Merge branch 'iotssl-1155-hashlen-type'
Introduces additional checks in the PK module for 64-bit systems only. The
problem is that the API functions in the PK abstraction accept a size_t value
for the hashlen, while the RSA module accepts an unsigned int for the hashlen.
Instead of silently casting size_t to unsigned int, this change checks whether
the hashlen overflows an unsigned int and returns an error.
diff --git a/ChangeLog b/ChangeLog
index 0c9c444..621e6fb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,6 @@
mbed TLS ChangeLog (Sorted per branch, date)
-= mbed TLS x.x.x branch released xxxx-xx-xx
+= mbed TLS 2.x.x branch released xxxx-xx-xx
Security
* Add checks to prevent signature forgeries for very large messages while
@@ -8,6 +8,33 @@
some data loss when casting a size_t to an unsigned int value in the
functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and
mbedtls_pk_sign(). Found by Jean-Philippe Aumasson.
+ * Removed MD5 from the allowed hash algorithms for CertificateRequest and
+ CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2.
+ Introduced by interoperability fix for #513.
+
+Bugfix
+ * Fix the redefinition of macro ssl_set_bio to an undefined symbol
+ mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it.
+ Found by omlib-lin. #673
+ * Fix unused variable/function compilation warnings in pem.c, x509_crt.c and
+ x509_csr.c that are reported when building mbed TLS with a config.h that
+ does not define MBEDTLS_PEM_PARSE_C. Found by omnium21. #562
+ * Fix incorrect renegotiation condition in ssl_check_ctr_renegotiate() that
+ would compare 64 bits of the record counter instead of 48 bits as indicated
+ in RFC 6347 Section 4.3.1. This could cause the execution of the
+ renegotiation routines at unexpected times when the protocol is DTLS. Found
+ by wariua. #687
+ * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could
+ cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+ * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could
+ cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+ * Fixed potential arithmetic overflow in mbedtls_md2_update() that could
+ cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+ * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could
+ cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+ * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing
+ the input string in PEM format to extract the different components. Found
+ by Eyal Itkin.
= mbed TLS 2.4.1 branch released 2016-12-13
diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h
index 27abbd9..af51b5f 100644
--- a/include/mbedtls/compat-1.3.h
+++ b/include/mbedtls/compat-1.3.h
@@ -2453,7 +2453,6 @@
#define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
#define ssl_set_authmode mbedtls_ssl_conf_authmode
#define ssl_set_bio mbedtls_ssl_set_bio
-#define ssl_set_bio mbedtls_ssl_set_bio_timeout
#define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
#define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
#define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 2c02190..42c9779 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1146,7 +1146,7 @@
*
* \note See the documentation of \c mbedtls_ssl_set_timer_t and
* \c mbedtls_ssl_get_timer_t for the conventions this pair of
- * callbacks must fallow.
+ * callbacks must follow.
*
* \note On some platforms, timing.c provides
* \c mbedtls_timing_set_delay() and
@@ -2183,7 +2183,7 @@
/**
* \brief Set record counter threshold for periodic renegotiation.
- * (Default: 2^64 - 256.)
+ * (Default: 2^48 - 1)
*
* Renegotiation is automatically triggered when a record
* counter (outgoing or ingoing) crosses the defined
@@ -2194,9 +2194,17 @@
* Lower values can be used to enforce policies such as "keys
* must be refreshed every N packets with cipher X".
*
+ * The renegotiation period can be disabled by setting
+ * conf->disable_renegotiation to
+ * MBEDTLS_SSL_RENEGOTIATION_DISABLED.
+ *
+ * \note When the configured transport is
+ * MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation
+ * period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM,
+ * the maximum renegotiation period is 2^64 - 1.
+ *
* \param conf SSL configuration
* \param period The threshold value: a big-endian 64-bit number.
