Merge remote-tracking branch 'origin/pr/2469' into development
* origin/pr/2469:
Enable MBEDTLS_MEMORY_DEBUG in memory buffer alloc test in all.sh
Remove unnecessary memory buffer alloc unsets
Disable DTLS proxy tests for MEMORY_BUFFER_ALLOC test
all.sh: restructure memory allocator tests
Add missing dependency in memory buffer alloc set in all.sh
Don't set MBEDTLS_MEMORY_DEBUG through `scripts/config.pl full`
Add cfg dep MBEDTLS_MEMORY_DEBUG->MBEDTLS_MEMORY_BUFFER_ALLOC_C
Fix memory leak in CSR test suite on failure
Fix a memory leak in x509write test suite
Add all.sh run with full config and ASan enabled
Add all.sh run with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled
Update documentation of exceptions for `config.pl full`
Adapt all.sh to removal of buffer allocator from full config
Disable memory buffer allocator in full config
Check dependencies of MBEDTLS_MEMORY_BACKTRACE in check_config.h
diff --git a/ChangeLog b/ChangeLog
index 5918cb7..f16c97e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,21 @@
mbed TLS ChangeLog (Sorted per branch, date)
-= mbed TLS 2.19.0 branch released xxxx-xx-xx
+= mbed TLS 2.19.0 branch released 2019-09-06
+
+Security
+ * Fix a missing error detection in ECJPAKE. This could have caused a
+ predictable shared secret if a hardware accelerator failed and the other
+ side of the key exchange had a similar bug.
+ * When writing a private EC key, use a constant size for the private
+ value, as specified in RFC 5915. Previously, the value was written
+ as an ASN.1 INTEGER, which caused the size of the key to leak
+ about 1 bit of information on average and could cause the value to be
+ 1 byte too large for the output buffer.
+ * The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to
+ implement blinding. Because of this for the same key and message the same
+ blinding value was generated. This reduced the effectiveness of the
+ countermeasure and leaked information about the private key through side
+ channels. Reported by Jack Lloyd.
Features
* Add new API functions mbedtls_ssl_session_save() and
@@ -33,6 +48,15 @@
just curves for which both are supported. Call mbedtls_ecdsa_can_do() or
mbedtls_ecdh_can_do() on each result to check whether each algorithm is
supported.
+ * The new function mbedtls_ecdsa_sign_det_ext() is similar to
+ mbedtls_ecdsa_sign_det() but allows passing an external RNG for the
+ purpose of blinding.
+
+New deprecations
+ * Deprecate mbedtls_ecdsa_sign_det() in favor of a functions that can take an
+ RNG function as an input.
+ * Calling mbedtls_ecdsa_write_signature() with NULL as the f_rng argument
+ is now deprecated.
Bugfix
* Fix missing bounds checks in X.509 parsing functions that could
@@ -81,22 +105,10 @@
* Add a Dockerfile and helper scripts (all-in-docker.sh, basic-in-docker.sh,
docker-env.sh) to simplify running test suites on a Linux host. Contributed
by Peter Kolbus (Garmin).
- * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
- Ashley Duncan in #2609.
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
test runs without variability. Contributed by Philippe Antoine (Catena
cyber) in #2681.
* Extended .gitignore to ignore Visual Studio artifacts. Fixed by ConfusedSushi.
- * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
- Ashley Duncan in #2609.
- * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
- test runs without variability. Contributed by Philippe Antoine (Catena
- cyber) in #2681.
- * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
- Ashley Duncan in #2609.
- * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
- test runs without variability. Contributed by Philippe Antoine (Catena
- cyber) in #2681.
* Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz.
