Merge branch 'mbedtls-1.3'
diff --git a/ChangeLog b/ChangeLog
index 42307ee..5099081 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,14 +1,54 @@
mbed TLS ChangeLog (Sorted per branch, date)
-= mbed TLS x.x.x branch xxxx-xx-xx
+= mbed TLS 1.3.19 branch released 2017-03-08
+
+Security
+ * Add checks to prevent signature forgeries for very large messages while
+ using RSA through the PK module in 64-bit systems. The issue was caused by
+ some data loss when casting a size_t to an unsigned int value in the
+ functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and
+ pk_sign(). Found by Jean-Philippe Aumasson.
+ * Fixed potential livelock during the parsing of a CRL in PEM format in
+ mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing
+ characters after the footer could result in the execution of an infinite
+ loop. The issue can be triggered remotely. Found by Greg Zaverucha,
+ Microsoft.
+ * Fixed a bug that caused freeing a buffer that was allocated on the stack,
+ when verifying the validity of a key on secp224k1. This could be
+ triggered remotely for example with a maliciously constructed certificate
+ and potentially could lead to remote code execution on some platforms.
+ Reported independently by rongsaws and Regina Wilson. #569 CVE-2017-2784
Bugfix
+ * Fix output certificate verification flags set by x509_crt_verify_top() when
+ traversing a chain of trusted CA. The issue would cause both flags,
+ BADCERT_NOT_TRUSTED and BADCERT_EXPIRED, to be set when the verification
+ conditions are not met regardless of the cause. Found by Harm Verhagen and
+ inestlerode. #665 #561
+ * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing
+ the input string in PEM format to extract the different components. Found
+ by Eyal Itkin.
* Fix unused variable/function compilation warnings in pem.c and x509_csr.c
that are reported when building mbed TLS with a config.h that does not
define POLARSSL_PEM_PARSE_C. Found by omnium21. #562
+ * Fixed potential arithmetic overflow in ctr_drbg_reseed() that could cause
+ buffer bound checks to be bypassed. Found by Eyal Itkin.
+ * Fixed potential arithmetic overflows in cipher_update() that could cause
+ buffer bound checks to be bypassed. Found by Eyal Itkin.
+ * Fixed potential arithmetic overflow in md2_update() that could cause buffer
+ bound checks to be bypassed. Found by Eyal Itkin.
+ * Fixed potential arithmetic overflow in base64_decode() that could cause
+ buffer bound checks to be bypassed. Found by Eyal Itkin.
+ * Fix potential memory leak in x509_crl_parse(). The leak was caused by
+ missing calls to pem_free() in cases when a
+ POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. Found and
+ fix proposed by Guido Vranken. #722
* Fixed the templates used to generate project and solution files for Visual
Studio 2015 as well as the files themselves, to remove a build warning
generated in Visual Studio 2015. Reported by Steve Valliere. #742
+ * Fix 1 byte buffer overflow in mpi_write_string() when the MPI number to
+ write in hexadecimal is negative and requires an odd number of digits.
+ Found and fixed by Guido Vranken.