- * Set to 2^64 - 1 to disable periodic renegotiation
*/
void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
const unsigned char period[8] );
diff --git a/library/base64.c b/library/base64.c
index 5cb12cb..f06b57b 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -192,7 +192,11 @@
return( 0 );
}
- n = ( ( n * 6 ) + 7 ) >> 3;
+ /* The following expression is to calculate the following formula without
+ * risk of integer overflow in n:
+ * n = ( ( n * 6 ) + 7 ) >> 3;
+ */
+ n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 );
n -= j;
if( dst == NULL || dlen < n )
diff --git a/library/cipher.c b/library/cipher.c
index a883438..e9e0b22 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -326,9 +326,9 @@
* If there is not enough data for a full block, cache it.
*/
if( ( ctx->operation == MBEDTLS_DECRYPT &&
- ilen + ctx->unprocessed_len <= block_size ) ||
+ ilen <= block_size - ctx->unprocessed_len ) ||
( ctx->operation == MBEDTLS_ENCRYPT &&
- ilen + ctx->unprocessed_len < block_size ) )
+ ilen < block_size - ctx->unprocessed_len ) )
{
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
ilen );
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 386f8ad..55612c7 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -290,7 +290,8 @@
unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT];
size_t seedlen = 0;
- if( ctx->entropy_len + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
+ if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ||
+ len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT );
diff --git a/library/md2.c b/library/md2.c
index 8976701..95cbcce 100644
--- a/library/md2.c
+++ b/library/md2.c
@@ -158,7 +158,7 @@
while( ilen > 0 )
{
- if( ctx->left + ilen > 16 )
+ if( ilen > 16 - ctx->left )
fill = 16 - ctx->left;
else
fill = ilen;
diff --git a/library/pem.c b/library/pem.c
index 1ee3966..8dd86a4 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -44,12 +44,12 @@
#define mbedtls_free free
#endif
+#if defined(MBEDTLS_PEM_PARSE_C)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
-#if defined(MBEDTLS_PEM_PARSE_C)
void mbedtls_pem_init( mbedtls_pem_context *ctx )
{
memset( ctx, 0, sizeof( mbedtls_pem_context ) );
@@ -249,7 +249,7 @@
enc = 0;
- if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
+ if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
{
#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
@@ -262,22 +262,22 @@
#if defined(MBEDTLS_DES_C)
- if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
+ if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
{
enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC;
s1 += 23;
- if( pem_get_iv( s1, pem_iv, 8 ) != 0 )
+ if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 )
return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
s1 += 16;
}
- else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
+ else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
{
enc_alg = MBEDTLS_CIPHER_DES_CBC;
s1 += 18;
- if( pem_get_iv( s1, pem_iv, 8) != 0 )
+ if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 )
return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
s1 += 16;
@@ -285,9 +285,11 @@
#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_AES_C)
- if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
+ if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
{
- if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
+ if( s2 - s1 < 22 )
+ return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
+ else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
enc_alg = MBEDTLS_CIPHER_AES_128_CBC;
else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
enc_alg = MBEDTLS_CIPHER_AES_192_CBC;
@@ -297,7 +299,7 @@
return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
s1 += 22;
- if( pem_get_iv( s1, pem_iv, 16 ) != 0 )
+ if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 )
return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
s1 += 32;
@@ -316,7 +318,7 @@
( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
}
- if( s1 == s2 )
+ if( s1 >= s2 )
return( MBEDTLS_ERR_PEM_INVALID_DATA );
ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 121c135..d9ab832 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6482,6 +6482,10 @@
*/
static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
{
+ size_t ep_len = ssl_ep_len( ssl );
+ int in_ctr_cmp;
+ int out_ctr_cmp;
