Merge pull request #149 from gilles-peskine-arm/havege-asan-crypto
Fix misuse of signed ints in the HAVEGE module
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5d29839..c512ad62 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -5,6 +5,9 @@
project("mbed TLS" C)
endif()
+# Set the project root directory.
+set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
+
option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 61bc13d..6b2a850 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -2,6 +2,13 @@
option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)
+# Set the project root directory if it's not already defined, as may happen if
+# the library folder is included directly by a parent project, without
+# including the top level CMakeLists.txt.
+if(NOT DEFINED MBEDTLS_DIR)
+ set(MBEDTLS_DIR ${CMAKE_SOURCE_DIR})
+endif()
+
set(src_crypto
aes.c
aesni.c
@@ -72,9 +79,9 @@
if(USE_CRYPTO_SUBMODULE)
set(src_crypto
${src_crypto}
- ${CMAKE_SOURCE_DIR}/library/version.c
- ${CMAKE_SOURCE_DIR}/library/version_features.c
- ${CMAKE_SOURCE_DIR}/library/error.c
+ ${MBEDTLS_DIR}/library/version.c
+ ${MBEDTLS_DIR}/library/version_features.c
+ ${MBEDTLS_DIR}/library/error.c
)
else()
set(src_crypto
@@ -133,8 +140,8 @@
set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
target_link_libraries(${mbedcrypto_static_target} ${libs})
target_include_directories(${mbedcrypto_static_target}
- PUBLIC ${CMAKE_SOURCE_DIR}/include/
- PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/)
+ PUBLIC ${MBEDTLS_DIR}/include/
+ PUBLIC ${MBEDTLS_DIR}/crypto/include/)
install(TARGETS ${mbedcrypto_static_target}
DESTINATION ${LIB_INSTALL_DIR}
@@ -146,8 +153,8 @@
set_target_properties(mbedcrypto PROPERTIES VERSION 2.17.0 SOVERSION 3)
target_link_libraries(mbedcrypto ${libs})
target_include_directories(mbedcrypto
- PUBLIC ${CMAKE_SOURCE_DIR}/include/
- PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/)
+ PUBLIC ${MBEDTLS_DIR}/include/
+ PUBLIC ${MBEDTLS_DIR}/crypto/include/)
install(TARGETS mbedcrypto
DESTINATION ${LIB_INSTALL_DIR}
diff --git a/library/ecp.c b/library/ecp.c
index 03f5fef..ccc0788 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -2004,8 +2004,10 @@
* Make sure w is within bounds.
* (The last test is useful only for very small curves in the test suite.)
*/
+#if( MBEDTLS_ECP_WINDOW_SIZE < 6 )
if( w > MBEDTLS_ECP_WINDOW_SIZE )
w = MBEDTLS_ECP_WINDOW_SIZE;
+#endif
if( w >= grp->nbits )
w = 2;
diff --git a/programs/test/cmake_subproject/.gitignore b/programs/test/cmake_subproject/.gitignore
new file mode 100644
index 0000000..464833b
--- /dev/null
+++ b/programs/test/cmake_subproject/.gitignore
@@ -0,0 +1,3 @@
+build
+Makefile
+cmake_subproject
diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt
new file mode 100644
index 0000000..3afbdb2
--- /dev/null
+++ b/programs/test/cmake_subproject/CMakeLists.txt
@@ -0,0 +1,17 @@
+cmake_minimum_required(VERSION 2.6)
+
+# We use the parent Mbed TLS directory as the MBEDTLS_DIR for this test. Other
+# projects that use Mbed TLS as a subproject are likely to add by their own
+# relative paths.
+set(MBEDTLS_DIR ../../../)
+
+# Add Mbed TLS as a subdirectory.
+add_subdirectory(${MBEDTLS_DIR} build)
+
+# Link against the Mbed Crypto library.
+set(libs
+ mbedcrypto
+)
+
+add_executable(cmake_subproject cmake_subproject.c)
+target_link_libraries(cmake_subproject ${libs})
diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c
new file mode 100644
index 0000000..ca899bc
--- /dev/null
+++ b/programs/test/cmake_subproject/cmake_subproject.c
@@ -0,0 +1,56 @@
+/*
+ * Simple program to test that CMake builds with Mbed TLS as a subdirectory
+ * work correctly.
+ *
+ * Copyright (C) 2006-2019, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
+
+#include "mbedtls/version.h"
+
+/* The main reason to build this is for testing the CMake build, so the program
+ * doesn't need to do very much. It calls a single library function to ensure
+ * linkage works, but that is all. */
+int main()
+{
+ /* This version string is 18 bytes long, as advised by version.h. */
+ char version[18];
+
+ mbedtls_version_get_string_full( version );
+
+ mbedtls_printf( "Built against %s\n", version );
+
+ return( 0 );
+}
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 42d99d6..fd48a22 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -2,6 +2,13 @@
mbedcrypto
)
+# Set the project root directory if it's not already defined, as may happen if
+# the tests folder is included directly by a parent project, without including
+# the top level CMakeLists.txt.
