The contentInfo field of PKCS7 Signed Data structures can
optionally contain the content of the signature. Per RFC 2315
it can also contain any of the PKCS7 data types. Add test and
comments making it clear that the current implementation
only supports the DATA content type and the data must be empty.
Return codes should be clear whether content was invalid or
unsupported.
Identification and fix provided by:
- Demi Marie Obenour <demiobenour@gmail.com>
- Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Nick Child <nick.child@ibm.com>
- ASN.1 parsing functions check that length don't exceed buffer bounds,
so checks `p + len > end` are redundant.
- If `p + len == end`, this is erroneous because we expect further fields,
which is automatically caught by the next ASN.1 parsing call.
Hence, the two branches handling `p + len >= end` in x509_get_other_name()
can be removed.
Further, zeroization of the `other_name` structure isn't necessary
because it's not confidential (and it's also not performed on other
error conditions in this function).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
There were some areas where `end_signer` were being
used when it makes more sense to use `end_issuer_and_sn`,
as pointed out by demiobenour@gmail.com.
Signed-off-by: Nick Child <nick.child@ibm.com>
Several PKCS7 invalid ASN1 Tests were failing due to extra
data bytes or incorrect content lengths going unnoticed. Make
the parser aware of possible malformed ASN1 data.
Signed-off-by: Nick Child <nick.child@ibm.com>
Netscape Certificate Management System Administrator's Guide: Extension-Specific Policy Modules, Chapter 18: Extension-Specific Policy Modules, Netscape Certificate Type Extension Policy:
> The extension has no default value.
A bitstring with no flags set is still technically valid, as it will mean that the certificate has no designated purpose at the time of creation.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
A parsed CSR struct (`mbedtls_x509_csr`) now includes some of the
X.509v3 extensions included in the CSR -- the key usage, Netscape
cert-type, and Subject Alternative Names.
Author: Jens Alfke <jens@couchbase.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
The fix_quasi_reduction function changed to static so checking the
invalid arguments are not needed anymore.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Rename the function to 'fix_quasi_reduction' to better suite its functionality.
Also changed the name prefix to suite for the new module.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Ensure platforms that don't have an assembly implementation for
mbedtls_get_unaligned_volatile_uint32() don't experience a performance
regression.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This path updates the clean-up logic of to individually
free each of the the group's structure members
rather than invoke `mbedtls_ecp_group_free()`.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch adjusts the logic, so that the method is included,
when the following components are enabled:
* MBEDTLS_ECP_DP_CURVE448_ENABLED
* MBEDTLS_ECP_DP_CURVE25519_ENABLED
* ECP_LOAD_GROUP
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch updates the method to not free the `grp->P`
and `grp->N` structure members.
The contents of `P` and `N` are stored in static memory at
`curve448_p/n` and `curve25519p/n` and no longer dynamically
allocated.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch adds two embedded constants used by `ecp_use_curve448()`.
The method has been updated to read that into an mpi instead of
calculating it on the fly.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch adds two embedded constants used by `ecp_use_curve25519()`.
The method has been updated to read that into an mpi instead of
calculating it on the fly.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
The key derivation algorithm PSA_ALG_TLS12_ECJPAKE_TO_PMS cannot be
used on a shared secret from a key agreement since its input must be
an ECC public key. Reject this properly.
This is tested by test_suite_psa_crypto_op_fail.generated.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In some contexts, the output pointer may equal the first input
pointer, in which case copying is not only superfluous but results in
"Source and destination overlap in memcpy" errors from Valgrind (as I
observed in the context of ecp_double_jac) and a diagnostic message
from TrustInSoft Analyzer (as Pascal Cuoq reported in the context of
other ECP functions called by cert-app with a suitable certificate).
Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov>
When ticket_flags used as parameter, use unsigned int,
instead of uint8_t or mbedtls_ssl_tls13_ticket_flags.Also
remove the definition of mbedtls_ssl_tls13_ticket_flags.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Return MBEDTLS_ERR_ERROR_GENERIC_ERROR when ticket_flags
are not compatible with advertised key exchange mode.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Ticket flags is quite generic and may make sense in the
future versions of TLS or even in TLS 1.2 with new
extensions. This change remane the ticket_flags helper
functions with more generic `mbedtls_ssl_session` prefix
instead of `mbedtls_ssl_tls13_session`.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
