From 079ed04b176717de59afdd840cbb3b4b692ae0e6 Mon Sep 17 00:00:00 2001
From: Steffen Jaeckel <s@jaeckel.eu>
Date: Mon, 16 Jul 2018 09:35:14 +0200
Subject: [PATCH 1/4] add OID testcase from x.690

---
 tests/der_test.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/tests/der_test.c b/tests/der_test.c
index 8ad5e34a4..dcafd5346 100644
--- a/tests/der_test.c
+++ b/tests/der_test.c
@@ -673,6 +673,26 @@ static void der_set_test(void)
 
 */
 
+static void _der_oid_test(void)
+{
+   static const unsigned char oid_x690_8_19_5_example[] = { 0x06, 0x03, 0x88, 0x37, 0x03 };
+   unsigned long len;
+   unsigned char buf[64];
+
+   ltc_asn1_list *decoded_list, static_list[1];
+
+   len = sizeof(oid_x690_8_19_5_example);
+   DO(der_decode_sequence_flexi(oid_x690_8_19_5_example, &len, &decoded_list));
+
+   LTC_SET_ASN1(static_list, 0, LTC_ASN1_OBJECT_IDENTIFIER, (void *)decoded_list->data, decoded_list->size);
+   len = sizeof(buf);
+   DO(der_encode_object_identifier(decoded_list->data, decoded_list->size, buf, &len));
+   der_sequence_free(decoded_list);
+
+   DO(do_compare_testvector(buf, len, oid_x690_8_19_5_example, sizeof(oid_x690_8_19_5_example), "OID X6.90 Ch. 8.19.5 Example", 0));
+
+}
+
 static void der_flexi_test(void)
 {
    static const char printable_str[]    = "printable";
@@ -1589,6 +1609,8 @@ int der_test(void)
 
    der_cacert_test();
 
+   _der_oid_test();
+
    y = 0xffffff00;
 #if ULONG_MAX == ULLONG_MAX
    y <<= 32;

From 4ffdb915f0ff479c0c5a92b5fe83aa8e2d679f7b Mon Sep 17 00:00:00 2001
From: Steffen Jaeckel <s@jaeckel.eu>
Date: Mon, 16 Jul 2018 09:36:44 +0200
Subject: [PATCH 2/4] fix der_decode_object_identifier()

---
 .../der/object_identifier/der_decode_object_identifier.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c b/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c
index f49786272..23dcf770f 100644
--- a/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c
+++ b/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c
@@ -71,8 +71,13 @@ int der_decode_object_identifier(const unsigned char *in,    unsigned long  inle
             y++;
          } else {
             if (y == 0) {
-               words[0] = t / 40;
-               words[1] = t % 40;
+               if (t <= 79) {
+                  words[0] = t / 40;
+                  words[1] = t % 40;
+               } else {
+                  words[0] = 2;
+                  words[1] = t - 80;
+               }
                y = 2;
             } else {
                words[y++] = t;

From 6584569872518196c390b202b2579c23d8f8930f Mon Sep 17 00:00:00 2001
From: Steffen Jaeckel <s@jaeckel.eu>
Date: Mon, 16 Jul 2018 22:55:31 +0200
Subject: [PATCH 3/4] add another OID testcase for root-node 3

---
 tests/der_test.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/tests/der_test.c b/tests/der_test.c
index dcafd5346..4f15b2839 100644
--- a/tests/der_test.c
+++ b/tests/der_test.c
@@ -676,7 +676,7 @@ static void der_set_test(void)
 static void _der_oid_test(void)
 {
    static const unsigned char oid_x690_8_19_5_example[] = { 0x06, 0x03, 0x88, 0x37, 0x03 };
-   unsigned long len;
+   unsigned long len, oid[3];
    unsigned char buf[64];
 
    ltc_asn1_list *decoded_list, static_list[1];
@@ -691,6 +691,14 @@ static void _der_oid_test(void)
 
    DO(do_compare_testvector(buf, len, oid_x690_8_19_5_example, sizeof(oid_x690_8_19_5_example), "OID X6.90 Ch. 8.19.5 Example", 0));
 
+   oid[0] = 3;
+   oid[1] = 4;
+   oid[2] = 5;
+
+   len = sizeof(buf);
+   SHOULD_FAIL(der_encode_object_identifier(oid, 3, buf, &len));
+   len = sizeof(buf);
+   SHOULD_FAIL(der_length_object_identifier(oid, 3, &len));
 }
 
 static void der_flexi_test(void)

From 2e9c80cbc18315e00593935223ca1bd46e2224ed Mon Sep 17 00:00:00 2001
From: Steffen Jaeckel <s@jaeckel.eu>
Date: Mon, 16 Jul 2018 23:01:46 +0200
Subject: [PATCH 4/4] fix der_length_object_identifier()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

... there are only three root nodes

As of X6.90 Ch. 8.19.4: "NOTE – This packing of the first two
object identifier components recognizes that only three values
are allocated from the root node..."
---
 .../asn1/der/object_identifier/der_length_object_identifier.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/pk/asn1/der/object_identifier/der_length_object_identifier.c b/src/pk/asn1/der/object_identifier/der_length_object_identifier.c
index cc22a3c9b..e6cff37a4 100644
--- a/src/pk/asn1/der/object_identifier/der_length_object_identifier.c
+++ b/src/pk/asn1/der/object_identifier/der_length_object_identifier.c
@@ -48,8 +48,8 @@ int der_length_object_identifier(const unsigned long *words, unsigned long nword
       return CRYPT_INVALID_ARG;
    }
 
-   /* word1 = 0,1,2,3 and word2 0..39 */
-   if (words[0] > 3 || (words[0] < 2 && words[1] > 39)) {
+   /* word1 = 0,1,2 and word2 0..39 */
+   if (words[0] > 2 || (words[0] < 2 && words[1] > 39)) {
       return CRYPT_INVALID_ARG;
    }