Merge branch for fix for #502 - Unchecked calls
Conflicts:
ChangeLog
diff --git a/ChangeLog b/ChangeLog
index 1b456c9..03c8568 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,16 @@
mbed TLS ChangeLog (Sorted per branch, date)
-= mbed TLS 2.1.x
+= mbed TLS 2.1.x branch released 2016-xx-xx
+
+Security
+ * Remove MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant
+ with RFC5116 and could lead to session key recovery in very long TLS
+ sessions. (H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic -
+ "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in TLS")
+ * Fix potential stack corruption in mbedtls_x509write_crt_der() and
+ mbedtls_x509write_csr_der() when the signature is copied to the buffer
+ without checking whether there is enough space in the destination. The
+ issue cannot be triggered remotely. (found by Jethro Beekman)
Bugfix
* Fix an issue that caused valid certificates being rejected whenever an
@@ -10,6 +20,18 @@
when GCM is used. #441
* Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't
enabled unless others were also present. Found by David Fernandez. #428
+ * Fixed cert_app sample program for debug output and for use when no root
+ certificates are provided.
+ * Fix conditional statement that would cause a 1 byte overread in
+ mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599
+ * Fixed pthread implementation to avoid unintended double initialisations
+ and double frees. (found by Niklas Amnebratt)
+ * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for
+ builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found
+ by inestlerode. #559.
+ * Fix documentation and implementation missmatch for function arguments of
+ mbedtls_gcm_finish(). Found by cmiatpaar. #602
+ * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558
* Fix missing return code check after call to mbedtls_md_setup() that could
result in usage of invalid md_ctx in mbedtls_rsa_rsaes_oaep_encrypt(),
mbedtls_rsa_rsaes_oaep_decrypt(), mbedtls_rsa_rsassa_pss_sign() and
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 5147ec6..e77cf26 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -869,18 +869,6 @@
//#define MBEDTLS_SHA256_SMALLER
/**
- * \def MBEDTLS_SSL_AEAD_RANDOM_IV
- *
- * Generate a random IV rather than using the record sequence number as a
- * nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
- *
- * Using the sequence number is generally recommended.
- *
- * Uncomment this macro to always use random IVs with AEAD ciphersuites.
- */
-//#define MBEDTLS_SSL_AEAD_RANDOM_IV
-
-/**
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
*
* Enable sending of alert messages in case of encountered errors as per RFC.
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index 6743ac9..1b77aae 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -190,8 +190,8 @@
* 16 bytes.
*
* \param ctx GCM context
- * \param tag buffer for holding the tag (may be NULL if tag_len is 0)
- * \param tag_len length of the tag to generate
+ * \param tag buffer for holding the tag
+ * \param tag_len length of the tag to generate (must be at least 4)
*
* \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
*/
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 34998a3..65187f3 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -276,7 +276,7 @@
*
* \note f_rng may be NULL if RSA is used for signature and the
* signature is made offline (otherwise f_rng is desirable
- * for couermeasures against timing attacks).
+ * for countermeasures against timing attacks).
* ECDSA signatures always require a non-NULL f_rng.
*/
int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
diff --git a/library/asn1parse.c b/library/asn1parse.c
index b37523d..36aff6e 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -153,7 +153,7 @@
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
return( ret );
- if( len > sizeof( int ) || ( **p & 0x80 ) != 0 )
+ if( len == 0 || len > sizeof( int ) || ( **p & 0x80 ) != 0 )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
*val = 0;
diff --git a/library/gcm.c b/library/gcm.c
index aaacf97..f1210c5 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -415,8 +415,7 @@
if( tag_len > 16 || tag_len < 4 )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
- if( tag_len != 0 )
- memcpy( tag, ctx->base_ectr, tag_len );
+ memcpy( tag, ctx->base_ectr, tag_len );
if( orig_len || orig_add_len )
{
diff --git a/library/rsa.c b/library/rsa.c
index 1d48709..e831875 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -96,7 +96,10 @@
if( f_rng == NULL || nbits < 128 || exponent < 3 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 );
+ if( nbits % 2 )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 );
mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
/*
@@ -110,16 +113,8 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0,
f_rng, p_rng ) );
- if( nbits % 2 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits >> 1 ) + 1, 0,
+ MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
f_rng, p_rng ) );
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
- f_rng, p_rng ) );
- }
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
continue;
@@ -128,6 +123,9 @@
if( mbedtls_mpi_bitlen( &ctx->N ) != nbits )
continue;
+ if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
+ mbedtls_mpi_swap( &ctx->P, &ctx->Q );
+