+
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ||
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ||
ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED )
@@ -6489,8 +6493,12 @@
return( 0 );
}
- if( memcmp( ssl->in_ctr, ssl->conf->renego_period, 8 ) <= 0 &&
- memcmp( ssl->out_ctr, ssl->conf->renego_period, 8 ) <= 0 )
+ in_ctr_cmp = memcmp( ssl->in_ctr + ep_len,
+ ssl->conf->renego_period + ep_len, 8 - ep_len );
+ out_ctr_cmp = memcmp( ssl->out_ctr + ep_len,
+ ssl->conf->renego_period + ep_len, 8 - ep_len );
+
+ if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 )
{
return( 0 );
}
@@ -7231,8 +7239,8 @@
#if defined(MBEDTLS_SSL_RENEGOTIATION)
conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT;
- memset( conf->renego_period, 0xFF, 7 );
- conf->renego_period[7] = 0x00;
+ memset( conf->renego_period, 0x00, 2 );
+ memset( conf->renego_period + 2, 0xFF, 6 );
#endif
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
@@ -7645,8 +7653,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_SSL_HASH_MD5:
- ssl->handshake->calc_verify = ssl_calc_verify_tls;
- break;
+ return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_SSL_HASH_SHA1:
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 80af725..056dc16 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -969,8 +969,8 @@
*/
int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
{
- int success = 0, first_error = 0, total_failed = 0;
#if defined(MBEDTLS_PEM_PARSE_C)
+ int success = 0, first_error = 0, total_failed = 0;
int buf_format = MBEDTLS_X509_FORMAT_DER;
#endif
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 603d06b..f92b66c 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -265,8 +265,8 @@
*/
int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen )
{
- int ret;
#if defined(MBEDTLS_PEM_PARSE_C)
+ int ret;
size_t use_len;
mbedtls_pem_context pem;
#endif
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 442a3fb..e18ee42 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -37,7 +37,7 @@
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_TIMING_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_CERTS_C)
+ !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C)
int main( void )
{
mbedtls_printf( "MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 4a22771..b49ffb4 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -494,13 +494,13 @@
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
else
#endif
-#if defined(MBEDTLS_CERTS_C)
+#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C)
ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
#else
{
ret = 1;
- mbedtls_printf("MBEDTLS_CERTS_C not defined.");
+ mbedtls_printf("MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.");
}
#endif
if( ret < 0 )
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 18bda59..d98b669 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -63,6 +63,8 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <stdint.h>
+#include <inttypes.h>
#if !defined(_WIN32)
#include <signal.h>
@@ -113,7 +115,7 @@
#define DFL_ALLOW_LEGACY -2
#define DFL_RENEGOTIATE 0
#define DFL_RENEGO_DELAY -2
-#define DFL_RENEGO_PERIOD -1
+#define DFL_RENEGO_PERIOD ( (uint64_t)-1 )
#define DFL_EXCHANGES 1
#define DFL_MIN_VERSION -1
#define DFL_MAX_VERSION -1
@@ -292,7 +294,7 @@
" renegotiation=%%d default: 0 (disabled)\n" \
" renegotiate=%%d default: 0 (disabled)\n" \
" renego_delay=%%d default: -2 (library default)\n" \
- " renego_period=%%d default: (library default)\n"
+ " renego_period=%%d default: (2^64 - 1 for TLS, 2^48 - 1 for DTLS)\n"
#else
#define USAGE_RENEGO ""
#endif
@@ -351,6 +353,19 @@
" force_ciphersuite=<name> default: all enabled\n" \
" acceptable ciphersuite names:\n"
+
+#define PUT_UINT64_BE(out_be,in_le,i) \
+{ \
+ (out_be)[(i) + 0] = (unsigned char)( ( (in_le) >> 56 ) & 0xFF ); \
+ (out_be)[(i) + 1] = (unsigned char)( ( (in_le) >> 48 ) & 0xFF ); \
+ (out_be)[(i) + 2] = (unsigned char)( ( (in_le) >> 40 ) & 0xFF ); \
+ (out_be)[(i) + 3] = (unsigned char)( ( (in_le) >> 32 ) & 0xFF ); \
+ (out_be)[(i) + 4] = (unsigned char)( ( (in_le) >> 24 ) & 0xFF ); \
+ (out_be)[(i) + 5] = (unsigned char)( ( (in_le) >> 16 ) & 0xFF ); \
+ (out_be)[(i) + 6] = (unsigned char)( ( (in_le) >> 8 ) & 0xFF ); \
+ (out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \
+}
+
/*
* global options
*/
@@ -377,7 +392,7 @@
