Merge pull request #7479 from xkqian/bignumber_test_mul_inv_named_moduli
[Bignum] Bignumber test mul inv named moduli
diff --git a/ChangeLog.d/add-psa_want_alg_some_pake.txt b/ChangeLog.d/add-psa_want_alg_some_pake.txt
new file mode 100644
index 0000000..00b3002
--- /dev/null
+++ b/ChangeLog.d/add-psa_want_alg_some_pake.txt
@@ -0,0 +1,3 @@
+Features
+ * Don't include the PSA dispatch functions for PAKEs (psa_pake_setup() etc)
+ if no PAKE algorithms are requested
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 5c2c843..e7f3131 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -594,6 +594,8 @@
* \brief Perform a left-shift on an MPI: X <<= count
*
* \param X The MPI to shift. This must point to an initialized MPI.
+ * The MPI pointed by \p X may be resized to fit
+ * the resulting number.
* \param count The number of bits to shift by.
*
* \return \c 0 if successful.
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index d78391e..a351060 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -908,6 +908,10 @@
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
+#if defined(PSA_WANT_ALG_JPAKE)
+#define PSA_WANT_ALG_SOME_PAKE 1
+#endif
+
/* These features are always enabled. */
#define PSA_WANT_KEY_TYPE_DERIVE 1
#define PSA_WANT_KEY_TYPE_PASSWORD 1
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 8d6d60f..ec2a251 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -778,7 +778,7 @@
}
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_ECP_C)
/**
* Quick access to an EC context inside a PK context.
*
@@ -801,7 +801,7 @@
return NULL;
}
}
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_PK_PARSE_C)
/** \ingroup pk_module */
diff --git a/library/bignum.c b/library/bignum.c
index 2421c1a..e686a1b 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -750,13 +750,9 @@
int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t i, v0, t1;
- mbedtls_mpi_uint r0 = 0, r1;
+ size_t i;
MPI_VALIDATE_RET(X != NULL);
- v0 = count / (biL);
- t1 = count & (biL - 1);
-
i = mbedtls_mpi_bitlen(X) + count;
if (X->n * biL < i) {
@@ -765,31 +761,7 @@
ret = 0;
- /*
- * shift by count / limb_size
- */
- if (v0 > 0) {
- for (i = X->n; i > v0; i--) {
- X->p[i - 1] = X->p[i - v0 - 1];
- }
-
- for (; i > 0; i--) {
- X->p[i - 1] = 0;
- }
- }
-
- /*
- * shift by count % limb_size
- */
- if (t1 > 0) {
- for (i = v0; i < X->n; i++) {
- r1 = X->p[i] >> (biL - t1);
- X->p[i] <<= t1;
- X->p[i] |= r0;
- r0 = r1;
- }
- }
-
+ mbedtls_mpi_core_shift_l(X->p, X->n, count);
cleanup:
return ret;
diff --git a/library/debug.c b/library/debug.c
index 3969616..e3dfaef 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -30,6 +30,7 @@
#include <stdio.h>
#include <string.h>
+/* DEBUG_BUF_SIZE must be at least 2 */
#define DEBUG_BUF_SIZE 512
static int debug_threshold = 0;
@@ -69,6 +70,8 @@
char str[DEBUG_BUF_SIZE];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ MBEDTLS_STATIC_ASSERT(DEBUG_BUF_SIZE >= 2, "DEBUG_BUF_SIZE too small");
+
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
@@ -80,10 +83,15 @@
ret = mbedtls_vsnprintf(str, DEBUG_BUF_SIZE, format, argp);
va_end(argp);
- if (ret >= 0 && ret < DEBUG_BUF_SIZE - 1) {
- str[ret] = '\n';
- str[ret + 1] = '\0';
+ if (ret < 0) {
+ ret = 0;
+ } else {
+ if (ret >= DEBUG_BUF_SIZE - 1) {
+ ret = DEBUG_BUF_SIZE - 2;
+ }
}
+ str[ret] = '\n';
+ str[ret + 1] = '\0';
debug_send_line(ssl, level, file, line, str);
}
diff --git a/library/pk.c b/library/pk.c
index 71ab60d..7e77282 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -23,6 +23,7 @@
#include "mbedtls/pk.h"
#include "pk_wrap.h"
#include "pkwrite.h"
+#include "pk_internal.h"
#include "hash_info.h"
@@ -879,7 +880,7 @@
psa_status_t status;
/* export the private key material in the format PSA wants */