= mbed TLS 1.3.18 branch 2016-10-17
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index efc5839..5a4de61 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -4,7 +4,7 @@
*/
/**
- * @mainpage mbed TLS v1.3.18 source code documentation
+ * @mainpage mbed TLS v1.3.19 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 3a62380..15df942 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v1.3.18"
+PROJECT_NAME = "mbed TLS v1.3.19"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
diff --git a/include/polarssl/version.h b/include/polarssl/version.h
index d0ef767..7b4478c 100644
--- a/include/polarssl/version.h
+++ b/include/polarssl/version.h
@@ -40,16 +40,16 @@
*/
#define POLARSSL_VERSION_MAJOR 1
#define POLARSSL_VERSION_MINOR 3
-#define POLARSSL_VERSION_PATCH 18
+#define POLARSSL_VERSION_PATCH 19
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define POLARSSL_VERSION_NUMBER 0x01031200
-#define POLARSSL_VERSION_STRING "1.3.18"
-#define POLARSSL_VERSION_STRING_FULL "mbed TLS 1.3.18"
+#define POLARSSL_VERSION_NUMBER 0x01031300
+#define POLARSSL_VERSION_STRING "1.3.19"
+#define POLARSSL_VERSION_STRING_FULL "mbed TLS 1.3.19"
#if defined(POLARSSL_VERSION_C)
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 8ccc7a3..105c8fe 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -117,7 +117,7 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedtls SHARED ${src})
- set_target_properties(mbedtls PROPERTIES VERSION 1.3.18 SOVERSION 9)
+ set_target_properties(mbedtls PROPERTIES VERSION 1.3.19 SOVERSION 9)
target_link_libraries(mbedtls ${libs})
@@ -136,10 +136,18 @@
if(UNIX)
add_custom_target(polarssl
- DEPENDS mbedtls # TODO: and mbedtls_static is shared is defined
+ DEPENDS mbedtls
COMMAND ${CMAKE_SOURCE_DIR}/scripts/polarssl_symlinks.sh ${CMAKE_BINARY_DIR}/library
)
+ add_custom_target(lib
+ DEPENDS polarssl
+ )
+
+ set_directory_properties(PROPERTIES
+ ADDITIONAL_MAKE_CLEAN_FILES "${CMAKE_BINARY_DIR}/library/libpolarssl.a"
+ )
+
if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
add_dependencies(polarssl mbedtls_static)
endif()
diff --git a/library/base64.c b/library/base64.c
index 7de87e5..ba69260 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -198,7 +198,11 @@
return( 0 );
}
- n = ( ( n * 6 ) + 7 ) >> 3;
+ /* The following expression is to calculate the following formula without
+ * risk of integer overflow in n:
+ * n = ( ( n * 6 ) + 7 ) >> 3;
+ */
+ n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 );
n -= j;
if( dst == NULL || *dlen < n )
diff --git a/library/bignum.c b/library/bignum.c
index 4fe841c..afde19b 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -538,7 +538,12 @@
n = mpi_msb( X );
if( radix >= 4 ) n >>= 1;
if( radix >= 16 ) n >>= 1;
- n += 3;
+ /*
+ * Round up the buffer length to an even value to ensure that there is
+ * enough room for hexadecimal values that can be represented in an odd
+ * number of digits.
+ */
+ n += 3 + ( ( n + 1 ) & 1 );
if( *slen < n )
{
diff --git a/library/cipher.c b/library/cipher.c
index b69d331..7ea25cf 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -315,9 +315,9 @@
* If there is not enough data for a full block, cache it.