Contributed by Philippe Antoine (Catena cyber).
diff --git a/crypto b/crypto
index f071654..92348d1 160000
--- a/crypto
+++ b/crypto
@@ -1 +1 @@
-Subproject commit f0716542c458a53106ae97788321b97a7910baef
+Subproject commit 92348d1c4931f8c33c2d092928afca556f672c42
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index fb3b6e1..1bc470b 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -139,7 +139,7 @@
#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
+#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
!defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
@@ -150,7 +150,9 @@
!defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) ) )
+ !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) )
#error "MBEDTLS_ECP_C defined, but not all prerequisites"
#endif
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 3c23214..03fb3fd 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -45,6 +45,16 @@
#include "mbedtls/pem.h"
#endif /* MBEDTLS_PEM_WRITE_C */
+/*
+ * For the currently used signature algorithms the buffer to store any signature
+ * must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
+ */
+#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
+#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
+#else
+#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
+#endif
+
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
{
memset( ctx, 0, sizeof( mbedtls_x509write_cert ) );
@@ -337,7 +347,7 @@
size_t sig_oid_len = 0;
unsigned char *c, *c2;
unsigned char hash[64];
- unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
+ unsigned char sig[SIGNATURE_MAX_SIZE];
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
mbedtls_pk_type_t pk_alg;
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 8dc39e7..0d62d1d 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -49,6 +49,16 @@
#include "mbedtls/pem.h"
#endif
+/*
+ * For the currently used signature algorithms the buffer to store any signature
+ * must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
+ */
+#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
+#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
+#else
+#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
+#endif
+
void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
{
memset( ctx, 0, sizeof( mbedtls_x509write_csr ) );
@@ -138,7 +148,7 @@
size_t sig_oid_len = 0;
unsigned char *c, *c2;
unsigned char hash[64];
- unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
+ unsigned char sig[SIGNATURE_MAX_SIZE];
unsigned char tmp_buf[2048];
size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 47a098a..bdedca4 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -61,6 +61,16 @@
#include <string.h>
+/*
+ * For the currently used signature algorithms the buffer to store any signature
+ * must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
+ */
+#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
+#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
+#else
+#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
+#endif
+
int main( int argc, char *argv[] )
{
FILE *f;
@@ -70,7 +80,7 @@
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char hash[32];
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ unsigned char buf[SIGNATURE_MAX_SIZE];
char filename[512];
const char *pers = "mbedtls_pk_sign";
size_t olen = 0;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 61b88d1..5e9ad3d 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -135,6 +135,8 @@
#define DFL_CA_CALLBACK 0
#define DFL_EAP_TLS 0
#define DFL_REPRODUCIBLE 0
+#define DFL_NSS_KEYLOG 0
+#define DFL_NSS_KEYLOG_FILE NULL
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
