From d056ce0e3e0de9f45157cc1cc25982db4620d7d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 29 Oct 2014 22:29:20 +0100 Subject: [PATCH 01/57] Use seq_num as AEAD nonce by default --- ChangeLog | 6 ++++++ include/polarssl/config.h | 12 ++++++++++++ library/ssl_tls.c | 13 +++++++++++++ 3 files changed, 31 insertions(+) diff --git a/ChangeLog b/ChangeLog index fd83b9e60..fdcf028b5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ PolarSSL ChangeLog (Sorted per branch, date) += PolarSSL 1.3.z branch + +Changes + * Use deterministic nonces for AEAD ciphers in TLS by default (possible to + switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h). + = PolarSSL 1.3.9 released 2014-10-20 Security * Lowest common hash was selected from signature_algorithms extension in diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 50b4e339e..fa15b37c3 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -781,6 +781,18 @@ */ #define POLARSSL_SELF_TEST +/** + * \def POLARSSL_SSL_AEAD_RANDOM_IV + * + * Generate a random IV rather than using the record sequence number as a + * nonce for ciphersuites using and AEAD algorithm (GCM or CCM). + * + * Using the sequence number is generally recommended. + * + * Uncomment this macro to always use random IVs with AEAD ciphersuites. + */ +//#define POLARSSL_SSL_AEAD_RANDOM_IV + /** * \def POLARSSL_SSL_ALL_ALERT_MESSAGES * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5f080defe..6689894df 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1137,6 +1137,7 @@ static int ssl_encrypt_buf( ssl_context *ssl ) /* * Generate IV */ +#if defined(POLARSSL_SSL_AEAD_RANDOM_IV) ret = ssl->f_rng( ssl->p_rng, ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); @@ -1146,6 +1147,18 @@ static int ssl_encrypt_buf( ssl_context *ssl ) memcpy( ssl->out_iv, ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); +#else + if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 ) + { + /* Reminder if we ever add an AEAD mode with a different size */ + SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( POLARSSL_ERR_SSL_INTERNAL_ERROR ); + } + + memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, + ssl->out_ctr, 8 ); + memcpy( ssl->out_iv, ssl->out_ctr, 8 ); +#endif SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv, ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); From e10e06d8630f7ac3e1778346749036342241f016 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 6 Nov 2014 18:15:12 +0100 Subject: [PATCH 02/57] Blind RSA operations even without CRT --- ChangeLog | 1 + include/polarssl/rsa.h | 2 -- library/rsa.c | 20 +++++--------------- 3 files changed, 6 insertions(+), 17 deletions(-) diff --git a/ChangeLog b/ChangeLog index fdcf028b5..23cbbacc5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ PolarSSL ChangeLog (Sorted per branch, date) Changes * Use deterministic nonces for AEAD ciphers in TLS by default (possible to switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h). + * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined. = PolarSSL 1.3.9 released 2014-10-20 Security diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h index c06c7d505..bad60092e 100644 --- a/include/polarssl/rsa.h +++ b/include/polarssl/rsa.h @@ -99,10 +99,8 @@ typedef struct mpi RP; /*!< cached R^2 mod P */ mpi RQ; /*!< cached R^2 mod Q */ -#if !defined(POLARSSL_RSA_NO_CRT) mpi Vi; /*!< cached blinding value */ mpi Vf; /*!< cached un-blinding value */ -#endif int padding; /*!< RSA_PKCS_V15 for 1.5 padding and RSA_PKCS_v21 for OAEP/PSS */ diff --git a/library/rsa.c b/library/rsa.c index 958085c8a..3006e9031 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -275,7 +275,6 @@ cleanup: return( 0 ); } -#if !defined(POLARSSL_RSA_NO_CRT) /* * Generate or update blinding values, see section 10 of: * KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA, @@ -329,7 +328,6 @@ cleanup: return( ret ); } -#endif /* !POLARSSL_RSA_NO_CRT */ /* * Do an RSA private key operation @@ -343,7 +341,6 @@ int rsa_private( rsa_context *ctx, int ret; size_t olen; mpi T, T1, T2; -#if !defined(POLARSSL_RSA_NO_CRT) mpi *Vi, *Vf; /* @@ -361,7 +358,6 @@ int rsa_private( rsa_context *ctx, Vi = &ctx->Vi; Vf = &ctx->Vf; #endif -#endif /* !POLARSSL_RSA_NO_CRT */ mpi_init( &T ); mpi_init( &T1 ); mpi_init( &T2 ); @@ -372,11 +368,6 @@ int rsa_private( rsa_context *ctx, return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); } -#if defined(POLARSSL_RSA_NO_CRT) - ((void) f_rng); - ((void) p_rng); - MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) ); -#else if( f_rng != NULL ) { /* @@ -388,6 +379,9 @@ int rsa_private( rsa_context *ctx, MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) ); } +#if defined(POLARSSL_RSA_NO_CRT) + MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) ); +#else /* * faster decryption using the CRT * @@ -409,6 +403,7 @@ int rsa_private( rsa_context *ctx, */ MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->Q ) ); MPI_CHK( mpi_add_mpi( &T, &T2, &T1 ) ); +#endif /* POLARSSL_RSA_NO_CRT */ if( f_rng != NULL ) { @@ -419,14 +414,13 @@ int rsa_private( rsa_context *ctx, MPI_CHK( mpi_mul_mpi( &T, &T, Vf ) ); MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) ); } -#endif /* POLARSSL_RSA_NO_CRT */ olen = ctx->len; MPI_CHK( mpi_write_binary( &T, output, olen ) ); cleanup: mpi_free( &T ); mpi_free( &T1 ); mpi_free( &T2 ); -#if !defined(POLARSSL_RSA_NO_CRT) && defined(POLARSSL_THREADING_C) +#if defined(POLARSSL_THREADING_C) mpi_free( &Vi_copy ); mpi_free( &Vf_copy ); #endif @@ -1425,10 +1419,8 @@ int rsa_copy( rsa_context *dst, const rsa_context *src ) MPI_CHK( mpi_copy( &dst->RP, &src->RP ) ); MPI_CHK( mpi_copy( &dst->RQ, &src->RQ ) ); -#if !defined(POLARSSL_RSA_NO_CRT) MPI_CHK( mpi_copy( &dst->Vi, &src->Vi ) ); MPI_CHK( mpi_copy( &dst->Vf, &src->Vf ) ); -#endif dst->padding = src->padding; dst->hash_id = src->hash_id; @@ -1445,9 +1437,7 @@ cleanup: */ void rsa_free( rsa_context *ctx ) { -#if !defined(POLARSSL_RSA_NO_CRT) mpi_free( &ctx->Vi ); mpi_free( &ctx->Vf ); -#endif mpi_free( &ctx->RQ ); mpi_free( &ctx->RP ); mpi_free( &ctx->RN ); mpi_free( &ctx->QP ); mpi_free( &ctx->DQ ); mpi_free( &ctx->DP ); mpi_free( &ctx->Q ); mpi_free( &ctx->P ); mpi_free( &ctx->D ); From 2f8d1f9fc3799a347f671cf2b498e1ec6fcab1c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 6 Nov 2014 14:02:51 +0100 Subject: [PATCH 03/57] Add rsa_check_pub_priv() --- include/polarssl/rsa.h | 11 +++++ library/rsa.c | 20 ++++++++ tests/suites/test_suite_rsa.data | 15 ++++++ tests/suites/test_suite_rsa.function | 68 ++++++++++++++++++++++++++++ 4 files changed, 114 insertions(+) diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h index bad60092e..e636c8055 100644 --- a/include/polarssl/rsa.h +++ b/include/polarssl/rsa.h @@ -189,6 +189,17 @@ int rsa_check_pubkey( const rsa_context *ctx ); */ int rsa_check_privkey( const rsa_context *ctx ); +/** + * \brief Check a public-private RSA key pair. + * Check each of the contexts, and make sure they match. + * + * \param pub RSA context holding the public key + * \param prv RSA context holding the private key + * + * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code + */ +int rsa_check_pub_priv( const rsa_context *pub, const rsa_context *prv ); + /** * \brief Do an RSA public key operation * diff --git a/library/rsa.c b/library/rsa.c index 3006e9031..54babb51e 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -240,6 +240,26 @@ cleanup: return( 0 ); } +/* + * Check if contexts holding a public and private key match + */ +int rsa_check_pub_priv( const rsa_context *pub, const rsa_context *prv ) +{ + if( rsa_check_pubkey( pub ) != 0 || + rsa_check_privkey( prv ) != 0 ) + { + return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED ); + } + + if( mpi_cmp_mpi( &pub->N, &prv->N ) != 0 || + mpi_cmp_mpi( &pub->E, &prv->E ) != 0 ) + { + return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED ); + } + + return( 0 ); +} + /* * Do an RSA public key operation */ diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 131e2738e..c76e5a0ce 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -318,6 +318,21 @@ rsa_check_pubkey:16:"00b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7 RSA Check Public key #10 (E has size N) rsa_check_pubkey:16:"00b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034fb38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"00b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034fb38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":POLARSSL_ERR_RSA_KEY_CHECK_FAILED +RSA Check Public-Private key #1 (Correct) +rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":0 + +RSA Check Public-Private key #2 (Public no N) +rsa_check_pubpriv:2048:16:"":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":POLARSSL_ERR_RSA_KEY_CHECK_FAILED + +RSA Check Public-Private key #3 (Private no N) +rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":POLARSSL_ERR_RSA_KEY_CHECK_FAILED + +RSA Check Public-Private key #4 (N mismatch) +rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034e":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":POLARSSL_ERR_RSA_KEY_CHECK_FAILED + +RSA Check Public-Private key #5 (E mismatch) +rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"17":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":POLARSSL_ERR_RSA_KEY_CHECK_FAILED + RSA Private (Correct) rsa_private:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"48ce62658d82be10737bd5d3579aed15bc82617e6758ba862eeb12d049d7bacaf2f62fce8bf6e980763d1951f7f0eae3a493df9890d249314b39d00d6ef791de0daebf2c50f46e54aeb63a89113defe85de6dbe77642aae9f2eceb420f3a47a56355396e728917f17876bb829fabcaeef8bf7ef6de2ff9e84e6108ea2e52bbb62b7b288efa0a3835175b8b08fac56f7396eceb1c692d419ecb79d80aef5bc08a75d89de9f2b2d411d881c0e3ffad24c311a19029d210d3d3534f1b626f982ea322b4d1cfba476860ef20d4f672f38c371084b5301b429b747ea051a619e4430e0dac33c12f9ee41ca4d81a4f6da3e495aa8524574bdc60d290dd1f7a62e90a67":0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 9b3d05af8..bafacac9d 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -590,6 +590,74 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void rsa_check_pubpriv( int mod, int radix_Npub, char *input_Npub, + int radix_Epub, char *input_Epub, + int radix_P, char *input_P, int radix_Q, + char *input_Q, int radix_N, char *input_N, + int radix_E, char *input_E, int radix_D, char *input_D, + int radix_DP, char *input_DP, int radix_DQ, + char *input_DQ, int radix_QP, char *input_QP, + int result ) +{ + rsa_context pub, prv; + + rsa_init( &pub, RSA_PKCS_V15, 0 ); + rsa_init( &prv, RSA_PKCS_V15, 0 ); + + pub.len = mod / 8; + prv.len = mod / 8; + + if( strlen( input_Npub ) ) + { + TEST_ASSERT( mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 ); + } + if( strlen( input_Epub ) ) + { + TEST_ASSERT( mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 ); + } + + if( strlen( input_P ) ) + { + TEST_ASSERT( mpi_read_string( &prv.P, radix_P, input_P ) == 0 ); + } + if( strlen( input_Q ) ) + { + TEST_ASSERT( mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 ); + } + if( strlen( input_N ) ) + { + TEST_ASSERT( mpi_read_string( &prv.N, radix_N, input_N ) == 0 ); + } + if( strlen( input_E ) ) + { + TEST_ASSERT( mpi_read_string( &prv.E, radix_E, input_E ) == 0 ); + } + if( strlen( input_D ) ) + { + TEST_ASSERT( mpi_read_string( &prv.D, radix_D, input_D ) == 0 ); + } + if( strlen( input_DP ) ) + { + TEST_ASSERT( mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 ); + } + if( strlen( input_DQ ) ) + { + TEST_ASSERT( mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 ); + } + if( strlen( input_QP ) ) + { + TEST_ASSERT( mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 ); + } + + TEST_ASSERT( rsa_check_pub_priv( &pub, &prv ) == result ); + +exit: + rsa_free( &pub ); + rsa_free( &prv ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:POLARSSL_CTR_DRBG_C:POLARSSL_ENTROPY_C */ void rsa_gen_key( int nrbits, int exponent, int result) { From 30668d688d0b80c4f070535bcb675aff381d1216 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 6 Nov 2014 15:25:32 +0100 Subject: [PATCH 04/57] Add ecp_check_pub_priv() --- include/polarssl/ecp.h | 12 ++++++++ library/ecp.c | 42 ++++++++++++++++++++++++++++ tests/suites/test_suite_ecp.data | 27 ++++++++++++++++++ tests/suites/test_suite_ecp.function | 26 +++++++++++++++++ 4 files changed, 107 insertions(+) diff --git a/include/polarssl/ecp.h b/include/polarssl/ecp.h index 7192f1e6c..9b83bc51b 100644 --- a/include/polarssl/ecp.h +++ b/include/polarssl/ecp.h @@ -635,6 +635,18 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q, int ecp_gen_key( ecp_group_id grp_id, ecp_keypair *key, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +/** + * \brief Check a public-private key pair + * + * \param pub Keypair structure holding a public key + * \param prv Keypair structure holding a private (plus public) key + * + * \return 0 if successfull (keys are valid and match), or + * POLARSSL_ERR_ECP_BAD_INPUT_DATA, or + * a POLARSSL_ERR_ECP_XXX or POLARSSL_ERR_MPI_XXX code. + */ +int ecp_check_pub_priv( const ecp_keypair *pub, const ecp_keypair *prv ); + #if defined(POLARSSL_SELF_TEST) /** * \brief Checkup routine diff --git a/library/ecp.c b/library/ecp.c index ece781d5e..41e25e9e0 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1897,6 +1897,48 @@ int ecp_gen_key( ecp_group_id grp_id, ecp_keypair *key, return( ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) ); } +/* + * Check a public-private key pair + */ +int ecp_check_pub_priv( const ecp_keypair *pub, const ecp_keypair *prv ) +{ + int ret; + ecp_point Q; + ecp_group grp; + + if( pub->grp.id == POLARSSL_ECP_DP_NONE || + pub->grp.id != prv->grp.id || + mpi_cmp_mpi( &pub->Q.X, &prv->Q.X ) || + mpi_cmp_mpi( &pub->Q.Y, &prv->Q.Y ) || + mpi_cmp_mpi( &pub->Q.Z, &prv->Q.Z ) ) + { + return( POLARSSL_ERR_ECP_BAD_INPUT_DATA ); + } + + ecp_point_init( &Q ); + ecp_group_init( &grp ); + + /* ecp_mul() needs a non-const group... */ + ecp_group_copy( &grp, &prv->grp ); + + /* Also checks d is valid */ + MPI_CHK( ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, NULL, NULL ) ); + + if( mpi_cmp_mpi( &Q.X, &prv->Q.X ) || + mpi_cmp_mpi( &Q.Y, &prv->Q.Y ) || + mpi_cmp_mpi( &Q.Z, &prv->Q.Z ) ) + { + ret = POLARSSL_ERR_ECP_BAD_INPUT_DATA; + goto cleanup; + } + +cleanup: + ecp_point_free( &Q ); + ecp_group_free( &grp ); + + return( ret ); +} + #if defined(POLARSSL_SELF_TEST) /* diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index d871a8dfc..a5dc528e4 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -324,6 +324,33 @@ ECP check privkey #11 (montgomery, OK) depends_on:POLARSSL_ECP_DP_M255_ENABLED ecp_check_privkey:POLARSSL_ECP_DP_M255:"7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8":0 +ECP check public-private #1 (OK) +depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED +ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":0 + +ECP check public-private #2 (group none) +ecp_check_pub_priv:POLARSSL_ECP_DP_NONE:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_NONE:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA + +ECP check public-private #3 (group mismatch) +depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP384R1_ENABLED +ecp_check_pub_priv:POLARSSL_ECP_DP_SECP384R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA + +ECP check public-private #4 (Qx mismatch) +depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED +ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596293":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA + +ECP check public-private #5 (Qy mismatch) +depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED +ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA + +ECP check public-private #6 (wrong Qx) +depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED +ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596293":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596293":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA + +ECP check public-private #7 (wrong Qy) +depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED +ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":POLARSSL_ERR_ECP_BAD_INPUT_DATA + ECP gen keypair depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED ecp_gen_keypair:POLARSSL_ECP_DP_SECP192R1 diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 62dc6065e..1c22a846d 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -598,6 +598,32 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void ecp_check_pub_priv( int id_pub, char *Qx_pub, char *Qy_pub, + int id, char *d, char *Qx, char *Qy, int ret ) +{ + ecp_keypair pub, prv; + + ecp_keypair_init( &pub ); + ecp_keypair_init( &prv ); + + if( id_pub != POLARSSL_ECP_DP_NONE ) + TEST_ASSERT( ecp_use_known_dp( &pub.grp, id_pub ) == 0 ); + TEST_ASSERT( ecp_point_read_string( &pub.Q, 16, Qx_pub, Qy_pub ) == 0 ); + + if( id != POLARSSL_ECP_DP_NONE ) + TEST_ASSERT( ecp_use_known_dp( &prv.grp, id ) == 0 ); + TEST_ASSERT( ecp_point_read_string( &prv.Q, 16, Qx, Qy ) == 0 ); + TEST_ASSERT( mpi_read_string( &prv.d, 16, d ) == 0 ); + + TEST_ASSERT( ecp_check_pub_priv( &pub, &prv ) == ret ); + +exit: + ecp_keypair_free( &pub ); + ecp_keypair_free( &prv ); +} +/* END_CASE */ + /* BEGIN_CASE */ void ecp_gen_keypair( int id ) { From 70bdadf54bd5f1997354a81b3de031d38065b00b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 6 Nov 2014 16:51:20 +0100 Subject: [PATCH 05/57] Add pk_check_pair() --- include/polarssl/pk.h | 13 +++++++++++++ library/pk.c | 20 ++++++++++++++++++++ library/pk_wrap.c | 17 +++++++++++++++++ tests/suites/test_suite_pk.data | 20 ++++++++++++++++++++ tests/suites/test_suite_pk.function | 18 ++++++++++++++++++ 5 files changed, 88 insertions(+) diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h index 754dda219..0ff5f1e6c 100644 --- a/include/polarssl/pk.h +++ b/include/polarssl/pk.h @@ -177,6 +177,9 @@ typedef struct int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + /** Check public-private key pair */ + int (*check_pair_func)( const void *pub, const void *prv ); + /** Allocate a new context */ void * (*ctx_alloc_func)( void ); @@ -426,6 +429,16 @@ int pk_encrypt( pk_context *ctx, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +/** + * \brief Check if a public-private pair of keys matches. + * + * \param pub Context holding a public key. + * \param prv Context holding a private (and public) key. + * + * \return 0 on success or POLARSSL_ERR_PK_BAD_INPUT_DATA + */ +int pk_check_pair( const pk_context *pub, const pk_context *prv ); + /** * \brief Export debug information * diff --git a/library/pk.c b/library/pk.c index 4aba3aa6d..513d8cadd 100644 --- a/library/pk.c +++ b/library/pk.c @@ -300,6 +300,26 @@ int pk_encrypt( pk_context *ctx, output, olen, osize, f_rng, p_rng ) ); } +/* + * Check public-private key pair + */ +int pk_check_pair( const pk_context *pub, const pk_context *prv ) +{ + if( pub == NULL || pub->pk_info == NULL || + prv == NULL || prv->pk_info == NULL ) + { + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); + } + + if( pub->pk_info != prv->pk_info || + pub->pk_info->check_pair_func == NULL ) + { + return( POLARSSL_ERR_PK_TYPE_MISMATCH ); + } + + return( pub->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) ); +} + /* * Get key size in bits */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 5e9ff605e..0d2a368ad 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -125,6 +125,12 @@ static int rsa_encrypt_wrap( void *ctx, f_rng, p_rng, RSA_PUBLIC, ilen, input, output ) ); } +static int rsa_check_pair_wrap( const void *pub, const void *prv ) +{ + return( rsa_check_pub_priv( (const rsa_context *) pub, + (const rsa_context *) prv ) ); +} + static void *rsa_alloc_wrap( void ) { void *ctx = polarssl_malloc( sizeof( rsa_context ) ); @@ -163,6 +169,7 @@ const pk_info_t rsa_info = { rsa_sign_wrap, rsa_decrypt_wrap, rsa_encrypt_wrap, + rsa_check_pair_wrap, rsa_alloc_wrap, rsa_free_wrap, rsa_debug, @@ -234,6 +241,12 @@ static int eckey_sign_wrap( void *ctx, md_type_t md_alg, #endif /* POLARSSL_ECDSA_C */ +static int eckey_check_pair( const void *pub, const void *prv ) +{ + return( ecp_check_pub_priv( (const ecp_keypair *) pub, + (const ecp_keypair *) prv ) ); +} + static void *eckey_alloc_wrap( void ) { void *ctx = polarssl_malloc( sizeof( ecp_keypair ) ); @@ -271,6 +284,7 @@ const pk_info_t eckey_info = { #endif NULL, NULL, + eckey_check_pair, eckey_alloc_wrap, eckey_free_wrap, eckey_debug, @@ -294,6 +308,7 @@ const pk_info_t eckeydh_info = { NULL, NULL, NULL, + eckey_check_pair, eckey_alloc_wrap, /* Same underlying key structure */ eckey_free_wrap, /* Same underlying key structure */ eckey_debug, /* Same underlying key structure */ @@ -367,6 +382,7 @@ const pk_info_t ecdsa_info = { ecdsa_sign_wrap, NULL, NULL, + eckey_check_pair, /* Compatible key structures */ ecdsa_alloc_wrap, ecdsa_free_wrap, eckey_debug, /* Compatible key structures */ @@ -444,6 +460,7 @@ const pk_info_t rsa_alt_info = { rsa_alt_sign_wrap, rsa_alt_decrypt_wrap, NULL, + NULL, /* No public key */ rsa_alt_alloc_wrap, rsa_alt_free_wrap, NULL, diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 47640a687..73694d29d 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -130,3 +130,23 @@ Verify ext RSA #12 (PKCS1 v1.5, good) depends_on:POLARSSL_SHA1_C:POLARSSL_PKCS1_V15 pk_rsa_verify_ext_test_vec:"206ef4bf396c6087f8229ef196fd35f37ccb8de5efcdb238f20d556668f114257a11fbe038464a67830378e62ae9791453953dac1dbd7921837ba98e84e856eb80ed9487e656d0b20c28c8ba5e35db1abbed83ed1c7720a97701f709e3547a4bfcabca9c89c57ad15c3996577a0ae36d7c7b699035242f37954646c1cd5c08ac":POLARSSL_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":POLARSSL_PK_RSA:-1:RSA_SALT_LEN_ANY:0 +Check pair #1 (EC, OK) +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED +pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0 + +Check pair #2 (EC, bad) +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED +pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":POLARSSL_ERR_ECP_BAD_INPUT_DATA + +Check pair #3 (RSA, OK) +depends_on:POLARSSL_RSA_C +pk_check_pair:"data_files/server1.pubkey":"data_files/server1.key":0 + +Check pair #4 (RSA, bad) +depends_on:POLARSSL_RSA_C +pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":POLARSSL_ERR_RSA_KEY_CHECK_FAILED + +Check pair #5 (RSA vs EC) +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_RSA_C +pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":POLARSSL_ERR_PK_TYPE_MISMATCH + diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index dc7dee94e..352169c24 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -80,6 +80,24 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_PK_PARSE_C */ +void pk_check_pair( char *pub_file, char *prv_file, int ret ) +{ + pk_context pub, prv; + + pk_init( &pub ); + pk_init( &prv ); + + TEST_ASSERT( pk_parse_public_keyfile( &pub, pub_file ) == 0 ); + TEST_ASSERT( pk_parse_keyfile( &prv, prv_file, NULL ) == 0 ); + + TEST_ASSERT( pk_check_pair( &pub, &prv ) == ret ); + + pk_free( &pub ); + pk_free( &prv ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:POLARSSL_RSA_C */ void pk_rsa_verify_test_vec( char *message_hex_string, int digest, int mod, int radix_N, char *input_N, int radix_E, From 27e3edbe2c48a6ebd246e58e161df562bdf97045 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 6 Nov 2014 17:32:48 +0100 Subject: [PATCH 06/57] Check key/cert pair in ssl_set_own_cert() --- library/ssl_tls.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6689894df..33d4678c1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3751,7 +3751,7 @@ int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert, key_cert->cert = own_cert; key_cert->key = pk_key; - return( 0 ); + return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) ); } #if defined(POLARSSL_RSA_C) @@ -3780,7 +3780,7 @@ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert, key_cert->cert = own_cert; key_cert->key_own_alloc = 1; - return( 0 ); + return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) ); } #endif /* POLARSSL_RSA_C */ @@ -3809,7 +3809,7 @@ int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert, key_cert->cert = own_cert; key_cert->key_own_alloc = 1; - return( 0 ); + return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) ); } #endif /* POLARSSL_X509_CRT_PARSE_C */ From a1efcb084ff359fce06acf8c41ae96560b137ecd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sat, 8 Nov 2014 17:08:08 +0100 Subject: [PATCH 07/57] Implement pk_check_pair() for RSA-alt --- library/pk.c | 16 ++++++++----- library/pk_wrap.c | 35 ++++++++++++++++++++++++++--- tests/suites/test_suite_pk.function | 11 ++++++++- 3 files changed, 53 insertions(+), 9 deletions(-) diff --git a/library/pk.c b/library/pk.c index 513d8cadd..a37f58e12 100644 --- a/library/pk.c +++ b/library/pk.c @@ -306,18 +306,24 @@ int pk_encrypt( pk_context *ctx, int pk_check_pair( const pk_context *pub, const pk_context *prv ) { if( pub == NULL || pub->pk_info == NULL || - prv == NULL || prv->pk_info == NULL ) + prv == NULL || prv->pk_info == NULL || + prv->pk_info->check_pair_func == NULL ) { return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); } - if( pub->pk_info != prv->pk_info || - pub->pk_info->check_pair_func == NULL ) + if( prv->pk_info->type == POLARSSL_PK_RSA_ALT ) { - return( POLARSSL_ERR_PK_TYPE_MISMATCH ); + if( pub->pk_info->type != POLARSSL_PK_RSA ) + return( POLARSSL_ERR_PK_TYPE_MISMATCH ); + } + else + { + if( pub->pk_info != prv->pk_info ) + return( POLARSSL_ERR_PK_TYPE_MISMATCH ); } - return( pub->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) ); + return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) ); } /* diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 0d2a368ad..a75ab3248 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -117,10 +117,11 @@ static int rsa_encrypt_wrap( void *ctx, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - ((void) osize); - *olen = ((rsa_context *) ctx)->len; + if( *olen > osize ) + return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE ); + return( rsa_pkcs1_encrypt( (rsa_context *) ctx, f_rng, p_rng, RSA_PUBLIC, ilen, input, output ) ); } @@ -435,6 +436,34 @@ static int rsa_alt_decrypt_wrap( void *ctx, RSA_PRIVATE, olen, input, output, osize ) ); } +static int rsa_alt_check_pair( const void *pub, const void *prv ) +{ + unsigned char sig[POLARSSL_MPI_MAX_SIZE]; + unsigned char hash[32]; + size_t sig_len = 0; + int ret; + + if( rsa_alt_get_size( prv ) != rsa_get_size( pub ) ) + return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED ); + + memset( hash, 0x2a, sizeof( hash ) ); + + if( ( ret = rsa_alt_sign_wrap( (void *) prv, POLARSSL_MD_NONE, + hash, sizeof( hash ), + sig, &sig_len, NULL, NULL ) ) != 0 ) + { + return( ret ); + } + + if( rsa_verify_wrap( (void *) pub, POLARSSL_MD_NONE, + hash, sizeof( hash ), sig, sig_len ) != 0 ) + { + return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED ); + } + + return( 0 ); +} + static void *rsa_alt_alloc_wrap( void ) { void *ctx = polarssl_malloc( sizeof( rsa_alt_context ) ); @@ -460,7 +489,7 @@ const pk_info_t rsa_alt_info = { rsa_alt_sign_wrap, rsa_alt_decrypt_wrap, NULL, - NULL, /* No public key */ + rsa_alt_check_pair, rsa_alt_alloc_wrap, rsa_alt_free_wrap, NULL, diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 352169c24..c88d36588 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -83,18 +83,27 @@ exit: /* BEGIN_CASE depends_on:POLARSSL_PK_PARSE_C */ void pk_check_pair( char *pub_file, char *prv_file, int ret ) { - pk_context pub, prv; + pk_context pub, prv, alt; pk_init( &pub ); pk_init( &prv ); + pk_init( &alt ); TEST_ASSERT( pk_parse_public_keyfile( &pub, pub_file ) == 0 ); TEST_ASSERT( pk_parse_keyfile( &prv, prv_file, NULL ) == 0 ); TEST_ASSERT( pk_check_pair( &pub, &prv ) == ret ); + if( pk_get_type( &prv ) == POLARSSL_PK_RSA ) + { + TEST_ASSERT( pk_init_ctx_rsa_alt( &alt, pk_rsa( prv ), + rsa_decrypt_func, rsa_sign_func, rsa_key_len_func ) == 0 ); + TEST_ASSERT( pk_check_pair( &pub, &alt ) == ret ); + } + pk_free( &pub ); pk_free( &prv ); + pk_free( &alt ); } /* END_CASE */ From 7c13d69cb59bedbf343074304e3dfb36c11bc351 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Nov 2014 00:01:34 +0100 Subject: [PATCH 08/57] Fix dependency issues --- library/pk_wrap.c | 6 ++++++ tests/suites/test_suite_pk.function | 8 +++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index a75ab3248..7776f0114 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -436,6 +436,7 @@ static int rsa_alt_decrypt_wrap( void *ctx, RSA_PRIVATE, olen, input, output, osize ) ); } +#if defined(POLARSSL_RSA_C) static int rsa_alt_check_pair( const void *pub, const void *prv ) { unsigned char sig[POLARSSL_MPI_MAX_SIZE]; @@ -463,6 +464,7 @@ static int rsa_alt_check_pair( const void *pub, const void *prv ) return( 0 ); } +#endif /* POLARSSL_RSA_C */ static void *rsa_alt_alloc_wrap( void ) { @@ -489,7 +491,11 @@ const pk_info_t rsa_alt_info = { rsa_alt_sign_wrap, rsa_alt_decrypt_wrap, NULL, +#if defined(POLARSSL_RSA_C) rsa_alt_check_pair, +#else + NULL, +#endif rsa_alt_alloc_wrap, rsa_alt_free_wrap, NULL, diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index c88d36588..fb86c99f7 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1,6 +1,10 @@ /* BEGIN_HEADER */ #include +/* For error codes */ +#include +#include + static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); #define RSA_KEY_SIZE 512 @@ -80,7 +84,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:POLARSSL_PK_PARSE_C */ +/* BEGIN_CASE depends_on:POLARSSL_PK_PARSE_C:POLARSSL_FS_IO */ void pk_check_pair( char *pub_file, char *prv_file, int ret ) { pk_context pub, prv, alt; @@ -94,12 +98,14 @@ void pk_check_pair( char *pub_file, char *prv_file, int ret ) TEST_ASSERT( pk_check_pair( &pub, &prv ) == ret ); +#if defined(POLARSSL_RSA_C) if( pk_get_type( &prv ) == POLARSSL_PK_RSA ) { TEST_ASSERT( pk_init_ctx_rsa_alt( &alt, pk_rsa( prv ), rsa_decrypt_func, rsa_sign_func, rsa_key_len_func ) == 0 ); TEST_ASSERT( pk_check_pair( &pub, &alt ) == ret ); } +#endif pk_free( &pub ); pk_free( &prv ); From de1712587504406fe56685a3c4567849d83db241 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sat, 8 Nov 2014 17:58:24 +0100 Subject: [PATCH 09/57] Update ChangeLog for pk_check_pair() & Co --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 23cbbacc5..20436d771 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,10 +2,14 @@ PolarSSL ChangeLog (Sorted per branch, date) = PolarSSL 1.3.z branch +Features + * Add function pk_check_pair() to test if public and private keys match. + Changes * Use deterministic nonces for AEAD ciphers in TLS by default (possible to switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h). * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined. + * ssl_set_own_cert() now returns an error on key-certificate mismatch. = PolarSSL 1.3.9 released 2014-10-20 Security From 54f6e562e6989ce61d2279652630eff47def999b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Nov 2014 12:15:39 +0100 Subject: [PATCH 10/57] Fix CFLAGS with cmake and gcc --- CMakeLists.txt | 4 ++-- ChangeLog | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 9e1158c77..147f104f8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -4,7 +4,7 @@ project(POLARSSL C) string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}") if(CMAKE_COMPILER_IS_GNUCC) - set(CMAKE_C_FLAGS "-Wall -Wextra -W -Wdeclaration-after-statement -Wlogical-op -Wwrite-strings") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wlogical-op") set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-g3 -O0") set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage") @@ -14,7 +14,7 @@ if(CMAKE_COMPILER_IS_GNUCC) endif(CMAKE_COMPILER_IS_GNUCC) if(CMAKE_COMPILER_IS_CLANG) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wpointer-arith -Wwrite-strings -Wdocumentation -Wunreachable-code") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wdocumentation -Wunreachable-code") set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-g3 -O0") set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage") diff --git a/ChangeLog b/ChangeLog index 20436d771..f38c0cff9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,10 @@ PolarSSL ChangeLog (Sorted per branch, date) Features * Add function pk_check_pair() to test if public and private keys match. +Bugfix + * User set CFLAGS were ignore by Cmake with gcc (introduced in 1.3.9, found + by Julian Ospald). + Changes * Use deterministic nonces for AEAD ciphers in TLS by default (possible to switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h). From d6197a37e08e2c183ee308fdabf162a536966228 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Nov 2014 13:02:22 +0100 Subject: [PATCH 11/57] Detect undefined behaviours too in ASan builds --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 147f104f8..a2e60aa3c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -18,7 +18,7 @@ if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-g3 -O0") set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage") - set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-omit-frame-pointer -g3 -O1 -Werror") + set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover -fno-omit-frame-pointer -g3 -O1 -Werror") set(CMAKE_C_FLAGS_CHECK "-O1 -Werror") endif(CMAKE_COMPILER_IS_CLANG) From b31b61b9e8359402a8124572d1a94c48d9ebb776 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Nov 2014 13:05:43 +0100 Subject: [PATCH 12/57] Fix potential undefined behaviour in Camellia --- ChangeLog | 1 + library/camellia.c | 16 ++++++++-------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index f38c0cff9..bc0bbd0f8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,7 @@ Features Bugfix * User set CFLAGS were ignore by Cmake with gcc (introduced in 1.3.9, found by Julian Ospald). + * Fix potential undefined behaviour in Camellia. Changes * Use deterministic nonces for AEAD ciphers in TLS by default (possible to diff --git a/library/camellia.c b/library/camellia.c index a4968f411..3956a405b 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -304,14 +304,14 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2], I0 = x[0] ^ k[0]; I1 = x[1] ^ k[1]; - I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) | - (SBOX2((I0 >> 16) & 0xFF) << 16) | - (SBOX3((I0 >> 8) & 0xFF) << 8) | - (SBOX4((I0 ) & 0xFF) ); - I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) | - (SBOX3((I1 >> 16) & 0xFF) << 16) | - (SBOX4((I1 >> 8) & 0xFF) << 8) | - (SBOX1((I1 ) & 0xFF) ); + I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) | + ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) | + ((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) | + ((uint32_t) SBOX4((I0 ) & 0xFF) ); + I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) | + ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) | + ((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) | + ((uint32_t) SBOX1((I1 ) & 0xFF) ); I0 ^= (I1 << 8) | (I1 >> 24); I1 ^= (I0 << 16) | (I0 >> 16); From e9599796210c734021c1c32dbb25778ce0b885c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Nov 2014 13:43:55 +0100 Subject: [PATCH 13/57] Fix ECDSA sign buffer size --- ChangeLog | 2 ++ library/ecdsa.