*/
if( ( ctx->operation == POLARSSL_DECRYPT &&
- ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
+ ilen <= cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ||
( ctx->operation == POLARSSL_ENCRYPT &&
- ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
+ ilen < cipher_get_block_size( ctx ) - ctx->unprocessed_len ) )
{
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
ilen );
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 24adff0..7b315e8 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -277,7 +277,8 @@
unsigned char seed[CTR_DRBG_MAX_SEED_INPUT];
size_t seedlen = 0;
- if( ctx->entropy_len + len > CTR_DRBG_MAX_SEED_INPUT )
+ if( ctx->entropy_len > CTR_DRBG_MAX_SEED_INPUT ||
+ len > CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG );
memset( seed, 0, CTR_DRBG_MAX_SEED_INPUT );
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index f5afe44..db6ad3c 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -1264,7 +1264,7 @@
int ret;
size_t i;
mpi M, R;
- t_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R];
+ t_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
if( N->n < p_limbs )
return( 0 );
@@ -1286,7 +1286,7 @@
memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) );
if( shift != 0 )
MPI_CHK( mpi_shift_r( &M, shift ) );
- M.n += R.n - adjust; /* Make room for multiplication by R */
+ M.n += R.n; /* Make room for multiplication by R */
/* N = A0 */
if( mask != 0 )
@@ -1308,7 +1308,7 @@
memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) );
if( shift != 0 )
MPI_CHK( mpi_shift_r( &M, shift ) );
- M.n += R.n - adjust; /* Make room for multiplication by R */
+ M.n += R.n; /* Make room for multiplication by R */
/* N = A0 */
if( mask != 0 )
diff --git a/library/md2.c b/library/md2.c
index 110cd95..2ac7eba 100644
--- a/library/md2.c
+++ b/library/md2.c
@@ -155,7 +155,7 @@
while( ilen > 0 )
{
- if( ctx->left + ilen > 16 )
+ if( ilen > 16 - ctx->left )
fill = 16 - ctx->left;
else
fill = ilen;
diff --git a/library/pem.c b/library/pem.c
index ac83116..b2c16c2 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -250,7 +250,7 @@
enc = 0;
- if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
+ if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
{
#if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \
( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
@@ -263,22 +263,22 @@
#if defined(POLARSSL_DES_C)
- if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
+ if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
{
enc_alg = POLARSSL_CIPHER_DES_EDE3_CBC;
s1 += 23;
- if( pem_get_iv( s1, pem_iv, 8 ) != 0 )
+ if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 )
return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
s1 += 16;
}
- else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
+ else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
{
enc_alg = POLARSSL_CIPHER_DES_CBC;
s1 += 18;
- if( pem_get_iv( s1, pem_iv, 8) != 0 )
+ if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 )
return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
s1 += 16;
@@ -286,9 +286,11 @@
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_AES_C)
- if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
+ if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
{
- if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
+ if( s2 - s1 < 22 )
+ return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG );
+ else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
enc_alg = POLARSSL_CIPHER_AES_128_CBC;
else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
enc_alg = POLARSSL_CIPHER_AES_192_CBC;
@@ -298,7 +300,7 @@
return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG );
s1 += 22;
- if( pem_get_iv( s1, pem_iv, 16 ) != 0 )
+ if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 )
return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
s1 += 32;
@@ -317,7 +319,7 @@
( POLARSSL_AES_C || POLARSSL_DES_C ) */
}
- if( s1 == s2 )
+ if( s1 >= s2 )
return( POLARSSL_ERR_PEM_INVALID_DATA );