#define GET_REQUEST_END "\r\n\r\n"
@@ -231,8 +233,15 @@
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
#define USAGE_EAP_TLS \
" eap_tls=%%d default: 0 (disabled)\n"
+#define USAGE_NSS_KEYLOG \
+ " nss_keylog=%%d default: 0 (disabled)\n" \
+ " This cannot be used with eap_tls=1\n"
+#define USAGE_NSS_KEYLOG_FILE \
+ " nss_keylog_file=%%s\n"
#else
#define USAGE_EAP_TLS ""
+#define USAGE_NSS_KEYLOG ""
+#define USAGE_NSS_KEYLOG_FILE ""
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
@@ -489,6 +498,8 @@
int etm; /* negotiate encrypt then mac? */
int context_crt_cb; /* use context-specific CRT verify callback */
int eap_tls; /* derive EAP-TLS keying material? */
+ int nss_keylog; /* export NSS key log material */
+ const char *nss_keylog_file; /* NSS key log file */
int cid_enabled; /* whether to use the CID extension or not */
int cid_enabled_renego; /* whether to use the CID extension or not
* during renegotiation */
@@ -535,6 +546,81 @@
}
return( 0 );
}
+
+static int nss_keylog_export( void *p_expkey,
+ const unsigned char *ms,
+ const unsigned char *kb,
+ size_t maclen,
+ size_t keylen,
+ size_t ivlen,
+ unsigned char client_random[32],
+ unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type )
+{
+ char nss_keylog_line[ 200 ];
+ size_t const client_random_len = 32;
+ size_t const master_secret_len = 48;
+ size_t len = 0;
+ size_t j;
+ int ret = 0;
+
+ ((void) p_expkey);
+ ((void) kb);
+ ((void) maclen);
+ ((void) keylen);
+ ((void) ivlen);
+ ((void) server_random);
+ ((void) tls_prf_type);
+
+ len += sprintf( nss_keylog_line + len,
+ "%s", "CLIENT_RANDOM " );
+
+ for( j = 0; j < client_random_len; j++ )
+ {
+ len += sprintf( nss_keylog_line + len,
+ "%02x", client_random[j] );
+ }
+
+ len += sprintf( nss_keylog_line + len, " " );
+
+ for( j = 0; j < master_secret_len; j++ )
+ {
+ len += sprintf( nss_keylog_line + len,
+ "%02x", ms[j] );
+ }
+
+ len += sprintf( nss_keylog_line + len, "\n" );
+ nss_keylog_line[ len ] = '\0';
+
+ mbedtls_printf( "\n" );
+ mbedtls_printf( "---------------- NSS KEYLOG -----------------\n" );
+ mbedtls_printf( "%s", nss_keylog_line );
+ mbedtls_printf( "---------------------------------------------\n" );
+
+ if( opt.nss_keylog_file != NULL )
+ {
+ FILE *f;
+
+ if( ( f = fopen( opt.nss_keylog_file, "a" ) ) == NULL )
+ {
+ ret = -1;
+ goto exit;
+ }
+
+ if( fwrite( nss_keylog_line, 1, len, f ) != len )
+ {
+ ret = -1;
+ goto exit;
+ }
+
+ fclose( f );
+ }
+
+exit:
+ mbedtls_platform_zeroize( nss_keylog_line,
+ sizeof( nss_keylog_line ) );
+ return( ret );
+}
#endif
static void my_debug( void *ctx, int level,
@@ -1204,6 +1290,8 @@
opt.serialize = DFL_SERIALIZE;
opt.eap_tls = DFL_EAP_TLS;
opt.reproducible = DFL_REPRODUCIBLE;
+ opt.nss_keylog = DFL_NSS_KEYLOG;
+ opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE;
for( i = 1; i < argc; i++ )
{
@@ -1606,10 +1694,26 @@
{
opt.reproducible = 1;
}
+ else if( strcmp( p, "nss_keylog" ) == 0 )
+ {
+ opt.nss_keylog = atoi( q );
+ if( opt.nss_keylog < 0 || opt.nss_keylog > 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "nss_keylog_file" ) == 0 )
+ {
+ opt.nss_keylog_file = q;
+ }
else
goto usage;
}
+ if( opt.nss_keylog != 0 && opt.eap_tls != 0 )
+ {
+ mbedtls_printf( "Error: eap_tls and nss_keylog options cannot be used together.\n" );
+ goto usage;
+ }
+
/* Event-driven IO is incompatible with the above custom
* receive and send functions, as the polling builds on
* refers to the underlying net_context. */
@@ -2145,8 +2249,16 @@
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
if( opt.eap_tls != 0 )
+ {
mbedtls_ssl_conf_export_keys_ext_cb( &conf, eap_tls_key_derivation,
&eap_tls_keying );
