Merge remote-tracking branch 'upstream-restricted/pr/395' into mbedtls-2.1-restricted-proposed

ChangeLog

@@ -64,6 +64,8 @@ Bugfix
      that could cause a key exchange to fail on valid data.
    * Fix a possible arithmetic overflow in ssl_parse_server_psk_hint() that
      could cause a key exchange to fail on valid data.
+   * Fix a 1-byte heap buffer overflow (read-only) during private key parsing.
+     Found through fuzz testing.
 
 Changes
    * Clarified the documentation of mbedtls_ssl_setup.

library/pkparse.c

@@ -181,6 +181,10 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
 {
     int ret;
 
+    if ( end - *p < 1 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
     /* Tag may be either OID or SEQUENCE */
     params->tag = **p;
     if( params->tag != MBEDTLS_ASN1_OID

tests/suites/test_suite_pkparse.data

@@ -1043,22 +1043,32 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MB
 pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
 
 Key ASN1 (Incorrect first tag)
-pk_parse_key_rsa:"":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+pk_parse_key:"":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 
 Key ASN1 (RSAPrivateKey, incorrect version tag)
-pk_parse_key_rsa:"300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 
 Key ASN1 (RSAPrivateKey, version tag missing)
-pk_parse_key_rsa:"3000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"3000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 
 Key ASN1 (RSAPrivateKey, invalid version)
-pk_parse_key_rsa:"3003020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"3003020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 
 Key ASN1 (RSAPrivateKey, correct version, incorrect tag)
-pk_parse_key_rsa:"300402010000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"300402010000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 
 Key ASN1 (RSAPrivateKey, values present, length mismatch)
-pk_parse_key_rsa:"301c02010002010102010102010102010102010102010102010102010100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"301c02010002010102010102010102010102010102010102010102010100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 
 Key ASN1 (RSAPrivateKey, values present, check_privkey fails)
-pk_parse_key_rsa:"301b020100020101020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"301b020100020101020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Key ASN1 (ECPrivateKey, empty parameters)
+depends_on:MBEDTLS_ECP_C
+pk_parse_key:"30070201010400a000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT

tests/suites/test_suite_pkparse.function

@@ -113,8 +113,8 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
+/* BEGIN_CASE */
-void pk_parse_key_rsa( char *key_data, char *result_str, int result )
+void pk_parse_key( char *key_data, char *result_str, int result )
 {
     mbedtls_pk_context pk;
     unsigned char buf[2000];