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index bc0bbd0f8..d3b7124b4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,8 @@ Bugfix * User set CFLAGS were ignore by Cmake with gcc (introduced in 1.3.9, found by Julian Ospald). * Fix potential undefined behaviour in Camellia. + * Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a + multiple of 8 (found by Gergely Budai). Changes * Use deterministic nonces for AEAD ciphers in TLS by default (possible to diff --git a/library/ecdsa.c b/library/ecdsa.c index 5af7f6b53..e9880efd2 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -333,7 +333,7 @@ cleanup: #if POLARSSL_ECP_MAX_BYTES > 124 #error "POLARSSL_ECP_MAX_BYTES bigger than expected, please fix MAX_SIG_LEN" #endif -#define MAX_SIG_LEN ( 3 + 2 * ( 2 + POLARSSL_ECP_MAX_BYTES ) ) +#define MAX_SIG_LEN ( 3 + 2 * ( 3 + POLARSSL_ECP_MAX_BYTES ) ) /* * Convert a signature (given by context) to ASN.1 From 49aa99e6536bd867dbb01fa7c7f023dc90cbeb69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Nov 2014 16:40:16 +0100 Subject: [PATCH 14/57] Fix exit codes in cert_app --- programs/x509/cert_app.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 5f8636b10..1ab7cc759 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -188,6 +188,7 @@ int main( int argc, char *argv[] ) { usage: printf( USAGE ); + ret = 2; goto exit; } @@ -500,6 +501,9 @@ exit: fflush( stdout ); getchar(); #endif + if( ret < 0 ) + ret = 1; + return( ret ); } #endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C && From e9271e683536619bbec55d14ac004fdf218b61ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Nov 2014 22:21:27 +0100 Subject: [PATCH 15/57] Add a MemSan Cmake build type Detects uninitialised memory reads. Available only with Clang on Linux x86_64 for now. Experimental but seems usable enough. --- CMakeLists.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a2e60aa3c..1596226c0 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -19,11 +19,13 @@ if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS_DEBUG "-g3 -O0") set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage") set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover -fno-omit-frame-pointer -g3 -O1 -Werror") + # note: can add -fsanitize-memory-track-origins=2 for debugging with memsan + set(CMAKE_C_FLAGS_MEMSAN "-fsanitize=memory -fno-omit-frame-pointer -fno-optimize-sibling-calls -g3 -O1 -Werror") set(CMAKE_C_FLAGS_CHECK "-O1 -Werror") endif(CMAKE_COMPILER_IS_CLANG) set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} - CACHE STRING "Choose the type of build: None Debug Release Coverage ASan Check CheckFull" + CACHE STRING "Choose the type of build: None Debug Release Coverage ASan MemSan Check CheckFull" FORCE) if(CMAKE_BUILD_TYPE STREQUAL "Coverage") From 0369a5291b525d2739e4ccb388761baaee86793f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Nov 2014 22:17:26 +0100 Subject: [PATCH 16/57] Fix uninitialised pointer dereference --- ChangeLog | 5 +++++ library/asn1parse.c | 2 ++ tests/suites/test_suite_x509parse.data | 4 ++++ 3 files changed, 11 insertions(+) diff --git a/ChangeLog b/ChangeLog index d3b7124b4..9821551c5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,11 @@ PolarSSL ChangeLog (Sorted per branch, date) = PolarSSL 1.3.z branch +Security + * Fix remotely-triggerable uninitialised pointer dereference caused by + crafted X.509 certificate (server is not affected if it doesn't ask for a + client certificate) (found using Codenomicon Defensics). + Features * Add function pk_check_pair() to test if public and private keys match. diff --git a/library/asn1parse.c b/library/asn1parse.c index a3a2b56a2..e2117bfa1 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p, if( cur->next == NULL ) return( POLARSSL_ERR_ASN1_MALLOC_FAILED ); + memset( cur->next, 0, sizeof( asn1_sequence ) ); + cur = cur->next; } } diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 4cc924fa4..c2bb7f320 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -869,6 +869,10 @@ X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet len mism depends_on:POLARSSL_RSA_C x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_LENGTH_MISMATCH +X509 Certificate ASN1 (ExtKeyUsage, bad second tag) +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED +x509parse_crt:"3081de3081dba003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d250416301406082b0601050507030107082b06010505070302":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG + X509 Certificate ASN1 (correct pubkey, no sig_alg) depends_on:POLARSSL_RSA_C x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA From b134060f90ee0e47a63a36f0c36334edeed4a110 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Nov 2014 23:11:16 +0100 Subject: [PATCH 17/57] Fix memory leak with crafted X.509 certs --- ChangeLog | 3 +++ library/x509_crt.c | 3 +++ tests/suites/test_suite_x509parse.data | 4 ++++ 3 files changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index 9821551c5..f06f582d1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ Security * Fix remotely-triggerable uninitialised pointer dereference caused by crafted X.509 certificate (server is not affected if it doesn't ask for a client certificate) (found using Codenomicon Defensics). + * Fix remotely-triggerable memory leak caused by crafted X.509 certificates + (server is not affected if it doesn't ask for a client certificate) + (found using Codenomicon Defensics). Features * Add function pk_check_pair() to test if public and private keys match. diff --git a/library/x509_crt.c b/library/x509_crt.c index 88d7f04c7..525d250fb 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -359,6 +359,9 @@ static int x509_get_subject_alt_name( unsigned char **p, /* Allocate and assign next pointer */ if( cur->buf.p != NULL ) { + if( cur->next != NULL ) + return( POLARSSL_ERR_X509_INVALID_EXTENSIONS ); + cur->next = (asn1_sequence *) polarssl_malloc( sizeof( asn1_sequence ) ); diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index c2bb7f320..b7f6791af 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -873,6 +873,10 @@ X509 Certificate ASN1 (ExtKeyUsage, bad second tag) depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509parse_crt:"3081de3081dba003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d250416301406082b0601050507030107082b06010505070302":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG +X509 Certificate ASN1 (SubjectAltName repeated) +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED +x509parse_crt:"3081fd3081faa003020102020900a8b31ff37d09a37f300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313231333731365a170d3234313130383231333731365a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + X509 Certificate ASN1 (correct pubkey, no sig_alg) depends_on:POLARSSL_RSA_C x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA From d681443f69080ec68f2323e7f53fae2f863d69ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Nov 2014 01:25:31 +0100 Subject: [PATCH 18/57] Fix potential stack overflow --- ChangeLog | 7 +++++-- library/x509.c | 46 +++++++++++++++++++++++++--------------------- 2 files changed, 30 insertions(+), 23 deletions(-) diff --git a/ChangeLog b/ChangeLog index f06f582d1..a8cb94a20 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,10 +4,13 @@ PolarSSL ChangeLog (Sorted per branch, date) Security * Fix remotely-triggerable uninitialised pointer dereference caused by - crafted X.509 certificate (server is not affected if it doesn't ask for a + crafted X.509 certificate (TLS server is not affected if it doesn't ask for a client certificate) (found using Codenomicon Defensics). * Fix remotely-triggerable memory leak caused by crafted X.509 certificates - (server is not affected if it doesn't ask for a client certificate) + (TLS server is not affected if it doesn't ask for a client certificate) + (found using Codenomicon Defensics). + * Fix potential stack overflow while parsing crafted X.509 certificates + (TLS server is not affected if it doesn't ask for a client certificate) (found using Codenomicon Defensics). Features diff --git a/library/x509.c b/library/x509.c index 941472c9d..89ba7633d 100644 --- a/library/x509.c +++ b/library/x509.c @@ -421,35 +421,39 @@ int x509_get_name( unsigned char **p, const unsigned char *end, size_t set_len; const unsigned char *end_set; - /* - * parse first SET, restricted to 1 element - */ - if( ( ret = asn1_get_tag( p, end, &set_len, - ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 ) - return( POLARSSL_ERR_X509_INVALID_NAME + ret ); + /* don't use recursion, we'd risk stack overflow if not optimized */ + while( 1 ) + { + /* + * parse first SET, restricted to 1 element + */ + if( ( ret = asn1_get_tag( p, end, &set_len, + ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 ) + return( POLARSSL_ERR_X509_INVALID_NAME + ret ); - end_set = *p + set_len; + end_set = *p + set_len; - if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 ) - return( ret ); + if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 ) + return( ret ); - if( *p != end_set ) - return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE ); + if( *p != end_set ) + return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE ); - /* - * recurse until end of SEQUENCE is reached - */ - if( *p == end ) - return( 0 ); + /* + * continue until end of SEQUENCE is reached + */ + if( *p == end ) + return( 0 ); - cur->next = (x509_name *) polarssl_malloc( sizeof( x509_name ) ); + cur->next = (x509_name *) polarssl_malloc( sizeof( x509_name ) ); - if( cur->next == NULL ) - return( POLARSSL_ERR_X509_MALLOC_FAILED ); + if( cur->next == NULL ) + return( POLARSSL_ERR_X509_MALLOC_FAILED ); - memset( cur->next, 0, sizeof( x509_name ) ); + memset( cur->next, 0, sizeof( x509_name ) ); - return( x509_get_name( p, end, cur->next ) ); + cur = cur->next; + } } /* From 8a5e3d4a4011f3f2142e15a23ad98fa7c7753b6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Nov 2014 17:47:28 +0100 Subject: [PATCH 19/57] Forbid repeated X.509 extensions --- ChangeLog | 1 + library/x509_crt.c | 4 ++++ tests/suites/test_suite_x509parse.data | 4 ++++ 3 files changed, 9 insertions(+) diff --git a/ChangeLog b/ChangeLog index a8cb94a20..6f55c3297 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,6 +28,7 @@ Changes switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h). * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined. * ssl_set_own_cert() now returns an error on key-certificate mismatch. + * Forbid repeated extensions in X.509 certificates. = PolarSSL 1.3.9 released 2014-10-20 Security diff --git a/library/x509_crt.c b/library/x509_crt.c index 525d250fb..5273c3a57 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -481,6 +481,10 @@ static int x509_get_crt_ext( unsigned char **p, continue; } + /* Forbid repeated extensions */ + if( ( crt->ext_types & ext_type ) != 0 ) + return( POLARSSL_ERR_X509_INVALID_EXTENSIONS ); + crt->ext_types |= ext_type; switch( ext_type ) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b7f6791af..097a86171 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -877,6 +877,10 @@ X509 Certificate ASN1 (SubjectAltName repeated) depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509parse_crt:"3081fd3081faa003020102020900a8b31ff37d09a37f300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313231333731365a170d3234313130383231333731365a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS +X509 Certificate ASN1 (ExtKeyUsage repeated) +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED +x509parse_crt:"3081fd3081faa003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + X509 Certificate ASN1 (correct pubkey, no sig_alg) depends_on:POLARSSL_RSA_C x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA From f631bbc1da168a6a61b4ee9152a673cb64194396 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Nov 2014 18:35:31 +0100 Subject: [PATCH 20/57] Make x509_string_cmp() iterative --- library/x509_crt.c | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 5273c3a57..6193ecd12 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1636,25 +1636,30 @@ static int x509_string_cmp( const x509_buf *a, const x509_buf *b ) */ static int x509_name_cmp( const x509_name *a, const x509_name *b ) { - if( a == NULL && b == NULL ) - return( 0 ); - - if( a == NULL || b == NULL ) - return( -1 ); - - /* type */ - if( a->oid.tag != b->oid.tag || - a->oid.len != b->oid.len || - memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 ) + /* Avoid recursion, it might not be optimised by the compiler */ + while( a != NULL || b != NULL ) { - return( -1 ); + if( a == NULL || b == NULL ) + return( -1 ); + + /* type */ + if( a->oid.tag != b->oid.tag || + a->oid.len != b->oid.len || + memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 ) + { + return( -1 ); + } + + /* value */ + if( x509_string_cmp( &a->val, &b->val ) != 0 ) + return( -1 ); + + a = a->next; + b = b->next; } - /* value */ - if( x509_string_cmp( &a->val, &b->val ) != 0 ) - return( -1 ); - - return( x509_name_cmp( a->next, b->next ) ); + /* a == NULL == b */ + return( 0 ); } /* From 5924f9f81076bda203fd7075342d40c26cf180d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Nov 2014 22:27:18 +0100 Subject: [PATCH 21/57] Add script to find malloc() not followed by init --- scripts/malloc-init.pl | 70 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100755 scripts/malloc-init.pl diff --git a/scripts/malloc-init.pl b/scripts/malloc-init.pl new file mode 100755 index 000000000..1fa1cf315 --- /dev/null +++ b/scripts/malloc-init.pl @@ -0,0 +1,70 @@ +#!/usr/bin/perl + +# Check for malloc calls not shortly followed by initialisation. +# +# Known limitations: +# - false negative: can't see allocations spanning more than one line +# - possible false negatives, see patterns +# - false positive: malloc-malloc-init-init is not accepted +# - false positives: "non-standard" init functions (eg, the things being +# initialised is not the first arg, or initialise struct members) +# +# Since false positives are expected, the results must be manually reviewed. +# +# Typical usage: scripts/malloc-init.pl library/*.c + +use warnings; +use strict; + +use utf8; +use open qw(:std utf8); + +my $limit = 7; +my $inits = qr/memset|memcpy|_init|fread|base64_..code/; + +# cases to bear in mind: +# +# 0. foo = malloc(...); memset( foo, ... ); +# 1. *foo = malloc(...); memset( *foo, ... ); +# 2. type *foo = malloc(...); memset( foo, ...); +# 3. foo = malloc(...); foo_init( (type *) foo ); +# 4. foo = malloc(...); for(i=0..n) { init( &foo[i] ); } +# +# The chosen patterns are a bit relaxed, but unlikely to cause false positives +# in real code (initialising *foo or &foo instead of foo will likely be caught +# by functional tests). +# +my $id = qr/([a-zA-Z-0-9_\->\.]*)/; +my $prefix = qr/\s(?:\*?|\&?|\([a-z_]* \*\))\s*/; + +my $name; +my $line; +my @bad; + +die "Usage: $0 file.c [...]\n" unless @ARGV; + +while (my $file = shift @ARGV) +{ + open my $fh, "<", $file or die "read $file failed: $!\n"; + while (<$fh>) + { + if( /polarssl_malloc\(/ ) { + if( /$id\s*=.*polarssl_malloc\(/ ) { + push @bad, "$file:$line:$name" if $name; + $name = $1; + $line = $.; + } else { + push @bad, "$file:$.:???" unless /return polarssl_malloc/; + } + } elsif( $name && /(?:$inits)\($prefix\Q$name\E\b/ ) { + undef $name; + } elsif( $name && $. - $line > $limit ) { + push @bad, "$file:$line:$name"; + undef $name; + undef $line; + } + } + close $fh or die; +} + +print "$_\n" for @bad; From e5b0fc18472b9780a0563b1a5550f039264e88da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Nov 2014 22:27:42 +0100 Subject: [PATCH 22/57] Make malloc-init script a bit happier --- library/asn1write.c | 4 ++-- library/ssl_cache.c | 13 +++++-------- library/ssl_tls.c | 8 ++++---- library/x509_crl.c | 6 +++--- library/x509_crt.c | 2 +- 5 files changed, 15 insertions(+), 18 deletions(-) diff --git a/library/asn1write.c b/library/asn1write.c index ebc0e9766..d3ece60c7 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -327,6 +327,8 @@ asn1_named_data *asn1_store_named_data( asn1_named_data **head, return( NULL ); } + memcpy( cur->oid.p, oid, oid_len ); + cur->val.len = val_len; cur->val.p = polarssl_malloc( val_len ); if( cur->val.p == NULL ) @@ -336,8 +338,6 @@ asn1_named_data *asn1_store_named_data( asn1_named_data **head, return( NULL ); } - memcpy( cur->oid.p, oid, oid_len ); - cur->next = *head; *head = cur; } diff --git a/library/ssl_cache.c b/library/ssl_cache.c index 836b68511..5868e693b 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -105,10 +105,8 @@ int ssl_cache_get( void *data, ssl_session *session ) */ if( entry->peer_cert.p != NULL ) { - session->peer_cert = - (x509_crt *) polarssl_malloc( sizeof(x509_crt) ); - - if( session->peer_cert == NULL ) + if( ( session->peer_cert = (x509_crt *) polarssl_malloc( + sizeof(x509_crt) ) ) == NULL ) { ret = 1; goto exit; @@ -226,8 +224,7 @@ int ssl_cache_set( void *data, const ssl_session *session ) /* * max_entries not reached, create new entry */ - cur = (ssl_cache_entry *) - polarssl_malloc( sizeof(ssl_cache_entry) ); + cur = (ssl_cache_entry *) polarssl_malloc( sizeof(ssl_cache_entry) ); if( cur == NULL ) { ret = 1; @@ -264,8 +261,8 @@ int ssl_cache_set( void *data, const ssl_session *session ) */ if( session->peer_cert != NULL ) { - cur->peer_cert.p = (unsigned char *) - polarssl_malloc( session->peer_cert->raw.len ); + cur->peer_cert.p = (unsigned char *) polarssl_malloc( + session->peer_cert->raw.len ); if( cur->peer_cert.p == NULL ) { ret = 1; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 33d4678c1..89688867a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3341,14 +3341,14 @@ static int ssl_handshake_init( ssl_context *ssl ) */ if( ssl->transform_negotiate == NULL ) { - ssl->transform_negotiate = - (ssl_transform *) polarssl_malloc( sizeof(ssl_transform) ); + ssl->transform_negotiate = (ssl_transform *) polarssl_malloc( + sizeof(ssl_transform) ); } if( ssl->session_negotiate == NULL ) { - ssl->session_negotiate = - (ssl_session *) polarssl_malloc( sizeof(ssl_session) ); + ssl->session_negotiate = (ssl_session *) polarssl_malloc( + sizeof(ssl_session) ); } if( ssl->handshake == NULL ) diff --git a/library/x509_crl.c b/library/x509_crl.c index 7dd53c2f6..b9a5c1373 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -243,8 +243,8 @@ static int x509_get_entries( unsigned char **p, if( cur_entry->next == NULL ) return( POLARSSL_ERR_X509_MALLOC_FAILED ); + memset( cur_entry->next, 0, sizeof( x509_crl_entry ) ); cur_entry = cur_entry->next; - memset( cur_entry, 0, sizeof( x509_crl_entry ) ); } } @@ -294,8 +294,8 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) return( POLARSSL_ERR_X509_MALLOC_FAILED ); } + x509_crl_init( crl->next ); crl = crl->next; - x509_crl_init( crl ); } #if defined(POLARSSL_PEM_PARSE_C) @@ -532,8 +532,8 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) return( POLARSSL_ERR_X509_MALLOC_FAILED ); } + x509_crl_init( crl->next ); crl = crl->next; - x509_crl_init( crl ); return( x509_crl_parse( crl, buf, buflen ) ); } diff --git a/library/x509_crt.c b/library/x509_crt.c index 6193ecd12..2d72f6acd 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -819,8 +819,8 @@ int x509_crt_parse_der( x509_crt *chain, const unsigned char *buf, return( POLARSSL_ERR_X509_MALLOC_FAILED ); prev = crt; + x509_crt_init( crt->next ); crt = crt->next; - x509_crt_init( crt ); } if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 ) From fd60a5c6211bf8f2a1d53348bbda314af17bd94c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Nov 2014 22:54:24 +0100 Subject: [PATCH 23/57] Add script finding recursive functions --- scripts/recursion.pl | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100755 scripts/recursion.pl diff --git a/scripts/recursion.pl b/scripts/recursion.pl new file mode 100755 index 000000000..d75a4ef44 --- /dev/null +++ b/scripts/recursion.pl @@ -0,0 +1,43 @@ +#!