Merge pull request #6561 from AndrzejKurek/ecjpake-error-injection
Improve error injection in EC J-PAKE tests
diff --git a/ChangeLog.d/fix_x509_info_hwmodulename.txt b/ChangeLog.d/fix_x509_info_hwmodulename.txt
new file mode 100644
index 0000000..8b227ce
--- /dev/null
+++ b/ChangeLog.d/fix_x509_info_hwmodulename.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix a bug in which mbedtls_x509_crt_info() would produce non-printable
+ bytes when parsing certificates containing a binary RFC 4108
+ HardwareModuleName as a Subject Alternative Name extension. Hardware
+ serial numbers are now rendered in hex format. Fixes #6262.
diff --git a/ChangeLog.d/mbedtls_asn1_type_free.txt b/ChangeLog.d/mbedtls_asn1_type_free.txt
new file mode 100644
index 0000000..81f3a20
--- /dev/null
+++ b/ChangeLog.d/mbedtls_asn1_type_free.txt
@@ -0,0 +1,6 @@
+Features
+ * Shared code to free x509 structs like mbedtls_x509_named_data
+New deprecations
+ * Deprecate mbedtls_asn1_free_named_data().
+ Use mbedtls_asn1_free_named_data_list()
+ or mbedtls_asn1_free_named_data_list_shallow()
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index be2cae7..8b66ee2 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -24,6 +24,7 @@
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
+#include "mbedtls/platform_util.h"
#include <stddef.h>
@@ -606,25 +607,41 @@
const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( const mbedtls_asn1_named_data *list,
const char *oid, size_t len );
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief Free a mbedtls_asn1_named_data entry
*
+ * \deprecated This function is deprecated and will be removed in a
+ * future version of the library.
+ * Please use mbedtls_asn1_free_named_data_list()
+ * or mbedtls_asn1_free_named_data_list_shallow().
+ *
* \param entry The named data entry to free.
* This function calls mbedtls_free() on
* `entry->oid.p` and `entry->val.p`.
*/
-void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
+void MBEDTLS_DEPRECATED mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
/**
* \brief Free all entries in a mbedtls_asn1_named_data list.
*
* \param head Pointer to the head of the list of named data entries to free.
- * This function calls mbedtls_asn1_free_named_data() and
- * mbedtls_free() on each list element and
- * sets \c *head to \c NULL.
+ * This function calls mbedtls_free() on
+ * `entry->oid.p` and `entry->val.p` and then on `entry`
+ * for each list entry, and sets \c *head to \c NULL.
*/
void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
+/**
+ * \brief Free all shallow entries in a mbedtls_asn1_named_data list,
+ * but do not free internal pointer targets.
+ *
+ * \param name Head of the list of named data entries to free.
+ * This function calls mbedtls_free() on each list element.
+ */
+void mbedtls_asn1_free_named_data_list_shallow( mbedtls_asn1_named_data *name );
+
/** \} name Functions to parse ASN.1 data structures */
/** \} addtogroup asn1_module */
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index ee37430..9d15955 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -758,11 +758,11 @@
*
* \param Q The destination MPI for the quotient.
* This may be \c NULL if the value of the
- * quotient is not needed.
+ * quotient is not needed. This must not alias A or B.
* \param R The destination MPI for the remainder value.
* This may be \c NULL if the value of the
- * remainder is not needed.
- * \param A The dividend. This must point to an initialized MPi.
+ * remainder is not needed. This must not alias A or B.
+ * \param A The dividend. This must point to an initialized MPI.
* \param B The divisor. This must point to an initialized MPI.
*
* \return \c 0 if successful.
@@ -779,10 +779,10 @@
*
* \param Q The destination MPI for the quotient.
* This may be \c NULL if the value of the
- * quotient is not needed.
+ * quotient is not needed. This must not alias A.
* \param R The destination MPI for the remainder value.
* This may be \c NULL if the value of the
- * remainder is not needed.
+ * remainder is not needed. This must not alias A.
* \param A The dividend. This must point to an initialized MPi.
* \param b The divisor.
