From 7ea67274f75701b5ed0b270db827a5adde87d6df Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 8 May 2017 11:15:49 +0100 Subject: [PATCH 1/6] Fix test_suite_pk.function to work on 64-bit ILP32 This change fixes a problem in the tests pk_rsa_alt() and pk_rsa_overflow() from test_suite_pk.function that would cause a segmentation fault. The problem is that these tests are only designed to run in computers where the SIZE_MAX > UINT_MAX. --- tests/suites/test_suite_pk.function | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index e84783667..ac6429bae 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -5,8 +5,7 @@ #include "mbedtls/ecp.h" #include "mbedtls/rsa.h" -/* For detecting 64-bit compilation */ -#include "mbedtls/bignum.h" +#include static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); @@ -413,11 +412,14 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_HAVE_INT64 */ +/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ void pk_rsa_overflow( ) { mbedtls_pk_context pk; - size_t hash_len = (size_t)-1; + size_t hash_len = SIZE_MAX; + + if( SIZE_MAX <= UINT_MAX ) + return; mbedtls_pk_init( &pk ); @@ -486,13 +488,13 @@ void pk_rsa_alt( ) TEST_ASSERT( strcmp( mbedtls_pk_get_name( &alt ), "RSA-alt" ) == 0 ); /* Test signature */ - TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, - sig, &sig_len, rnd_std_rand, NULL ) == 0 ); -#if defined(MBEDTLS_HAVE_INT64) - TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, (size_t)-1, - NULL, NULL, rnd_std_rand, NULL ) == +#if SIZE_MAX > UINT_MAX + TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, + sig, &sig_len, rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* MBEDTLS_HAVE_INT64 */ +#endif /* SIZE_MAX > UINT_MAX */ + TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, + sig, &sig_len, rnd_std_rand, NULL ) == 0 ); TEST_ASSERT( sig_len == RSA_KEY_LEN ); TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE, hash, sizeof hash, sig, sig_len ) == 0 ); From f4fbdda602232b10a9249c5eb61903c7ba23ab11 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 8 May 2017 11:19:19 +0100 Subject: [PATCH 2/6] Add test command for 64-bit ILP32 in all.sh --- tests/scripts/all.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b559af8e1..c60eaaf65 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -653,6 +653,16 @@ if uname -a | grep -F x86_64 >/dev/null; then cleanup make CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' + msg "test: i386, make, gcc" + make test + + msg "build: 64-bit ILP32, make, gcc" # ~ 30s + cleanup + make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' + + msg "test: 64-bit ILP32, make, gcc" + make test + msg "build: gcc, force 32-bit compilation" cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 6ff067d73db24b8a70c8953ed6f3900f8eea4495 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 9 Jun 2017 14:26:59 +0100 Subject: [PATCH 3/6] Add missing stdint.h header to test_suite_pk.func --- tests/suites/test_suite_pk.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index ac6429bae..2180f5c8e 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -6,6 +6,7 @@ #include "mbedtls/rsa.h" #include +#include static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); From 0edda4236d83160dfa96fcf3322a3328657fb811 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 5 Dec 2017 14:47:05 +0100 Subject: [PATCH 4/6] Added ChangeLog entry for 64-bit ILP32 fix Fixes #849 --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 84473657c..c9b416d1d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -269,6 +269,7 @@ Bugfix Vranken. * Fix a numerical underflow leading to stack overflow in mpi_read_file() that was triggered uppon reading an empty line. Found by Guido Vranken. + * Fix test_suite_pk to work on 64-bit ILP32 systems. #849 Changes * Send fatal alerts in more cases. The previous behaviour was to skip From 48e689e6becc4a227aaa18ba83e2d3914c46552f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Jan 2018 21:19:09 +0100 Subject: [PATCH 5/6] Remove duplicate build run Don't compile twice with MBEDTLS_HAVE_INT64. But do test with MBEDTLS_HAVE_INT32. --- tests/scripts/all.sh | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c60eaaf65..ccec60fcd 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -678,17 +678,6 @@ if uname -a | grep -F x86_64 >/dev/null; then scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' - - msg "test: gcc, force 64-bit compilation" - make test - - msg "build: gcc, force 64-bit compilation" - cleanup - cp "$CONFIG_H" "$CONFIG_BAK" - scripts/config.pl unset MBEDTLS_HAVE_ASM - scripts/config.pl unset MBEDTLS_AESNI_C - scripts/config.pl unset MBEDTLS_PADLOCK_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' fi # x86_64 msg "build: arm-none-eabi-gcc, make" # ~ 10s From 14c3c0610e087e5d119d6d8b785076699fd9aeaf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Jan 2018 21:25:12 +0100 Subject: [PATCH 6/6] Test with 32-bit and 64-bit bignum limbs on all architectures Build with MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 on all architectures, not just x86_64. These two modes should work on all platforms (except embedded environments where 64-bit division is not available). Also run the unit tests. Correct the description: this is not "N-bit compilation", but "N-bit bignum limbs". --- tests/scripts/all.sh | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ccec60fcd..d5fc12d0a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -662,24 +662,30 @@ if uname -a | grep -F x86_64 >/dev/null; then msg "test: 64-bit ILP32, make, gcc" make test - - msg "build: gcc, force 32-bit compilation" - cleanup - cp "$CONFIG_H" "$CONFIG_BAK" - scripts/config.pl unset MBEDTLS_HAVE_ASM - scripts/config.pl unset MBEDTLS_AESNI_C - scripts/config.pl unset MBEDTLS_PADLOCK_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' - - msg "build: gcc, force 64-bit compilation" - cleanup - cp "$CONFIG_H" "$CONFIG_BAK" - scripts/config.pl unset MBEDTLS_HAVE_ASM - scripts/config.pl unset MBEDTLS_AESNI_C - scripts/config.pl unset MBEDTLS_PADLOCK_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' fi # x86_64 +msg "build: gcc, force 32-bit bignum limbs" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' + +msg "test: gcc, force 32-bit bignum limbs" +make test + +msg "build: gcc, force 64-bit bignum limbs" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' + +msg "test: gcc, force 64-bit bignum limbs" +make test + msg "build: arm-none-eabi-gcc, make" # ~ 10s cleanup cp "$CONFIG_H" "$CONFIG_BAK"