- ec = mbedtls_pk_ec(*pk);
+ ec = mbedtls_pk_ec_rw(*pk);
d_len = PSA_BITS_TO_BYTES(ec->grp.nbits);
if ((ret = mbedtls_ecp_write_key(ec, d, d_len)) != 0) {
return ret;
diff --git a/library/pk_internal.h b/library/pk_internal.h
new file mode 100644
index 0000000..7c4f285
--- /dev/null
+++ b/library/pk_internal.h
@@ -0,0 +1,68 @@
+/**
+ * \file pk_internal.h
+ *
+ * \brief Public Key abstraction layer: internal (i.e. library only) functions
+ * and definitions.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef MBEDTLS_PK_INTERNAL_H
+#define MBEDTLS_PK_INTERNAL_H
+
+#if defined(MBEDTLS_ECP_LIGHT)
+#include "mbedtls/ecp.h"
+#endif
+
+#if defined(MBEDTLS_ECP_LIGHT)
+/**
+ * Public function mbedtls_pk_ec() can be used to get direct access to the
+ * wrapped ecp_keypair strucure pointed to the pk_ctx. However this is not
+ * ideal because it bypasses the PK module on the control of its internal's
+ * structure (pk_context) fields.
+ * For backward compatibility we keep mbedtls_pk_ec() when ECP_C is defined, but
+ * we provide 2 very similar function when only ECP_LIGHT is enabled and not
+ * ECP_C.
+ * These variants embed the "ro" or "rw" keywords in their name to make the
+ * usage of the returned pointer explicit. Of course the returned value is
+ * const or non-const accordingly.
+ */
+static inline const mbedtls_ecp_keypair *mbedtls_pk_ec_ro(const mbedtls_pk_context pk)
+{
+ switch (mbedtls_pk_get_type(&pk)) {
+ case MBEDTLS_PK_ECKEY:
+ case MBEDTLS_PK_ECKEY_DH:
+ case MBEDTLS_PK_ECDSA:
+ return (const mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx);
+ default:
+ return NULL;
+ }
+}
+
+static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk)
+{
+ switch (mbedtls_pk_get_type(&pk)) {
+ case MBEDTLS_PK_ECKEY:
+ case MBEDTLS_PK_ECKEY_DH:
+ case MBEDTLS_PK_ECDSA:
+ return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx);
+ default:
+ return NULL;
+ }
+}
+#endif /* MBEDTLS_ECP_LIGHT */
+
+#endif /* MBEDTLS_PK_INTERNAL_H */
diff --git a/library/pkparse.c b/library/pkparse.c
index ade8a04..87b707d 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -26,6 +26,7 @@
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
+#include "pk_internal.h"
#include <string.h>
@@ -795,14 +796,14 @@
if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (mbedtls_pk_is_rfc8410_curve(ec_grp_id)) {
- ret = pk_use_ecparams_rfc8410(&alg_params, ec_grp_id, &mbedtls_pk_ec(*pk)->grp);
+ ret = pk_use_ecparams_rfc8410(&alg_params, ec_grp_id, &mbedtls_pk_ec_rw(*pk)->grp);
} else
#endif
{
- ret = pk_use_ecparams(&alg_params, &mbedtls_pk_ec(*pk)->grp);
+ ret = pk_use_ecparams(&alg_params, &mbedtls_pk_ec_rw(*pk)->grp);
}
if (ret == 0) {
- ret = pk_get_ecpubkey(p, end, mbedtls_pk_ec(*pk));
+ ret = pk_get_ecpubkey(p, end, mbedtls_pk_ec_rw(*pk));
}
} else
#endif /* MBEDTLS_ECP_LIGHT */
@@ -1231,10 +1232,10 @@
if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (mbedtls_pk_is_rfc8410_curve(ec_grp_id)) {
- if ((ret =
- pk_use_ecparams_rfc8410(¶ms, ec_grp_id, &mbedtls_pk_ec(*pk)->grp)) != 0 ||
+ if ((ret = pk_use_ecparams_rfc8410(¶ms, ec_grp_id,
+ &mbedtls_pk_ec_rw(*pk)->grp)) != 0 ||
(ret =
- pk_parse_key_rfc8410_der(mbedtls_pk_ec(*pk), p, len, end, f_rng,
+ pk_parse_key_rfc8410_der(mbedtls_pk_ec_rw(*pk), p, len, end, f_rng,
p_rng)) != 0) {
mbedtls_pk_free(pk);
return ret;
@@ -1242,8 +1243,8 @@
} else
#endif
{
- if ((ret = pk_use_ecparams(¶ms, &mbedtls_pk_ec(*pk)->grp)) != 0 ||
- (ret = pk_parse_key_sec1_der(mbedtls_pk_ec(*pk), p, len, f_rng, p_rng)) != 0) {
+ if ((ret = pk_use_ecparams(¶ms, &mbedtls_pk_ec_rw(*pk)->grp)) != 0 ||
+ (ret = pk_parse_key_sec1_der(mbedtls_pk_ec_rw(*pk), p, len, f_rng, p_rng)) != 0) {
mbedtls_pk_free(pk);
return ret;
}