*
@@ -837,6 +837,7 @@
* \brief Perform a sliding-window exponentiation: X = A^E mod N
*
* \param X The destination MPI. This must point to an initialized MPI.
+ * This must not alias E or N.
* \param A The base of the exponentiation.
* This must point to an initialized MPI.
* \param E The exponent MPI. This must point to an initialized MPI.
diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h
index 5e03d9b..fe87d40 100644
--- a/include/mbedtls/lms.h
+++ b/include/mbedtls/lms.h
@@ -30,6 +30,7 @@
#include <stdint.h>
#include <stddef.h>
+#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
#define MBEDTLS_ERR_LMS_BAD_INPUT_DATA -0x0011 /**< Bad data has been input to an LMS function */
diff --git a/library/asn1parse.c b/library/asn1parse.c
index d874fff..28a3b14 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -314,7 +314,6 @@
while( seq != NULL )
{
mbedtls_asn1_sequence *next = seq->next;
- mbedtls_platform_zeroize( seq, sizeof( *seq ) );
mbedtls_free( seq );
seq = next;
}
@@ -432,6 +431,7 @@
return( 0 );
}
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur )
{
if( cur == NULL )
@@ -442,6 +442,7 @@
mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
}
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
{
@@ -450,11 +451,21 @@
while( ( cur = *head ) != NULL )
{
*head = cur->next;
- mbedtls_asn1_free_named_data( cur );
+ mbedtls_free( cur->oid.p );
+ mbedtls_free( cur->val.p );
mbedtls_free( cur );
}
}
+void mbedtls_asn1_free_named_data_list_shallow( mbedtls_asn1_named_data *name )
+{
+ for( mbedtls_asn1_named_data *next; name != NULL; name = next )
+ {
+ next = name->next;
+ mbedtls_free( name );
+ }
+}
+
const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( const mbedtls_asn1_named_data *list,
const char *oid, size_t len )
{
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 4cd4107..dbc6391 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -1797,8 +1797,7 @@
if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
- "or mbedtls_ssl_set_bio()" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -2013,8 +2012,7 @@
if( ssl->f_send == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
- "or mbedtls_ssl_set_bio()" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5200d90..dbbd6f2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3376,6 +3376,10 @@
if( ret != 0 )
goto cleanup;
+ /* If ssl->conf->endpoint is not one of MBEDTLS_SSL_IS_CLIENT or
+ * MBEDTLS_SSL_IS_SERVER, this is the return code we give */
+ ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+
#if defined(MBEDTLS_SSL_CLI_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
@@ -3386,6 +3390,7 @@
{
case MBEDTLS_SSL_HELLO_REQUEST:
ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
+ ret = 0;
break;
case MBEDTLS_SSL_CLIENT_HELLO:
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 5360b3c..1c53a09 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2680,7 +2680,6 @@
{
unsigned char *p = dn + i + 2;
mbedtls_x509_name name;
- mbedtls_x509_name *name_cur, *name_prv;
size_t asn1_len;
char s[MBEDTLS_X509_MAX_DN_NAME_SIZE];
memset( &name, 0, sizeof( name ) );
@@ -2700,14 +2699,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3,
( "DN hint: %.*s",
mbedtls_x509_dn_gets( s, sizeof(s), &name ), s ) );
- name_cur = name.next;
- while( name_cur != NULL )
- {
- name_prv = name_cur;
- name_cur = name_cur->next;
- mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
- mbedtls_free( name_prv );
- }
+ mbedtls_asn1_free_named_data_list_shallow( name.next );