+if(NOT DEFINED MBEDTLS_DIR)
+ set(MBEDTLS_DIR ${CMAKE_SOURCE_DIR})
+endif()
+
find_package(Perl)
if(NOT PERL_FOUND)
message(FATAL_ERROR "Cannot build test suites without Perl")
@@ -43,9 +50,9 @@
add_executable(${exe_name} test_suite_${data_name}.c)
target_link_libraries(${exe_name} ${libs})
target_include_directories(${exe_name}
- PUBLIC ${CMAKE_SOURCE_DIR}/include/
- PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/
- PRIVATE ${CMAKE_SOURCE_DIR}/crypto/library/)
+ PUBLIC ${MBEDTLS_DIR}/include/
+ PUBLIC ${MBEDTLS_DIR}/crypto/include/
+ PUBLIC ${MBEDTLS_DIR}/crypto/library/)
if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX})
message(STATUS "The test suite ${data_name} will not be executed.")
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index b38c7d4..3e3fab4 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -218,6 +218,11 @@
git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile
git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile
+ # Remove any artifacts from the component_test_cmake_as_subdirectory test.
+ rm -rf programs/test/cmake_subproject/build
+ rm -f programs/test/cmake_subproject/Makefile
+ rm -f programs/test/cmake_subproject/cmake_subproject
+
if [ -f "$CONFIG_BAK" ]; then
mv "$CONFIG_BAK" "$CONFIG_H"
fi
@@ -602,13 +607,23 @@
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On .
make
- msg "test: main suites (full config)" # ~ 5s
+ msg "test: main suites (full config, clang)" # ~ 5s
make test
- msg "test: psa_constant_names (full config)" # ~ 1s
+ msg "test: psa_constant_names (full config, clang)" # ~ 1s
record_status tests/scripts/test_psa_constant_names.py
}
+component_test_full_make_gcc_o0 () {
+ msg "build: make, full config, gcc -O0" # ~ 50s
+ scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ make CC=gcc CFLAGS='-O0'
+
+ msg "test: main suites (full config, gcc -O0)" # ~ 5s
+ make test
+}
+
component_build_deprecated () {
msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
scripts/config.pl full
@@ -1046,6 +1061,19 @@
unset MBEDTLS_ROOT_DIR
}
+component_test_cmake_as_subdirectory () {
+ msg "build: cmake 'as-subdirectory' build"
+ MBEDTLS_ROOT_DIR="$PWD"
+
+ cd programs/test/cmake_subproject
+ cmake .
+ make
+ if_build_succeeded ./cmake_subproject
+
+ cd "$MBEDTLS_ROOT_DIR"
+ unset MBEDTLS_ROOT_DIR
+}
+
component_test_zeroize () {
# Test that the function mbedtls_platform_zeroize() is not optimized away by
# different combinations of compilers and optimization flags by using an
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index b5bf7de..597e391 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -604,43 +604,6 @@
return( ok );
}
-static int is_oid_of_key_type( psa_key_type_t type,
- const uint8_t *oid, size_t oid_length )
-{
- const uint8_t *expected_oid = NULL;
- size_t expected_oid_length = 0;
-#if defined(MBEDTLS_RSA_C)
- if( PSA_KEY_TYPE_IS_RSA( type ) )
- {
- expected_oid = (uint8_t *) MBEDTLS_OID_PKCS1_RSA;
- expected_oid_length = sizeof( MBEDTLS_OID_PKCS1_RSA ) - 1;
- }
- else
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
- if( PSA_KEY_TYPE_IS_ECC( type ) )
- {
- expected_oid = (uint8_t *) MBEDTLS_OID_EC_ALG_UNRESTRICTED;
- expected_oid_length = sizeof( MBEDTLS_OID_EC_ALG_UNRESTRICTED ) - 1;
- }
- else
-#endif /* MBEDTLS_ECP_C */
- {
- char message[40];
- mbedtls_snprintf( message, sizeof( message ),
- "OID not known for key type=0x%08lx",
- (unsigned long) type );
- test_fail( message, __LINE__, __FILE__ );
- return( 0 );
- }
-
- ASSERT_COMPARE( expected_oid, expected_oid_length, oid, oid_length );
- return( 1 );
-
-exit:
- return( 0 );
-}
-
static int asn1_skip_integer( unsigned char **p, const unsigned char *end,
size_t min_bits, size_t max_bits,
int must_be_odd )
@@ -680,25 +643,6 @@
return( 0 );
}
-static int asn1_get_implicit_tag( unsigned char **p, const unsigned char *end,
- size_t *len,
- unsigned char n, unsigned char tag )
-{
- int ret;
- ret = mbedtls_asn1_get_tag( p, end, len,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED | ( n ) );
- if( ret != 0 )
- return( ret );
- end = *p + *len;
- ret = mbedtls_asn1_get_tag( p, end, len, tag );
- if( ret != 0 )
- return( ret );
- if( *p + *len != end )
- return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
- return( 0 );
-}
-
static int exported_key_sanity_check( psa_key_type_t type, size_t bits,
uint8_t *exported, size_t exported_length )
{