len = 0;
diff --git a/library/pk.c b/library/pk.c
index 4d78b57..fc036d2 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -30,6 +30,8 @@
#include "polarssl/pk.h"
#include "polarssl/pk_wrap.h"
+#include "polarssl/bignum.h"
+
#if defined(POLARSSL_RSA_C)
#include "polarssl/rsa.h"
#endif
@@ -40,6 +42,8 @@
#include "polarssl/ecdsa.h"
#endif
+#include <limits.h>
+
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
@@ -208,6 +212,11 @@
int ret;
const pk_rsassa_pss_options *pss_opts;
+#if defined(POLARSSL_HAVE_INT64)
+ if( md_alg == POLARSSL_MD_NONE && UINT_MAX < hash_len )
+ return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+#endif /* POLARSSL_HAVE_INT64 */
+
if( options == NULL )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
@@ -231,7 +240,7 @@
return( 0 );
#else
return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
-#endif
+#endif /* POLARSSL_RSA_C && POLARSSL_PKCS1_V21 */
}
/* General case: no options */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 6068605..ceaaad1 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -31,6 +31,7 @@
/* Even if RSA not activated, for the sake of RSA-alt */
#include "polarssl/rsa.h"
+#include "polarssl/bignum.h"
#include <string.h>
@@ -50,6 +51,8 @@
#define polarssl_free free
#endif
+#include <limits.h>
+
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
@@ -73,6 +76,11 @@
{
int ret;
+#if defined(POLARSSL_HAVE_INT64)
+ if( md_alg == POLARSSL_MD_NONE && UINT_MAX < hash_len )
+ return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+#endif /* POLARSSL_HAVE_INT64 */
+
if( sig_len < ((rsa_context *) ctx)->len )
return( POLARSSL_ERR_RSA_VERIFY_FAILED );
@@ -92,6 +100,11 @@
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
+#if defined(POLARSSL_HAVE_INT64)
+ if( md_alg == POLARSSL_MD_NONE && UINT_MAX < hash_len )
+ return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+#endif /* POLARSSL_HAVE_INT64 */
+
*sig_len = ((rsa_context *) ctx)->len;
return( rsa_pkcs1_sign( (rsa_context *) ctx, f_rng, p_rng, RSA_PRIVATE,
@@ -411,6 +424,11 @@
{
rsa_alt_context *rsa_alt = (rsa_alt_context *) ctx;
+#if defined(POLARSSL_HAVE_INT64)
+ if( UINT_MAX < hash_len )
+ return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+#endif /* POLARSSL_HAVE_INT64 */
+
*sig_len = rsa_alt->key_len_func( rsa_alt->key );
return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, RSA_PRIVATE,
diff --git a/library/x509_crl.c b/library/x509_crl.c
index de2079f..b2b0bed 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -520,16 +520,17 @@
if( ( ret = x509_crl_parse_der( chain,
pem.buf, pem.buflen ) ) != 0 )
{
+ pem_free( &pem );
return( ret );
}
-
- pem_free( &pem );
}
- else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+ else if( is_pem )
{
pem_free( &pem );
return( ret );
}
+
+ pem_free( &pem );
}
while( is_pem && buflen > 0 );
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 4b831ae..a3517f6 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1775,6 +1775,7 @@
int ca_flags = 0, check_path_cnt;
unsigned char hash[POLARSSL_MD_MAX_SIZE];
const md_info_t *md_info;
+ x509_crt *future_past_ca = NULL;
if( x509_time_expired( &child->valid_to ) )
*flags |= BADCERT_EXPIRED;
@@ -1823,16 +1824,6 @@
continue;
}
- if( x509_time_expired( &trust_ca->valid_to ) )
- {
- continue;
- }
-
- if( x509_time_future( &trust_ca->valid_from ) )
- {
- continue;
- }
-
if( pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk,
child->sig_md, hash, md_info->size,
child->sig.p, child->sig.len ) != 0 )
@@ -1840,11 +1831,23 @@
continue;
}
+ if( x509_time_expired( &trust_ca->valid_to ) ||
+ x509_time_future( &trust_ca->valid_from ) )
+ {
+ if( future_past_ca == NULL )
+ future_past_ca = trust_ca;
+ continue;
+ }
+
+ break;
+ }
+
+ if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL )
+ {
/*
* Top of chain is signed by a trusted CA
*/
*flags &= ~BADCERT_NOT_TRUSTED;
- break;
}
/*
@@ -1864,6 +1867,12 @@
((void) ca_crl);
#endif
+ if( x509_time_expired( &trust_ca->valid_to ) )
