From 1c7629c1c03fcc74781bc448d5b4d5d6ffd7219c Mon Sep 17 00:00:00 2001
From: Jonathan Winzig <jwinzig@hilscher.com>
Date: Tue, 9 Jan 2024 15:19:42 +0100
Subject: [PATCH] Add tests for Issue #8687

Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
---
 tests/suites/test_suite_x509write.data     |  6 ++++++
 tests/suites/test_suite_x509write.function | 21 +++++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index 0f190286bc..f1d4e34a56 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -265,3 +265,9 @@ mbedtls_x509_string_to_names:"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=P
 
 Check max serial length
 x509_set_serial_check:
+
+Check max extension length (Max-1)
+x509_set_extension_length_check:0xFFFFFFFE
+
+Check max extension length (Max)
+x509_set_extension_length_check:0xFFFFFFFF
\ No newline at end of file
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index a7ed26295e..7ec6557271 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -750,3 +750,24 @@ exit:
     USE_PSA_DONE();
 }
 /* END_CASE */
+
+/* BEGIN_CASE */
+void x509_set_extension_length_check(int val_len)
+{
+    int ret = 0;
+
+    mbedtls_x509write_csr ctx;
+    mbedtls_x509write_csr_init(&ctx);
+
+    unsigned char buf[EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH] = { 0 };
+    unsigned char *p = buf + sizeof(buf);
+
+    ret = mbedtls_x509_set_extension(&(ctx.MBEDTLS_PRIVATE(extensions)),
+                                     MBEDTLS_OID_EXTENDED_KEY_USAGE,
+                                     MBEDTLS_OID_SIZE(MBEDTLS_OID_EXTENDED_KEY_USAGE),
+                                     0,
+                                     p,
+                                     val_len);
+    TEST_ASSERT(ret == MBEDTLS_ERR_X509_BAD_INPUT_DATA || ret == MBEDTLS_ERR_X509_ALLOC_FAILED);
+}
+/* END_CASE */