/usr/bin/perl + +# Find functions making recursive calls to themselves. +# (Multiple recursion where a() calls b() which calls a() not covered.) +# +# When the recursion depth might depend on data controlled by the attacker in +# an unbounded way, those functions should use interation instead. +# +# Typical usage: scripts/recursion.pl library/*.c + +use warnings; +use strict; + +use utf8; +use open qw(:std utf8); + +# exclude functions that are ok: +# - mpi_write_hlp: bounded by size of mpi, a compile-time constant +my $known_ok = qr/mpi_write_hlp/; + +my $cur_name; +my $inside; +my @funcs; + +die "Usage: $0 file.c [...]\n" unless @ARGV; + +while (<>) +{ + if( /^[^\/#{}\s]/ && ! /\[.*]/ ) { + chomp( $cur_name = $_ ) unless $inside; + } elsif( /^{/ && $cur_name ) { + $inside = 1; + $cur_name =~ s/.* ([^ ]*)\(.*/$1/; + } elsif( /^}/ && $inside ) { + undef $inside; + undef $cur_name; + } elsif( $inside && /\b\Q$cur_name\E\([^)]/ ) { + push @funcs, $cur_name unless /$known_ok/; + } +} + +print "$_\n" for @funcs; +exit @funcs; From 705b70f122f113377e3ff4187facd242e4324c37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 13 Nov 2014 13:35:50 +0100 Subject: [PATCH 24/57] Add new build modes for sanitizers --- CMakeLists.txt | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 1596226c0..4a6b6c32d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -5,27 +5,29 @@ string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}") if(CMAKE_COMPILER_IS_GNUCC) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wlogical-op") - set(CMAKE_C_FLAGS_RELEASE "-O2") - set(CMAKE_C_FLAGS_DEBUG "-g3 -O0") - set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage") - set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-omit-frame-pointer -g3 -O1 -Werror") - set(CMAKE_C_FLAGS_CHECK "-O1 -Werror") - set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual") + set(CMAKE_C_FLAGS_RELEASE "-O2") + set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") + set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") + set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -O3") + set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ") + set(CMAKE_C_FLAGS_CHECK "-Werror -O1") + set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual") endif(CMAKE_COMPILER_IS_GNUCC) if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wdocumentation -Wunreachable-code") - set(CMAKE_C_FLAGS_RELEASE "-O2") - set(CMAKE_C_FLAGS_DEBUG "-g3 -O0") - set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage") - set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover -fno-omit-frame-pointer -g3 -O1 -Werror") - # note: can add -fsanitize-memory-track-origins=2 for debugging with memsan - set(CMAKE_C_FLAGS_MEMSAN "-fsanitize=memory -fno-omit-frame-pointer -fno-optimize-sibling-calls -g3 -O1 -Werror") - set(CMAKE_C_FLAGS_CHECK "-O1 -Werror") + set(CMAKE_C_FLAGS_RELEASE "-O2") + set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") + set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") + set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O3") + set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ") + set(CMAKE_C_FLAGS_MEMSAN "-Werror -fsanitize=memory -O3") + set(CMAKE_C_FLAGS_MEMSANDBG "-Werror -fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2") + set(CMAKE_C_FLAGS_CHECK "-Werror -O1") endif(CMAKE_COMPILER_IS_CLANG) set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} - CACHE STRING "Choose the type of build: None Debug Release Coverage ASan MemSan Check CheckFull" + CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull" FORCE) if(CMAKE_BUILD_TYPE STREQUAL "Coverage") From ca89d89a1065e2a8171dbc2248a99585c626a109 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 13 Nov 2014 13:56:05 +0100 Subject: [PATCH 25/57] Document build modes better --- README.rst | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index 8dd823c9c..2abec3c17 100644 --- a/README.rst +++ b/README.rst @@ -39,7 +39,7 @@ In order to build the source using CMake, just enter at the command line:: make -There are 5 different active build modes specified within the CMake buildsystem: +There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific: - Release. This generates the default code without any unnecessary information in the binary files. @@ -49,8 +49,20 @@ There are 5 different active build modes specified within the CMake buildsystem: This generates code coverage information in addition to debug information. - ASan. This instruments the code with AddressSanitizer to check for memory errors. + (This includes LeakSanitizer, with recent version of gcc and clang.) + (With recent version of clang, this mode also intruments the code with + UndefinedSanitizer to check for undefined behaviour.) +- ASanDbg. + Same as ASan but slower, with debug information and better stack traces. +- MemSan. + This intruments the code with MemorySanitizer to check for uninitialised + memory reads. Experimental, needs recent clang on Linux/x86_64. +- MemSanDbg. + Same as ASan but slower, with debug information, better stack traces and + origin tracking. - Check. - This activates more compiler warnings and treats them as errors. + This activates the compiler warnings that depend on optimisation and treats + all warnings as errors. Switching build modes in CMake is simple. For debug mode, enter at the command line: @@ -77,6 +89,13 @@ Tests PolarSSL includes an elaborate test suite in *tests/* that initially requires Perl to generate the tests files (e.g. *test_suite_mpi.c*). These files are generates from a **function file** (e.g. *suites/test_suite_mpi.function*) and a **data file** (e.g. *suites/test_suite_mpi.data*). The **function file** contains the template for each test function. The **data file** contains the test cases, specified as parameters that should be pushed into a template function. +For machines with a Unix shell and OpenSSL (and optionnally GnuTLS) installed, additional test scripts are available: + +- *tests/ssl-opt.sh* runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations. +- *tests/compat.sh* tests interoperability of every ciphersuite with other implementations. +- *tests/scripts/test-ref-configs.pl* test builds in various reduced configurations. +- *tests/scripts/all.sh* runs a combination of the above tests with various build options (eg ASan). + Configurations ============== From 6cf11642a4b14ac0ef7fd494a2257141954c4f6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 14 Nov 2014 12:29:59 +0100 Subject: [PATCH 26/57] Update README to mention config.pl --- README.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.rst b/README.rst index 2abec3c17..43253bef6 100644 --- a/README.rst +++ b/README.rst @@ -2,6 +2,15 @@ README for PolarSSL =================== +Configuration +============= + +PolarSSL should build out of the box on most systems. Some platform specific options are available in the fully-documented configuration file *include/polarssl/config.h*, which is also the place where features can be selected. +This file can be edited manually, or in a more programmatic way using the Perl +script *scripts/config.pl* (use *--help* for usage instructions). + +Compiler options can be set using standard variables such as *CC* and *CFLAGS* when using the Make and CMake build system (see below). + Compiling ========= From 052ae25e5683e537501c217e90f1d33b59afc9f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 14 Nov 2014 13:09:41 +0100 Subject: [PATCH 27/57] Avoid advertising private option --- scripts/config.pl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/config.pl b/scripts/config.pl index d04be59c8..8998fd6b0 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -6,10 +6,11 @@ use warnings; use strict; my $usage = <] full $0 [-f ] unset $0 [-f ] set [] EOU +# for our eyes only: +# $0 [-f ] full # Things that shouldn't be enabled with "full". # Notes: From e80083cafaa385b7dabbee6134c96e7ae93295f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 14 Nov 2014 13:52:32 +0100 Subject: [PATCH 28/57] Add precision about cmake cache --- README.rst | 5 +++++ configs/README.txt | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/README.rst b/README.rst index 43253bef6..6d18f540d 100644 --- a/README.rst +++ b/README.rst @@ -77,6 +77,11 @@ Switching build modes in CMake is simple. For debug mode, enter at the command l cmake -D CMAKE_BUILD_TYPE:String="Debug" . +Note that, with CMake, if you want to change the compiler or its options after you already ran CMake, you need to clear its cache first, eg (using GNU find):: + + find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} + + CC=gcc CFLAGS='-fstack-protector-strong -Wa,--noexecstack' cmake . + In order to run the tests, enter:: make test diff --git a/configs/README.txt b/configs/README.txt index bab500d8d..f543002b7 100644 --- a/configs/README.txt +++ b/configs/README.txt @@ -18,7 +18,7 @@ them, you can pick one of the following methods: Or, using cmake: - rm CMakeCache.txt + find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} + CFLAGS="-I$PWD/configs -DPOLARSSL_CONFIG_FILE=''" cmake . make From 98aa19148c06c52ac137092a956cf22db54201c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 14 Nov 2014 16:34:36 +0100 Subject: [PATCH 29/57] Adjust warnings in different modes --- CMakeLists.txt | 2 +- library/CMakeLists.txt | 5 ++--- tests/CMakeLists.txt | 6 +----- 3 files changed, 4 insertions(+), 9 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 4a6b6c32d..551aa1a52 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -15,7 +15,7 @@ if(CMAKE_COMPILER_IS_GNUCC) endif(CMAKE_COMPILER_IS_GNUCC) if(CMAKE_COMPILER_IS_CLANG) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wdocumentation -Wunreachable-code") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith") set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 33d96b47f..f562ca6f4 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -78,12 +78,11 @@ set(libs ws2_32) endif(WIN32) if(CMAKE_COMPILER_IS_GNUCC) - set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS_CHECK} -Wmissing-declarations -Wmissing-prototypes") - set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes") endif(CMAKE_COMPILER_IS_GNUCC) if(CMAKE_COMPILER_IS_CLANG) - set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS_CHECK} -Wmissing-declarations -Wmissing-prototypes") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wunreachable-code") endif(CMAKE_COMPILER_IS_CLANG) if (NOT USE_STATIC_POLARSSL_LIBRARY AND NOT USE_SHARED_POLARSSL_LIBRARY) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 2e4d9d4a9..7887e21fc 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -29,11 +29,7 @@ function(add_test_suite suite_name) add_test(${data_name}-suite test_suite_${data_name}) endfunction(add_test_suite) -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-function -Wno-unused-value") -set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS_CHECK} -Wno-unused-function -Wno-unused-value") -if(CMAKE_COMPILER_IS_CLANG) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unreachable-code") -endif(CMAKE_COMPILER_IS_CLANG) +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-function") add_test_suite(aes aes.ecb) add_test_suite(aes aes.cbc) From 403a86f73dc3d3ac830fb89c4c6d8439f1943b67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 17 Nov 2014 12:46:49 +0100 Subject: [PATCH 30/57] ssl_server2: exit cleanly on SIGINT too --- programs/ssl/ssl_server2.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 721dab42e..cb69b3339 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -656,8 +656,9 @@ int main( int argc, char *argv[] ) #endif #if !defined(_WIN32) - /* Abort cleanly on SIGTERM */ + /* Abort cleanly on SIGTERM and SIGINT */ signal( SIGTERM, term_handler ); + signal( SIGINT, term_handler ); #endif if( argc == 0 ) @@ -1412,7 +1413,7 @@ reset: #if !defined(_WIN32) if( received_sigterm ) { - printf( " interrupted by SIGTERM\n" ); + printf( " interrupted by signal\n" ); ret = 0; goto exit; } From 3a3066c3eebe6f67f66f3bd33d76f35fbd79c7e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sat, 20 Sep 2014 12:03:00 +0200 Subject: [PATCH 31/57] ssl_server2 now exits on signal during a read too --- programs/ssl/ssl_server2.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index cb69b3339..0b8852ab6 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -572,7 +572,7 @@ int psk_callback( void *p_info, ssl_context *ssl, } #endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */ -static int listen_fd; +static int listen_fd, client_fd = -1; /* Interruption handler to ensure clean exit (for valgrind testing) */ #if !defined(_WIN32) @@ -582,13 +582,13 @@ void term_handler( int sig ) ((void) sig); received_sigterm = 1; net_close( listen_fd ); /* causes net_accept() to abort */ + net_close( client_fd ); /* causes net_read() to abort */ } #endif int main( int argc, char *argv[] ) { int ret = 0, len, written, frags, exchanges; - int client_fd = -1; int version_suites[4][2]; unsigned char buf[IO_BUF_LEN]; #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED) @@ -1386,6 +1386,15 @@ int main( int argc, char *argv[] ) printf( " ok\n" ); reset: +#if !defined(_WIN32) + if( received_sigterm ) + { + printf( " interrupted by SIGTERM\n" ); + ret = 0; + goto exit; + } +#endif + #ifdef POLARSSL_ERROR_C if( ret != 0 ) { From 8c9223df84fe06f40f1355b3e96694f78197041f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 19 Nov 2014 10:17:21 +0100 Subject: [PATCH 32/57] Add text view to debug_print_buf() --- ChangeLog | 1 + library/debug.c | 12 ++++++++++-- tests/suites/test_suite_debug.data | 10 +++++----- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6f55c3297..893c7c1c6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,7 @@ Changes * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined. * ssl_set_own_cert() now returns an error on key-certificate mismatch. * Forbid repeated extensions in X.509 certificates. + * debug_print_buf() now prints a text view in addition to hexadecimal. = PolarSSL 1.3.9 released 2014-10-20 Security diff --git a/library/debug.c b/library/debug.c index a81f502bf..865bd5447 100644 --- a/library/debug.c +++ b/library/debug.c @@ -123,6 +123,7 @@ void debug_print_buf( const ssl_context *ssl, int level, unsigned char *buf, size_t len ) { char str[512]; + char txt[17]; size_t i, maxlen = sizeof( str ) - 1, idx = 0; if( ssl->f_dbg == NULL || level > debug_threshold ) @@ -138,6 +139,7 @@ void debug_print_buf( const ssl_context *ssl, int level, ssl->f_dbg( ssl->p_dbg, level, str ); idx = 0; + memset( txt, 0, sizeof( txt ) ); for( i = 0; i < len; i++ ) { if( i >= 4096 ) @@ -147,9 +149,11 @@ void debug_print_buf( const ssl_context *ssl, int level, { if( i > 0 ) { - snprintf( str + idx, maxlen - idx, "\n" ); + snprintf( str + idx, maxlen - idx, " %s\n", txt ); ssl->f_dbg( ssl->p_dbg, level, str ); + idx = 0; + memset( txt, 0, sizeof( txt ) ); } if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL ) @@ -162,11 +166,15 @@ void debug_print_buf( const ssl_context *ssl, int level, idx += snprintf( str + idx, maxlen - idx, " %02x", (unsigned int) buf[i] ); + txt[i % 16] = ( buf[i] > 31 && buf[i] < 127 ) ? buf[i] : '.' ; } if( len > 0 ) { - snprintf( str + idx, maxlen - idx, "\n" ); + for( /* i = i */; i % 16 != 0; i++ ) + idx += snprintf( str + idx, maxlen - idx, " " ); + + snprintf( str + idx, maxlen - idx, " %s\n", txt ); ssl->f_dbg( ssl->p_dbg, level, str ); } } diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 9b49f6a48..26d85cb63 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -32,19 +32,19 @@ Debug print buffer #1 debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"":"MyFile(0999)\: dumping 'Test return value' (0 bytes)\n" Debug print buffer #2 -debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"00":"MyFile(0999)\: dumping 'Test return value' (1 bytes)\nMyFile(0999)\: 0000\: 00\n" +debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"00":"MyFile(0999)\: dumping 'Test return value' (1 bytes)\nMyFile(0999)\: 0000\: 00 .