From 87bf1b5cf40970a87667412a8c8fbfd9574c5c9f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jul 2019 20:42:16 +0200 Subject: [PATCH 01/17] Add a test of MBEDTLS_CONFIG_FILE configs/README.txt documents that you can use an alternative configuration file by defining the preprocessor symbol MBEDTLS_CONFIG_FILE. Test this. --- tests/scripts/all.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0a7439790..b276e47ac 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -970,6 +970,17 @@ component_test_make_shared () { make SHARED=1 all check } +component_build_mbedtls_config_file () { + msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s + # Use the full config so as to catch a maximum of places where + # the check of MBEDTLS_CONFIG_FILE might be missing. + scripts/config.pl full + sed 's!"check_config.h"!"mbedtls/check_config.h"!' <"$CONFIG_H" >full_config.h + echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H" + make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" + rm -f full_config.h +} + component_test_m32_o0 () { # Build once with -O0, to compile out the i386 specific inline assembly msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s From 2c47ffc37f42e99526580fe020408b9681286d18 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jul 2019 20:43:05 +0200 Subject: [PATCH 02/17] Test that the shared library build with CMake works --- tests/scripts/all.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b276e47ac..70c4e4688 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -970,6 +970,13 @@ component_test_make_shared () { make SHARED=1 all check } +component_test_cmake_shared () { + msg "build/test: cmake shared" # ~ 2min + cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On . + make + make test +} + component_build_mbedtls_config_file () { msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s # Use the full config so as to catch a maximum of places where From dc25c32663b47a089700e5828746764018caa56c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jul 2019 20:43:32 +0200 Subject: [PATCH 03/17] Test that a shared library build produces a dynamically linked executable --- tests/scripts/all.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 70c4e4688..632300b9d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -968,12 +968,14 @@ component_test_aes_fewer_tables_and_rom_tables () { component_test_make_shared () { msg "build/test: make shared" # ~ 40s make SHARED=1 all check + ldd programs/util/strerror | grep libmbedcrypto } component_test_cmake_shared () { msg "build/test: cmake shared" # ~ 2min cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On . make + ldd programs/util/strerror | grep libmbedcrypto make test } From 2c5ef1143d206adfc91fe5a0d8d965e72df67400 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 19 Jul 2019 12:42:21 +0100 Subject: [PATCH 04/17] ECP restart: Don't calculate address of sub ctx if ctx is NULL All modules using restartable ECC operations support passing `NULL` as the restart context as a means to not use the feature. The restart contexts for ECDSA and ECP are nested, and when calling restartable ECP operations from restartable ECDSA operations, the address of the ECP restart context to use is calculated by adding the to the address of the ECDSA restart context the offset the of the ECP restart context. If the ECP restart context happens to not reside at offset `0`, this leads to a non-`NULL` pointer being passed to restartable ECP operations from restartable ECDSA-operations; those ECP operations will hence assume that the pointer points to a valid ECP restart address and likely run into a segmentation fault when trying to dereference the non-NULL but close-to-NULL address. The problem doesn't arise currently because luckily the ECP restart context has offset 0 within the ECDSA restart context, but we should not rely on it. This commit fixes the passage from restartable ECDSA to restartable ECP operations by propagating NULL as the restart context pointer. Apart from being fragile, the previous version could also lead to NULL pointer dereference failures in ASanDbg builds which dereferenced the ECDSA restart context even though it's not needed to calculate the address of the offset'ed ECP restart context. --- library/ecdsa.