+ }
+ else if( opt.nss_keylog != 0 )
+ {
+ mbedtls_ssl_conf_export_keys_ext_cb( &conf,
+ nss_keylog_export,
+ NULL );
+ }
#endif
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 102951b..3683f3c 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -176,6 +176,8 @@
#define DFL_CA_CALLBACK 0
#define DFL_EAP_TLS 0
#define DFL_REPRODUCIBLE 0
+#define DFL_NSS_KEYLOG 0
+#define DFL_NSS_KEYLOG_FILE NULL
#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
"02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
@@ -308,8 +310,15 @@
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
#define USAGE_EAP_TLS \
" eap_tls=%%d default: 0 (disabled)\n"
+#define USAGE_NSS_KEYLOG \
+ " nss_keylog=%%d default: 0 (disabled)\n" \
+ " This cannot be used with eap_tls=1\n"
+#define USAGE_NSS_KEYLOG_FILE \
+ " nss_keylog_file=%%s\n"
#else
#define USAGE_EAP_TLS ""
+#define USAGE_NSS_KEYLOG ""
+#define USAGE_NSS_KEYLOG_FILE ""
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_SSL_CACHE_C)
@@ -487,6 +496,8 @@
USAGE_TICKETS \
USAGE_EAP_TLS \
USAGE_REPRODUCIBLE \
+ USAGE_NSS_KEYLOG \
+ USAGE_NSS_KEYLOG_FILE \
USAGE_CACHE \
USAGE_MAX_FRAG_LEN \
USAGE_TRUNC_HMAC \
@@ -598,6 +609,8 @@
int dgram_packing; /* allow/forbid datagram packing */
int badmac_limit; /* Limit of records with bad MAC */
int eap_tls; /* derive EAP-TLS keying material? */
+ int nss_keylog; /* export NSS key log material */
+ const char *nss_keylog_file; /* NSS key log file */
int cid_enabled; /* whether to use the CID extension or not */
int cid_enabled_renego; /* whether to use the CID extension or not
* during renegotiation */
@@ -644,6 +657,82 @@
}
return( 0 );
}
+
+static int nss_keylog_export( void *p_expkey,
+ const unsigned char *ms,
+ const unsigned char *kb,
+ size_t maclen,
+ size_t keylen,
+ size_t ivlen,
+ unsigned char client_random[32],
+ unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type )
+{
+ char nss_keylog_line[ 200 ];
+ size_t const client_random_len = 32;
+ size_t const master_secret_len = 48;
+ size_t len = 0;
+ size_t j;
+ int ret = 0;
+
+ ((void) p_expkey);
+ ((void) kb);
+ ((void) maclen);
+ ((void) keylen);
+ ((void) ivlen);
+ ((void) server_random);
+ ((void) tls_prf_type);
+
+ len += sprintf( nss_keylog_line + len,
+ "%s", "CLIENT_RANDOM " );
+
+ for( j = 0; j < client_random_len; j++ )
+ {
+ len += sprintf( nss_keylog_line + len,
+ "%02x", client_random[j] );
+ }
+
+ len += sprintf( nss_keylog_line + len, " " );
+
+ for( j = 0; j < master_secret_len; j++ )
+ {
+ len += sprintf( nss_keylog_line + len,
+ "%02x", ms[j] );
+ }
+
+ len += sprintf( nss_keylog_line + len, "\n" );
+ nss_keylog_line[ len ] = '\0';
+
+ mbedtls_printf( "\n" );
+ mbedtls_printf( "---------------- NSS KEYLOG -----------------\n" );
+ mbedtls_printf( "%s", nss_keylog_line );
+ mbedtls_printf( "---------------------------------------------\n" );
+
+ if( opt.nss_keylog_file != NULL )
+ {
+ FILE *f;
+
+ if( ( f = fopen( opt.nss_keylog_file, "a" ) ) == NULL )
+ {
+ ret = -1;
+ goto exit;
+ }
+
+ if( fwrite( nss_keylog_line, 1, len, f ) != len )
+ {
+ ret = -1;
+ goto exit;
+ }
+
+ fclose( f );
+ }
+
+exit:
+ mbedtls_platform_zeroize( nss_keylog_line,
+ sizeof( nss_keylog_line ) );
+ return( ret );
+}
+
#endif
static void my_debug( void *ctx, int level,
@@ -1892,6 +1981,8 @@
opt.serialize = DFL_SERIALIZE;
opt.eap_tls = DFL_EAP_TLS;
opt.reproducible = DFL_REPRODUCIBLE;
+ opt.nss_keylog = DFL_NSS_KEYLOG;
+ opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE;
for( i = 1; i < argc; i++ )
{
@@ -2320,10 +2411,26 @@
{
opt.reproducible = 1;
}
+ else if( strcmp( p, "nss_keylog" ) == 0 )
+ {
+ opt.nss_keylog = atoi( q );