@@ -1430,7 +1431,7 @@
pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY);
if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 ||
- (ret = pk_parse_key_sec1_der(mbedtls_pk_ec(*pk),
+ (ret = pk_parse_key_sec1_der(mbedtls_pk_ec_rw(*pk),
pem.buf, pem.buflen,
f_rng, p_rng)) != 0) {
mbedtls_pk_free(pk);
@@ -1554,7 +1555,7 @@
#if defined(MBEDTLS_ECP_LIGHT)
pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY);
if (mbedtls_pk_setup(pk, pk_info) == 0 &&
- pk_parse_key_sec1_der(mbedtls_pk_ec(*pk),
+ pk_parse_key_sec1_der(mbedtls_pk_ec_rw(*pk),
key, keylen, f_rng, p_rng) == 0) {
return 0;
}
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 8872953..1f606a4 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -26,6 +26,7 @@
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
+#include "pk_internal.h"
#include <string.h>
@@ -182,7 +183,7 @@
#endif
#if defined(MBEDTLS_ECP_LIGHT)
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
- MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, mbedtls_pk_ec(*key)));
+ MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, mbedtls_pk_ec_rw(*key)));
} else
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -246,7 +247,7 @@
pk_type = mbedtls_pk_get_type(key);
#if defined(MBEDTLS_ECP_LIGHT)
if (pk_type == MBEDTLS_PK_ECKEY) {
- ec_grp_id = mbedtls_pk_ec(*key)->grp.id;
+ ec_grp_id = mbedtls_pk_ec_ro(*key)->grp.id;
}
#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -469,7 +470,7 @@
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
- mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*key);
+ mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*key);
size_t pub_len = 0, par_len = 0;
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
@@ -591,7 +592,7 @@
#if defined(MBEDTLS_ECP_LIGHT)
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
- if (mbedtls_pk_is_rfc8410_curve(mbedtls_pk_ec(*key)->grp.id)) {
+ if (mbedtls_pk_is_rfc8410_curve(mbedtls_pk_ec_ro(*key)->grp.id)) {
begin = PEM_BEGIN_PRIVATE_KEY_PKCS8;
end = PEM_END_PRIVATE_KEY_PKCS8;
} else
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 7b6f05b..2bd4df1 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -7384,6 +7384,7 @@
return PSA_SUCCESS;
}
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t psa_pake_setup(
psa_pake_operation_t *operation,
const psa_pake_cipher_suite_t *cipher_suite)
@@ -8100,5 +8101,6 @@
return status;
}
+#endif /* PSA_WANT_ALG_SOME_PAKE */
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index d7c47e6..17149c5 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -55,6 +55,7 @@
#endif
#include "mbedtls/pk.h"
+#include "pk_internal.h"
#include "common.h"
/* Shorthand for restartable ECC */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index cd87164..fe666e8 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7388,9 +7388,9 @@
/* and in the unlikely case the above assumption no longer holds
* we are making sure that pk_ec() here does not return a NULL
*/
- const mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk);
+ const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk);
if (ec == NULL) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_pk_ec() returned NULL"));
+ MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_pk_ec_ro() returned NULL"));
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index d94d829..0940bdb 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2007,7 +2007,7 @@
return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
}
- peer_key = mbedtls_pk_ec(*peer_pk);
+ peer_key = mbedtls_pk_ec_ro(*peer_pk);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t olen = 0;
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index ac6c10d..aa3e306 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -666,7 +666,7 @@