}
#endif
diff --git a/library/x509.c b/library/x509.c
index c5b0161..362e036 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -472,7 +472,6 @@
size_t set_len;
const unsigned char *end_set;
mbedtls_x509_name *head = cur;
- mbedtls_x509_name *prev, *allocated;
/* don't use recursion, we'd risk stack overflow if not optimized */
while( 1 )
@@ -530,18 +529,8 @@
error:
/* Skip the first element as we did not allocate it */
- allocated = head->next;
-
- while( allocated != NULL )
- {
- prev = allocated;
- allocated = allocated->next;
-
- mbedtls_platform_zeroize( prev, sizeof( *prev ) );
- mbedtls_free( prev );
- }
-
- mbedtls_platform_zeroize( head, sizeof( *head ) );
+ mbedtls_asn1_free_named_data_list_shallow( head->next );
+ head->next = NULL;
return( ret );
}
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 2a3fac7..d830fcd 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -705,28 +705,16 @@
{
mbedtls_x509_crl *crl_cur = crl;
mbedtls_x509_crl *crl_prv;
- mbedtls_x509_name *name_cur;
- mbedtls_x509_name *name_prv;
mbedtls_x509_crl_entry *entry_cur;
mbedtls_x509_crl_entry *entry_prv;
- if( crl == NULL )
- return;
-
- do
+ while( crl_cur != NULL )
{
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
mbedtls_free( crl_cur->sig_opts );
#endif
- name_cur = crl_cur->issuer.next;
- while( name_cur != NULL )
- {
- name_prv = name_cur;
- name_cur = name_cur->next;
- mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
- mbedtls_free( name_prv );
- }
+ mbedtls_asn1_free_named_data_list_shallow( crl_cur->issuer.next );
entry_cur = crl_cur->entry.next;
while( entry_cur != NULL )
@@ -744,13 +732,6 @@
mbedtls_free( crl_cur->raw.p );
}
- crl_cur = crl_cur->next;
- }
- while( crl_cur != NULL );
-
- crl_cur = crl;
- do
- {
crl_prv = crl_cur;
crl_cur = crl_cur->next;
@@ -758,7 +739,6 @@
if( crl_prv != crl )
mbedtls_free( crl_prv );
}
- while( crl_cur != NULL );
}
#endif /* MBEDTLS_X509_CRL_PARSE_C */
diff --git a/library/x509_crt.c b/library/x509_crt.c
index c4f97bb..0eee97c 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -685,16 +685,7 @@
*/
if( ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
{
- mbedtls_x509_sequence *seq_cur = subject_alt_name->next;
- mbedtls_x509_sequence *seq_prv;
- while( seq_cur != NULL )
- {
- seq_prv = seq_cur;
- seq_cur = seq_cur->next;
- mbedtls_platform_zeroize( seq_prv,
- sizeof( mbedtls_x509_sequence ) );
- mbedtls_free( seq_prv );
- }
+ mbedtls_asn1_sequence_free( subject_alt_name->next );
subject_alt_name->next = NULL;
return( ret );
}
@@ -1846,6 +1837,7 @@
const char *prefix )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t i;
size_t n = *size;
char *p = *buf;
const mbedtls_x509_sequence *cur = subject_alt_name;
@@ -1898,18 +1890,11 @@
ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix );
MBEDTLS_X509_SAFE_SNPRINTF;
- if( other_name->value.hardware_module_name.val.len >= n )
+ for( i = 0; i < other_name->value.hardware_module_name.val.len; i++ )
{
- *p = '\0';
- return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+ ret = mbedtls_snprintf( p, n, "%02X", other_name->value.hardware_module_name.val.p[i] );
+ MBEDTLS_X509_SAFE_SNPRINTF;
}
-
- memcpy( p, other_name->value.hardware_module_name.val.p,
- other_name->value.hardware_module_name.val.len );
- p += other_name->value.hardware_module_name.val.len;
-
- n -= other_name->value.hardware_module_name.val.len;
-
}/* MBEDTLS_OID_ON_HW_MODULE_NAME */
}
break;
@@ -3300,15 +3285,8 @@
{
mbedtls_x509_crt *cert_cur = crt;