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ecdsa.c b/library/ecdsa.c index dc19384d6..58e1a5fce 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -172,11 +172,11 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx ) } #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ -#define ECDSA_RS_ECP &rs_ctx->ecp +#define ECDSA_RS_ECP ( rs_ctx == NULL ? NULL : &rs_ctx->ecp ) /* Utility macro for checking and updating ops budget */ #define ECDSA_BUDGET( ops ) \ - MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, &rs_ctx->ecp, ops ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, ECDSA_RS_ECP, ops ) ); /* Call this when entering a function that needs its own sub-context */ #define ECDSA_RS_ENTER( SUB ) do { \ From da2fb42f96cd21c22c80fd1dba66036067c9dcfb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 19 Jul 2019 12:52:08 +0100 Subject: [PATCH 05/17] Adapt ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 01da44389..0464c5120 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ Bugfix * Enable Suite B with subset of ECP curves. Make sure the code compiles even if some curves are not defined. Fixes #1591 reported by dbedev. * Fix misuse of signed arithmetic in the HAVEGE module. #2598 + * Fix propagation of restart contexts in restartable EC operations. + This could previously lead to segmentation faults in builds using an + address-sanitizer and enabling but not using MBEDTLS_ECP_RESTARTABLE. Changes * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h From fc41bd7f35f76c717a05f69f4495d3613dd09949 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Jun 2019 17:10:39 +0200 Subject: [PATCH 06/17] Don't call memset after calloc memset has undefined behavior when either pointer can be NULL, which is the case when it's the result of malloc/calloc with a size of 0. The memset calls here are useless anyway since they come immediately after calloc. --- tests/suites/test_suite_nist_kw.function | 8 -------- 1 file changed, 8 deletions(-) diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function index f1acde91a..9c34ea619 100644 --- a/tests/suites/test_suite_nist_kw.function +++ b/tests/suites/test_suite_nist_kw.function @@ -170,10 +170,6 @@ void nist_kw_plaintext_lengths( int in_len, int out_len, int mode, int res ) TEST_ASSERT( ciphertext != NULL ); } - memset( plaintext, 0, in_len ); - memset( ciphertext, 0, output_len ); - - TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof( key ), 1 ) == 0 ); @@ -225,10 +221,6 @@ void nist_kw_ciphertext_lengths( int in_len, int out_len, int mode, int res ) TEST_ASSERT( ciphertext != NULL ); } - memset( plaintext, 0, output_len ); - memset( ciphertext, 0, in_len ); - - TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof( key ), 0 ) == 0 ); unwrap_ret = mbedtls_nist_kw_unwrap( &ctx, mode, ciphertext, in_len, From f9c94b0bd6179e05428b79eac9256e79d85d3964 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 19 Jul 2019 17:24:55 +0200 Subject: [PATCH 07/17] Add ChangeLog entry for undefined behavior fix in test_suite_nist_kw --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 01da44389..4cfee379b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,7 @@ Bugfix * Enable Suite B with subset of ECP curves. Make sure the code compiles even if some curves are not defined. Fixes #1591 reported by dbedev. * Fix misuse of signed arithmetic in the HAVEGE module. #2598 + * Fix undefined memset(NULL) call in test_suite_nist_kw. Changes * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h From 0450eecfae1befcaec8e59a81be4ca3897782d24 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Jun 2019 19:31:29 +0200 Subject: [PATCH 08/17] entropy_nv_seed: clean up properly Call mbedtls_entropy_free on test failure. Restore the previous NV seed functions which the call to mbedtls_platform_set_nv_seed() changed. This didn't break anything, but only because the NV seed functions used for these tests happened to work for the tests that got executed later in the .data file. --- tests/suites/test_suite_entropy.function | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 5a41b9a52..03eee77de 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -306,6 +306,10 @@ void entropy_nv_seed( data_t * read_seed ) { mbedtls_sha512_context accumulator; mbedtls_entropy_context ctx; + int (*original_mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) = + mbedtls_nv_seed_read; + int (*original_mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ) = + mbedtls_nv_seed_write; unsigned char header[2]; unsigned char entropy[MBEDTLS_ENTROPY_BLOCK_SIZE]; @@ -372,7 +376,10 @@ void entropy_nv_seed( data_t * read_seed ) TEST_ASSERT( memcmp( check_seed, buffer_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); TEST_ASSERT( memcmp( check_entropy, entropy, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); +exit: mbedtls_entropy_free( &ctx ); + mbedtls_nv_seed_read = original_mbedtls_nv_seed_read; + mbedtls_nv_seed_write = original_mbedtls_nv_seed_write; } /* END_CASE */ From 756b3f2c25e72df930fe2f56520fdffce36df248 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Jun 2019 19:33:42 +0200 Subject: [PATCH 09/17] entropy_nv_seed: cope with SHA-256 This test case was only executed if the SHA-512 module was enabled and MBEDTLS_ENTROPY_FORCE_SHA256 was not enabled, so "config.pl full" didn't have a chance to reach it even if that enabled MBEDTLS_PLATFORM_NV_SEED_ALT. Now all it takes to enable this test is MBEDTLS_PLATFORM_NV_SEED_ALT and its requirements, and the near-ubiquitous MD module. --- tests/suites/test_suite_entropy.function | 59 +++++++++++++++--------- 1 file changed, 37 insertions(+), 22 deletions(-) diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 03eee77de..cf197323b 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -301,10 +301,19 @@ void entropy_nv_seed_std_io( ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT:MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ +/* BEGIN_CASE depends_on:MBEDTLS_MD_C:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT */ void entropy_nv_seed( data_t * read_seed ) { - mbedtls_sha512_context accumulator; +#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) + const mbedtls_md_info_t *md_info = + mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 ); +#elif defined(MBEDTLS_ENTROPY_SHA256_ACCUMULATOR) + const mbedtls_md_info_t *md_info = + mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ); +#else +#error "Unsupported entropy accumulator" +#endif + mbedtls_md_context_t accumulator; mbedtls_entropy_context ctx; int (*original_mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) = mbedtls_nv_seed_read; @@ -320,17 +329,14 @@ void entropy_nv_seed( data_t * read_seed ) memset( entropy, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); - memset( buffer_seed, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); memset( empty, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); memset( check_seed, 2, MBEDTLS_ENTROPY_BLOCK_SIZE ); memset( check_entropy, 3, MBEDTLS_ENTROPY_BLOCK_SIZE ); - // Set the initial NV seed to read - memcpy( buffer_seed, read_seed->x, read_seed->len ); - // Make sure we read/write NV seed from our buffers mbedtls_platform_set_nv_seed( buffer_nv_seed_read, buffer_nv_seed_write ); + mbedtls_md_init( &accumulator ); mbedtls_entropy_init( &ctx ); entropy_clear_sources( &ctx ); @@ -338,45 +344,54 @@ void entropy_nv_seed( data_t * read_seed ) MBEDTLS_ENTROPY_BLOCK_SIZE, MBEDTLS_ENTROPY_SOURCE_STRONG ) == 0 ); + // Set the initial NV seed to read + TEST_ASSERT( read_seed->len >= MBEDTLS_ENTROPY_BLOCK_SIZE ); + memcpy( buffer_seed, read_seed->x, MBEDTLS_ENTROPY_BLOCK_SIZE ); + // Do an entropy run TEST_ASSERT( mbedtls_entropy_func( &ctx, entropy, sizeof( entropy ) ) == 0 ); - // Determine what should have happened with manual entropy internal logic - // Only use the SHA-512 version to check // Init accumulator header[1] = MBEDTLS_ENTROPY_BLOCK_SIZE; - mbedtls_sha512_starts( &accumulator, 0 ); + TEST_ASSERT( mbedtls_md_setup( &accumulator, md_info, 0 ) == 0 ); // First run for updating write_seed header[0] = 0; - mbedtls_sha512_update( &accumulator, header, 2 ); - mbedtls_sha512_update( &accumulator, read_seed->x, read_seed->len ); - mbedtls_sha512_finish( &accumulator, buf ); + TEST_ASSERT( mbedtls_md_starts( &accumulator ) == 0 ); + TEST_ASSERT( mbedtls_md_update( &accumulator, header, 2 ) == 0 ); + TEST_ASSERT( mbedtls_md_update( &accumulator, + read_seed->x, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); + TEST_ASSERT( mbedtls_md_finish( &accumulator, buf ) == 0 ); - memset( &accumulator, 0, sizeof( mbedtls_sha512_context ) ); - mbedtls_sha512_starts( &accumulator, 0 ); - mbedtls_sha512_update( &accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); + TEST_ASSERT( mbedtls_md_starts( &accumulator ) == 0 ); + TEST_ASSERT( mbedtls_md_update( &accumulator, + buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); - mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, check_seed, 0 ); + TEST_ASSERT( mbedtls_md( md_info, buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + check_seed ) == 0 ); // Second run for actual entropy (triggers mbedtls_entropy_update_nv_seed) header[0] = MBEDTLS_ENTROPY_SOURCE_MANUAL; - mbedtls_sha512_update( &accumulator, header, 