+ if( opt.nss_keylog < 0 || opt.nss_keylog > 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "nss_keylog_file" ) == 0 )
+ {
+ opt.nss_keylog_file = q;
+ }
else
goto usage;
}
+ if( opt.nss_keylog != 0 && opt.eap_tls != 0 )
+ {
+ mbedtls_printf( "Error: eap_tls and nss_keylog options cannot be used together.\n" );
+ goto usage;
+ }
+
/* Event-driven IO is incompatible with the above custom
* receive and send functions, as the polling builds on
* refers to the underlying net_context. */
@@ -2960,8 +3067,16 @@
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
if( opt.eap_tls != 0 )
+ {
mbedtls_ssl_conf_export_keys_ext_cb( &conf, eap_tls_key_derivation,
&eap_tls_keying );
+ }
+ else if( opt.nss_keylog != 0 )
+ {
+ mbedtls_ssl_conf_export_keys_ext_cb( &conf,
+ nss_keylog_export,
+ NULL );
+ }
#endif
#if defined(MBEDTLS_SSL_ALPN)
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 99d64eb..e75bf81 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -869,6 +869,14 @@
$(OPENSSL) pkey -in $< -inform DER -out $@
all_final += ec_prv.pk8param.pem
+###
+### A generic SECP521R1 private key
+###
+
+secp521r1_prv.der:
+ $(OPENSSL) ecparam -genkey -name secp521r1 -noout -out secp521r1_prv.der
+all_final += secp521r1_prv.der
+
################################################################
### Generate CSRs for X.509 write test suite
################################################################
diff --git a/tests/data_files/ec_256_long_prv.pem b/tests/data_files/ec_256_long_prv.pem
new file mode 100644
index 0000000..5141e30
--- /dev/null
+++ b/tests/data_files/ec_256_long_prv.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIIcex4mqXsQamUKTVf8vXmTAJrQvGjh5mXG8p9+OR4xAoAoGCCqGSM49
+AwEHoUQDQgAEqJ2HQjPpc6fDwE/vSa6U35USXawkTo98y4U6NsAl+rOGuqMPEFXf
+P1Srm/Jrzwa/RuppRL5kgyAsGJTUmwZEzQ==
+-----END EC PRIVATE KEY-----
diff --git a/tests/data_files/ec_521_short_prv.pem b/tests/data_files/ec_521_short_prv.pem
new file mode 100644
index 0000000..427b7ad
--- /dev/null
+++ b/tests/data_files/ec_521_short_prv.pem
@@ -0,0 +1,7 @@
+-----BEGIN EC PRIVATE KEY-----
+MIHcAgEBBEIAOXdk7W+Hf5L7Hc9fKe44wmpaRNs5ERFTkv5CrlXv/Bu3y28M673q
+vBNo7a/UE/6NNQHu2pQODEYFpMg6R34b5SigBwYFK4EEACOhgYkDgYYABAFUMHXV
+KPA4vkMgq+pFgDoH96XoM517gF2GJFV6h2gLhykzIHL/otAyEpAStw7MBvbU0V21
+ixB+hjqzO7Snxaj9mwB8g87OKxm5eGfsqvJNPdJ0RZ/EKy06Ukg6KThlhQeyrtIk
+g5PTCrPnNszlffAy6/jCOe3Moi59g15H13sSzwfX6g==
+-----END EC PRIVATE KEY-----
diff --git a/tests/data_files/secp521r1_prv.der b/tests/data_files/secp521r1_prv.der
new file mode 100644
index 0000000..4d342bd
--- /dev/null
+++ b/tests/data_files/secp521r1_prv.der
Binary files differ
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index c361b83..c7bf428 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -617,6 +617,23 @@
#### Build and test many configurations and targets
################################################################
+component_test_large_ecdsa_key_signature () {
+
+ SMALL_MPI_MAX_SIZE=136 # Small enough to interfere with the EC signatures
+
+ msg "build: cmake + MBEDTLS_MPI_MAX_SIZE=${SMALL_MPI_MAX_SIZE}, gcc, ASan" # ~ 1 min 50s
+ scripts/config.pl set MBEDTLS_MPI_MAX_SIZE $SMALL_MPI_MAX_SIZE
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ INEVITABLY_PRESENT_FILE=Makefile
+ SIGNATURE_FILE="${INEVITABLY_PRESENT_FILE}.sig" # Warning, this is rm -f'ed below
+
+ msg "test: pk_sign secp521r1_prv.der for MBEDTLS_MPI_MAX_SIZE=${SMALL_MPI_MAX_SIZE} (ASan build)" # ~ 5s
+ if_build_succeeded programs/pkey/pk_sign tests/data_files/secp521r1_prv.der $INEVITABLY_PRESENT_FILE
+ rm -f $SIGNATURE_FILE
+}
+
component_test_default_out_of_box () {
msg "build: make, default config (out-of-box)" # ~1min
make