\n" Debug print buffer #3 -debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F":"MyFile(0999)\: dumping 'Test return value' (16 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\n" +debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F":"MyFile(0999)\: dumping 'Test return value' (16 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\n" Debug print buffer #4 -debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (17 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\nMyFile(0999)\: 0010\: 00\n" +debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (17 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 00 .\n" Debug print buffer #5 -debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\nMyFile(0999)\: 0010\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\nMyFile(0999)\: 0020\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\nMyFile(0999)\: 0030\: 00\n" +debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n" Debug print buffer #5 (raw) -debug_print_buf:POLARSSL_DEBUG_LOG_RAW:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"dumping 'Test return value' (49 bytes)\n0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\n0010\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\n0020\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\n0030\: 00\n" +debug_print_buf:POLARSSL_DEBUG_LOG_RAW:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F707172737475767778797A7B7C7D7E7F8081828384858687F8F9FAFBFCFDFEFF00":"dumping 'Test return value' (49 bytes)\n0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\n0010\: 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f pqrstuvwxyz{|}~.\n0020\: 80 81 82 83 84 85 86 87 f8 f9 fa fb fc fd fe ff ................\n0030\: 00 .\n" Debug print certificate #1 (RSA) depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_RSA_C From 4be3449dbcc41253c8dfc35dd14fcfe5434db789 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 19 Nov 2014 12:52:43 +0100 Subject: [PATCH 33/57] Add Readme about X.509 test files --- tests/data_files/Readme-x509.txt | 85 ++++++++++++++++++++++++++++++++ tests/data_files/server6.pem | 13 ----- 2 files changed, 85 insertions(+), 13 deletions(-) create mode 100644 tests/data_files/Readme-x509.txt delete mode 100644 tests/data_files/server6.pem diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt new file mode 100644 index 000000000..3022aae7c --- /dev/null +++ b/tests/data_files/Readme-x509.txt @@ -0,0 +1,85 @@ +This documents the X.509 CAs, certificates, and CRLS used for testing. + +Certification authorities +------------------------- + +There are two main CAs for use as trusted roots: +- test-ca.crt aka "C=NL, O=PolarSSL, CN=PolarSSL Test CA" + uses a RSA-2048 key +- test-ca2*.crt aka "C=NL, O=PolarSSL, CN=Polarssl Test EC CA" + uses an EC key with NIST P-384 (aka secp384r1) + variants used to test the keyUsage extension +The files test-ca_cat12 and test-ca_cat21 contain them concatenated both ways. + +Two intermediate CAs are signed by them: +- test-int-ca.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA" + uses RSA-4096, signed by test-ca2 +- test-int-ca2.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA" + uses an EC key with NIST P-256, signed by test-ca + +Finally, other CAs for specific purposes: +- enco-ca-prstr.pem: has its CN encoded as a printable string, but child cert + enco-cert-utf8str.pem has its issuer's CN encoded as a UTF-8 string. +- test-ca-v1.crt: v1 "CA", signs + server1-v1.crt: v1 "intermediate CA", signs + server2-v1*.crt: EE cert (without of with chain in same file) + +End-entity certificates +----------------------- + +Short information fields: + +- name or pattern +- issuing CA: 1 -> test-ca.crt + 2 -> test-ca2.crt + I1 -> test-int-ca.crt + I2 -> test-int-ca2.crt + O -> other +- key type: R -> RSA, E -> EC +- C -> there is a CRL revoking this cert (see below) +- L -> CN=localhost (useful for local test servers) +- P1, P2 if the file include parent (resp. parent + grandparent) +- free-form comments + +List of certificates: + +- cert_example_multi*.crt: 1/O R: subjectAltName +- cert_example_wildcard.crt: 1 R: wildcard in subject's CN +- cert_md*.crt, cert_sha*.crt: 1 R: signature hash +- cert_v1_with_ext.crt: 1 R: v1 with extensions (illegal) +- cli2.crt: 2 E: basic +- enco-cert-utf8str.pem: see enco-ca-prstr.pem above +- server1*.crt: 1* R C*: misc *(server1-v1 see test-ca-v1.crt above) + *CRL for: .cert_type.crt, .crt, .key_usage.crt, .v1.crt +- server2-v1*.crt: O R: see test-ca-v1.crt above +- server2*.crt: 1 R L: misc +- server3.crt: 1 E L: EC cert signed by RSA CA +- server4.crt: 2 R L: RSA cert signed by EC CA +- server5*.crt: 2* E L: misc *(except server5-selfsigned) + -sha*: hashes + -eku*: extendeKeyUsage (cli/srv = www client/server, cs = codesign, etc) + -ku*: keyUsage (ds = signatures, ke/ka = key exchange/agreement) +- server6-ss-child.crt: O E: "child" of non-CA server5-selfsigned +- server6.crt, server6.pem: 2 E L C: revoked +- server7*.crt: I1 E L P1*: EC signed by RSA signed by EC *(except 7.crt) + *_space: with PEM error(s) +- server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2) +- server9*.crt: 1 R C* L P1*: signed using RSASSA-PSS + *CRL for: 9.crt, -badsign, -with-ca (P1) + +Certificate revocation lists +---------------------------- + +Signing CA in parentheses (same meaning as certificates). + +- crl-ec-sha*: (2) server6.crt +- crl-future.pem: (2) server6.crt + unkown +- crl-rsa-pss-*.pem: (1) server9{,badsign,with-ca}.crt + cert_sha384.crt + unknown +- crl.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown +- crl_md*.pem: crl_sha*.pem: (1) same as crl.pem +- crt_cat_*.pem: (1+2) concatenations in various orders: + ec = crl-ec-sha256.pem, ecfut = crl-future.pem + rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem + +Note: crl_future would revoke server9 and cert_sha384.crt if signed by CA 1 + crl-rsa-pss* would revoke server6.crt if signed by CA 2 diff --git a/tests/data_files/server6.pem b/tests/data_files/server6.pem deleted file mode 100644 index f78cb1043..000000000 --- a/tests/data_files/server6.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB3TCCAZSgAwIBAgIBGDAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD -VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJTU0wgVGVzdCBFQyBDQTAeFw0x -MzA4MDgxNjQ0MTBaFw0yMzA4MDYxNjQ0MTBaMDQxCzAJBgNVBAYTAk5MMREwDwYD -VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI -KoZIzj0DAQEDMgAEE2sIbSZOSEinZM3q2MMOy8egM8Y9BAcsuwxO9UpS1B8nT9u1 -1bvjTh5VQAgJAU+Oo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDYreWnU1s1J -AG49ALPOQliFaJahMG4GA1UdIwRnMGWAFNCkRpkIZ/H0utlW6GcwC/zvJRZjoUKk -QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv -bGFyU1NMIFRlc3QgRUMgQ0GCCQClZwiM/hcKsjAJBgcqhkjOPQQBAzgAMDUCGQDq -PIUaCr8u28R7V0G/TEOklXgPawdiY4ICGDzmBegZHs7BcNwENa1fn4JYUdTPqKwl -LA== ------END CERTIFICATE----- From 57a5d60abbc3169a1baf15b933120d8b269efcf2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 19 Nov 2014 14:04:09 +0100 Subject: [PATCH 34/57] Add tests for concatenated CRLs --- tests/data_files/crl_cat_ec-rsa.pem | 21 ++++++++++++++++++++ tests/data_files/crl_cat_ecfut-rsa.pem | 22 +++++++++++++++++++++ tests/data_files/crl_cat_rsa-ec.pem | 21 ++++++++++++++++++++ tests/data_files/crl_cat_rsabadpem-ec.pem | 21 ++++++++++++++++++++ tests/data_files/crt_cat_rsaexp-ec.pem | 21 ++++++++++++++++++++ tests/suites/test_suite_x509parse.data | 24 +++++++++++++++++++++++ 6 files changed, 130 insertions(+) create mode 100644 tests/data_files/crl_cat_ec-rsa.pem create mode 100644 tests/data_files/crl_cat_ecfut-rsa.pem create mode 100644 tests/data_files/crl_cat_rsa-ec.pem create mode 100644 tests/data_files/crl_cat_rsabadpem-ec.pem create mode 100644 tests/data_files/crt_cat_rsaexp-ec.pem diff --git a/tests/data_files/crl_cat_ec-rsa.pem b/tests/data_files/crl_cat_ec-rsa.pem new file mode 100644 index 000000000..3cda8ff03 --- /dev/null +++ b/tests/data_files/crl_cat_ec-rsa.pem @@ -0,0 +1,21 @@ +-----BEGIN X509 CRL----- +MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 +MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln +S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX +g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw== +-----END X509 CRL----- +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1 +OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx +MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL +dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz +//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U +yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q +NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7 +5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU= +-----END X509 CRL----- diff --git a/tests/data_files/crl_cat_ecfut-rsa.pem b/tests/data_files/crl_cat_ecfut-rsa.pem new file mode 100644 index 000000000..87b8c2944 --- /dev/null +++ b/tests/data_files/crl_cat_ecfut-rsa.pem @@ -0,0 +1,22 @@ +-----BEGIN X509 CRL----- +MIIBgzCCAQoCAQEwCQYHKoZIzj0EATA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTMyMDMxMDEx +MDUxNVoXDTQyMDMwODExMDUxNVowKDASAgEKFw0xMzA5MjQxNjI4MzhaMBICARYX +DTE0MDEyMDEzNDMwNVqgcjBwMG4GA1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb ++zZ8oUKkQDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNV +BAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2gA +MGUCMQCmsvNsOQdbGpmzpeZlKU9lDP6yyWenrI/89swZYogE3cSPob4tOzeYg38i +or91IPgCMD7N/0Qz6Nq2IgBtZORLgsA0ltK+W6AOS+/EIhvGuXV8uguUyYknl4vb ++cE+lWxhCQ== +-----END X509 CRL----- +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1 +OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx +MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL +dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz +//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U +yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q +NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7 +5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU= +-----END X509 CRL----- diff --git a/tests/data_files/crl_cat_rsa-ec.pem b/tests/data_files/crl_cat_rsa-ec.pem new file mode 100644 index 000000000..ded369d89 --- /dev/null +++ b/tests/data_files/crl_cat_rsa-ec.pem @@ -0,0 +1,21 @@ +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1 +OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx +MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL +dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz +//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U +yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q +NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7 +5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU= +-----END X509 CRL----- +-----BEGIN X509 CRL----- +MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 +MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln +S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX +g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw== +-----END X509 CRL----- diff --git a/tests/data_files/crl_cat_rsabadpem-ec.pem b/tests/data_files/crl_cat_rsabadpem-ec.pem new file mode 100644 index 000000000..a035e1899 --- /dev/null +++ b/tests/data_files/crl_cat_rsabadpem-ec.pem @@ -0,0 +1,21 @@ +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1 +OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx +MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL +dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz +//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U +yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q +NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7 +5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU +-----END X509 CRL----- +-----BEGIN X509 CRL----- +MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 +MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln +S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX +g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw== +-----END X509 CRL----- diff --git a/tests/data_files/crt_cat_rsaexp-ec.pem b/tests/data_files/crt_cat_rsaexp-ec.pem new file mode 100644 index 000000000..4f74c9ac2 --- /dev/null +++ b/tests/data_files/crt_cat_rsaexp-ec.pem @@ -0,0 +1,21 @@ +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjQx +OVoXDTExMDIyMDExMjQxOVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx +MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAKgP1XmCIPbfY1/UO+SVFQir +jArZ94QnQdoan4tJ29d8DmTxJ+z9/KyWNoGeOwc9P/2GQQaZahQOBr0f6lYd67Ct +wFVh/Q2zF8FgRcrQV7u/vJM33Q2yEsQkMGlM7rE5lC972vUKWu/NKq8bN9W/tWxZ +SFbvTXpv024aI0IRudpOCALnIy8SFhVb2/52IN2uR6qrFizDexMEdSckgpHuJzGS +IiANhIMn5LdQYJFjPgBzQU12tDdgzcpxtGhT10y4uQre+UbSjw+iVyml3issw59k +OSmkWFb06LamRC215JAMok3YQO5RnxCR8EjqPcJr+7+O9a1O1++yiaitg4bUjEA= +-----END X509 CRL----- +-----BEGIN X509 CRL----- +MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 +MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln +S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX +g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw== +-----END X509 CRL----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 097a86171..21c9fba60 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -646,6 +646,30 @@ X509 Certificate verification #75 (encoding mismatch) depends_on:POLARSSL_PEM_PARSE_C x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"NULL" +X509 Certificate verification #76 (multiple CRLs, not revoked) +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C +x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #77 (multiple CRLs, revoked) +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C +x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL" + +X509 Certificate verification #78 (multiple CRLs, revoked by second) +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C +x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL" + +X509 Certificate verification #79 (multiple CRLs, revoked by future) +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C +x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED|BADCRL_FUTURE:"NULL" + +X509 Certificate verification #80 (multiple CRLs, first future, revoked by second) +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C +x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL" + +X509 Certificate verification #81 (multiple CRLs, none relevant) +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C +x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"NULL" + X509 Parse Selftest depends_on:POLARSSL_SHA1_C:POLARSSL_PEM_PARSE_C:POLARSSL_CERTS_C x509_selftest: From 426d4ae7ff9960441b4d5837d0df34d3f8882855 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 19 Nov 2014 16:58:28 +0100 Subject: [PATCH 35/57] Split x509_crl_parse_der() out of x509_crl_parse() --- ChangeLog | 1 + include/polarssl/x509_crl.h | 25 +++++-- library/x509_crl.c | 136 +++++++++++++++++------------------- 3 files changed, 86 insertions(+), 76 deletions(-) diff --git a/ChangeLog b/ChangeLog index 893c7c1c6..d1a87be76 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,7 @@ Security Features * Add function pk_check_pair() to test if public and private keys match. + * Add x509_crl_parse_der(). Bugfix * User set CFLAGS were ignore by Cmake with gcc (introduced in 1.3.9, found diff --git a/include/polarssl/x509_crl.h b/include/polarssl/x509_crl.h index 9f597a855..4ddbafc37 100644 --- a/include/polarssl/x509_crl.h +++ b/include/polarssl/x509_crl.h @@ -100,11 +100,23 @@ typedef struct _x509_crl x509_crl; /** - * \brief Parse one or more CRLs and add them - * to the chained list + * \brief Parse a DER-encoded CRL and append it to the chained list * * \param chain points to the start of the chain - * \param buf buffer holding the CRL data + * \param buf buffer holding the CRL data in DER format + * \param buflen size of the buffer + * + * \return 0 if successful, or a specific X509 or PEM error code + */ +int x509_crl_parse_der( x509_crl *chain, + const unsigned char *buf, size_t buflen ); +/** + * \brief Parse one or more CRLs and append them to the chained list + * + * \note Mutliple CRLs are accepted only if using PEM format + * + * \param chain points to the start of the chain + * \param buf buffer holding the CRL data in PEM or DER format * \param buflen size of the buffer * * \return 0 if successful, or a specific X509 or PEM error code @@ -113,11 +125,12 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ); #if defined(POLARSSL_FS_IO) /** - * \brief Load one or more CRLs and add them - * to the chained list + * \brief Load one or more CRLs and append them to the chained list + * + * \note Mutliple CRLs are accepted only if using PEM format * * \param chain points to the start of the chain - * \param path filename to read the CRLs from + * \param path filename to read the CRLs from (in PEM or DER encoding) * * \return 0 if successful, or a specific X509 or PEM error code */ diff --git a/library/x509_crl.c b/library/x509_crl.c index b9a5c1373..6ad9d0026 