mbedtls/tests/suites
Hanno Becker 1de13dbc49 Obey bounds of ASN.1 substructures
When parsing a substructure of an ASN.1 structure, no field within
the substructure must exceed the bounds of the substructure.
Concretely, the `end` pointer passed to the ASN.1 parsing routines
must be updated to point to the end of the substructure while parsing
the latter.

This was previously not the case for the routines
- x509_get_attr_type_and_value(),
- mbedtls_x509_get_crt_ext(),
- mbedtls_x509_get_crl_ext().
These functions kept using the end of the parent structure as the
`end` pointer and would hence allow substructure fields to cross
the substructure boundary. This could lead to successful parsing
of ill-formed X.509 CRTs.

This commit fixes this.

Care has to be taken when adapting `mbedtls_x509_get_crt_ext()`
and `mbedtls_x509_get_crl_ext()`, as the underlying function
`mbedtls_x509_get_ext()` returns `0` if no extensions are present
but doesn't set the variable which holds the bounds of the Extensions
structure in case the latter is present. This commit addresses
this by returning early from `mbedtls_x509_get_crt_ext()` and
`mbedtls_x509_get_crl_ext()` if parsing has reached the end of
the input buffer.

The following X.509 parsing tests need to be adapted:
- "TBSCertificate, issuer two inner set datas"
  This test exercises the X.509 CRT parser with a Subject name
  which has two empty `AttributeTypeAndValue` structures.
  This is supposed to fail with `MBEDTLS_ERR_ASN1_OUT_OF_DATA`
  because the parser should attempt to parse the first structure
  and fail because of a lack of data. Previously, it failed to
  obey the (0-length) bounds of the first AttributeTypeAndValue
  structure and would try to interpret the beginning of the second
  AttributeTypeAndValue structure as the first field of the first
  AttributeTypeAndValue structure, returning an UNEXPECTED_TAG error.
- "TBSCertificate, issuer, no full following string"
  This test exercises the parser's behaviour on an AttributeTypeAndValue
  structure which contains more data than expected; it should therefore
  fail with MBEDTLS_ERR_ASN1_LENGTH_MISMATCH. Because of the missing bounds
  check, it previously failed with UNEXPECTED_TAG because it interpreted
  the remaining byte in the first AttributeTypeAndValue structure as the
  first byte in the second AttributeTypeAndValue structure.
- "SubjectAltName repeated"
  This test should exercise two SubjectAltNames extensions in succession,
  but a wrong length values makes the second SubjectAltNames extension appear
  outside of the Extensions structure. With the new bounds in place, this
  therefore fails with a LENGTH_MISMATCH error. This commit adapts the test
  data to put the 2nd SubjectAltNames extension inside the Extensions
  structure, too.
2019-06-04 14:03:27 +01:00
..
helpers.function Fix resource leak of file desc in test code 2018-11-26 21:29:29 +00:00
main_test.function Merge branch 'pr_1025' into development 2017-11-28 18:23:53 +01:00
test_suite_aes.cbc.data Split up largest test suite data files into smaller chunks 2013-04-08 18:09:51 +02:00
test_suite_aes.cfb.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_aes.ecb.data Split up largest test suite data files into smaller chunks 2013-04-08 18:09:51 +02:00
test_suite_aes.function Set selftest verbose flag to boost coverage 2016-10-13 13:48:48 +01:00
test_suite_aes.rest.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_arc4.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_arc4.function Set selftest verbose flag to boost coverage 2016-10-13 13:48:48 +01:00
test_suite_asn1write.data Add mbedtls_asn1_write_len() support for 3 and 4 byte lengths 2016-08-25 15:42:27 +01:00
test_suite_asn1write.function Add dependency of mbedtls_asn1_write_len() test on ASN.1 parsing 2018-10-16 13:54:37 +01:00
test_suite_base64.data Add test for base64 output length 2015-09-30 16:31:10 +02:00
test_suite_base64.function Set selftest verbose flag to boost coverage 2016-10-13 13:48:48 +01:00
