From c1955559ad7bab3be5666d4687269e7d2ddc1edd Mon Sep 17 00:00:00 2001
From: k-stachowiak <krzysiek.stachowiak@gmail.com>
Date: Mon, 10 Jun 2019 11:46:18 +0200
Subject: [PATCH] Add a test for signing content with a long ECDSA key

Due to the way the current PK API works, it may have not been clear
for the library clients, how big output buffers they should pass
to the signing functions. Depending on the key type they depend on
MPI or EC specific compile-time constants.

Inside the library, there were places, where it was assumed that
the MPI size will always be enough, even for ECDSA signatures.
However, for very small sizes of the MBEDTLS_MPI_MAX_SIZE and
sufficiently large key, the EC signature could exceed the MPI size
and cause a stack overflow.

This test establishes both conditions -- small MPI size and the use
of a long ECDSA key -- and attempts to sign an arbitrary file.
This can cause a stack overvlow if the signature buffers are not
big enough, therefore the test is performed for an ASan build.
---
 tests/data_files/Makefile          |   8 ++++++++
 tests/data_files/secp521r1_prv.der | Bin 0 -> 223 bytes
 tests/scripts/all.sh               |  18 ++++++++++++++++++
 3 files changed, 26 insertions(+)
 create mode 100644 tests/data_files/secp521r1_prv.der

diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index d1af18ce7b..0aa78eb4c3 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -786,6 +786,14 @@ ec_prv.pk8param.pem: ec_prv.pk8param.der
 	$(OPENSSL) pkey -in $< -inform DER -out $@
 all_final += ec_prv.pk8param.pem
 
+###
+### A generic SECP521R1 private key
+###
+
+secp521r1_prv.der:
+	$(OPENSSL) ecparam -genkey -name secp521r1 -noout -out secp521r1_prv.der
+all_final += secp521r1_prv.der
+
 ################################################################
 ### Generate CSRs for X.509 write test suite
 ################################################################
diff --git a/tests/data_files/secp521r1_prv.der b/tests/data_files/secp521r1_prv.der
new file mode 100644
index 0000000000000000000000000000000000000000..4d342bdc25590e747f3dd45369c525a17eeafe4a
GIT binary patch
literal 223
zcmV<503iP`f!qQC0R%z;dbqNytV!Pn9Gx-kY_~1_fkN9pZuhX33j*q0c>w;eL4xg{
zKt>-fD<wHZfmZ{Mu$$ihSRa49VhX9;0{Ni}ZJ-AR1uKCB03)G+i35R#00aTfss9;R
zC$@<&(8HtYd|}dN8MlmlZ$^9LZYM!2`P*-gH<hG-b##QPz=3>T-%(a)8NM6PPC1#8
zkDC@p2S}y!0W4tS+`#2wI5*>!%9T%+)=Ms?Or<V6Ju_<)21k1!1@)$gI!Q`-WpCCh
ZCHRh%GW>fF%^Z0&EWhI$b@A@l|MQI|WVHYQ

literal 0
HcmV?d00001

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 369df1591a..b222ff553a 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -611,6 +611,24 @@ component_check_doxygen_warnings () {
 #### Build and test many configurations and targets
 ################################################################
 
+component_test_large_ecdsa_key_signature () {
+
+    SMALL_MPI_MAX_SIZE=136 # Small enough to interfere with the EC signatures
+
+    msg "build: cmake + MBEDTLS_MPI_MAX_SIZE=${SMALL_MPI_MAX_SIZE}, gcc, ASan" # ~ 1 min 50s
+    scripts/config.pl set MBEDTLS_MPI_MAX_SIZE $SMALL_MPI_MAX_SIZE
+    crypto/scripts/config.pl set MBEDTLS_MPI_MAX_SIZE $SMALL_MPI_MAX_SIZE
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    make
+
+    INEVITABLY_PRESENT_FILE=Makefile
+    SIGNATURE_FILE="${INEVITABLY_PRESENT_FILE}.sig" # Warning, this is rm -f'ed below
+
+    msg "test: pk_sign secp521r1_prv.der for MBEDTLS_MPI_MAX_SIZE=${SMALL_MPI_MAX_SIZE} (ASan build)" # ~ 5s
+    if_build_succeeded programs/pkey/pk_sign tests/data_files/secp521r1_prv.der $INEVITABLY_PRESENT_FILE
+    rm -f $SIGNATURE_FILE
+}
+
 component_test_default_out_of_box () {
     msg "build: make, default config (out-of-box)" # ~1min
     make