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -252,25 +252,16 @@ static int x509_get_entries( unsigned char **p, } /* - * Parse one or more CRLs and add them to the chained list + * Parse one CRLs in DER format and append it to the chained list */ -int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) +int x509_crl_parse_der( x509_crl *chain, + const unsigned char *buf, size_t buflen ) { int ret; size_t len; unsigned char *p, *end; - x509_crl *crl; x509_buf sig_params1, sig_params2; - -#if defined(POLARSSL_PEM_PARSE_C) - size_t use_len; - pem_context pem; -#endif - - memset( &sig_params1, 0, sizeof( x509_buf ) ); - memset( &sig_params2, 0, sizeof( x509_buf ) ); - - crl = chain; + x509_crl *crl = chain; /* * Check for valid input @@ -278,12 +269,15 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) if( crl == NULL || buf == NULL ) return( POLARSSL_ERR_X509_BAD_INPUT_DATA ); - while( crl->version != 0 && crl->next != NULL ) - crl = crl->next; + memset( &sig_params1, 0, sizeof( x509_buf ) ); + memset( &sig_params2, 0, sizeof( x509_buf ) ); /* * Add new CRL on the end of the chain if needed. */ + while( crl->version != 0 && crl->next != NULL ) + crl = crl->next; + if( crl->version != 0 && crl->next == NULL ) { crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) ); @@ -298,53 +292,18 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) crl = crl->next; } -#if defined(POLARSSL_PEM_PARSE_C) - pem_init( &pem ); - ret = pem_read_buffer( &pem, - "-----BEGIN X509 CRL-----", - "-----END X509 CRL-----", - buf, NULL, 0, &use_len ); + /* + * Copy raw DER-encoded CRL + */ + if( ( p = polarssl_malloc( buflen ) ) == NULL ) + return( POLARSSL_ERR_X509_MALLOC_FAILED ); - if( ret == 0 ) - { - /* - * Was PEM encoded - */ - buflen -= use_len; - buf += use_len; - - /* - * Steal PEM buffer - */ - p = pem.buf; - pem.buf = NULL; - len = pem.buflen; - pem_free( &pem ); - } - else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - { - pem_free( &pem ); - return( ret ); - } - else -#endif /* POLARSSL_PEM_PARSE_C */ - { - /* - * nope, copy the raw DER data - */ - p = (unsigned char *) polarssl_malloc( len = buflen ); - - if( p == NULL ) - return( POLARSSL_ERR_X509_MALLOC_FAILED ); - - memcpy( p, buf, buflen ); - - buflen = 0; - } + memcpy( p, buf, buflen ); crl->raw.p = p; - crl->raw.len = len; - end = p + len; + crl->raw.len = buflen; + + end = p + buflen; /* * CertificateList ::= SEQUENCE { @@ -522,21 +481,58 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); } - if( buflen > 0 ) + return( 0 ); +} + +/* + * Parse one or more CRLs and add them to the chained list + */ +int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) +{ + int ret; + + if( chain == NULL || buf == NULL ) + return( POLARSSL_ERR_X509_BAD_INPUT_DATA ); + +#if defined(POLARSSL_PEM_PARSE_C) + size_t use_len; + pem_context pem; + + pem_init( &pem ); + ret = pem_read_buffer( &pem, + "-----BEGIN X509 CRL-----", + "-----END X509 CRL-----", + buf, NULL, 0, &use_len ); + + if( ret == 0 ) { - crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) ); + /* + * Was PEM encoded + */ + buflen -= use_len; + buf += use_len; - if( crl->next == NULL ) - { - x509_crl_free( crl ); - return( POLARSSL_ERR_X509_MALLOC_FAILED ); - } + if( ( ret = x509_crl_parse_der( chain, pem.buf, pem.buflen ) ) != 0 ) + return( ret ); - x509_crl_init( crl->next ); - crl = crl->next; - - return( x509_crl_parse( crl, buf, buflen ) ); + pem_free( &pem ); } + else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) + { + pem_free( &pem ); + return( ret ); + } + else +#endif /* POLARSSL_PEM_PARSE_C */ + { + if( ( ret = x509_crl_parse_der( chain, buf, buflen ) ) != 0 ) + return( ret ); + + buflen = 0; + } + + if( buflen > 0 ) + return( x509_crl_parse( chain, buf, buflen ) ); return( 0 ); } From 6ed2d926298dcffca1485fbc2d0ae7ec579a2026 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 19 Nov 2014 19:05:03 +0100 Subject: [PATCH 36/57] Make x509_crl_parse() iterative --- library/x509_crl.c | 72 ++++++++++++++++++++++++---------------------- 1 file changed, 37 insertions(+), 35 deletions(-) diff --git a/library/x509_crl.c b/library/x509_crl.c index 6ad9d0026..c8101b546 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -489,52 +489,54 @@ int x509_crl_parse_der( x509_crl *chain, */ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) { +#if defined(POLARSSL_PEM_PARSE_C) int ret; + size_t use_len; + pem_context pem; + int is_pem = 0; if( chain == NULL || buf == NULL ) return( POLARSSL_ERR_X509_BAD_INPUT_DATA ); -#if defined(POLARSSL_PEM_PARSE_C) - size_t use_len; - pem_context pem; - - pem_init( &pem ); - ret = pem_read_buffer( &pem, - "-----BEGIN X509 CRL-----", - "-----END X509 CRL-----", - buf, NULL, 0, &use_len ); - - if( ret == 0 ) + do { - /* - * Was PEM encoded - */ - buflen -= use_len; - buf += use_len; + pem_init( &pem ); + ret = pem_read_buffer( &pem, + "-----BEGIN X509 CRL-----", + "-----END X509 CRL-----", + buf, NULL, 0, &use_len ); - if( ( ret = x509_crl_parse_der( chain, pem.buf, pem.buflen ) ) != 0 ) + if( ret == 0 ) + { + /* + * Was PEM encoded + */ + is_pem = 1; + + buflen -= use_len; + buf += use_len; + + if( ( ret = x509_crl_parse_der( chain, + pem.buf, pem.buflen ) ) != 0 ) + { + return( ret ); + } + + pem_free( &pem ); + } + else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) + { + pem_free( &pem ); return( ret ); + } + } + while( is_pem && buflen > 0 ); - pem_free( &pem ); - } - else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - { - pem_free( &pem ); - return( ret ); - } + if( is_pem ) + return( 0 ); else #endif /* POLARSSL_PEM_PARSE_C */ - { - if( ( ret = x509_crl_parse_der( chain, buf, buflen ) ) != 0 ) - return( ret ); - - buflen = 0; - } - - if( buflen > 0 ) - return( x509_crl_parse( chain, buf, buflen ) ); - - return( 0 ); + return( x509_crl_parse_der( chain, buf, buflen ) ); } #if defined(POLARSSL_FS_IO) From 5c2aa10c153a7a67b2dd816ce39880d2ed40ce2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 19 Nov 2014 19:15:22 +0100 Subject: [PATCH 37/57] Fix curve dependency issues in X.509 test suite --- tests/suites/test_suite_x509parse.data | 42 +++++++++++++------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 21c9fba60..072a667d3 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -219,23 +219,23 @@ depends_on:POLARSSL_PEM_PARSE_C x509_csr_info:"data_files/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n" X509 CSR Information EC with SHA1 -depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C +depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_csr_info:"data_files/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA224 -depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C +depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_csr_info:"data_files/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA256 -depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C +depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_csr_info:"data_files/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA384 -depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C +depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_csr_info:"data_files/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA512 -depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C +depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n" X509 CSR Information RSA-PSS with SHA1 @@ -607,7 +607,7 @@ depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #66 (RSASSA-PSS, SHA1, no RSA CA) -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C:POLARSSL_ECP_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #67 (Valid, RSASSA-PSS, all defaults) @@ -635,11 +635,11 @@ depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_SHA25 x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #73 (selfsigned trusted without CA bit) -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #74 (signed by selfsigned trusted without CA bit) -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #75 (encoding mismatch) @@ -1226,7 +1226,7 @@ X509 RSASSA-PSS parameters ASN1 (trailerField not 1) x509_parse_rsassa_pss_params:"A303020102":ASN1_CONSTRUCTED | ASN1_SEQUENCE:POLARSSL_MD_SHA1:POLARSSL_MD_SHA1:20:POLARSSL_ERR_X509_INVALID_ALG X509 CSR ASN.1 (OK) -depends_on:POLARSSL_ECP_C +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_csr_parse:"308201183081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0 X509 CSR ASN.1 (bad first tag) @@ -1272,51 +1272,51 @@ X509 CSR ASN.1 (bad SubjectPublicKeyInfo: overlong) x509_csr_parse:"30173014020100300D310B3009060355040613024E4C300100":"":POLARSSL_ERR_PK_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad attributes: missing) -depends_on:POLARSSL_ECP_C +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_csr_parse:"3081973081940201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad attributes: bad tag) -depends_on:POLARSSL_ECP_C +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_csr_parse:"3081993081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF0500":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (bad attributes: overlong) -depends_on:POLARSSL_ECP_C +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_csr_parse:"30819A3081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA00100":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad sigAlg: missing) -depends_on:POLARSSL_ECP_C +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_csr_parse:"3081C23081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad sigAlg: not a sequence) -depends_on:POLARSSL_ECP_C +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03100":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (bad sigAlg: overlong) -depends_on:POLARSSL_ECP_C +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03001":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad sigAlg: unknown) -depends_on:POLARSSL_ECP_C +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04FF":"":POLARSSL_ERR_X509_UNKNOWN_SIG_ALG X509 CSR ASN.1 (bad sig: missing) -depends_on:POLARSSL_ECP_C +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D0401":"":POLARSSL_ERR_X509_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad sig: not a bit string) -depends_on:POLARSSL_ECP_C +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010400":"":POLARSSL_ERR_X509_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (bad sig: overlong) -depends_on:POLARSSL_ECP_C +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010301":"":POLARSSL_ERR_X509_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (extra data after signature) -depends_on:POLARSSL_ECP_C +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH X509 File parse (no issues) -depends_on:POLARSSL_ECP_C +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509parse_crt_file:"data_files/server7_int-ca.crt":0 X509 File parse (extra space in one certificate) From 2727dc1e09909fc54e877739e27366ee1fc2e120 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 19 Nov 2014 20:02:46 +0100 Subject: [PATCH 38/57] Add script to test depends on individual curves --- tests/scripts/curves.pl | 45 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100755 tests/scripts/curves.pl diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl new file mode 100755 index 000000000..1f489a387 --- /dev/null +++ b/tests/scripts/curves.pl @@ -0,0 +1,45 @@ +#!/usr/bin/perl + +# test dependencies on individual curves in tests +# - build +# - run test suite +# +# Usage: tests/scripts/curves.pl + +use warnings; +use strict; + +-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n"; + +my $sed_cmd = 's/^#define \(POLARSSL_ECP_DP.*_ENABLED\)/\1/p'; +my $config_h = 'include/polarssl/config.h'; +my @curves = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` ); + +my $test = system( "grep -i cmake Makefile >/dev/null" ) ? 'check' : 'test'; + +system( "cp $config_h $config_h.bak" ) and die; +sub abort { + system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; + die $_[0]; +} + +for my $curve (@curves) { + system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n"; + system( "make clean" ) and die; + + print "\n******************************************\n"; + print "* Testing without curve: $curve\n"; + print "******************************************\n"; + + system( "scripts/config.pl unset $curve" ) + and abort "Failed to disable $curve\n"; + + system( "make polarssl" ) and abort "Failed to build lib: $curve\n"; + system( "cd tests && make" ) and abort "Failed to build tests: $curve\n"; + system( "make $test" ) and abort "Failed test suite: $curve\n"; + +} + +system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n"; +system( "make clean" ) and die; +exit 0; From cf4de32f58d30dc15d759cca6d9b3ce5b9989504 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 19 Nov 2014 20:03:55 +0100 Subject: [PATCH 39/57] Fix depends on individual curves in tests --- tests/suites/test_suite_debug.data | 4 ++-- tests/suites/test_suite_pkwrite.data | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 26d85cb63..e0b3bd638 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -55,11 +55,11 @@ depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_RSA_C debug_print_crt:POLARSSL_DEBUG_LOG_RAW:"data_files/server1.crt":"MyFile":999:"PREFIX_":"PREFIX_ #1\:\ncert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nvalue of 'crt->rsa.N' (2048 bits) is\:\n a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\n 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\n 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\n dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\n 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\n 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\n 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\n f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\n ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\n 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\n ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\n 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\n 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\n db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\n 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\n ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nvalue of 'crt->rsa.E' (17 bits) is\:\n 01 00 01\n" Debug print certificate #2 (EC) -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP384R1_ENABLED debug_print_crt:POLARSSL_DEBUG_LOG_FULL:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2013-09-24 15\:49\:48\nMyFile(0999)\: expires on \: 2023-09-22 15\:49\:48\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n" Debug print certificate #2 (EC, raw) -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP384R1_ENABLED debug_print_crt:POLARSSL_DEBUG_LOG_RAW:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"PREFIX_ #1\:\ncert. version \: 3\nserial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2013-09-24 15\:49\:48\nexpires on \: 2023-09-22 15\:49\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\nvalue of 'crt->eckey.Q(X)' (384 bits) is\:\n c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\n 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\n 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nvalue of 'crt->eckey.Q(Y)' (384 bits) is\:\n 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\n b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\n 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n" Debug print mpi #1 diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data index a4d49e7f3..d1738acf3 100644 --- a/tests/suites/test_suite_pkwrite.data +++ b/tests/suites/test_suite_pkwrite.data @@ -35,5 +35,5 @@ depends_on:POLARSSL_ECP_C:POLARSSL_BASE64_C:POLARSSL_ECP_DP_SECP521R1_ENABLED pk_write_key_check:"data_files/ec_521_prv.pem" Private key write check EC Brainpool 512 bits -depends_on:POLARSSL_ECP_C:POLARSSL_BASE64_C:POLARSSL_ECP_DP_SECP192R1_ENABLED +depends_on:POLARSSL_ECP_C:POLARSSL_BASE64_C:POLARSSL_ECP_DP_BP512R1_ENABLED pk_write_key_check:"data_files/ec_bp512_prv.pem" From 9bda9b3b92e61001365d7dced4e862ba03963239 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Nov 2014 13:10:22 +0100 Subject: [PATCH 40/57] Rework all.sh to use MSan instead of valgrind --- tests/scripts/all.sh | 68 +++++++++++++++++++++----------------------- 1 file changed, 33 insertions(+), 35 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 38ea62870..28e136685 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -6,8 +6,8 @@ # CMake configuration. After this script is run, the CMake cache is lost and # CMake is not initialised any more! # -# Assumes gcc and clang (recent enough for using ASan) are available, -# as well as cmake and valgrind. +# Assumes gcc and clang (recent enough for using ASan with gcc and MemSen with +# clang) are available, as well as cmake and GNU find. # Abort on errors (and uninitiliased variables) set -eu @@ -24,12 +24,9 @@ MEMORY=0 while [ $# -gt 0 ]; do case "$1" in - -m1) + -m*) MEMORY=1 ;; - -m2) - MEMORY=2 - ;; *) echo "Unknown argument: '$1'" >&2 echo "Use the source, Luke!" >&2 @@ -60,7 +57,8 @@ msg() { echo "" echo "******************************************************************" - echo "* $1" + echo "* $1 " + echo -n "* "; date echo "******************************************************************" } @@ -72,28 +70,20 @@ msg() # # Indicative running times are given for reference. -msg "build: cmake, -Werror (gcc)" # ~ 1 min +msg "build: cmake, gcc, ASan" # ~ 1 min cleanup -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check . +CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make -msg "test: main suites with valgrind" # ~ 2 min 10s -make memcheck - -msg "build: with ASan (clang)" # ~ 1 min -cleanup -CC=clang cmake -D CMAKE_BUILD_TYPE:String=ASan . -make +msg "test: main suites and selftest (ASan build)" # ~ 10s + 30s +make test +programs/test/selftest msg "test: ssl-opt.sh (ASan build)" # ~ 1 min 10s cd tests ./ssl-opt.sh cd .. -msg "test: main suites and selftest (ASan build)" # ~ 10s + 30s -make test -programs/test/selftest - msg "test: ref-configs (ASan build)" # ~ 4 min 45 s tests/scripts/test-ref-configs.pl @@ -107,15 +97,15 @@ cd tests ./compat.sh cd .. -msg "build: cmake, full config" # ~ 40s +msg "build: cmake, full config, clang" # ~ 40s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset POLARSSL_MEMORY_BACKTRACE # too slow for tests -cmake -D CMAKE_BUILD_TYPE:String=Check . +CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check . make -msg "test: main suites (full config)" +msg "test: main suites (full config)" # ~ 30s (?) make test msg "test: ssl-opt.sh default (full config)" @@ -132,22 +122,30 @@ msg "build: Unix make, -O2 (gcc)" # ~ 30s cleanup CC=gcc make -# Optional parts that take a long time to run +msg "build: MSan (clang)" # ~ 1 min 30s +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset POLARSSL_AESNI_C # memsan doesn't grok asm +CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . +make -if [ "$MEMORY" -ge 1 ]; then - msg "test: ssl-opt --memcheck (-02 build)" # ~ 8 min +msg "test: main suites (MSan)" # ~ 15s +make test + +msg "test: ssl-opt.sh (MSan)" # ~ 1 min +cd tests +./ssl-opt.sh +cd .. + +# Optional part(s) + +if [ "$MEMORY" -gt 0 ]; then + msg "test: compat.sh (MSan)" # ~ 6 min 20s cd tests - ./ssl-opt.sh --memcheck + ./compat.sh cd .. - - if [ "$MEMORY" -ge 2 ]; then - msg "test: compat --memcheck (-02 build)" # ~ 42 min - cd tests - ./compat.sh --memcheck - cd .. - fi fi -echo "Done." +msg "Done, cleaning up" cleanup From 246978d97df9c80c1ffdb7e8349ae42497af37a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Nov 2014 13:29:53 +0100 Subject: [PATCH 41/57] Add curves.pl to all.sh --- tests/scripts/all.