test_suite_blowfish.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_blowfish.function The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_camellia.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_camellia.function Set selftest verbose flag to boost coverage 2016-10-13 13:48:48 +01:00
test_suite_ccm.data Test AD too long only when CCM_ALT not defined 2018-12-19 14:14:58 +02:00
test_suite_ccm.function Set selftest verbose flag to boost coverage 2016-10-13 13:48:48 +01:00
test_suite_cipher.aes.data Fix after PR comments 2018-06-21 14:03:14 +03:00
test_suite_cipher.arc4.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-29 08:43:30 -04:00
test_suite_cipher.blowfish.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-29 08:43:30 -04:00
test_suite_cipher.camellia.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-29 08:43:30 -04:00
test_suite_cipher.ccm.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_cipher.des.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-29 08:43:30 -04:00
test_suite_cipher.function Fix errors in AEAD test function 2019-03-14 11:00:58 +02:00
test_suite_cipher.gcm.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-29 08:43:30 -04:00
test_suite_cipher.null.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-29 08:43:30 -04:00
test_suite_cipher.padding.data fix bug in get_one_and_zeros_padding() 2017-12-23 23:40:08 +01:00
test_suite_cmac.data Extend test coverage of CMAC 2016-10-13 13:53:13 +01:00
test_suite_cmac.function Fix memory leaks in CMAC tests 2016-10-13 13:53:56 +01:00
test_suite_ctr_drbg.data Add coverage for CTR-DRBG corner case function behaviours 2016-08-25 15:42:28 +01:00
test_suite_ctr_drbg.function CTR_DRBG: add mbedtls_ctr_drbg_update_ret 2018-09-13 22:19:31 +02:00
test_suite_debug.data Tests: add omitted dependency on MBEDTLS_ECDSA_C in test_suite_debug 2018-03-05 13:20:31 +01:00
test_suite_debug.function Merging iotssl-457-badtail with development branch 2015-09-03 13:06:01 +01:00
test_suite_des.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_des.function Set selftest verbose flag to boost coverage 2016-10-13 13:48:48 +01:00
test_suite_dhm.data tests: dhm: Rename Hallman to Hellman 2018-07-06 14:28:45 +01:00
test_suite_dhm.function DHM: Add negative tests for parameter checking 2017-09-21 12:03:06 +01:00
test_suite_ecdh.data Add test case for ecdh_get_params with mismatching group 2019-02-21 18:17:05 +01:00
test_suite_ecdh.function Fix too small buffer in a test 2019-02-22 11:30:14 +01:00
test_suite_ecdsa.data Add tests for invalid private parameters in mbedtls_ecdsa_sign() 2017-11-17 17:09:31 +00:00
test_suite_ecdsa.function Add missing return value check in ECDSA test suite 2018-10-17 14:00:59 +01:00
test_suite_ecjpake.data Add tests for round 2 2015-09-07 12:43:11 +02:00
test_suite_ecjpake.function Remove use of size zero array in ECJPAKE test suite 2017-06-05 15:10:59 +01:00
test_suite_ecp.data Add invalid key tests for curve SECP224K1 2017-02-28 18:41:39 +00:00
test_suite_ecp.function Add invalid key tests for curve SECP224K1 2017-02-28 18:41:39 +00:00
test_suite_entropy.data Move flag indicating presence of strong entropy to test code 2017-07-24 15:31:30 +01:00
test_suite_entropy.function Rename internal MBEDTLS_ENTROPY_HAVE_STRONG to ENTROPY_HAVE_STRONG 2017-09-14 08:04:13 +01:00
test_suite_error.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_error.function The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_gcm.aes128_de.data fix for issue 1118: check if iv is zero in gcm. 2017-07-27 21:44:33 +01:00
test_suite_gcm.aes128_en.data fix for issue 1118: check if iv is zero in gcm. 2017-07-27 21:44:33 +01:00
test_suite_gcm.aes192_de.data fix for issue 1118: check if iv is zero in gcm. 2017-07-27 21:44:33 +01:00
test_suite_gcm.aes192_en.data fix for issue 1118: check if iv is zero in gcm. 2017-07-27 21:44:33 +01:00
test_suite_gcm.aes256_de.data fix for issue 1118: check if iv is zero in gcm. 2017-07-27 21:44:33 +01:00
test_suite_gcm.aes256_en.data fix for issue 1118: check if iv is zero in gcm. 2017-07-27 21:44:33 +01:00
test_suite_gcm.camellia.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_gcm.function Fix multiple quality issues in the source 2018-06-08 11:14:43 +01:00