mbedtls_x509_crt *cert_prv;
- mbedtls_x509_name *name_cur;
- mbedtls_x509_name *name_prv;
- mbedtls_x509_sequence *seq_cur;
- mbedtls_x509_sequence *seq_prv;
- if( crt == NULL )
- return;
-
- do
+ while( cert_cur != NULL )
{
mbedtls_pk_free( &cert_cur->pk );
@@ -3316,53 +3294,11 @@
mbedtls_free( cert_cur->sig_opts );
#endif
- name_cur = cert_cur->issuer.next;
- while( name_cur != NULL )
- {
- name_prv = name_cur;
- name_cur = name_cur->next;
- mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
- mbedtls_free( name_prv );
- }
-
- name_cur = cert_cur->subject.next;
- while( name_cur != NULL )
- {
- name_prv = name_cur;
- name_cur = name_cur->next;
- mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
- mbedtls_free( name_prv );
- }
-
- seq_cur = cert_cur->ext_key_usage.next;
- while( seq_cur != NULL )
- {
- seq_prv = seq_cur;
- seq_cur = seq_cur->next;
- mbedtls_platform_zeroize( seq_prv,
- sizeof( mbedtls_x509_sequence ) );
- mbedtls_free( seq_prv );
- }
-
- seq_cur = cert_cur->subject_alt_names.next;
- while( seq_cur != NULL )
- {
- seq_prv = seq_cur;
- seq_cur = seq_cur->next;
- mbedtls_platform_zeroize( seq_prv,
- sizeof( mbedtls_x509_sequence ) );
- mbedtls_free( seq_prv );
- }
-
- seq_cur = cert_cur->certificate_policies.next;
- while( seq_cur != NULL )
- {
- seq_prv = seq_cur;
- seq_cur = seq_cur->next;
- mbedtls_platform_zeroize( seq_prv,
- sizeof( mbedtls_x509_sequence ) );
- mbedtls_free( seq_prv );
- }
+ mbedtls_asn1_free_named_data_list_shallow( cert_cur->issuer.next );
+ mbedtls_asn1_free_named_data_list_shallow( cert_cur->subject.next );
+ mbedtls_asn1_sequence_free( cert_cur->ext_key_usage.next );
+ mbedtls_asn1_sequence_free( cert_cur->subject_alt_names.next );
+ mbedtls_asn1_sequence_free( cert_cur->certificate_policies.next );
if( cert_cur->raw.p != NULL && cert_cur->own_buffer )
{
@@ -3370,13 +3306,6 @@
mbedtls_free( cert_cur->raw.p );
}
- cert_cur = cert_cur->next;
- }
- while( cert_cur != NULL );
-
- cert_cur = crt;
- do
- {
cert_prv = cert_cur;
cert_cur = cert_cur->next;
@@ -3384,7 +3313,6 @@
if( cert_prv != crt )
mbedtls_free( cert_prv );
}
- while( cert_cur != NULL );
}
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
diff --git a/library/x509_csr.c b/library/x509_csr.c
index dee0ea6..f9462ad 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -375,9 +375,6 @@
*/
void mbedtls_x509_csr_free( mbedtls_x509_csr *csr )
{
- mbedtls_x509_name *name_cur;
- mbedtls_x509_name *name_prv;
-
if( csr == NULL )
return;
@@ -387,14 +384,7 @@
mbedtls_free( csr->sig_opts );
#endif
- name_cur = csr->subject.next;
- while( name_cur != NULL )
- {
- name_prv = name_cur;
- name_cur = name_cur->next;
- mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
- mbedtls_free( name_prv );
- }
+ mbedtls_asn1_free_named_data_list_shallow( csr->subject.next );
if( csr->raw.p != NULL )
{
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 6187d17..09a0689 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -276,6 +276,9 @@
server5-othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@
+server5-nonprintable_othername.crt: server5.key
+ $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -out $@
+
server5-unsupported_othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@
diff --git a/tests/data_files/server5-nonprintable_othername.crt b/tests/data_files/server5-nonprintable_othername.crt
new file mode 100644
index 0000000..9470bbe
--- /dev/null
+++ b/tests/data_files/server5-nonprintable_othername.crt