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 28e136685..d265e7cf8 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -84,7 +84,7 @@ cd tests ./ssl-opt.sh cd .. -msg "test: ref-configs (ASan build)" # ~ 4 min 45 s +msg "test/build: ref-configs (ASan build)" # ~ 4 min 45 s tests/scripts/test-ref-configs.pl # Most issues are likely to be caught at this point @@ -108,16 +108,21 @@ make msg "test: main suites (full config)" # ~ 30s (?) make test -msg "test: ssl-opt.sh default (full config)" +msg "test: ssl-opt.sh default (full config)" # < 5s cd tests ./ssl-opt.sh -f Default cd .. -msg "test: compat.sh 3DES & NULL (full config)" +msg "test: compat.sh 3DES & NULL (full config)" # ~ 2 min cd tests ./compat.sh -e '^$' -f 'NULL\|3DES-EDE-CBC\|DES-CBC3' cd .. +msg "test/build: curves.pl (gcc)" # ~ 5 min (?) +cleanup +cmake -D CMAKE_BUILD_TYPE:String=Debug . +tests/scripts/curves.pl + msg "build: Unix make, -O2 (gcc)" # ~ 30s cleanup CC=gcc make From 89d69b398ce52956f21eddb0586d75ba9c2b1f2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Nov 2014 13:48:53 +0100 Subject: [PATCH 42/57] Fix 3DES -> DES in all.sh (+ time estimates) --- tests/scripts/all.sh | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d265e7cf8..0f5713d70 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -63,41 +63,41 @@ msg() } # The test ordering tries to optimize for the following criteria: -# 1. Catch possible problems early, by running first test that run quickly +# 1. Catch possible problems early, by running first tests that run quickly # and/or are more likely to fail than others (eg I use Clang most of the # time, so start with a GCC build). # 2. Minimize total running time, by avoiding useless rebuilds # # Indicative running times are given for reference. -msg "build: cmake, gcc, ASan" # ~ 1 min +msg "build: cmake, gcc, ASan" # ~ 1 min 50s cleanup CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make -msg "test: main suites and selftest (ASan build)" # ~ 10s + 30s +msg "test: main suites and selftest (ASan build)" # ~ 50s make test programs/test/selftest -msg "test: ssl-opt.sh (ASan build)" # ~ 1 min 10s +msg "test: ssl-opt.sh (ASan build)" # ~ 1 min cd tests ./ssl-opt.sh cd .. -msg "test/build: ref-configs (ASan build)" # ~ 4 min 45 s +msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s tests/scripts/test-ref-configs.pl -# Most issues are likely to be caught at this point +# Most frequent issues are likely to be caught at this point msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min make -msg "test: compat.sh (ASan build)" # ~ 7 min 30s +msg "test: compat.sh (ASan build)" # ~ 6 min cd tests ./compat.sh cd .. -msg "build: cmake, full config, clang" # ~ 40s +msg "build: cmake, full config, clang" # ~ 50s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full @@ -105,15 +105,15 @@ scripts/config.pl unset POLARSSL_MEMORY_BACKTRACE # too slow for tests CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check . make -msg "test: main suites (full config)" # ~ 30s (?) +msg "test: main suites (full config)" # ~ 5s make test -msg "test: ssl-opt.sh default (full config)" # < 5s +msg "test: ssl-opt.sh default (full config)" # ~ 1s cd tests ./ssl-opt.sh -f Default cd .. -msg "test: compat.sh 3DES & NULL (full config)" # ~ 2 min +msg "test: compat.sh DES & NULL (full config)" # ~ 2 min cd tests ./compat.sh -e '^$' -f 'NULL\|3DES-EDE-CBC\|DES-CBC3' cd .. @@ -127,14 +127,14 @@ msg "build: Unix make, -O2 (gcc)" # ~ 30s cleanup CC=gcc make -msg "build: MSan (clang)" # ~ 1 min 30s +msg "build: MSan (clang)" # ~ 1 min 20s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset POLARSSL_AESNI_C # memsan doesn't grok asm CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . make -msg "test: main suites (MSan)" # ~ 15s +msg "test: main suites (MSan)" # ~ 10s make test msg "test: ssl-opt.sh (MSan)" # ~ 1 min From fd6c85c3eb39a59231843bcabc46e5fcbfba30d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Nov 2014 16:34:20 +0100 Subject: [PATCH 43/57] Set a compile-time limit to X.509 chain length --- ChangeLog | 2 ++ include/polarssl/config.h | 3 +++ include/polarssl/x509.h | 12 ++++++++++++ library/x509_crt.c | 7 +++++++ 4 files changed, 24 insertions(+) diff --git a/ChangeLog b/ChangeLog index d1a87be76..1b6770a73 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,8 @@ Security Features * Add function pk_check_pair() to test if public and private keys match. * Add x509_crl_parse_der(). + * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the + length of an X.509 verification chain. Bugfix * User set CFLAGS were ignore by Cmake with gcc (introduced in 1.3.9, found diff --git a/include/polarssl/config.h b/include/polarssl/config.h index fa15b37c3..a0ec2f3cc 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -2185,6 +2185,9 @@ /* Debug options */ //#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */ +/* X509 options */ +//#define POLARSSL_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ + /* \} name SECTION: Module configuration options */ #include "check_config.h" diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h index 9b0bcb78a..3fe682039 100644 --- a/include/polarssl/x509.h +++ b/include/polarssl/x509.h @@ -45,6 +45,18 @@ * \{ */ +#if !defined(POLARSSL_X509_MAX_INTERMEDIATE_CA) +/** + * Maximum number of intermediate CAs in a verification chain. + * That is, maximum length of the chain, excluding the end-entity certificate + * and the trusted root certificate. + * + * Set this to a low value to prevent an adversary from making you waste + * resources verifying an overlong certificate chain. + */ +#define POLARSSL_X509_MAX_INTERMEDIATE_CA 8 +#endif + /** * \name X509 Error codes * \{ diff --git a/library/x509_crt.c b/library/x509_crt.c index 2d72f6acd..4d20889b8 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1834,6 +1834,13 @@ static int x509_crt_verify_child( x509_crt *grandparent; const md_info_t *md_info; + /* path_cnt is 0 for the first intermediate CA */ + if( 1 + path_cnt > POLARSSL_X509_MAX_INTERMEDIATE_CA ) + { + *flags |= BADCERT_NOT_TRUSTED; + return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ); + } + if( x509_time_expired( &child->valid_to ) ) *flags |= BADCERT_EXPIRED; From 10c44d767d62520385401cbc710436b2cd210dcc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Nov 2014 17:30:37 +0100 Subject: [PATCH 44/57] Allow x509_crt_verify_child() in recursion.pl --- scripts/recursion.pl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/recursion.pl b/scripts/recursion.pl index d75a4ef44..2c39c1434 100755 --- a/scripts/recursion.pl +++ b/scripts/recursion.pl @@ -16,7 +16,8 @@ use open qw(:std utf8); # exclude functions that are ok: # - mpi_write_hlp: bounded by size of mpi, a compile-time constant -my $known_ok = qr/mpi_write_hlp/; +# - x509_crt_verify_child: bounded by POLARSSL_X509_MAX_INTERMEDIATE_CA +my $known_ok = qr/mpi_write_hlp|x509_crt_verify_child/; my $cur_name; my $inside; From ea29d152c7716e8d066c5a4d3275ee846c056bec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Nov 2014 17:32:33 +0100 Subject: [PATCH 45/57] Add recursion.pl to all.sh --- tests/scripts/all.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0f5713d70..ebb8d973e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -70,6 +70,9 @@ msg() # # Indicative running times are given for reference. +msg "test: recursion.pl" # < 1s +scripts/recursion.pl library/*.c + msg "build: cmake, gcc, ASan" # ~ 1 min 50s cleanup CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . From d16d1cb96abe2cf2012f7307400a14298c3f0c04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Nov 2014 18:15:05 +0100 Subject: [PATCH 46/57] Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c --- include/polarssl/ssl.h | 6 ++++++ library/ssl_tls.c | 47 +++++++++++++++++++++++++++++++++++++----- 2 files changed, 48 insertions(+), 5 deletions(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 194e94471..219060ddc 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -1024,6 +1024,7 @@ void ssl_set_bio( ssl_context *ssl, int (*f_recv)(void *, unsigned char *, size_t), void *p_recv, int (*f_send)(void *, const unsigned char *, size_t), void *p_send ); +#if defined(POLARSSL_SSL_SRV_C) /** * \brief Set the session cache callbacks (server-side only) * If not set, no session resuming is done. @@ -1064,7 +1065,9 @@ void ssl_set_bio( ssl_context *ssl, void ssl_set_session_cache( ssl_context *ssl, int (*f_get_cache)(void *, ssl_session *), void *p_get_cache, int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache ); +#endif /* POLARSSL_SSL_SRV_C */ +#if defined(POLARSSL_SSL_CLI_C) /** * \brief Request resumption of session (client-side only) * Session data is copied from presented session structure. @@ -1080,6 +1083,7 @@ void ssl_set_session_cache( ssl_context *ssl, * \sa ssl_get_session() */ int ssl_set_session( ssl_context *ssl, const ssl_session *session ); +#endif /* POLARSSL_SSL_CLI_C */ /** * \brief Set the list of allowed ciphersuites and the preference @@ -1578,6 +1582,7 @@ const char *ssl_get_version( const ssl_context *ssl ); const x509_crt *ssl_get_peer_cert( const ssl_context *ssl ); #endif /* POLARSSL_X509_CRT_PARSE_C */ +#if defined(POLARSSL_SSL_CLI_C) /** * \brief Save session in order to resume it later (client-side only) * Session data is copied to presented session structure. @@ -1595,6 +1600,7 @@ const x509_crt *ssl_get_peer_cert( const ssl_context *ssl ); * \sa ssl_set_session() */ int ssl_get_session( const ssl_context *ssl, ssl_session *session ); +#endif /* POLARSSL_SSL_CLI_C */ /** * \brief Perform the SSL handshake diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 89688867a..b59f7af62 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -599,6 +599,7 @@ int ssl_derive_keys( ssl_context *ssl ) /* * Finally setup the cipher contexts, IVs and MAC secrets. */ +#if defined(POLARSSL_SSL_CLI_C) if( ssl->endpoint == SSL_IS_CLIENT ) { key1 = keyblk + transform->maclen * 2; @@ -617,6 +618,9 @@ int ssl_derive_keys( ssl_context *ssl ) iv_copy_len ); } else +#endif /* POLARSSL_SSL_CLI_C */ +#if defined(POLARSSL_SSL_SRV_C) + if( ssl->endpoint == SSL_IS_SERVER ) { key1 = keyblk + transform->maclen * 2 + transform->keylen; key2 = keyblk + transform->maclen * 2; @@ -633,6 +637,12 @@ int ssl_derive_keys( ssl_context *ssl ) memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len, iv_copy_len ); } + else +#endif /* POLARSSL_SSL_SRV_C */ + { + SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( POLARSSL_ERR_SSL_INTERNAL_ERROR ); + } #if defined(POLARSSL_SSL_PROTO_SSL3) if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) @@ -2362,6 +2372,7 @@ int ssl_write_certificate( ssl_context *ssl ) return( 0 ); } +#if defined(POLARSSL_SSL_CLI_C) if( ssl->endpoint == SSL_IS_CLIENT ) { if( ssl->client_auth == 0 ) @@ -2389,7 +2400,9 @@ int ssl_write_certificate( ssl_context *ssl ) } #endif /* POLARSSL_SSL_PROTO_SSL3 */ } - else /* SSL_IS_SERVER */ +#endif /* POLARSSL_SSL_CLI_C */ +#if defined(POLARSSL_SSL_SRV_C) + if( ssl->endpoint == SSL_IS_SERVER ) { if( ssl_own_cert( ssl ) == NULL ) { @@ -2397,6 +2410,7 @@ int ssl_write_certificate( ssl_context *ssl ) return( POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED ); } } +#endif SSL_DEBUG_CRT( 3, "own certificate", ssl_own_cert( ssl ) ); @@ -2472,6 +2486,7 @@ int ssl_parse_certificate( ssl_context *ssl ) return( 0 ); } +#if defined(POLARSSL_SSL_SRV_C) if( ssl->endpoint == SSL_IS_SERVER && ( ssl->authmode == SSL_VERIFY_NONE || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ) ) @@ -2481,6 +2496,7 @@ int ssl_parse_certificate( ssl_context *ssl ) ssl->state++; return( 0 ); } +#endif if( ( ret = ssl_read_record( ssl ) ) != 0 ) { @@ -2490,6 +2506,7 @@ int ssl_parse_certificate( ssl_context *ssl ) ssl->state++; +#if defined(POLARSSL_SSL_SRV_C) #if defined(POLARSSL_SSL_PROTO_SSL3) /* * Check if the client sent an empty certificate @@ -2534,6 +2551,7 @@ int ssl_parse_certificate( ssl_context *ssl ) } #endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \ POLARSSL_SSL_PROTO_TLS1_2 */ +#endif /* POLARSSL_SSL_SRV_C */ if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) { @@ -2612,6 +2630,7 @@ int ssl_parse_certificate( ssl_context *ssl ) * On client, make sure the server cert doesn't change during renego to * avoid "triple handshake" attack: https://secure-resumption.com/ */ +#if defined(POLARSSL_SSL_CLI_C) if( ssl->endpoint == SSL_IS_CLIENT && ssl->renegotiation == SSL_RENEGOTIATION ) { @@ -2631,6 +2650,7 @@ int ssl_parse_certificate( ssl_context *ssl ) return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE ); } } +#endif /* POLARSSL_SSL_CLI_C */ if( ssl->authmode != SSL_VERIFY_NONE ) { @@ -3149,10 +3169,14 @@ int ssl_write_finished( ssl_context *ssl ) */ if( ssl->handshake->resume != 0 ) { +#if defined(POLARSSL_SSL_CLI_C) if( ssl->endpoint == SSL_IS_CLIENT ) ssl->state = SSL_HANDSHAKE_WRAPUP; - else +#endif +#if defined(POLARSSL_SSL_SRV_C) + if( ssl->endpoint == SSL_IS_SERVER ) ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC; +#endif } else ssl->state++; @@ -3262,11 +3286,14 @@ int ssl_parse_finished( ssl_context *ssl ) if( ssl->handshake->resume != 0 ) { +#if defined(POLARSSL_SSL_CLI_C) if( ssl->endpoint == SSL_IS_CLIENT ) ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC; - +#endif +#if defined(POLARSSL_SSL_SRV_C) if( ssl->endpoint == SSL_IS_SERVER ) ssl->state = SSL_HANDSHAKE_WRAPUP; +#endif } else ssl->state++; @@ -3604,7 +3631,8 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint ) { ssl->endpoint = endpoint; -#if defined(POLARSSL_SSL_SESSION_TICKETS) +#if defined(POLARSSL_SSL_SESSION_TICKETS) && \ + defined(POLARSSL_SSL_CLI_C) if( endpoint == SSL_IS_CLIENT ) ssl->session_tickets = SSL_SESSION_TICKETS_ENABLED; #endif @@ -3651,6 +3679,7 @@ void ssl_set_bio( ssl_context *ssl, ssl->p_send = p_send; } +#if defined(POLARSSL_SSL_SRV_C) void ssl_set_session_cache( ssl_context *ssl, int (*f_get_cache)(void *, ssl_session *), void *p_get_cache, int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache ) @@ -3660,7 +3689,9 @@ void ssl_set_session_cache( ssl_context *ssl, ssl->f_set_cache = f_set_cache; ssl->p_set_cache = p_set_cache; } +#endif /* POLARSSL_SSL_SRV_C */ +#if defined(POLARSSL_SSL_CLI_C) int ssl_set_session( ssl_context *ssl, const ssl_session *session ) { int ret; @@ -3680,6 +3711,7 @@ int ssl_set_session( ssl_context *ssl, const ssl_session *session ) return( 0 ); } +#endif /* POLARSSL_SSL_CLI_C */ void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites ) { @@ -4037,8 +4069,10 @@ int ssl_set_session_tickets( ssl_context *ssl, int use_tickets ) { ssl->session_tickets = use_tickets; +#if defined(POLARSSL_SSL_CLI_C) if( ssl->endpoint == SSL_IS_CLIENT ) return( 0 ); +#endif if( ssl->f_rng == NULL ) return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); @@ -4105,6 +4139,7 @@ const x509_crt *ssl_get_peer_cert( const ssl_context *ssl ) } #endif /* POLARSSL_X509_CRT_PARSE_C */ +#if defined(POLARSSL_SSL_CLI_C) int ssl_get_session( const ssl_context *ssl, ssl_session *dst ) { if( ssl == NULL || @@ -4117,6 +4152,7 @@ int ssl_get_session( const ssl_context *ssl, ssl_session *dst ) return( ssl_session_copy( dst, ssl->session ) ); } +#endif /* POLARSSL_SSL_CLI_C */ /* * Perform a single step of the SSL handshake @@ -4129,7 +4165,6 @@ int ssl_handshake_step( ssl_context *ssl ) if( ssl->endpoint == SSL_IS_CLIENT ) ret = ssl_handshake_client_step( ssl ); #endif - #if defined(POLARSSL_SSL_SRV_C) if( ssl->endpoint == SSL_IS_SERVER ) ret = ssl_handshake_server_step( ssl ); @@ -4330,6 +4365,7 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ) { SSL_DEBUG_MSG( 1, ( "received handshake message" ) ); +#if defined(POLARSSL_SSL_CLI_C) if( ssl->endpoint == SSL_IS_CLIENT && ( ssl->in_msg[0] != SSL_HS_HELLO_REQUEST || ssl->in_hslen != 4 ) ) @@ -4337,6 +4373,7 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ) SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) ); return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); } +#endif if( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED || ( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION && From 6b298e6cc1fc6ffcf0b7da5759002c36195ecb0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Nov 2014 18:28:50 +0100 Subject: [PATCH 47/57] Update comment from draft to RFC --- include/polarssl/config.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/polarssl/config.h b/include/polarssl/config.h index a0ec2f3cc..9852aa9c9 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -913,8 +913,7 @@ /** * \def POLARSSL_SSL_ALPN * - * Enable support for Application Layer Protocol Negotiation. - * draft-ietf-tls-applayerprotoneg-05 + * Enable support for RFC 7301 Application Layer Protocol Negotiation. * * Comment this macro to disable support for ALPN. */ From 3e9449350ca1a27b33a83287211e104cf51959a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Nov 2014 18:29:41 +0100 Subject: [PATCH 48/57] Fix comment on resumption --- include/polarssl/ssl.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 219060ddc..a4cd70e5c 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -1027,7 +1027,8 @@ void ssl_set_bio( ssl_context *ssl, #if defined(POLARSSL_SSL_SRV_C) /** * \brief Set the session cache callbacks (server-side only) - * If not set, no session resuming is done. + * If not set, no session resuming is done (except if session + * tickets are enabled too). * * The session cache has the responsibility to check for stale * entries based on timeout. See RFC 5246 for recommendations. From 150c4f62f18389cef133bd078f306cfd807b1551 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 21 Nov 2014 09:14:52 +0100 Subject: [PATCH 49/57] Clarify documentation a bit --- include/polarssl/ecp.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/polarssl/ecp.h b/include/polarssl/ecp.h index 9b83bc51b..6dec5bd9c 100644 --- a/include/polarssl/ecp.h +++ b/include/polarssl/ecp.h @@ -413,6 +413,8 @@ int ecp_point_read_binary( const ecp_group *grp, ecp_point *P, * \param buf $(Start of input buffer) * \param len Buffer length * + * \note buf is updated to point right after the ECPoint on exit + * * \return O if successful, * POLARSSL_ERR_MPI_XXX if initialization failed * POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid @@ -479,6 +481,8 @@ int ecp_use_known_dp( ecp_group *grp, ecp_group_id index ); * \param buf &(Start of input buffer) * \param len Buffer length * + * \note buf is updated to point right after ECParameters on exit + * * \return O if successful, * POLARSSL_ERR_MPI_XXX if initialization failed * POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid From cb7da352fddf956dc1a8d936632d29215c60627e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 21 Nov 2014 09:16:00 +0100 Subject: [PATCH 50/57] Fix typo in #ifdef Since length is checked afterwards anyway, no security risk here --- include/polarssl/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index a4cd70e5c..f4f8f01c9 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -444,7 +444,7 @@ union _ssl_premaster_secret #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) unsigned char _pms_rsa_psk[52 + POLARSSL_PSK_MAX_LEN]; /* RFC 4279 4 */ #endif -#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) +#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) unsigned char _pms_ecdhe_psk[4 + POLARSSL_ECP_MAX_BYTES + POLARSSL_PSK_MAX_LEN]; /* RFC 5489 2 */ #endif From 2457fa09157a65a915cc6b4a99926fa30a3a52d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 21 Nov 2014 09:23:11 +0100 Subject: [PATCH 51/57] Create ticket keys only if enabled --- library/ssl_tls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b59f7af62..a24351e8b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4074,6 +4074,9 @@ int ssl_set_session_tickets( ssl_context *ssl, int use_tickets ) return( 0 ); #endif + if( use_tickets == SSL_SESSION_TICKETS_DISABLED ) + return( 0 ); + if( ssl->f_rng == NULL ) return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); From 9439f93ea44f71539c2bf3c0e08732ff92fdab43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 21 Nov 2014 09:49:43 +0100 Subject: [PATCH 52/57] Use pk_load_file() in X509 Saves a bit of ROM. X509 depends on PK anyway. --- include/polarssl/pk.h | 8 ++++++++ include/polarssl/x509.h | 1 - library/pkparse.c | 6 +++--- library/x509.c | 44 ----------------------------------------- library/x509_crl.c | 2 +- library/x509_crt.c | 2 +- library/x509_csr.c | 2 +- 7 files changed, 14 insertions(+), 51 deletions(-) diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h index 0ff5f1e6c..b29eb74f5 100644 --- a/include/polarssl/pk.h +++ b/include/polarssl/pk.h @@ -638,6 +638,14 @@ int pk_write_pubkey( unsigned char **p, unsigned char *start, const pk_context *key ); #endif /* POLARSSL_PK_WRITE_C */ +/* + * Internal module functions. You probably do not want to use these unless you + * know you do. + */ +#if defined(POLARSSL_FS_IO) +int pk_load_file( const char *path, unsigned char **buf, size_t *n ); +#endif + #ifdef __cplusplus } #endif diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h index 3fe682039..5f7188140 100644 --- a/include/polarssl/x509.h +++ b/include/polarssl/x509.h @@ -307,7 +307,6 @@ int x509_get_serial( unsigned char **p, const unsigned char *end, x509_buf *serial ); int x509_get_ext( unsigned char **p, const unsigned char *end, x509_buf *ext, int tag ); -int x509_load_file( const char *path, unsigned char **buf, size_t *n ); int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid, pk_type_t pk_alg, md_type_t md_alg, const void *sig_opts ); diff --git a/library/pkparse.c b/library/pkparse.c index 29217a28a..6cfab8b39 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -71,7 +71,7 @@ static void polarssl_zeroize( void *v, size_t n ) { /* * Load all data from a file into a given buffer. */ -static int load_file( const char *path, unsigned char **buf, size_t *n ) +int pk_load_file( const char *path, unsigned char **buf, size_t *n ) { FILE *f; long size; @@ -120,7 +120,7 @@ int pk_parse_keyfile( pk_context *ctx, size_t n; unsigned char *buf; - if( ( ret = load_file( path, &buf, &n ) ) != 0 ) + if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 ) return( ret ); if( pwd == NULL ) @@ -144,7 +144,7 @@ int pk_parse_public_keyfile( pk_context *ctx, const char *path ) size_t n; unsigned char *buf; - if( ( ret = load_file( path, &buf, &n ) ) != 0 ) + if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 ) return( ret ); ret = pk_parse_public_key( ctx, buf, n ); diff --git a/library/x509.c b/library/x509.c index 89ba7633d..78cf02dee 100644 --- a/library/x509.c +++ b/library/x509.c @@ -636,50 +636,6 @@ int x509_get_ext( unsigned char **p, const unsigned char *end, return( 0 ); } -#if defined(POLARSSL_FS_IO) -/* - * Load all data from a file into a given buffer. - */ -int x509_load_file( const char *path, unsigned char **buf, size_t *n ) -{ - FILE *f; - long size; - - if( ( f = fopen( path, "rb" ) ) == NULL ) - return( POLARSSL_ERR_X509_FILE_IO_ERROR ); - - fseek( f, 0, SEEK_END ); - if( ( size = ftell( f ) ) == -1 ) - { - fclose( f ); - return( POLARSSL_ERR_X509_FILE_IO_ERROR ); - } - fseek( f, 0, SEEK_SET ); - - *n = (size_t) size; - - if( *n + 1 == 0 || - ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL ) - { - fclose( f ); - return( POLARSSL_ERR_X509_MALLOC_FAILED ); - } - - if( fread( *buf, 1, *n, f ) != *n ) - { - fclose( f ); - polarssl_free( *buf ); - return( POLARSSL_ERR_X509_FILE_IO_ERROR ); - } - - fclose( f ); - - (*buf)[*n] = '\0'; - - return( 0 ); -} -#endif /* POLARSSL_FS_IO */ - #if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \ !defined(EFI32) #include diff --git a/library/x509_crl.c b/library/x509_crl.c index c8101b546..a0bf9f47c 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -549,7 +549,7 @@ int x509_crl_parse_file( x509_crl *chain, const char *path ) size_t n; unsigned char *buf; - if( ( ret = x509_load_file( path, &buf, &n ) ) != 0 ) + if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 ) return( ret ); ret = x509_crl_parse( chain, buf, n ); diff --git a/library/x509_crt.c b/library/x509_crt.c index 4d20889b8..aba9c696d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -953,7 +953,7 @@ int x509_crt_parse_file( x509_crt *chain, const char *path ) size_t n; unsigned char *buf; - if( ( ret = x509_load_file( path, &buf, &n ) ) != 0 ) + if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 ) return( ret ); ret = x509_crt_parse( chain, buf, n ); diff --git a/library/x509_csr.c b/library/x509_csr.c index 0b4f771f9..583112115 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -310,7 +310,7 @@ int x509_csr_parse_file( x509_csr *csr, const char *path ) size_t n; unsigned char *buf; - if( ( ret = x509_load_file( path, &buf, &n ) ) != 0 ) + if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 ) return( ret ); ret = x509_csr_parse( csr, buf, n ); From e423246e7faabc25b1948eae8ccac632db108549 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 21 Nov 2014 09:52:23 +0100 Subject: [PATCH 53/57] Fix net_usleep for durations greater than 1 second --- library/net.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/net.c b/library/net.c index 3f0e448ba..2c77138c4 100644 --- a/library/net.c +++ b/library/net.c @@ -496,12 +496,12 @@ int net_set_nonblock( int fd ) void net_usleep( unsigned long usec ) { struct timeval tv; - tv.tv_sec = 0; + tv.tv_sec = usec / 1000000; #if !defined(_WIN32) && ( defined(__unix__) || defined(__unix) || \ ( defined(__APPLE__) && defined(__MACH__) ) ) - tv.tv_usec = (suseconds_t) usec; + tv.tv_usec = (suseconds_t) usec % 1000000; #else - tv.tv_usec = usec; + tv.tv_usec = usec % 1000000; #endif select( 0, NULL, NULL, NULL, &tv ); } From 60346be2a3e7757f227a02bba5a6d4432d419682 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 21 Nov 2014 11:38:37 +0100 Subject: [PATCH 54/57] Improve debugging message. This actually prints only the payload, not the potential IV and/or MAC, so (to me at least) it's much less confusing --- library/ssl_tls.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a24351e8b..736eac668 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1044,6 +1044,9 @@ static int ssl_encrypt_buf( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) ); + SSL_DEBUG_BUF( 4, "before encrypt: output payload", + ssl->out_msg, ssl->out_msglen ); + /* * Add MAC before encrypt, except for AEAD modes */ @@ -1102,9 +1105,6 @@ static int ssl_encrypt_buf( ssl_context *ssl ) "including %d bytes of padding", ssl->out_msglen, 0 ) ); - SSL_DEBUG_BUF( 4, "before encrypt: output payload", - ssl->out_msg, ssl->out_msglen ); - if( ( ret = cipher_crypt( &ssl->transform_out->cipher_ctx_enc, ssl->transform_out->iv_enc, ssl->transform_out->ivlen, @@ -1185,9 +1185,6 @@ static int ssl_encrypt_buf( ssl_context *ssl ) "including %d bytes of padding", ssl->out_msglen, 0 ) ); - SSL_DEBUG_BUF( 4, "before encrypt: output payload", - ssl->out_msg, ssl->out_msglen ); - /* * Encrypt and authenticate */ @@ -1268,9 +1265,6 @@ static int ssl_encrypt_buf( ssl_context *ssl ) ssl->out_msglen, ssl->transform_out->ivlen, padlen + 1 ) ); - SSL_DEBUG_BUF( 4, "before encrypt: output payload", - ssl->out_iv, ssl->out_msglen ); - if( ( ret = cipher_crypt( &ssl->transform_out->cipher_ctx_enc, ssl->transform_out->iv_enc, ssl->transform_out->ivlen, From f29e5de09d38fbf854b658ecb10a9ac54d24db2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 21 Nov 2014 11:54:41 +0100 Subject: [PATCH 55/57] Cosmetics in ssl_server2 --- programs/ssl/ssl_server2.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 0b8852ab6..ba1f29c3f 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1710,6 +1710,9 @@ exit: } #endif + printf( " . Cleaning up..." ); + fflush( stdout ); + if( client_fd != -1 ) net_close( client_fd ); @@ -1748,6 +1751,8 @@ exit: memory_buffer_alloc_free(); #endif + printf( " done.\n" ); + #if defined(_WIN32) printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); From d3b90f797d8444e716cc2186ff47b1411fbf3398 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 24 Nov 2014 11:54:02 +0100 Subject: [PATCH 56/57] Fix bug in ssl_client2 reconnect option --- programs/ssl/ssl_client2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 5b7a488c9..56c46d700 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1219,8 +1219,8 @@ reconnect: goto exit; } - if( ( ret = net_connect( &server_fd, opt.server_name, - opt.server_port ) ) != 0 ) + if( ( ret = net_connect( &server_fd, opt.server_addr, + opt.server_port ) ) != 0 ) { printf( " failed\n ! net_connect returned -0x%x\n\n", -ret ); goto exit; From d94232389e60acdf90046a494b112edce74cc56c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Dec 2014 11:57:29 +0100 Subject: [PATCH 57/57] Skip signature_algorithms ext if PSK only --- ChangeLog | 2 ++ include/polarssl/ssl_ciphersuites.h | 15 ++++++++++++++- library/ssl_cli.c | 12 +++++++++--- library/ssl_srv.c | 12 ++++++++---- 4 files changed, 33 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1b6770a73..d5134a596 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,8 @@ Changes * ssl_set_own_cert() now returns an error on key-certificate mismatch. * Forbid repeated extensions in X.509 certificates. * debug_print_buf() now prints a text view in addition to hexadecimal. + * Skip writing and parsing signature_algorithm extension if none of the + key exchanges enabled needs certificates. = PolarSSL 1.3.9 released 2014-10-20 Security diff --git a/include/polarssl/ssl_ciphersuites.h b/include/polarssl/ssl_ciphersuites.h index c4f1ffe64..191596f6c 100644 --- a/include/polarssl/ssl_ciphersuites.h +++ b/include/polarssl/ssl_ciphersuites.h @@ -233,7 +233,9 @@ extern "C" { #define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */ #define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */ -/* Reminder: update _ssl_premaster_secret when adding a new key exchange */ +/* Reminder: update _ssl_premaster_secret when adding a new key exchange. + * Reminder: update POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED below. + */ typedef enum { POLARSSL_KEY_EXCHANGE_NONE = 0, POLARSSL_KEY_EXCHANGE_RSA, @@ -248,6 +250,17 @@ typedef enum { POLARSSL_KEY_EXCHANGE_ECDH_ECDSA, } key_exchange_type_t; +#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) +#define POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED +#endif + typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t; #define POLARSSL_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 27abb3efe..39e593a43 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -142,7 +142,11 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl, *olen = 5 + ssl->verify_data_len; } -#if defined(POLARSSL_SSL_PROTO_TLS1_2) +/* + * Only if we handle at least one key exchange that needs signatures. + */ +#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ + defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) static void ssl_write_signature_algorithms_ext( ssl_context *ssl, unsigned char *buf, size_t *olen ) @@ -236,7 +240,8 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl, *olen = 6 + sig_alg_len; } -#endif /* POLARSSL_SSL_PROTO_TLS1_2 */ +#endif /* POLARSSL_SSL_PROTO_TLS1_2 && + POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */ #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C) static void ssl_write_supported_elliptic_curves_ext( ssl_context *ssl, @@ -628,7 +633,8 @@ static int ssl_write_client_hello( ssl_context *ssl ) ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; -#if defined(POLARSSL_SSL_PROTO_TLS1_2) +#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ + defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; #endif diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 01b0aca20..21f3c1357 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -465,7 +465,8 @@ static int ssl_parse_renegotiation_info( ssl_context *ssl, return( 0 ); } -#if defined(POLARSSL_SSL_PROTO_TLS1_2) +#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ + defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) static int ssl_parse_signature_algorithms_ext( ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -509,7 +510,8 @@ have_sig_alg: return( 0 ); } -#endif /* POLARSSL_SSL_PROTO_TLS1_2 */ +#endif /* POLARSSL_SSL_PROTO_TLS1_2 && + POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */ #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C) static int ssl_parse_supported_elliptic_curves( ssl_context *ssl, @@ -1402,7 +1404,8 @@ static int ssl_parse_client_hello( ssl_context *ssl ) return( ret ); break; -#if defined(POLARSSL_SSL_PROTO_TLS1_2) +#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ + defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) case TLS_EXT_SIG_ALG: SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); if( ssl->renegotiation == SSL_RENEGOTIATION ) @@ -1412,7 +1415,8 @@ static int ssl_parse_client_hello( ssl_context *ssl ) if( ret != 0 ) return( ret ); break; -#endif /* POLARSSL_SSL_PROTO_TLS1_2 */ +#endif /* POLARSSL_SSL_PROTO_TLS1_2 && + POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */ #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C) case TLS_EXT_SUPPORTED_ELLIPTIC_CURVES: