--- /dev/null
+testing the NISCC test cases
+
+-- testing client certs, use good server cert --------
+
+1. Set up server KC
+
+ % rm -f ~/Library/Keychains/nisccServer
+ % certtool i server_crt.pem k=nisccServer r=server_key.pem c
+
+2. Run server (from testcases dir)
+
+ % sslServer l k=nisccServer P=1300 a rootca.crt u=t
+
+ -- not u=t --> try auth
+
+3. Run client no auth
+
+ % sv localhost P=1300 H a rootca.crt
+
+ -- note 'H' - disable host name verify since server common name =
+ "Simple Server"
+
+4. Set up client keychain
+
+ % rm -f ~/Library/Keychains/nisccClient
+ % certtool i client_crt.pem k=nisccClient r=client_key.pem c
+
+5. Run client w/auth
+
+ % sv localhost P=1300 H a rootca.crt k=nisccClient
+
+6. Bad client
+
+ # just once
+ % pemtool d client_key.pem client_key.der
+ #
+ % rm -f ~/Library/Keychains/nisccClient
+ % certtool i simple_client/00035377 k=nisccClient r=client_key.der c
+ % sv localhost P=1300 H k=nisccClient x
+
+ ...note 'x' avoids client checking its own bogus cert, and we don't have to specify
+ an anchor
+
+ result on client side = errSSLPeerCertUnknown
+ clientCertState = ClientCertRejected
+
+ result on server side = errSSLXCertChainInvalid
+ clientCertState = ClientCertRejected
+
+7. Mods needed to uses these certs
+
+ -- modified dbTool to allow importing a bad cert (via DL/DB, not Sec*)
+ -- wrote simple client app, clxutils/NISCC/TLS_SSL/nisccSimpleClient
+
+ -- also SecureTransport needs the following mod to ignore bad certs on client side
+
+===================================================================
+RCS file: /cvs/root/Security/SecureTransport/sslKeychain.cpp,v
+retrieving revision 1.5
+diff -u -r1.5 sslKeychain.cpp
+--- sslKeychain.cpp 2003/04/25 19:40:18 1.5
++++ sslKeychain.cpp 2003/11/10 21:20:14
+@@ -174,6 +174,11 @@
+ /* FIXME = release keyRef? */
+
+ /* obtain public key from cert */
++ /*
++ * FIXME : THIS IS TOTALLY UNNECESSARY WHEN PARSING OUR OWN CERTS, except
++ * for the "separate signing and encryptionj certs" case. For now, to
++ * facilitate NISCC testing, we ignore errors here.
++ */
+ ortn = SecCertificateGetCLHandle(certRef, &clHand);
+ if(ortn) {
+ sslErrorLog("parseIncomingCerts: SecCertificateGetCLHandle err %d\n",
+@@ -183,10 +188,12 @@
+ certData.Data = thisSslCert->derCert.data;
+ certData.Length = thisSslCert->derCert.length;
+ crtn = CSSM_CL_CertGetKeyInfo(clHand, &certData, pubKey);
++ #if 0
+ if(crtn) {
+ sslErrorLog("parseIncomingCerts: CSSM_CL_CertGetKeyInfo err\n");
+ return (OSStatus)crtn;
+ }
++ #endif
+
+ /* obtain keychain from key, CSP handle from keychain */
+ ortn = SecKeychainItemCopyKeychain((SecKeychainItemRef)keyRef, &kcRef);
+
+........
+
+...with this in place cert 00070004 causes anything parsing it to get a seg fault.
+
+...........
+
+problems found:
+
+1. Processing SEC_ASN1_SAVE, the destination item is mallocd once, with the length
+ of the top-level item to be saved. However data gets added to this item on a
+ leaf-by-leaf basis so that if the sizes of the leaves adds up to greater than
+ the stated/mallocd len of the otp-level item, overflow.
+
+ -- verified by disabling the SAVE in TBS_Cert
+ -- fixed using sec_asn1d_state.dest_alloc_len field to track alloc size in
+ aggregate items
+
+..............
+
+certs known to crash the Panther Security.framework:
+
+ "00000668",
+ "00000681",
+ "00001980",
+ "00002040",
+ "00007472",
+ "00008064",
+ "00008656",
+ "00009840",
+ "00010432",
+ "00011614",
+ "00011615",
+ "00011616",
projects / apple / security.git / blobdiff