test_suite_hmac_drbg.function Change mbedtls_entropy_func in tests to mbedtls_test_entropy_func 2018-01-24 20:05:45 +00:00
test_suite_hmac_drbg.misc.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_hmac_drbg.no_reseed.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_hmac_drbg.nopr.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_hmac_drbg.pr.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_md.data Allow comments in test data files 2017-10-06 11:58:50 +01:00
test_suite_md.function Fix memory leak in test_suite_md.function 2016-08-26 17:21:14 +01:00
test_suite_mdx.data Allow comments in test data files 2017-10-06 11:58:50 +01:00
test_suite_mdx.function New MD API: rename functions from _ext to _ret 2018-01-22 11:54:42 +01:00
test_suite_memory_buffer_alloc.data Test corner case uses of memory_buffer_alloc.c 2018-01-23 19:37:44 +00:00
test_suite_memory_buffer_alloc.function Test corner case uses of memory_buffer_alloc.c 2018-01-23 19:37:44 +00:00
test_suite_mpi.data Add non-regression test for buffer overflow 2019-03-06 14:00:39 +00:00
test_suite_mpi.function Add non-regression test for buffer overflow 2019-03-06 14:00:39 +00:00
test_suite_pem.data Add negative testing for mbedtls_pem_read_buffer() 2017-05-30 16:54:23 +01:00
test_suite_pem.function Add negative testing for mbedtls_pem_read_buffer() 2017-05-30 16:54:23 +01:00
test_suite_pk.data Fix depends_on:pk_alg in test suites 2018-03-05 12:58:51 +01:00
test_suite_pk.function Merge remote-tracking branch 'upstream-restricted/pr/460' into mbedtls-2.7-restricted-proposed 2018-03-13 17:24:33 +01:00
test_suite_pkcs1_v15.data Add tests for PKCS#1 v1.5 decoding 2018-10-08 11:49:15 +02:00
test_suite_pkcs1_v15.function Add tests for PKCS#1 v1.5 decoding 2018-10-08 11:49:15 +02:00
test_suite_pkcs1_v21.data RSA PSS: fix first byte check for keys of size 8N+1 2017-10-19 15:23:49 +02:00
test_suite_pkcs1_v21.function Adapt uses of mbedtls_rsa_complete to removed PRNG argument 2017-10-10 16:56:22 +01:00
test_suite_pkcs5.data tests/pkcs5/pbkdf2_hmac: add unit tests for additional SHA algorithms 2018-02-08 17:18:19 +08:00
test_suite_pkcs5.function Fix test dependencies of pkcs5 pbs2 on asn1 parse 2018-03-27 21:25:55 +01:00
test_suite_pkparse.data Change test dependencies to RC4 from DES 2018-07-27 17:33:34 +01:00
test_suite_pkparse.function Remove redundant dependency 2018-03-06 23:35:14 +01:00
test_suite_pkwrite.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_pkwrite.function Add dependency of pkwrite test suite on pkparse module 2018-10-16 13:54:08 +01:00
test_suite_rsa.data Merge branch 'development' into iotssl-247 2018-01-15 11:31:34 +00:00
test_suite_rsa.function Yet another dependency issue (PKCS1_V15) 2018-03-13 13:44:45 +01:00
test_suite_shax.data Allow comments in test data files 2017-10-06 11:58:50 +01:00
test_suite_shax.function New MD API: rename functions from _ext to _ret 2018-01-22 11:54:42 +01:00
test_suite_ssl.data Add test case calling ssl_set_hostname twice 2017-10-06 11:58:50 +01:00
test_suite_ssl.function Fix multiple quality issues in the source 2018-06-08 11:14:43 +01:00
test_suite_timing.data Reduce the timing tests complexity 2019-01-29 12:54:10 +01:00
test_suite_timing.function Correct code formatting in the timing test suites 2019-02-05 10:03:31 +01:00
test_suite_version.data Update library version to 2.7.10 2019-03-19 16:18:43 +00:00
test_suite_version.function Fix some test deps 2018-03-27 23:18:13 +02:00
test_suite_x509parse.data Obey bounds of ASN.1 substructures 2019-06-04 14:03:27 +01:00
test_suite_x509parse.function Add test cases exercising successful verification of MD2/MD4/MD5 CRT 2019-06-03 16:22:10 +01:00
test_suite_x509write.data Add tests for (named) bitstring to suite_asn1write 2019-02-11 21:10:55 +00:00
test_suite_x509write.function Add tests for (named) bitstring to suite_asn1write 2019-02-11 21:10:55 +00:00
test_suite_xtea.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_xtea.function Set selftest verbose flag to boost coverage 2016-10-13 13:48:48 +01:00