From 746df88e90b8aaecf77772d0fcea4016deeec459 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Wed, 3 May 2023 14:49:28 +0200 Subject: [PATCH 1/3] mbedtls_pem_write_buffer: Correctly report needed buffer size for all possible line lengths and counts Signed-off-by: Jethro Beekman --- library/pem.c | 2 +- tests/suites/test_suite_pem.data | 3 +++ tests/suites/test_suite_pem.function | 29 ++++++++++++++++++++++++++++ 3 files changed, 33 insertions(+), 1 deletion(-) diff --git a/library/pem.c b/library/pem.c index 8c8f39d9e..aed4788bf 100644 --- a/library/pem.c +++ b/library/pem.c @@ -491,7 +491,7 @@ int mbedtls_pem_write_buffer(const char *header, const char *footer, size_t len = 0, use_len, add_len = 0; mbedtls_base64_encode(NULL, 0, &use_len, der_data, der_len); - add_len = strlen(header) + strlen(footer) + (use_len / 64) + 1; + add_len = strlen(header) + strlen(footer) + (((use_len > 2) ? (use_len - 2) : 0) / 64) + 1; if (use_len + add_len > buf_len) { *olen = use_len + add_len; diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 332cb79df..a34aa9160 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -16,6 +16,9 @@ mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102 PEM write (exactly two lines + 1) mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" +PEM write length reporting +mbedtls_pem_write_buffer_lengths + PEM read (unencrypted, valid) mbedtls_pem_read_buffer:"^":"$":"^\nTWJlZCBUTFM=\n$":"":0:"4d62656420544c53" diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function index 918eae5e3..36801d14a 100644 --- a/tests/suites/test_suite_pem.function +++ b/tests/suites/test_suite_pem.function @@ -32,6 +32,35 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ +void mbedtls_pem_write_buffer_lengths() +{ + unsigned char data[256] = {}; + unsigned char buf[1024]; + size_t olen_needed, olen; + int ret; + for (size_t l = 0; l <= sizeof(data); l++) { + ret = mbedtls_pem_write_buffer("\n", "\n", data, l, NULL, 0, &olen_needed); + TEST_ASSERT(ret == MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL); + + /* Test that a bigger buffer still only requires `olen_needed` */ + ret = mbedtls_pem_write_buffer("\n", "\n", data, l, buf, sizeof(buf), &olen); + TEST_ASSERT(ret == 0); + TEST_ASSERT(olen_needed == olen); + + /* Test that a buffer of exactly `olen_needed` works */ + memset(buf, 1, sizeof(buf)); + ret = mbedtls_pem_write_buffer("\n", "\n", data, l, buf, olen_needed, &olen); + TEST_ASSERT(ret == 0); + TEST_ASSERT(olen_needed == olen); + /* Test the function didn't overflow the given buffer */ + for (size_t i = olen_needed; i < sizeof(buf); i++) { + TEST_ASSERT(buf[i] == 1); + } + } +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_PEM_PARSE_C */ void mbedtls_pem_read_buffer(char *header, char *footer, char *data, char *pwd, int res, data_t *out) From 3477a672b9af51a4611738fe7ed7eaa14918908b Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Wed, 3 May 2023 17:39:06 +0200 Subject: [PATCH 2/3] Fix cross-platform compilation issue Signed-off-by: Jethro Beekman --- tests/suites/test_suite_pem.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function index 36801d14a..b3b3e8d28 100644 --- a/tests/suites/test_suite_pem.function +++ b/tests/suites/test_suite_pem.function @@ -35,7 +35,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ void mbedtls_pem_write_buffer_lengths() { - unsigned char data[256] = {}; + unsigned char data[256] = { 0 }; unsigned char buf[1024]; size_t olen_needed, olen; int ret; From 2593ec4beef025876c45ee01fddc2df9d2314ce9 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Wed, 3 May 2023 17:39:36 +0200 Subject: [PATCH 3/3] Use TEST_EQUAL instead of TEST_ASSERT Signed-off-by: Jethro Beekman --- tests/suites/test_suite_pem.function | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function index b3b3e8d28..413dc551c 100644 --- a/tests/suites/test_suite_pem.function +++ b/tests/suites/test_suite_pem.function @@ -41,21 +41,21 @@ void mbedtls_pem_write_buffer_lengths() int ret; for (size_t l = 0; l <= sizeof(data); l++) { ret = mbedtls_pem_write_buffer("\n", "\n", data, l, NULL, 0, &olen_needed); - TEST_ASSERT(ret == MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL); + TEST_EQUAL(ret, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL); /* Test that a bigger buffer still only requires `olen_needed` */ ret = mbedtls_pem_write_buffer("\n", "\n", data, l, buf, sizeof(buf), &olen); - TEST_ASSERT(ret == 0); - TEST_ASSERT(olen_needed == olen); + TEST_EQUAL(ret, 0); + TEST_EQUAL(olen_needed, olen); /* Test that a buffer of exactly `olen_needed` works */ memset(buf, 1, sizeof(buf)); ret = mbedtls_pem_write_buffer("\n", "\n", data, l, buf, olen_needed, &olen); - TEST_ASSERT(ret == 0); - TEST_ASSERT(olen_needed == olen); + TEST_EQUAL(ret, 0); + TEST_EQUAL(olen_needed, olen); /* Test the function didn't overflow the given buffer */ for (size_t i = olen_needed; i < sizeof(buf); i++) { - TEST_ASSERT(buf[i] == 1); + TEST_EQUAL(buf[i], 1); } } }