[krbdev.mit.edu #8636] PKINIT certid option cannot handle leading zero

[Sumit Bose via RT]

>From aefd13f1f99b2df7cecc6a959a93852e4759a52c Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Thu, 25 Jan 2018 17:50:47 +0100
Subject: [PATCH 2/2] Add tests for hex_string_to_bin()

---
 src/plugins/preauth/pkinit/pkinit_kdf_test.c | 61 ++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)

diff --git a/src/plugins/preauth/pkinit/pkinit_kdf_test.c b/src/plugins/preauth/pkinit/pkinit_kdf_test.c
index 7acbd0d28..29978956f 100644
--- a/src/plugins/preauth/pkinit/pkinit_kdf_test.c
+++ b/src/plugins/preauth/pkinit/pkinit_kdf_test.c
@@ -69,6 +69,9 @@ krb5_octet key3_hex[] =
  0xE9, 0xA8, 0x26, 0xF7, 0x5D, 0xFB, 0x01, 0xF7,
  0x23, 0x62, 0xFB, 0x16, 0xFB, 0x01, 0xDA, 0xD6};
 
+
+int hex_string_to_bin(const char *str, int *bin_len_out, CK_BYTE **bin_out);
+
 int
 main(int argc, char **argv)
 {
@@ -79,6 +82,8 @@ main(int argc, char **argv)
     krb5_data as_req;
     krb5_data pk_as_rep;
     krb5_keyblock key_block;
+    CK_BYTE_PTR bin_out;
+    int bin_len_out;
 
     /* other local variables */
     int retval = 0;
@@ -215,8 +220,64 @@ main(int argc, char **argv)
         goto cleanup;
     }
 
+    bin_out = NULL;
+    retval = hex_string_to_bin("495041", &bin_len_out, &bin_out);
+    if (retval != 0 || bin_len_out != 3 || memcmp(bin_out, "IPA", 3) != 0) {
+        printf("FAILURE: 495041\n");
+        retval = 1;
+        goto cleanup;
+    }
+
+    free(bin_out);
+    bin_out = NULL;
+    retval = hex_string_to_bin("697061", &bin_len_out, &bin_out);
+    if (retval != 0 || bin_len_out != 3 || memcmp(bin_out, "ipa", 3) != 0) {
+        printf("FAILURE: 697061\n");
+        retval = 1;
+        goto cleanup;
+    }
+
+    free(bin_out);
+    bin_out = NULL;
+    retval = hex_string_to_bin("0001", &bin_len_out, &bin_out);
+    if (retval != 0 || bin_len_out != 2 || bin_out[0] != 0 || bin_out[1] != 1) {
+        printf("FAILURE: 0001\n");
+        retval = 1;
+        goto cleanup;
+    }
+
+    free(bin_out);
+    bin_out = NULL;
+    retval = hex_string_to_bin("AbCdEf", &bin_len_out, &bin_out);
+    if (retval != 0 || bin_len_out != 3 || bin_out[0] != 171
+                    || bin_out[1] != 205 || bin_out[2] != 239) {
+        printf("FAILURE: AbCdEf\n");
+        retval = 1;
+        goto cleanup;
+    }
+
+    free(bin_out);
+    bin_out = NULL;
+    retval = hex_string_to_bin("xbCdEf", &bin_len_out, &bin_out);
+    if (retval != EINVAL) {
+        printf("FAILURE: xbCdEf\n");
+        retval = 1;
+        goto cleanup;
+    }
+
+    free(bin_out);
+    bin_out = NULL;
+    retval = hex_string_to_bin("bCdEf", &bin_len_out, &bin_out);
+    if (retval != EINVAL) {
+        printf("FAILURE: xbCdEf\n");
+        retval = 1;
+        goto cleanup;
+    }
+
+    retval = 0;
 cleanup:
     /* release all allocated resources, whether good or bad return */
+    free(bin_out);
     free(secret.data);
     krb5_free_principal(context, u_principal);
     krb5_free_principal(context, v_principal);
-- 
2.14.3