision 1.5
diff -u -r1.5 sslKeychain.cpp
--- sslKeychain.cpp     2003/04/25 19:40:18     1.5
+++ sslKeychain.cpp     2003/11/10 21:20:14
@@ -174,6 +174,11 @@
        /* FIXME = release keyRef? */
 
        /* obtain public key from cert */
+       /*
+        * FIXME : THIS IS TOTALLY UNNECESSARY WHEN PARSING OUR OWN CERTS, except
+        * for the "separate signing and encryptionj certs" case. For now, to   
+        * facilitate NISCC testing, we ignore errors here. 
+        */
        ortn = SecCertificateGetCLHandle(certRef, &clHand);
        if(ortn) {
                sslErrorLog("parseIncomingCerts: SecCertificateGetCLHandle err %d\n",
@@ -183,10 +188,12 @@
        certData.Data = thisSslCert->derCert.data;
        certData.Length = thisSslCert->derCert.length;
        crtn = CSSM_CL_CertGetKeyInfo(clHand, &certData, pubKey);
+       #if 0
        if(crtn) {
                sslErrorLog("parseIncomingCerts: CSSM_CL_CertGetKeyInfo err\n");
                return (OSStatus)crtn;
        }
+       #endif
 
        /* obtain keychain from key, CSP handle from keychain */
        ortn = SecKeychainItemCopyKeychain((SecKeychainItemRef)keyRef, &kcRef);

........

...with this in place cert 00070004 causes anything parsing it to get a seg fault. 

...........

problems found:

1. Processing SEC_ASN1_SAVE, the destination item is mallocd once, with the length 
   of the top-level item to be saved. However data gets added to this item on a 
   leaf-by-leaf basis so that if the sizes of the leaves adds up to greater than
   the stated/mallocd len of the otp-level item, overflow. 
   
   -- verified by disabling the SAVE in TBS_Cert
   -- fixed using sec_asn1d_state.dest_alloc_len field to track alloc size in 
      aggregate items
   
..............

certs known to crash the Panther Security.framework:

	"00000668",
	"00000681",
	"00001980",
	"00002040",
	"00007472",
	"00008064",
	"00008656",
	"00009840",
	"00010432",
	"00011614",	
	"00011615",
	"00011616",