int allow_legacy; /* allow legacy renegotiation */
int renegotiate; /* attempt renegotiation? */
int renego_delay; /* delay before enforcing renegotiation */
- int renego_period; /* period for automatic renegotiation */
+ uint64_t renego_period; /* period for automatic renegotiation */
int exchanges; /* number of data exchanges */
int min_version; /* minimum protocol version accepted */
int max_version; /* maximum protocol version accepted */
@@ -1041,8 +1056,8 @@
}
else if( strcmp( p, "renego_period" ) == 0 )
{
- opt.renego_period = atoi( q );
- if( opt.renego_period < 2 || opt.renego_period > 255 )
+ if( sscanf( q, "%" SCNu64, &opt.renego_period ) != 1 ||
+ opt.renego_period < 2 )
goto usage;
}
else if( strcmp( p, "exchanges" ) == 0 )
@@ -1757,7 +1772,7 @@
if( opt.renego_period != DFL_RENEGO_PERIOD )
{
- renego_period[7] = opt.renego_period;
+ PUT_UINT64_BE( renego_period, opt.renego_period, 0 );
mbedtls_ssl_conf_renegotiation_period( &conf, renego_period );
}
#endif
diff --git a/scripts/data_files/rename-1.3-2.0.txt b/scripts/data_files/rename-1.3-2.0.txt
index 397f6be..cb3381a 100644
--- a/scripts/data_files/rename-1.3-2.0.txt
+++ b/scripts/data_files/rename-1.3-2.0.txt
@@ -1996,7 +1996,6 @@
ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
ssl_set_authmode mbedtls_ssl_conf_authmode
ssl_set_bio mbedtls_ssl_set_bio
-ssl_set_bio_timeout mbedtls_ssl_set_bio_timeout
ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 57155b8..41fbc3d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1601,6 +1601,19 @@
-s "=> renegotiate" \
-s "write hello request"
+run_test "Renegotiation: DTLS, renego_period overflow" \
+ "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \
+ "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \
+ 0 \
+ -c "client hello, adding renegotiation extension" \
+ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+ -s "found renegotiation extension" \
+ -s "server hello, secure renegotiation extension" \
+ -s "record counter limit reached: renegotiate" \
+ -c "=> renegotiate" \
+ -s "=> renegotiate" \
+ -s "write hello request" \
+
requires_gnutls
run_test "Renegotiation: DTLS, gnutls server, client-initiated" \
"$G_SRV -u --mtu 4096" \
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index 3acfb8b..883cfe0 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -39,6 +39,11 @@
TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional,
MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + 1 ) ==
MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+
+ mbedtls_ctr_drbg_set_entropy_len( &ctx, ~0 );
+ TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional,
+ MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) ==
+ MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
exit:
mbedtls_ctr_drbg_free( &ctx );
}
diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data
index 973c923..9a62db8 100644
--- a/tests/suites/test_suite_pem.data
+++ b/tests/suites/test_suite_pem.data
@@ -15,3 +15,12 @@
PEM write (exactly two lines + 1)
mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n"
+
+PEM read (DES-EDE3-CBC + invalid iv)
+mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":-4608
+
+PEM read (DES-CBC + invalid iv)
+mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":-4608
+
+PEM read (unknown encryption algorithm)
+mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":-4736
diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function
index 6a62bfe..5e02210 100644
--- a/tests/suites/test_suite_pem.function
+++ b/tests/suites/test_suite_pem.function
@@ -3,12 +3,7 @@
#include "mbedtls/pem.h"
/* END_HEADER */
-/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_PEM_WRITE_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
void mbedtls_pem_write_buffer( char *start, char *end, char *buf_str, char *result_str )
{
unsigned char buf[5000];
@@ -38,3 +33,20 @@
mbedtls_free( check_buf );
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_AES_C:MBEDTLS_DES_C:MBEDTLS_MD5_C:MBEDTLS_CIPHER_MODE_CBC */
+void mbedtls_pem_read_buffer( char *header, char *footer, char *data, int ret )
+{
+ mbedtls_pem_context ctx;
+ size_t use_len = 0;
+
+ mbedtls_pem_init( &ctx );
+
+ TEST_ASSERT( mbedtls_pem_read_buffer( &ctx, header, footer,
+ (const unsigned char *)data, NULL, 0,
+ &use_len ) == ret );
+
+exit:
+ mbedtls_pem_free( &ctx );
+}
+/* END_CASE */