uint16_t *curves_tls_id)
{
uint16_t *curr_tls_id = curves_tls_id;
- mbedtls_ecp_group_id grp_id = mbedtls_pk_ec(*pk)->grp.id;
+ mbedtls_ecp_group_id grp_id = mbedtls_pk_ec_ro(*pk)->grp.id;
mbedtls_ecp_group_id curr_grp_id;
while (*curr_tls_id != 0) {
@@ -2636,7 +2636,7 @@
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA:
- key = mbedtls_pk_ec(*pk);
+ key = mbedtls_pk_ec_rw(*pk);
if (key == NULL) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@@ -2704,7 +2704,7 @@
}
if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx,
- mbedtls_pk_ec(*mbedtls_ssl_own_key(ssl)),
+ mbedtls_pk_ec_ro(*mbedtls_ssl_own_key(ssl)),
MBEDTLS_ECDH_OURS)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret);
return ret;
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 601fb2c..cba30aa 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -50,6 +50,7 @@
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#include "hash_info.h"
#include "x509_invasive.h"
+#include "pk_internal.h"
#include "mbedtls/platform.h"
@@ -237,7 +238,7 @@
if (pk_alg == MBEDTLS_PK_ECDSA ||
pk_alg == MBEDTLS_PK_ECKEY ||
pk_alg == MBEDTLS_PK_ECKEY_DH) {
- const mbedtls_ecp_group_id gid = mbedtls_pk_ec(*pk)->grp.id;
+ const mbedtls_ecp_group_id gid = mbedtls_pk_ec_ro(*pk)->grp.id;
if (gid == MBEDTLS_ECP_DP_NONE) {
return -1;
@@ -3201,6 +3202,7 @@
mbedtls_asn1_sequence_free(cert_cur->ext_key_usage.next);
mbedtls_asn1_sequence_free(cert_cur->subject_alt_names.next);
mbedtls_asn1_sequence_free(cert_cur->certificate_policies.next);
+ mbedtls_asn1_sequence_free(cert_cur->authority_key_id.authorityCertIssuer.next);
if (cert_cur->raw.p != NULL && cert_cur->own_buffer) {
mbedtls_platform_zeroize(cert_cur->raw.p, cert_cur->raw.len);
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 0591029..f36c6be 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -6,6 +6,7 @@
#include "mbedtls/base64.h"
#include "mbedtls/ecp.h"
#include "mbedtls/rsa.h"
+#include "pk_internal.h"
#include "hash_info.h"
@@ -101,20 +102,20 @@
mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH ||
mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) {
int ret;
- if ((ret = mbedtls_ecp_group_load(&mbedtls_pk_ec(*pk)->grp,
+ if ((ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp,
parameter)) != 0) {
return ret;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- return pk_genkey_ec(&mbedtls_pk_ec(*pk)->grp,
- &mbedtls_pk_ec(*pk)->d,
- &mbedtls_pk_ec(*pk)->Q);
+ return pk_genkey_ec(&mbedtls_pk_ec_rw(*pk)->grp,
+ &mbedtls_pk_ec_rw(*pk)->d,
+ &mbedtls_pk_ec_rw(*pk)->Q);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ECP_C)
- return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec(*pk)->grp,
- &mbedtls_pk_ec(*pk)->d,
- &mbedtls_pk_ec(*pk)->Q,
+ return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec_rw(*pk)->grp,
+ &mbedtls_pk_ec_rw(*pk)->d,
+ &mbedtls_pk_ec_rw(*pk)->Q,
mbedtls_test_rnd_std_rand, NULL);
#endif /* MBEDTLS_ECP_C */
}
@@ -709,7 +710,7 @@
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA));
- eckey = mbedtls_pk_ec(pk);
+ eckey = mbedtls_pk_ec_rw(pk);
TEST_ASSERT(mbedtls_ecp_group_load(&eckey->grp, id) == 0);
TEST_ASSERT(mbedtls_ecp_point_read_binary(&eckey->grp, &eckey->Q,
@@ -745,12 +746,12 @@
memset(sig, 0, sizeof(sig));
TEST_ASSERT(mbedtls_pk_setup(&prv, mbedtls_pk_info_from_type(pk_type)) == 0);
- TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec(prv)->grp, grp_id) == 0);
- TEST_ASSERT(mbedtls_test_read_mpi(&mbedtls_pk_ec(prv)->d, d_str) == 0);
+ TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(prv)->grp, grp_id) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&mbedtls_pk_ec_rw(prv)->d, d_str) == 0);
