From e1853a2b3eabefa97b61c0b3673f1d1f9eba3d0e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 8 Nov 2019 19:21:34 +0100 Subject: [PATCH 1/4] Update crypto submodule * #292: Make psa_close_key(0) and psa_destroy_key(0) succeed * #299: Allow xxx_drbg_set_entropy_len before xxx_drbg_seed * #259: Check `len` against buffers size upper bound in PSA tests * #288: Add ECDSA tests with hash and key of different lengths * #305: CTR_DRBG: grab a nonce from the entropy source if needed * #316: Stop transactions from being reentrant * #317: getting_started: Make it clear that keys are passed in * #314: Fix pk_write with EC key to use a constant size for the private value * #298: Test a build without any asymmetric cryptography * #284: Fix some possibly-undefined variable warnings * #315: Define MBEDTLS_PK_SIGNATURE_MAX_SIZE * #318: Finish side-porting commits from mbedtls-restricted that missed the split --- crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto b/crypto index 3cdb3da3a..0b3dd8d02 160000 --- a/crypto +++ b/crypto @@ -1 +1 @@ -Subproject commit 3cdb3da3a0c1631e14434a219dfa787513a915a7 +Subproject commit 0b3dd8d0249adb54abc7ad46303f3c22e44aefb7 From bf88780e64945b568d98591159da2b8604444d73 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 8 Nov 2019 19:21:51 +0100 Subject: [PATCH 2/4] Use MBEDTLS_PK_SIGNATURE_MAX_SIZE in X.509 Use the constant that is now provided by the crypto submodule instead of rolling our own definition which is not correct in all cases. --- library/x509write_crt.c | 12 +----------- library/x509write_csr.c | 12 +----------- 2 files changed, 2 insertions(+), 22 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 03fb3fd94..0a2357a58 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -45,16 +45,6 @@ #include "mbedtls/pem.h" #endif /* MBEDTLS_PEM_WRITE_C */ -/* - * For the currently used signature algorithms the buffer to store any signature - * must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE) - */ -#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE -#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN -#else -#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE -#endif - void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ) { memset( ctx, 0, sizeof( mbedtls_x509write_cert ) ); @@ -347,7 +337,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, size_t sig_oid_len = 0; unsigned char *c, *c2; unsigned char hash[64]; - unsigned char sig[SIGNATURE_MAX_SIZE]; + unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; mbedtls_pk_type_t pk_alg; diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 0d62d1d48..ffbf436ab 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -49,16 +49,6 @@ #include "mbedtls/pem.h" #endif -/* - * For the currently used signature algorithms the buffer to store any signature - * must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE) - */ -#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE -#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN -#else -#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE -#endif - void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) { memset( ctx, 0, sizeof( mbedtls_x509write_csr ) ); @@ -148,7 +138,7 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s size_t sig_oid_len = 0; unsigned char *c, *c2; unsigned char hash[64]; - unsigned char sig[SIGNATURE_MAX_SIZE]; + unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; unsigned char tmp_buf[2048]; size_t pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; From 96a7cd17596aa50b599646e967c30de76c35ae46 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 8 Nov 2019 19:22:35 +0100 Subject: [PATCH 3/4] Use MBEDTLS_PK_SIGNATURE_MAX_SIZE in pkey sample programs Use the constant that is now provided by the crypto submodule instead of rolling our own definition which is not correct in all cases. --- programs/pkey/pk_sign.c | 13 +------------ programs/pkey/pk_verify.c | 2 +- 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index bdedca4c9..a354e5b17 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -60,17 +60,6 @@ int main( void ) #include #include - -/* - * For the currently used signature algorithms the buffer to store any signature - * must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE) - */ -#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE -#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN -#else -#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE -#endif - int main( int argc, char *argv[] ) { FILE *f; @@ -80,7 +69,7 @@ int main( int argc, char *argv[] ) mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; unsigned char hash[32]; - unsigned char buf[SIGNATURE_MAX_SIZE]; + unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; char filename[512]; const char *pers = "mbedtls_pk_sign"; size_t olen = 0; diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index a6bfe3f29..72caf7139 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -65,7 +65,7 @@ int main( int argc, char *argv[] ) size_t i; mbedtls_pk_context pk; unsigned char hash[32]; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; + unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; char filename[512]; mbedtls_pk_init( &pk ); From 2e86a206f7dd21d5d1aba461728d27347233afec Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 8 Nov 2019 19:23:04 +0100 Subject: [PATCH 4/4] Remove component designed to test MAX_SIGNATURE_SIZE MBEDTLS_PK_SIGNATURE_MAX_SIZE is tested in Mbed Crypto. Its effect on Mbed TLS is also tested via the X.509 tests. The case of MBEDTLS_MPI_MAX_SIZE < MBEDTLS_ECDSA_MAX_LEN, for which this component was added as a regression test, is covered by config-suite-b.h which is tested via test-ref-configs.pl. --- tests/scripts/all.sh | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index cd0eca790..e76b9d422 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -649,23 +649,6 @@ component_check_doxygen_warnings () { #### Build and test many configurations and targets ################################################################ -component_test_large_ecdsa_key_signature () { - - SMALL_MPI_MAX_SIZE=136 # Small enough to interfere with the EC signatures - - msg "build: cmake + MBEDTLS_MPI_MAX_SIZE=${SMALL_MPI_MAX_SIZE}, gcc, ASan" # ~ 1 min 50s - scripts/config.py set MBEDTLS_MPI_MAX_SIZE $SMALL_MPI_MAX_SIZE - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - INEVITABLY_PRESENT_FILE=Makefile - SIGNATURE_FILE="${INEVITABLY_PRESENT_FILE}.sig" # Warning, this is rm -f'ed below - - msg "test: pk_sign secp521r1_prv.der for MBEDTLS_MPI_MAX_SIZE=${SMALL_MPI_MAX_SIZE} (ASan build)" # ~ 5s - if_build_succeeded programs/pkey/pk_sign tests/data_files/secp521r1_prv.der $INEVITABLY_PRESENT_FILE - rm -f $SIGNATURE_FILE -} - component_test_default_out_of_box () { msg "build: make, default config (out-of-box)" # ~1min make