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBwTCCAWagAwIBAgIBTTAKBggqhkjOPQQDAjBPMQswCQYDVQQGEwJVSzERMA8G
+A1UECgwITWJlZCBUTFMxLTArBgNVBAMMJE1iZWQgVExTIG5vbi1wcmludGFibGUg
+b3RoZXJuYW1lIFNBTjAeFw0yMjA5MDYxNTU2NDdaFw0zMjA5MDMxNTU2NDdaME8x
+CzAJBgNVBAYTAlVLMREwDwYDVQQKDAhNYmVkIFRMUzEtMCsGA1UEAwwkTWJlZCBU
+TFMgbm9uLXByaW50YWJsZSBvdGhlcm5hbWUgU0FOMFkwEwYHKoZIzj0CAQYIKoZI
+zj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/
+6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6MzMDEwLwYDVR0RBCgwJqAkBggrBgEF
+BQcIBKAYMBYGBysGAQQBEQMECzEyM4CBAIGAMzIxMAoGCCqGSM49BAMCA0kAMEYC
+IQDATir07PTj5gtf+HAyI+nd27AH9+bdaWdOI2t2bAwUWgIhAO7kvdcsa++yfJdT
+3vnWdvcHRIAdXA0kh+mcBMaXk9B0
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf
index 64347de..3bb2379 100644
--- a/tests/data_files/test-ca.opensslconf
+++ b/tests/data_files/test-ca.opensslconf
@@ -15,6 +15,9 @@
[othername_san]
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
+[nonprintable_othername_san]
+subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
+
[unsupoported_othername_san]
subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
@@ -34,6 +37,10 @@
hwtype = OID:1.3.6.1.4.1.17.3
hwserial = OCT:123456
+[nonprintable_hw_module_name]
+hwtype = OID:1.3.6.1.4.1.17.3
+hwserial = FORMAT:HEX, OCT:3132338081008180333231
+
[v3_any_policy_ca]
basicConstraints = CA:true
certificatePolicies = 2.5.29.32.0
diff --git a/tests/suites/test_suite_asn1parse.data b/tests/suites/test_suite_asn1parse.data
index 36ab1e4..c129e3c 100644
--- a/tests/suites/test_suite_asn1parse.data
+++ b/tests/suites/test_suite_asn1parse.data
@@ -608,18 +608,23 @@
find_named_data:"414141":"414141":"434343":"444444":"414141":0:0
Free named data: null pointer
+depends_on:MBEDTLS_TEST_DEPRECATED
free_named_data_null:
Free named data: all null
+depends_on:MBEDTLS_TEST_DEPRECATED
free_named_data:0:0:0
Free named data: with oid
+depends_on:MBEDTLS_TEST_DEPRECATED
free_named_data:1:0:0
Free named data: with val
+depends_on:MBEDTLS_TEST_DEPRECATED
free_named_data:0:1:0
Free named data: with next
+depends_on:MBEDTLS_TEST_DEPRECATED
free_named_data:0:0:1
Free named data list (empty)
diff --git a/tests/suites/test_suite_asn1parse.function b/tests/suites/test_suite_asn1parse.function
index 002d8c4..62669b3 100644
--- a/tests/suites/test_suite_asn1parse.function
+++ b/tests/suites/test_suite_asn1parse.function
@@ -735,7 +735,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING */
void free_named_data_null( )
{
mbedtls_asn1_free_named_data( NULL );
@@ -743,7 +743,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING */
void free_named_data( int with_oid, int with_val, int with_next )
{
mbedtls_asn1_named_data next =
diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function
index f50fd07..612a7c6 100644
--- a/tests/suites/test_suite_bignum_core.function
+++ b/tests/suites/test_suite_bignum_core.function
@@ -345,14 +345,18 @@
/* END_CASE */
/* BEGIN_CASE */
-void mpi_core_cond_assign( data_t * input_X,
- data_t * input_Y,
+void mpi_core_cond_assign( char * input_X,
+ char * input_Y,
int input_bytes )
{
mbedtls_mpi_uint *X = NULL;
mbedtls_mpi_uint *Y = NULL;
- size_t limbs_X = CHARS_TO_LIMBS( input_X->len );
- size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len );
+ size_t limbs_X;
+ size_t limbs_Y;
+
+ TEST_EQUAL( mbedtls_test_read_mpi_core( &X, &limbs_X, input_X ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi_core( &Y, &limbs_Y, input_Y ), 0 );
+
size_t limbs = limbs_X;
size_t copy_limbs = CHARS_TO_LIMBS( input_bytes );