2 ); - mbedtls_sha512_update( &accumulator, empty, MBEDTLS_ENTROPY_BLOCK_SIZE ); + TEST_ASSERT( mbedtls_md_update( &accumulator, header, 2 ) == 0 ); + TEST_ASSERT( mbedtls_md_update( &accumulator, + empty, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); header[0] = 0; - mbedtls_sha512_update( &accumulator, header, 2 ); - mbedtls_sha512_update( &accumulator, check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ); - mbedtls_sha512_finish( &accumulator, buf ); + TEST_ASSERT( mbedtls_md_update( &accumulator, header, 2 ) == 0 ); + TEST_ASSERT( mbedtls_md_update( &accumulator, + check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); + TEST_ASSERT( mbedtls_md_finish( &accumulator, buf ) == 0 ); - mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, check_entropy, 0 ); + TEST_ASSERT( mbedtls_md( md_info, buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + check_entropy ) == 0 ); // Check result of both NV file and entropy received with the manual calculations TEST_ASSERT( memcmp( check_seed, buffer_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); TEST_ASSERT( memcmp( check_entropy, entropy, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); exit: + mbedtls_md_free( &accumulator ); mbedtls_entropy_free( &ctx ); mbedtls_nv_seed_read = original_mbedtls_nv_seed_read; mbedtls_nv_seed_write = original_mbedtls_nv_seed_write; From 5bdae19778affae422a3f382c1cbc175095b243a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 19 Jul 2019 17:26:55 +0200 Subject: [PATCH 10/17] Add ChangeLog entry for entropy_nv_seed test case fix --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 4cfee379b..2de2911b5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,7 @@ Bugfix if some curves are not defined. Fixes #1591 reported by dbedev. * Fix misuse of signed arithmetic in the HAVEGE module. #2598 * Fix undefined memset(NULL) call in test_suite_nist_kw. + * Make NV seed test support MBEDTLS_ENTROPY_FORCE_SHA256. Changes * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h From 77a2916bbd02ba9186237e3137bb519fcc9966a1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 3 Aug 2019 14:08:46 +0200 Subject: [PATCH 11/17] Changelog entry for test certificates update --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 01da44389..3301ab5a1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,8 @@ Bugfix * Enable Suite B with subset of ECP curves. Make sure the code compiles even if some curves are not defined. Fixes #1591 reported by dbedev. * Fix misuse of signed arithmetic in the HAVEGE module. #2598 + * Update test certificates that were about to expire. Reported by + Bernhard M. Wiedemann in #2357. Changes * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h From a6901796f66d7d9638eddba5de3281bc604f95cf Mon Sep 17 00:00:00 2001 From: Aurelien Jarno Date: Sat, 3 Nov 2018 00:46:06 +0100 Subject: [PATCH 12/17] bn_mul.h: require at least ARMv6 to enable the ARM DSP code Commit 16b1bd89326e "bn_mul.h: add ARM DSP optimized MULADDC code" added some ARM DSP instructions that was assumed to always be available when __ARM_FEATURE_DSP is defined to 1. Unfortunately it appears that the ARMv5TE architecture (GCC flag -march=armv5te) supports the DSP instructions, but only in Thumb mode and not in ARM mode, despite defining __ARM_FEATURE_DSP in both cases. This patch fixes the build issue by requiring at least ARMv6 in addition to the DSP feature. --- include/mbedtls/bn_mul.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h index c33bd8d4a..748975ea5 100644 --- a/include/mbedtls/bn_mul.h +++ b/include/mbedtls/bn_mul.h @@ -642,7 +642,8 @@ "r6", "r7", "r8", "r9", "cc" \ ); -#elif defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) +#elif (__ARM_ARCH >= 6) && \ + defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) #define MULADDC_INIT \ asm( From 9ff53ffbdaf29c7cc484dce594fdf8c7154fdbc4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 5 Aug 2019 11:34:11 +0200 Subject: [PATCH 13/17] Add changelog entry for ARM assembly fix --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 01da44389..035e9b627 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ Bugfix * Enable Suite B with subset of ECP curves. Make sure the code compiles even if some curves are not defined. Fixes #1591 reported by dbedev. * Fix misuse of signed arithmetic in the HAVEGE module. #2598 + * Fix the build on ARMv5TE in ARM mode to not use assembly instructions + that are only available in Thumb mode. Fix contributed by Aurelien Jarno + in #2169. Changes * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h From 0bd284dc51a7251dfabd6537f15fc8f6d2abd59d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 5 Aug 2019 11:34:25 +0200 Subject: [PATCH 14/17] Add a build on ARMv5TE in ARM mode Non-regression test for "bn_mul.h: require at least ARMv6 to enable the ARM DSP code" --- tests/scripts/all.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0a7439790..233a51e8f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1080,6 +1080,12 @@ component_build_arm_none_eabi_gcc () { make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib } +component_build_arm_none_eabi_gcc_armel () { + msg "build: arm-none-eabi-gcc, make" # ~ 10s + scripts/config.pl baremetal + make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar CFLAGS='-Werror -Wall -Wextra -march=armv5te' LDFLAGS='-march=armv5te' SHELL='sh -x' lib +} + component_build_arm_none_eabi_gcc_no_udbl_division () { msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s scripts/config.pl baremetal From e07b9ff2d93c016f1cfe728e1c14c70cd1ae76b3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 8 Aug 2019 16:09:02 +0200 Subject: [PATCH 15/17] Switch armel build to -Os Without any -O option, the default is -O0, and then the assembly code is not used, so this would not be a non-regression test for the assembly code that doesn't build. --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 233a51e8f..0c74331ee 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1081,9 +1081,9 @@ component_build_arm_none_eabi_gcc () { } component_build_arm_none_eabi_gcc_armel () { - msg "build: arm-none-eabi-gcc, make" # ~ 10s + msg "build: arm-none-eabi-gcc -march=arm5vte, make" # ~ 10s scripts/config.pl baremetal - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar CFLAGS='-Werror -Wall -Wextra -march=armv5te' LDFLAGS='-march=armv5te' SHELL='sh -x' lib + make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib } component_build_arm_none_eabi_gcc_no_udbl_division () { From 560f332dd237c50524e0a080e890bce1a89fa19e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 9 Aug 2019 16:05:05 +0200 Subject: [PATCH 16/17] Document the rationale for the armel build Call the component xxx_arm5vte, because that's what it does. Explain "armel", and more generally why this component exists, in a comment. --- tests/scripts/all.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0c74331ee..d307100cd 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1080,9 +1080,14 @@ component_build_arm_none_eabi_gcc () { make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib } -component_build_arm_none_eabi_gcc_armel () { +component_build_arm_none_eabi_gcc_arm5vte () { msg "build: arm-none-eabi-gcc -march=arm5vte, make" # ~ 10s scripts/config.pl baremetal + # Build for a target platform that's close to what Debian uses + # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). + # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments. + # It would be better to build with arm-linux-gnueabi-gcc but + # we don't have that on our CI at this time. make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib } From e30c09198ca7d402041bb0d2c5f1d6f0bfb09673 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 10 Aug 2019 17:38:34 +0200 Subject: [PATCH 17/17] Exclude DTLS 1.2 only with older OpenSSL compat.sh used to skip OpenSSL altogether for DTLS 1.2, because older versions of OpenSSL didn't support it. But these days it is supported. We don't want to use DTLS 1.2 with OpenSSL unconditionally, because we still use legacy versions of OpenSSL to test with legacy ciphers. So check whether the version we're using supports it. --- tests/compat.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 80c2d31a3..54bc0b7d1 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -216,14 +216,13 @@ filter_ciphersuites() G_CIPHERS=$( filter "$G_CIPHERS" ) fi - # OpenSSL 1.0.1h doesn't support DTLS 1.2 - if [ `minor_ver "$MODE"` -ge 3 ] && is_dtls "$MODE"; then + # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check what OpenSSL + # supports from the s_server help. (The s_client help isn't + # accurate as of 1.0.2g: it supports DTLS 1.2 but doesn't list it. + # But the s_server help seems to be accurate.) + if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$MODE "; then + M_CIPHERS="" O_CIPHERS="" - case "$PEER" in - [Oo]pen*) - M_CIPHERS="" - ;; - esac fi # For GnuTLS client -> mbed TLS server,