TEST_ASSERT(mbedtls_pk_setup(&pub, mbedtls_pk_info_from_type(pk_type)) == 0);
- TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec(pub)->grp, grp_id) == 0);
- TEST_ASSERT(mbedtls_ecp_point_read_string(&mbedtls_pk_ec(pub)->Q, 16, QX_str, QY_str) == 0);
+ TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(pub)->grp, grp_id) == 0);
+ TEST_ASSERT(mbedtls_ecp_point_read_string(&mbedtls_pk_ec_rw(pub)->Q, 16, QX_str, QY_str) == 0);
mbedtls_ecp_set_max_ops(max_ops);
@@ -1316,8 +1317,8 @@
/* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */
pkey_legacy_start = pkey_legacy + sizeof(pkey_legacy) - klen_legacy;
#else
- ret = mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec(pk)->grp),
- &(mbedtls_pk_ec(pk)->Q),
+ ret = mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec_ro(pk)->grp),
+ &(mbedtls_pk_ec_ro(pk)->Q),
MBEDTLS_ECP_PF_UNCOMPRESSED,
&klen_legacy, pkey_legacy,
sizeof(pkey_legacy));
@@ -1379,10 +1380,10 @@
TEST_EQUAL(mbedtls_pk_setup(&pk,
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)), 0);
TEST_EQUAL(mbedtls_ecp_group_load(
- &(mbedtls_pk_ec(pk)->grp),
+ &(mbedtls_pk_ec_rw(pk)->grp),
(mbedtls_ecp_group_id) parameter_arg), 0);
- TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec(pk)->grp),
- &(mbedtls_pk_ec(pk)->Q),
+ TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec_ro(pk)->grp),
+ &(mbedtls_pk_ec_rw(pk)->Q),
pkey_legacy_start, klen_legacy), 0);
#endif
TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256,
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 838a7db..e0e3300 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -3,6 +3,7 @@
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
#include "mbedtls/ecp.h"
+#include "pk_internal.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -83,9 +84,9 @@
TEST_ASSERT(res == result);
if (res == 0) {
- mbedtls_ecp_keypair *eckey;
+ const mbedtls_ecp_keypair *eckey;
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY));
- eckey = mbedtls_pk_ec(ctx);
+ eckey = mbedtls_pk_ec_ro(ctx);
TEST_ASSERT(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q) == 0);
}
@@ -110,9 +111,9 @@
TEST_ASSERT(res == result);
if (res == 0) {
- mbedtls_ecp_keypair *eckey;
+ const mbedtls_ecp_keypair *eckey;
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY));
- eckey = mbedtls_pk_ec(ctx);
+ eckey = mbedtls_pk_ec_ro(ctx);
TEST_ASSERT(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d) == 0);
}
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index f67d4ba..2d799a0 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -3320,3 +3320,8 @@
X509 CRT parse Authority Key Id - Wrong Issuer Tag 2
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13f003d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+# clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376: test for bad sequence of names in authorityCertIssuer
+X509 CRT parse Authority Key Id - Wrong Issuer sequence
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"308201883082016FA0030201020209202020202020202020300D06092A864886F70D010104050030233110300E0603202020130720202020202020310F300D06032020201306202020202020301E170D3131303530383230353934385A170D3134303530373230353934385A30233110300E0603202020130720202020202020310F300D06032020201306202020202020305C300D06092A864886F70D0101010500034B003048024120202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020FF02032020FFA38185308182301D060320202004162020202020202020202020202020202020202020202030530603551D23044C304A80142020202020202020202020202020202020202020A12AA42530233110300E0603202020130720202020202020310F300D0603202020130620202020202082002020202020202020202020202020202020202020202020202020202020202020202020202020202020202020":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA