From 67ae0b983992c8d3e6f348670736e3a292984257 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 19 Sep 2016 16:58:45 +0100 Subject: [PATCH 1/3] Fix sig->tag update in mbedtls_x509_get_sig() --- ChangeLog | 3 +++ library/x509.c | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index f53530d37..05e3f9dde 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,9 @@ Bugfix * Fix documentation and implementation missmatch for function arguments of mbedtls_gcm_finish(). Found by cmiatpaar. #602 * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558 + * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf + data structure until after error checks are successful. Found by + subramanyam-c. = mbed TLS 1.3.17 branch 2016-06-28 diff --git a/library/x509.c b/library/x509.c index ab105d8fa..282a95190 100644 --- a/library/x509.c +++ b/library/x509.c @@ -559,16 +559,18 @@ int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig ) { int ret; size_t len; + int tag_type; if( ( end - *p ) < 1 ) return( POLARSSL_ERR_X509_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA ); - sig->tag = **p; + tag_type = **p; if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 ) return( POLARSSL_ERR_X509_INVALID_SIGNATURE + ret ); + sig->tag = tag_type; sig->len = len; sig->p = *p; From c176038d73494ed208d38226c23e1799622a51e4 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 13 Oct 2016 15:34:27 +0100 Subject: [PATCH 2/3] Update and clean up Changelog for #622 --- ChangeLog | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 05e3f9dde..ffc48262f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,12 +17,12 @@ Bugfix * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration POLARSSL_PEM_WRITE_C is not defined. Found by inestlerode. #559. + * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf + data structure until after error checks are successful. Found by + subramanyam-c. #622 * Fix documentation and implementation missmatch for function arguments of mbedtls_gcm_finish(). Found by cmiatpaar. #602 * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558 - * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf - data structure until after error checks are successful. Found by - subramanyam-c. = mbed TLS 1.3.17 branch 2016-06-28 From 0da3e44fea8c917967df097a6497bf3416168250 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 23 Sep 2016 13:16:02 +0100 Subject: [PATCH 3/3] Add check for validity of date in x509_get_time() --- ChangeLog | 2 ++ library/x509.c | 32 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 36 ++++++++++++++++++++++ tests/suites/test_suite_x509parse.function | 34 ++++++++++++++++++++ 4 files changed, 104 insertions(+) diff --git a/ChangeLog b/ChangeLog index ffc48262f..26e296efb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,8 @@ Bugfix * Fix documentation and implementation missmatch for function arguments of mbedtls_gcm_finish(). Found by cmiatpaar. #602 * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558 + * Fix check for validity of date when parsing in mbedtls_x509_get_time(). + Found by subramanyam-c. #626 = mbed TLS 1.3.17 branch 2016-06-28 diff --git a/library/x509.c b/library/x509.c index 282a95190..5aea37545 100644 --- a/library/x509.c +++ b/library/x509.c @@ -76,6 +76,7 @@ #endif #define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); } +#define CHECK_RANGE(min, max, val) if( val < min || val > max ){ return( ret ); } /* * CertificateSerialNumber ::= INTEGER @@ -489,6 +490,33 @@ static int x509_parse_int(unsigned char **p, unsigned n, int *res){ return 0; } +static int x509_date_is_valid(const x509_time *time) +{ + int ret = POLARSSL_ERR_X509_INVALID_DATE; + + CHECK_RANGE( 0, 9999, time->year ); + CHECK_RANGE( 0, 23, time->hour ); + CHECK_RANGE( 0, 59, time->min ); + CHECK_RANGE( 0, 59, time->sec ); + + switch( time->mon ) + { + case 1: case 3: case 5: case 7: case 8: case 10: case 12: + CHECK_RANGE( 1, 31, time->day ); + break; + case 4: case 6: case 9: case 11: + CHECK_RANGE( 1, 30, time->day ); + break; + case 2: + CHECK_RANGE( 1, 28 + (time->year % 4 == 0), time->day ); + break; + default: + return( ret ); + } + + return( 0 ); +} + /* * Time ::= CHOICE { * utcTime UTCTime, @@ -528,6 +556,8 @@ int x509_get_time( unsigned char **p, const unsigned char *end, time->year += 100 * ( time->year < 50 ); time->year += 1900; + CHECK( x509_date_is_valid( time ) ); + return( 0 ); } else if( tag == ASN1_GENERALIZED_TIME ) @@ -548,6 +578,8 @@ int x509_get_time( unsigned char **p, const unsigned char *end, if( len > 14 && *(*p)++ != 'Z' ) return( POLARSSL_ERR_X509_INVALID_DATE ); + CHECK( x509_date_is_valid( time ) ); + return( 0 ); } else diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b6c3bdb56..b289fc992 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1463,3 +1463,39 @@ x509parse_crt_file:"data_files/server7_all_space.crt":POLARSSL_ERR_PEM_INVALID_D X509 File parse (trailing spaces, OK) depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509parse_crt_file:"data_files/server7_trailing_space.crt":0 + +X509 Get time (UTC no issues) +depends_on:POLARSSL_X509_USE_C +x509_get_time:ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0 + +X509 Get time (Generalized Time no issues) +depends_on:POLARSSL_X509_USE_C +x509_get_time:ASN1_GENERALIZED_TIME:"99991231235959Z":0:9999:12:31:23:59:59 + +X509 Get time (UTC year without leap day) +depends_on:POLARSSL_X509_USE_C +x509_get_time:ASN1_UTC_TIME:"490229121212Z":POLARSSL_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC year with leap day) +depends_on:POLARSSL_X509_USE_C +x509_get_time:ASN1_UTC_TIME:"000229121212Z":0:2000:2:29:12:12:12 + +X509 Get time (UTC invalid day of month #1) +depends_on:POLARSSL_X509_USE_C +x509_get_time:ASN1_UTC_TIME:"000132121212Z":POLARSSL_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid day of month #2) +depends_on:POLARSSL_X509_USE_C +x509_get_time:ASN1_UTC_TIME:"001131121212Z":POLARSSL_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid hour) +depends_on:POLARSSL_X509_USE_C +x509_get_time:ASN1_UTC_TIME:"001130241212Z":POLARSSL_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid min) +depends_on:POLARSSL_X509_USE_C +x509_get_time:ASN1_UTC_TIME:"001130236012Z":POLARSSL_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid sec) +depends_on:POLARSSL_X509_USE_C +x509_get_time:ASN1_UTC_TIME:"001130235960Z":POLARSSL_ERR_X509_INVALID_DATE:0:0:0:0:0:0 diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 18837c532..eee82412b 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1,4 +1,5 @@ /* BEGIN_HEADER */ +#include "polarssl/x509.h" #include "polarssl/x509_crt.h" #include "polarssl/x509_crl.h" #include "polarssl/x509_csr.h" @@ -594,6 +595,39 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_X509_USE_C */ +void x509_get_time( int tag, char *time_str, int ret, + int year, int mon, int day, + int hour, int min, int sec ) +{ + x509_time time; + unsigned char buf[17]; + unsigned char* start = buf; + unsigned char* end = buf; + + memset( &time, 0x00, sizeof( time ) ); + *end = (unsigned char)tag; end++; + if( tag == ASN1_UTC_TIME ) + *end = 13; + else + *end = 15; + end++; + memcpy( end, time_str, (size_t)*(end - 1) ); + end += *(end - 1); + + TEST_ASSERT( x509_get_time( &start, end, &time ) == ret ); + if( ret == 0 ) + { + TEST_ASSERT( year == time.year ); + TEST_ASSERT( mon == time.mon ); + TEST_ASSERT( day == time.day ); + TEST_ASSERT( hour == time.hour ); + TEST_ASSERT( min == time.min ); + TEST_ASSERT( sec == time.sec ); + } +} +/* END_CASE */ + /* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT */ void x509_parse_rsassa_pss_params( char *hex_params, int params_tag, int ref_msg_md, int ref_mgf_md,