+ ca_flags |= BADCERT_EXPIRED;
+
+ if( x509_time_future( &trust_ca->valid_from ) )
+ ca_flags |= BADCERT_FUTURE;
+
if( NULL != f_vrfy )
{
if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1,
diff --git a/tests/data_files/crl-malformed-trailing-spaces.pem b/tests/data_files/crl-malformed-trailing-spaces.pem
new file mode 100644
index 0000000..9eae3da
--- /dev/null
+++ b/tests/data_files/crl-malformed-trailing-spaces.pem
@@ -0,0 +1,20 @@
+-----BEGIN X509 CRL-----
+MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ
+b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz
+MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G
+A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO
+TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg
+Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW
+svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm
+56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U=
+-----END X509 CRL-----
+-----BEGIN X509 CRL-----
+MIIBcTCB9wIBATAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
+MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
+BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
+TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
+IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwQDaQAwZgIxAL/VFrDIYUECsS0rVpAy
+6zt/CqeAZ1sa/l5LTaG1XW286n2Kibipr6EpkYZNYIQILgIxAI0wb3Py1DHPWpYf
+/BFBH7C3KYq+nWTrLeEnhrjU1LzG/CiQ8lnuskya6lw/P3lJ/A==
+-----END X509 CRL-----
diff --git a/tests/data_files/test-ca2_cat-future-invalid.crt b/tests/data_files/test-ca2_cat-future-invalid.crt
new file mode 100644
index 0000000..b1cfbf0
--- /dev/null
+++ b/tests/data_files/test-ca2_cat-future-invalid.crt
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ
+H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
+clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4
+AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ
+Xj09kLboxuemP40IIqhQnpYptMg=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2
+MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5
+WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p
+w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E
+FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ
+vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH
+qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2
++XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2_cat-past-invalid.crt b/tests/data_files/test-ca2_cat-past-invalid.crt
new file mode 100644
index 0000000..febad74
--- /dev/null
+++ b/tests/data_files/test-ca2_cat-past-invalid.crt
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2
+MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5
+WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p
+w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E
+FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ
+vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP
+tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm
+l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ
+H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
+clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4
+AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ
+Xj09kLboxuemP40IIqhQnpYptMg=
+-----END CERTIFICATE-----
diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl
index 078e82d..e13a2d0 100755
--- a/tests/scripts/generate_code.pl
+++ b/tests/scripts/generate_code.pl
@@ -139,7 +139,7 @@
$param_defs .= " char *param$i = params[$i];\n";
$param_checks .= " if( verify_string( ¶m$i ) != 0 ) return( 2 );\n";
push @dispatch_params, "param$i";
- $mapping_regex .= ":[^:\n]+";
+ $mapping_regex .= ":(?:\\\\.|[^:\n])+";
}
else
{
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index a5dc528..1a6c241 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -161,11 +161,19 @@
ECP check pubkey Montgomery #1 (too big)
depends_on:POLARSSL_ECP_DP_M255_ENABLED
-ecp_check_pub_mx:POLARSSL_ECP_DP_M255:"010000000000000000000000000000000000000000000000000000000000000000":POLARSSL_ERR_ECP_INVALID_KEY
+ecp_check_pub:POLARSSL_ECP_DP_M255:"010000000000000000000000000000000000000000000000000000000000000000":"0":"1":POLARSSL_ERR_ECP_INVALID_KEY
ECP check pubkey Montgomery #2 (biggest)
depends_on:POLARSSL_ECP_DP_M255_ENABLED
-ecp_check_pub_mx:POLARSSL_ECP_DP_M255:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":0
+ecp_check_pub:POLARSSL_ECP_DP_M255:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":0
+
+ECP check pubkey Koblitz #1 (point not on curve)
+depends_on:POLARSSL_ECP_DP_SECP224K1_ENABLED
+ecp_check_pub:POLARSSL_ECP_DP_SECP224K1:"E2000000000000BB3A13D43B323337383935321F0603551D":"100101FF040830060101FF02010A30220603551D0E041B04636FC0C0":"1":POLARSSL_ERR_ECP_INVALID_KEY
+
+ECP check pubkey Koblitz #2 (coordinate not affine)
+depends_on:POLARSSL_ECP_DP_SECP224K1_ENABLED
+ecp_check_pub:POLARSSL_ECP_DP_SECP224K1:"E2000000000000BB3A13D43B323337383935321F0603551D":"100101FF040830060101FF02010A30220603551D0E041B04636FC0C0":"101":POLARSSL_ERR_ECP_INVALID_KEY
ECP write binary #0 (zero, bad format)
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 696c597..edb4b61 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -196,7 +196,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void ecp_check_pub_mx( int grp_id, char *key_hex, int ret )
+void ecp_check_pub( int grp_id, char *x_hex, char *y_hex, char *z_hex, int ret )
{
ecp_group grp;
ecp_point P;
@@ -206,8 +206,9 @@
TEST_ASSERT( ecp_use_known_dp( &grp, grp_id ) == 0 );
- TEST_ASSERT( mpi_read_string( &P.X, 16, key_hex ) == 0 );
- TEST_ASSERT( mpi_lset( &P.Z, 1 ) == 0 );
+ TEST_ASSERT( mpi_read_string( &P.X, 16, x_hex ) == 0 );
+ TEST_ASSERT( mpi_read_string( &P.Y, 16, y_hex ) == 0 );
+ TEST_ASSERT( mpi_read_string( &P.Z, 16, z_hex ) == 0 );
TEST_ASSERT( ecp_check_pubkey( &grp, &P ) == ret );
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index a8da378..81fc73f 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -46,6 +46,9 @@
Test mpi_read_write_string #9 (Empty MPI -> dec)
mpi_read_write_string:16:"":10:"0":4:0:0
+Test mpi_write_string #10 (Negative hex with odd number of digits)
+mpi_read_write_string:16:"-1":16:"":3:0:POLARSSL_ERR_MPI_BUFFER_TOO_SMALL
+
Base test mpi_read_binary #1
mpi_read_binary:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924"
diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data
index 311ea9c..b5f63e5 100644
--- a/tests/suites/test_suite_pem.data
+++ b/tests/suites/test_suite_pem.data
@@ -15,3 +15,12 @@
PEM write (exactly two lines + 1)
pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n"
+
+PEM read (DES-EDE3-CBC + invalid iv)
+pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":POLARSSL_ERR_PEM_INVALID_ENC_IV
+
+PEM read (DES-CBC + invalid iv)
+pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":POLARSSL_ERR_PEM_INVALID_ENC_IV
+
+PEM read (unknown encryption algorithm)
+pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG
diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function
index f8aab47..e0b7679 100644
--- a/tests/suites/test_suite_pem.function
+++ b/tests/suites/test_suite_pem.function
@@ -3,12 +3,7 @@
#include "polarssl/pem.h"
/* END_HEADER */
-/* BEGIN_DEPENDENCIES
- * depends_on:POLARSSL_PEM_WRITE_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:POLARSSL_PEM_WRITE_C */
void pem_write_buffer( char *start, char *end, char *buf_str, char *result_str )
{
unsigned char buf[5000];
@@ -38,3 +33,20 @@
polarssl_free( check_buf );
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_AES_C:POLARSSL_DES_C:POLARSSL_MD5_C:POLARSSL_CIPHER_MODE_CBC */
+void pem_read_buffer( char *header, char *footer, char *data, int ret )
+{
+ pem_context ctx;
+ size_t use_len = 0;
+
+ pem_init( &ctx );
+
+ TEST_ASSERT( pem_read_buffer( &ctx, header, footer,
+ (const unsigned char *)data, NULL, 0,
+ &use_len ) == ret );
+
+exit:
+ pem_free( &ctx );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index 73694d2..7915be7 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -150,3 +150,6 @@
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_RSA_C
pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":POLARSSL_ERR_PK_TYPE_MISMATCH
+RSA hash_len overflow (size_t vs unsigned int)
+depends_on:POLARSSL_RSA_C:POLARSSL_HAVE_INT64
+pk_rsa_overflow:
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index cc378c4..435efb4 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -5,6 +5,9 @@
#include "polarssl/ecp.h"
#include "polarssl/rsa.h"
+/* For detecting 64-bit compilation */
+#include "polarssl/bignum.h"
+
static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len );
#define RSA_KEY_SIZE 512
@@ -414,6 +417,33 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:POLARSSL_RSA_C:POLARSSL_HAVE_INT64 */
+void pk_rsa_overflow( )
+{
+ pk_context pk;
+ size_t hash_len = (size_t)-1;
+
+ pk_init( &pk );
+
+ TEST_ASSERT( pk_init_ctx( &pk, pk_info_from_type( POLARSSL_PK_RSA ) ) == 0 );
+
+#if defined(POLARSSL_PKCS1_V21)
+ TEST_ASSERT( pk_verify_ext( POLARSSL_PK_RSASSA_PSS, NULL, &pk,
+ POLARSSL_MD_NONE, NULL, hash_len, NULL, 0 ) ==
+ POLARSSL_ERR_PK_BAD_INPUT_DATA );
+#endif /* POLARSSL_PKCS1_V21 */
+
+ TEST_ASSERT( pk_verify( &pk, POLARSSL_MD_NONE, NULL, hash_len,
+ NULL, 0 ) == POLARSSL_ERR_PK_BAD_INPUT_DATA );
+
+ TEST_ASSERT( pk_sign( &pk, POLARSSL_MD_NONE, NULL, hash_len, NULL, 0,
+ rnd_std_rand, NULL ) == POLARSSL_ERR_PK_BAD_INPUT_DATA );
+
+exit:
+ pk_free( &pk );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:POLARSSL_RSA_C */
void pk_rsa_alt( )
{
@@ -461,6 +491,11 @@
/* Test signature */
TEST_ASSERT( pk_sign( &alt, POLARSSL_MD_NONE, hash, sizeof hash,
sig, &sig_len, rnd_std_rand, NULL ) == 0 );
+#if defined(POLARSSL_HAVE_INT64)
+ TEST_ASSERT( pk_sign( &alt, POLARSSL_MD_NONE, hash, (size_t)-1,
+ NULL, NULL, rnd_std_rand, NULL ) ==
+ POLARSSL_ERR_PK_BAD_INPUT_DATA );
+#endif /* POLARSSL_HAVE_INT64 */
TEST_ASSERT( sig_len == RSA_KEY_LEN );
TEST_ASSERT( pk_verify( &rsa, POLARSSL_MD_NONE,
hash, sizeof hash, sig, sig_len ) == 0 );
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 1b2fd9e..86d7281 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"1.3.18"
+check_compiletime_version:"1.3.19"
Check runtime library version
-check_runtime_version:"1.3.18"
+check_runtime_version:"1.3.19"
Check for POLARSSL_VERSION_C
check_feature:"POLARSSL_VERSION_C":0
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index b289fc9..717cd6f 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -194,6 +194,10 @@
depends_on:POLARSSL_PEM_PARSE_C
x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n"
+X509 CRL Malformed Input (trailing spaces at end of file)
+depends_on:POLARSSL_PEM_PARSE_C
+x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT
+
X509 CSR Information RSA with MD4
depends_on:POLARSSL_PEM_PARSE_C
x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n"
@@ -711,6 +715,14 @@
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL"
+X509 Certificate verification #86 (Not yet valid CA and invalid CA)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_SHA1_C:POLARSSL_SHA256_C
+x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_FUTURE:"NULL"
+
+X509 Certificate verification #87 (Expired CA and invalid CA)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_SHA1_C:POLARSSL_SHA256_C
+x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_EXPIRED:"NULL"
+
X509 Certificate verification callback: trusted EE cert
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n"
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index eee8241..4ae3c9f 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -167,6 +167,22 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRL_PARSE_C */
+void x509_crl_parse( char *crl_file, int result )
+{
+ x509_crl crl;
+ char buf[2000];
+
+ x509_crl_init( &crl );
+ memset( buf, 0, 2000 );
+
+ TEST_ASSERT( x509_crl_parse_file( &crl, crl_file ) == result );
+
+exit:
+ x509_crl_free( &crl );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CSR_PARSE_C */
void x509_csr_info( char *csr_file, char *result_str )
{