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bf60941..d442642 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1364,17 +1364,6 @@
/*
* Generate IV
*/
-#if defined(MBEDTLS_SSL_AEAD_RANDOM_IV)
- ret = ssl->conf->f_rng( ssl->conf->p_rng,
- ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
- ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
- if( ret != 0 )
- return( ret );
-
- memcpy( ssl->out_iv,
- ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
- ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
-#else
if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 )
{
/* Reminder if we ever add an AEAD mode with a different size */
@@ -1385,7 +1374,6 @@
memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
ssl->out_ctr, 8 );
memcpy( ssl->out_iv, ssl->out_ctr, 8 );
-#endif
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
diff --git a/library/threading.c b/library/threading.c
index 1b6d9cd..83ec01a 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -32,7 +32,7 @@
#if defined(MBEDTLS_THREADING_PTHREAD)
static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex )
{
- if( mutex == NULL )
+ if( mutex == NULL || mutex->is_valid )
return;
mutex->is_valid = pthread_mutex_init( &mutex->mutex, NULL ) == 0;
@@ -40,10 +40,11 @@
static void threading_mutex_free_pthread( mbedtls_threading_mutex_t *mutex )
{
- if( mutex == NULL )
+ if( mutex == NULL || !mutex->is_valid )
return;
(void) pthread_mutex_destroy( &mutex->mutex );
+ mutex->is_valid = 0;
}
static int threading_mutex_lock_pthread( mbedtls_threading_mutex_t *mutex )
diff --git a/library/version_features.c b/library/version_features.c
index 196b93c..f9d99af 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -309,9 +309,6 @@
#if defined(MBEDTLS_SHA256_SMALLER)
"MBEDTLS_SHA256_SMALLER",
#endif /* MBEDTLS_SHA256_SMALLER */
-#if defined(MBEDTLS_SSL_AEAD_RANDOM_IV)
- "MBEDTLS_SSL_AEAD_RANDOM_IV",
-#endif /* MBEDTLS_SSL_AEAD_RANDOM_IV */
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
"MBEDTLS_SSL_ALL_ALERT_MESSAGES",
#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 9041d44..d1d9a22 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -413,6 +413,9 @@
MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf,
sig_oid, sig_oid_len, sig, sig_len ) );
+ if( len > (size_t)( c2 - buf ) )
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
c2 -= len;
memcpy( c2, c, len );
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 0b9a285..8fd856b 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -213,6 +213,9 @@
MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf,
sig_oid, sig_oid_len, sig, sig_len ) );
+ if( len > (size_t)( c2 - buf ) )
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
c2 -= len;
memcpy( c2, c, len );
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index d889245..02f57b3 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -386,11 +386,11 @@
*/
if( filesize < 16 + mbedtls_md_get_size( md_info ) )
{
- mbedtls_fprintf( stderr, "File too short to be encrypted.\n" );
+ mbedtls_fprintf( stderr, "File too short to be decrypted.\n" );
goto exit;
}
- if( mbedtls_cipher_get_block_size( &cipher_ctx ) == 0 )
+ if( mbedtls_cipher_get_block_size( &cipher_ctx ) == 0 )
{
mbedtls_fprintf( stderr, "Invalid cipher block size: 0. \n" );
goto exit;
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 63a3aeb..4812694 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -120,12 +120,14 @@
USAGE_DEV_RANDOM \
"\n"
-#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_FS_IO) || \
- !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
+#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
int main( void )
{
mbedtls_printf( "MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_PEM_WRITE_C"
"not defined.\n" );
return( 0 );
}
@@ -418,4 +420,6 @@
return( ret );
}
-#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
+#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO &&
+ * MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 84f67e6..09022a1 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -54,6 +54,7 @@
#include "mbedtls/net.h"
#include "mbedtls/ssl.h"
#include "mbedtls/x509.h"
+#include "mbedtls/debug.h"
#include <stdio.h>
#include <stdlib.h>
@@ -149,9 +150,7 @@
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_x509_crt cacert;
- mbedtls_x509_crt clicert;
mbedtls_x509_crl cacrl;
- mbedtls_pk_context pkey;
int i, j;
uint32_t flags;
int verify = 0;
@@ -166,7 +165,6 @@
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_x509_crt_init( &cacert );
- mbedtls_x509_crt_init( &clicert );
#if defined(MBEDTLS_X509_CRL_PARSE_C)
mbedtls_x509_crl_init( &cacrl );
#else
@@ -174,7 +172,6 @@
it to the verify function */
memset( &cacrl, 0, sizeof(mbedtls_x509_crl) );
#endif
- mbedtls_pk_init( &pkey );
if( argc == 0 )
{
@@ -377,6 +374,10 @@
mbedtls_printf( " ok\n" );
+#if defined(MBEDTLS_DEBUG_C)
+ mbedtls_debug_set_threshold( opt.debug_level );
+#endif
+
/*
* 2. Start the connection
*/
@@ -415,12 +416,6 @@
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
- if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
- goto ssl_exit;
- }
-
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
@@ -476,11 +471,9 @@
mbedtls_net_free( &server_fd );
mbedtls_x509_crt_free( &cacert );
- mbedtls_x509_crt_free( &clicert );
#if defined(MBEDTLS_X509_CRL_PARSE_C)
mbedtls_x509_crl_free( &cacrl );
#endif
- mbedtls_pk_free( &pkey );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 5cafb80..30df216 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -34,7 +34,8 @@
#if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_SHA256_C) || \
- !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_PEM_WRITE_C)
int main( void )
{
mbedtls_printf( "MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or "
@@ -341,4 +342,4 @@
return( ret );
}
#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
- MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 7907d82..66e5f1d 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -32,10 +32,11 @@
#define mbedtls_printf printf
#endif
-#if !defined(MBEDTLS_X509_CRT_WRITE_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
- !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_ERROR_C) || !defined(MBEDTLS_SHA256_C)
+#if !defined(MBEDTLS_X509_CRT_WRITE_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_ERROR_C) || !defined(MBEDTLS_SHA256_C) || \
+ !defined(MBEDTLS_PEM_WRITE_C)
int main( void )
{
mbedtls_printf( "MBEDTLS_X509_CRT_WRITE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
@@ -664,4 +665,4 @@
}
#endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C &&
MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
- MBEDTLS_ERROR_C */
+ MBEDTLS_ERROR_C && MBEDTLS_PEM_WRITE_C */
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d184d85..e73d011 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -286,8 +286,10 @@
# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
# Options: -s pattern pattern that must be present in server output
# -c pattern pattern that must be present in client output
+# -u pattern lines after pattern must be unique in client output
# -S pattern pattern that must be absent in server output
# -C pattern pattern that must be absent in client output
+# -U pattern lines after pattern must be unique in server output
run_test() {
NAME="$1"
shift 1
@@ -419,29 +421,50 @@
do
case $1 in
"-s")
- if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then :; else
- fail "-s $2"
+ if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
+ fail "pattern '$2' MUST be present in the Server output"
return
fi
;;
"-c")
- if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then :; else
- fail "-c $2"
+ if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
+ fail "pattern '$2' MUST be present in the Client output"
return
fi
;;
"-S")
- if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then
- fail "-S $2"
+ if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
+ fail "pattern '$2' MUST NOT be present in the Server output"
return
fi
;;
"-C")
- if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then
- fail "-C $2"
+ if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
+ fail "pattern '$2' MUST NOT be present in the Client output"
+ return
+ fi
+ ;;
+
+ # The filtering in the following two options (-u and -U) do the following
+ # - ignore valgrind output
+ # - filter out everything but lines right after the pattern occurances
+ # - keep one of each non-unique line
+ # - count how many lines remain
+ # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1
+ # if there were no duplicates.
+ "-U")
+ if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
+ fail "lines following pattern '$2' must be unique in Server output"
+ return
+ fi
+ ;;
+
+ "-u")
+ if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
+ fail "lines following pattern '$2' must be unique in Client output"
return
fi
;;
@@ -572,6 +595,14 @@
-s "Protocol is DTLSv1.2" \
-s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384"
+# Test for uniqueness of IVs in AEAD ciphersuites
+run_test "Unique IV in GCM" \
+ "$P_SRV exchanges=20 debug_level=4" \
+ "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
+ 0 \
+ -u "IV used" \
+ -U "IV used"
+
# Tests for rc4 option
requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES
diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data
index d522332..af16880 100644
--- a/tests/suites/test_suite_rsa.data
+++ b/tests/suites/test_suite_rsa.data
@@ -361,7 +361,7 @@
mbedtls_rsa_gen_key:2048:3:0
RSA Generate Key - 1025 bit key
-mbedtls_rsa_gen_key:1025:3:0
+mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSA PKCS1 Encrypt Bad RNG
depends_on:MBEDTLS_PKCS1_V15
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 59cbb5c..b1bc19e 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -678,6 +678,7 @@
if( result == 0 )
{
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
}
exit:
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index c3773ba..5120837 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -52,6 +52,10 @@
TEST_ASSERT( olen >= pem_len - 1 );
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+ ret = mbedtls_x509write_csr_der( &req, buf, pem_len / 2,
+ rnd_pseudo_rand, &rnd_info );
+ TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
exit:
mbedtls_x509write_csr_free( &req );
mbedtls_pk_free( &key );
@@ -125,6 +129,10 @@
TEST_ASSERT( olen >= pem_len - 1 );
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+ ret = mbedtls_x509write_crt_der( &crt, buf, pem_len / 2,
+ rnd_pseudo_rand, &rnd_info );
+ TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
exit:
mbedtls_x509write_crt_free( &crt );
mbedtls_pk_free( &issuer_key );