diff options
author | Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> | 2021-06-15 11:29:26 +0200 |
---|---|---|
committer | Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> | 2021-06-17 09:38:38 +0200 |
commit | 84dea01f36240592c162cd3724dc89abb25b3080 (patch) | |
tree | 5e7a834521d6fd726b2746ca915178261e1f0345 /programs/fuzz | |
parent | 39be1410fdad87998cc345a6b808410ded100dd8 (diff) | |
download | mbedtls-84dea01f36240592c162cd3724dc89abb25b3080.zip mbedtls-84dea01f36240592c162cd3724dc89abb25b3080.tar.gz mbedtls-84dea01f36240592c162cd3724dc89abb25b3080.tar.bz2 |
Add RNG params to private key parsing
This is necessary for the case where the public part of an EC keypair
needs to be computed from the private part - either because it was not
included (it's an optional component) or because it was compressed (a
format we can't parse).
This changes the API of two public functions: mbedtls_pk_parse_key() and
mbedtls_pk_parse_keyfile().
Tests and programs have been adapted. Some programs use a non-secure RNG
(from the test library) just to get things to compile and run; in a
future commit this should be improved in order to demonstrate best
practice.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Diffstat (limited to 'programs/fuzz')
-rw-r--r-- | programs/fuzz/fuzz_dtlsserver.c | 4 | ||||
-rw-r--r-- | programs/fuzz/fuzz_privkey.c | 4 | ||||
-rw-r--r-- | programs/fuzz/fuzz_server.c | 3 |
3 files changed, 8 insertions, 3 deletions
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 34ff63e..a64eef9 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -6,6 +6,7 @@ #include "common.h" #include "mbedtls/ssl.h" #include "test/certs.h" +#include "test/random.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" @@ -55,7 +56,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { mbedtls_test_cas_pem_len ) != 0) return 1; if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0 ) != 0) + mbedtls_test_srv_key_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL ) != 0) return 1; #endif dummy_init(); diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index f76afd1..a061875 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -3,6 +3,7 @@ #include <stdint.h> #include <stdlib.h> #include "mbedtls/pk.h" +#include "test/random.h" //4 Kb should be enough for every bug ;-) #define MAX_LEN 0x1000 @@ -19,7 +20,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { } mbedtls_pk_init( &pk ); - ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0 ); + ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0, + mbedtls_test_rnd_std_rand, NULL ); if (ret == 0) { #if defined(MBEDTLS_RSA_C) if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA ) diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 5480e3e..d4480c5 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -66,7 +66,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { mbedtls_test_cas_pem_len ) != 0) return 1; if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0 ) != 0) + mbedtls_test_srv_key_len, NULL, 0, + mbedtls_ctr_drbg_random, &ctr_drbg ) != 0) return 1; #endif |