size_t bytes = limbs * sizeof( mbedtls_mpi_uint );
@@ -361,15 +365,6 @@
TEST_EQUAL( limbs_X, limbs_Y );
TEST_ASSERT( copy_limbs <= limbs );
- ASSERT_ALLOC( X, limbs );
- ASSERT_ALLOC( Y, limbs );
-
- TEST_ASSERT( mbedtls_mpi_core_read_be( X, limbs, input_X->x, input_X->len )
- == 0 );
-
- TEST_ASSERT( mbedtls_mpi_core_read_be( Y, limbs, input_Y->x, input_Y->len )
- == 0 );
-
/* condition is false */
TEST_CF_SECRET( X, bytes );
TEST_CF_SECRET( Y, bytes );
@@ -394,6 +389,9 @@
than the length of the given MPIs. */
if( copy_limbs < limbs )
{
+ TEST_CF_PUBLIC( X, bytes );
+ TEST_CF_PUBLIC( Y, bytes );
+
ASSERT_COMPARE( X, copy_bytes, Y, copy_bytes );
TEST_ASSERT( memcmp( X, Y, bytes ) != 0 );
}
@@ -407,16 +405,20 @@
/* END_CASE */
/* BEGIN_CASE */
-void mpi_core_cond_swap( data_t * input_X,
- data_t * input_Y,
+void mpi_core_cond_swap( char * input_X,
+ char * input_Y,
int input_bytes )
{
mbedtls_mpi_uint *tmp_X = NULL;
mbedtls_mpi_uint *tmp_Y = NULL;
mbedtls_mpi_uint *X = NULL;
mbedtls_mpi_uint *Y = NULL;
- size_t limbs_X = CHARS_TO_LIMBS( input_X->len );
- size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len );
+ size_t limbs_X;
+ size_t limbs_Y;
+
+ TEST_EQUAL( mbedtls_test_read_mpi_core( &tmp_X, &limbs_X, input_X ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi_core( &tmp_Y, &limbs_Y, input_Y ), 0 );
+
size_t limbs = limbs_X;
size_t copy_limbs = CHARS_TO_LIMBS( input_bytes );
size_t bytes = limbs * sizeof( mbedtls_mpi_uint );
@@ -425,18 +427,9 @@
TEST_EQUAL( limbs_X, limbs_Y );
TEST_ASSERT( copy_limbs <= limbs );
- ASSERT_ALLOC( tmp_X, limbs );
- ASSERT_ALLOC( tmp_Y, limbs );
-
- TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, limbs,
- input_X->x, input_X->len )
- == 0 );
ASSERT_ALLOC( X, limbs );
memcpy( X, tmp_X, bytes );
- TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, limbs,
- input_Y->x, input_Y->len )
- == 0 );
ASSERT_ALLOC( Y, limbs );
memcpy( Y, tmp_Y, bytes );
diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function
index 8ac1ef4..4b90675 100644
--- a/tests/suites/test_suite_bignum_mod_raw.function
+++ b/tests/suites/test_suite_bignum_mod_raw.function
@@ -110,16 +110,20 @@
/* END_CASE */
/* BEGIN_CASE */
-void mpi_mod_raw_cond_assign( data_t * input_X,
- data_t * input_Y,
+void mpi_mod_raw_cond_assign( char * input_X,
+ char * input_Y,
int input_bytes )
{
mbedtls_mpi_uint *X = NULL;
mbedtls_mpi_uint *Y = NULL;
mbedtls_mpi_uint *buff_m = NULL;
mbedtls_mpi_mod_modulus m;
- size_t limbs_X = CHARS_TO_LIMBS( input_X->len );
- size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len );
+ size_t limbs_X;
+ size_t limbs_Y;
+
+ TEST_EQUAL( mbedtls_test_read_mpi_core( &X, &limbs_X, input_X ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi_core( &Y, &limbs_Y, input_Y ), 0 );
+
size_t limbs = limbs_X;
size_t copy_limbs = CHARS_TO_LIMBS( input_bytes );
size_t bytes = limbs * sizeof( mbedtls_mpi_uint );
@@ -130,24 +134,12 @@
TEST_EQUAL( limbs_X, limbs_Y );
TEST_ASSERT( copy_limbs <= limbs );
- ASSERT_ALLOC( X, limbs );
- ASSERT_ALLOC( Y, limbs );
-
- ASSERT_ALLOC( buff_m, limbs );
- memset( buff_m, 0xFF, copy_bytes );
- TEST_ASSERT( mbedtls_mpi_mod_modulus_setup(
+ ASSERT_ALLOC( buff_m, copy_limbs );
+ memset( buff_m, 0xFF, copy_limbs );
+ TEST_EQUAL( mbedtls_mpi_mod_modulus_setup(
&m, buff_m, copy_limbs,
MBEDTLS_MPI_MOD_EXT_REP_BE,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY )
- == 0 );
-
- TEST_ASSERT( mbedtls_mpi_core_read_be( X, limbs,
- input_X->x, input_X->len )
- == 0 );
-
- TEST_ASSERT( mbedtls_mpi_core_read_be( Y, limbs,
- input_Y->x, input_Y->len )
- == 0 );
+ MBEDTLS_MPI_MOD_REP_MONTGOMERY ), 0 );
/* condition is false */
TEST_CF_SECRET( X, bytes );
@@ -189,8 +181,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mpi_mod_raw_cond_swap( data_t * input_X,
- data_t * input_Y,
+void mpi_mod_raw_cond_swap( char * input_X,
+ char * input_Y,
int input_bytes )
{
mbedtls_mpi_uint *tmp_X = NULL;
@@ -199,8 +191,12 @@
mbedtls_mpi_uint *Y = NULL;
mbedtls_mpi_uint *buff_m = NULL;
mbedtls_mpi_mod_modulus m;
- size_t limbs_X = CHARS_TO_LIMBS( input_X->len );
- size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len );
+ size_t limbs_X;
+ size_t limbs_Y;
+
+ TEST_EQUAL( mbedtls_test_read_mpi_core( &tmp_X, &limbs_X, input_X ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi_core( &tmp_Y, &limbs_Y, input_Y ), 0 );
+
size_t limbs = limbs_X;
size_t copy_limbs = CHARS_TO_LIMBS( input_bytes );
size_t bytes = limbs * sizeof( mbedtls_mpi_uint );
@@ -211,24 +207,16 @@
TEST_EQUAL( limbs_X, limbs_Y );
TEST_ASSERT( copy_limbs <= limbs );
- ASSERT_ALLOC( tmp_X, limbs );
- ASSERT_ALLOC( tmp_Y, limbs );
-
ASSERT_ALLOC( buff_m, copy_limbs );
- memset( buff_m, 0xFF, copy_bytes );
- TEST_ASSERT( mbedtls_mpi_mod_modulus_setup(
+ memset( buff_m, 0xFF, copy_limbs );
+ TEST_EQUAL( mbedtls_mpi_mod_modulus_setup(
&m, buff_m, copy_limbs,
MBEDTLS_MPI_MOD_EXT_REP_BE,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY )
- == 0 );
+ MBEDTLS_MPI_MOD_REP_MONTGOMERY ), 0 );
- TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, limbs, input_X->x, input_X->len )
- == 0 );
ASSERT_ALLOC( X, limbs );
memcpy( X, tmp_X, bytes );
- TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, limbs, input_Y->x, input_Y->len )
- == 0 );
ASSERT_ALLOC( Y, bytes );
memcpy( Y, tmp_Y, bytes );
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 8dd3379..bd03016 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -88,7 +88,11 @@
X509 CRT information EC, SHA256 Digest, hardware module name SAN
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n"
+x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n"
+
+X509 CRT information EC, SHA256 Digest, binary hardware module name SAN
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+x509_cert_info:"data_files/server5-nonprintable_othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nissued on \: 2022-09-06 15\:56\:47\nexpires on \: 2032-09-03 15\:56\:47\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\n"
X509 CRT information EC, SHA256 Digest, Wisun Fan device
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
@@ -112,7 +116,7 @@
X509 CRT information, Multiple different Subject Alt Name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n dNSName \: example.net\n dNSName \: *.example.org\n"
+x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n dNSName \: example.net\n dNSName \: *.example.org\n"
X509 CRT information, Subject Alt Name + Key Usage
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
@@ -172,7 +176,11 @@
X509 SAN parsing otherName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\n"
+x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n"
+
+X509 SAN parsing binary otherName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+x509_parse_san:"data_files/server5-nonprintable_othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n"
X509 SAN parsing dNSName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
@@ -180,7 +188,7 @@
X509 SAN parsing Multiple different types
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
+x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
X509 SAN parsing, no subject alt name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECDSA_C
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index a3606f2..2585720 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -246,36 +246,30 @@
switch( san->type )
{
- case( MBEDTLS_X509_SAN_OTHER_NAME ):
- ret = mbedtls_snprintf( p, n, "\notherName :");
- MBEDTLS_X509_SAFE_SNPRINTF;
+ case( MBEDTLS_X509_SAN_OTHER_NAME ):
+ ret = mbedtls_snprintf( p, n, "\notherName :");
+ MBEDTLS_X509_SAFE_SNPRINTF;
- if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
- &san->san.other_name.value.hardware_module_name.oid ) != 0 )
- {
- ret = mbedtls_snprintf( p, n, " hardware module name :" );
- MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, " hardware type : " );
- MBEDTLS_X509_SAFE_SNPRINTF;
+ if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
+ &san->san.other_name.value.hardware_module_name.oid ) != 0 )
+ {
+ ret = mbedtls_snprintf( p, n, " hardware module name :" );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ ret = mbedtls_snprintf( p, n, " hardware type : " );
+ MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_oid_get_numeric_string( p, n,
- &san->san.other_name.value.hardware_module_name.oid );
- MBEDTLS_X509_SAFE_SNPRINTF;
+ ret = mbedtls_oid_get_numeric_string( p, n,
+ &san->san.other_name.value.hardware_module_name.oid );
+ MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
- MBEDTLS_X509_SAFE_SNPRINTF;
+ ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
+ MBEDTLS_X509_SAFE_SNPRINTF;
- if( san->san.other_name.value.hardware_module_name.val.len >= n )
- {
- *p = '\0';
- return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
- }
-
- for( i=0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
- {
- *p++ = san->san.other_name.value.hardware_module_name.val.p[i];
- }
- n -= san->san.other_name.value.hardware_module_name.val.len;
+ for( i = 0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
+ {
+ ret = mbedtls_snprintf( p, n, "%02X", san->san.other_name.value.hardware_module_name.val.p[i] );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ }
}
break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */
case( MBEDTLS_X509_SAN_DNS_NAME ):
@@ -825,7 +819,6 @@
unsigned char *p;
size_t name_len;
mbedtls_x509_name head;
- mbedtls_x509_name *allocated, *prev;
int ret;
memset( &head, 0, sizeof( head ) );
@@ -835,17 +828,7 @@
ret = mbedtls_x509_get_name( &p, ( name + name_len ), &head );
if( ret == 0 )
- {
- allocated = head.next;
-
- while( allocated != NULL )
- {
- prev = allocated;
- allocated = allocated->next;
-
- mbedtls_free( prev );
- }
- }
+ mbedtls_asn1_free_named_data_list_shallow( head.next );
TEST_EQUAL( ret, exp_ret );
@@ -859,7 +842,7 @@
int ret = 0, i;
size_t len = 0, out_size;
mbedtls_asn1_named_data *names = NULL;
- mbedtls_x509_name parsed, *parsed_cur, *parsed_prv;
+ mbedtls_x509_name parsed, *parsed_cur;
// Size of buf is maximum required for test cases
unsigned char buf[80], *out = NULL, *c;
const char *short_name;
@@ -913,14 +896,7 @@
exit:
mbedtls_free( out );
mbedtls_asn1_free_named_data_list( &names );
-
- parsed_cur = parsed.next;
- while( parsed_cur != 0 )
- {
- parsed_prv = parsed_cur;
- parsed_cur = parsed_cur->next;
- mbedtls_free( parsed_prv );
- }
+ mbedtls_asn1_free_named_data_list_shallow( parsed.next );
}
/* END_CASE */