From 8954d0c274fedb54f416d65255d61fb8b3e909f8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 Sep 2018 13:51:25 +0200 Subject: [PATCH 01/16] Write documentation for TEST_ASSERT --- tests/suites/helpers.function | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 32b1b790d..ad219ab63 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -69,6 +69,18 @@ typedef struct data_tag /*----------------------------------------------------------------------------*/ /* Macros */ +/** Evaluate an expression and fail the test case if it is false. + * + * Failing the test means: + * - Mark this test case as failed. + * - Print a message identifying the failure. + * - Jump to the \c exit label. + * + * This macro expands to an instruction, not an expression. + * It may jump to the \c exit label. + * + * \param TEST The expression to evaluate. + */ #define TEST_ASSERT( TEST ) \ do { \ if( ! (TEST) ) \ From b75125c5ff2989f83b59d1259a0603d520783949 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 Sep 2018 13:52:16 +0200 Subject: [PATCH 02/16] New macro ASSERT_ALLOC to allocate memory in tests The new macro ASSERT_ALLOC allocates memory with mbedtls_calloc and fails the test if the allocation fails. It outputs a null pointer if the requested size is 0. It is meant to replace existing calls to mbedtls_calloc. --- tests/suites/helpers.function | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index ad219ab63..0a4cf8737 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -90,6 +90,37 @@ typedef struct data_tag } \ } while( 0 ) +/** Allocate memory dynamically and fail the test case if this fails. + * + * You must set \p pointer to \c NULL before calling this macro and + * put `mbedtls_free( pointer )` in the test's cleanup code. + * + * If \p size is zero, the resulting \p pointer will be \c NULL. + * This is usually what we want in tests since API functions are + * supposed to accept null pointers when a buffer size is zero. + * + * This macro expands to an instruction, not an expression. + * It may jump to the \c exit label. + * + * \param pointer An lvalue where the address of the allocated buffer + * will be stored. + * This expression may be evaluated multiple times. + * \param size Buffer size to allocate in bytes. + * This expression may be evaluated multiple times. + * + */ +#define ASSERT_ALLOC( pointer, size ) \ + do \ + { \ + TEST_ASSERT( ( pointer ) == NULL ); \ + if( ( size ) != 0 ) \ + { \ + ( pointer ) = mbedtls_calloc( 1, ( size ) ); \ + TEST_ASSERT( ( pointer ) != NULL ); \ + } \ + } \ + while( 0 ) + #define assert(a) if( !( a ) ) \ { \ mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ From 8cebbba7e6509d58a29aecdae7f45361b1372d0d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 Sep 2018 13:54:18 +0200 Subject: [PATCH 03/16] Use ASSERT_ALLOC instead of mbedtls_calloc in PSA tests This commit resolves a bug whereby some test cases failed on systems where mbedtls_calloc returns NULL when the size of 0, because the test case asserted `pointer != NULL` regardless of the size. --- tests/suites/test_suite_psa_crypto.function | 103 +++++++------------- 1 file changed, 37 insertions(+), 66 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 81ddee003..a55cfc7ac 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -703,8 +703,7 @@ static int exercise_export_key( psa_key_slot_t slot, } exported_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits ); - exported = mbedtls_calloc( 1, exported_size ); - TEST_ASSERT( exported != NULL ); + ASSERT_ALLOC( exported, exported_size ); TEST_ASSERT( psa_export_key( slot, exported, exported_size, @@ -737,8 +736,7 @@ static int exercise_export_public_key( psa_key_slot_t slot ) public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type ); exported_size = PSA_KEY_EXPORT_MAX_SIZE( public_type, bits ); - exported = mbedtls_calloc( 1, exported_size ); - TEST_ASSERT( exported != NULL ); + ASSERT_ALLOC( exported, exported_size ); TEST_ASSERT( psa_export_public_key( slot, exported, exported_size, @@ -898,13 +896,13 @@ void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg ) keypair ? PSA_KEY_TYPE_RSA_KEYPAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY; size_t buffer_size = /* Slight overapproximations */ keypair ? bits * 9 / 16 + 80 : bits / 8 + 20; - unsigned char *buffer = mbedtls_calloc( 1, buffer_size ); + unsigned char *buffer = NULL; unsigned char *p; int ret; size_t length; TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); - TEST_ASSERT( buffer != NULL ); + ASSERT_ALLOC( buffer, buffer_size ); TEST_ASSERT( ( ret = construct_fake_rsa_key( buffer, buffer_size, &p, bits, keypair ) ) >= 0 ); @@ -950,13 +948,9 @@ void import_export( data_t *data, TEST_ASSERT( data != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) ); export_size = (ptrdiff_t) data->len + export_size_delta; - exported = mbedtls_calloc( 1, export_size ); - TEST_ASSERT( export_size == 0 || exported != NULL ); + ASSERT_ALLOC( exported, export_size ); if( ! canonical_input ) - { - reexported = mbedtls_calloc( 1, export_size ); - TEST_ASSERT( export_size == 0 || reexported != NULL ); - } + ASSERT_ALLOC( reexported, export_size ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); @@ -1054,8 +1048,7 @@ void import_export_public_key( data_t *data, TEST_ASSERT( data != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) ); export_size = (ptrdiff_t) data->len; - exported = mbedtls_calloc( 1, export_size ); - TEST_ASSERT( exported != NULL ); + ASSERT_ALLOC( exported, export_size ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -1367,8 +1360,7 @@ void asymmetric_encryption_key_policy( int policy_usage, &key_bits ) == PSA_SUCCESS ); buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, exercise_alg ); - buffer = mbedtls_calloc( 1, buffer_length ); - TEST_ASSERT( buffer != NULL ); + ASSERT_ALLOC( buffer, buffer_length ); status = psa_asymmetric_encrypt( key_slot, exercise_alg, NULL, 0, @@ -1786,8 +1778,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, iv, iv_size ) == PSA_SUCCESS ); output_buffer_size = (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); - output = mbedtls_calloc( 1, output_buffer_size ); - TEST_ASSERT( output != NULL ); + ASSERT_ALLOC( output, output_buffer_size ); TEST_ASSERT( psa_cipher_update( &operation, input->x, input->len, @@ -1861,8 +1852,7 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, iv, sizeof( iv ) ) == PSA_SUCCESS ); output_buffer_size = (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); - output = mbedtls_calloc( 1, output_buffer_size ); - TEST_ASSERT( output != NULL ); + ASSERT_ALLOC( output, output_buffer_size ); TEST_ASSERT( (unsigned int) first_part_size < input->len ); TEST_ASSERT( psa_cipher_update( &operation, input->x, first_part_size, @@ -1940,8 +1930,7 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, output_buffer_size = (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); - output = mbedtls_calloc( 1, output_buffer_size ); - TEST_ASSERT( output != NULL ); + ASSERT_ALLOC( output, output_buffer_size ); TEST_ASSERT( (unsigned int) first_part_size < input->len ); TEST_ASSERT( psa_cipher_update( &operation, @@ -2020,8 +2009,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, output_buffer_size = (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); - output = mbedtls_calloc( 1, output_buffer_size ); - TEST_ASSERT( output != NULL ); + ASSERT_ALLOC( output, output_buffer_size ); TEST_ASSERT( psa_cipher_update( &operation, input->x, input->len, @@ -2096,8 +2084,7 @@ void cipher_verify_output( int alg_arg, int key_type_arg, &iv_length ) == PSA_SUCCESS ); output1_size = (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); - output1 = mbedtls_calloc( 1, output1_size ); - TEST_ASSERT( output1 != NULL ); + ASSERT_ALLOC( output1, output1_size ); TEST_ASSERT( psa_cipher_update( &operation1, input->x, input->len, output1, output1_size, @@ -2111,8 +2098,7 @@ void cipher_verify_output( int alg_arg, int key_type_arg, TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS ); output2_size = output1_length; - output2 = mbedtls_calloc( 1, output2_size ); - TEST_ASSERT( output2 != NULL ); + ASSERT_ALLOC( output2, output2_size ); TEST_ASSERT( psa_cipher_set_iv( &operation2, iv, iv_length ) == PSA_SUCCESS ); @@ -2188,8 +2174,7 @@ void cipher_verify_output_multipart( int alg_arg, &iv_length ) == PSA_SUCCESS ); output1_buffer_size = (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); - output1 = mbedtls_calloc( 1, output1_buffer_size ); - TEST_ASSERT( output1 != NULL ); + ASSERT_ALLOC( output1, output1_buffer_size ); TEST_ASSERT( (unsigned int) first_part_size < input->len ); @@ -2214,8 +2199,7 @@ void cipher_verify_output_multipart( int alg_arg, TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS ); output2_buffer_size = output1_length; - output2 = mbedtls_calloc( 1, output2_buffer_size ); - TEST_ASSERT( output2 != NULL ); + ASSERT_ALLOC( output2, output2_buffer_size ); TEST_ASSERT( psa_cipher_set_iv( &operation2, iv, iv_length ) == PSA_SUCCESS ); @@ -2282,8 +2266,7 @@ void aead_encrypt_decrypt( int key_type_arg, TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) ); output_size = input_data->len + tag_length; - output_data = mbedtls_calloc( 1, output_size ); - TEST_ASSERT( output_data != NULL ); + ASSERT_ALLOC( output_data, output_size ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -2306,8 +2289,7 @@ void aead_encrypt_decrypt( int key_type_arg, if( PSA_SUCCESS == expected_result ) { - output_data2 = mbedtls_calloc( 1, output_length ); - TEST_ASSERT( output_data2 != NULL ); + ASSERT_ALLOC( output_data2, output_length ); TEST_ASSERT( psa_aead_decrypt( slot, alg, nonce->x, nonce->len, @@ -2356,8 +2338,7 @@ void aead_encrypt( int key_type_arg, data_t * key_data, TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_result->len ) ); output_size = input_data->len + tag_length; - output_data = mbedtls_calloc( 1, output_size ); - TEST_ASSERT( output_data != NULL ); + ASSERT_ALLOC( output_data, output_size ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -2414,8 +2395,7 @@ void aead_decrypt( int key_type_arg, data_t * key_data, TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_data->len ) ); output_size = input_data->len + tag_length; - output_data = mbedtls_calloc( 1, output_size ); - TEST_ASSERT( output_data != NULL ); + ASSERT_ALLOC( output_data, output_size ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -2503,8 +2483,7 @@ void sign_deterministic( int key_type_arg, data_t *key_data, key_bits, alg ); TEST_ASSERT( signature_size != 0 ); TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE ); - signature = mbedtls_calloc( 1, signature_size ); - TEST_ASSERT( signature != NULL ); + ASSERT_ALLOC( signature, signature_size ); /* Perform the signature. */ TEST_ASSERT( psa_asymmetric_sign( slot, alg, @@ -2543,8 +2522,7 @@ void sign_fail( int key_type_arg, data_t *key_data, TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) ); - signature = mbedtls_calloc( 1, signature_size ); - TEST_ASSERT( signature != NULL ); + ASSERT_ALLOC( signature, signature_size ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -2608,8 +2586,7 @@ void sign_verify( int key_type_arg, data_t *key_data, key_bits, alg ); TEST_ASSERT( signature_size != 0 ); TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE ); - signature = mbedtls_calloc( 1, signature_size ); - TEST_ASSERT( signature != NULL ); + ASSERT_ALLOC( signature, signature_size ); /* Perform the signature. */ TEST_ASSERT( psa_asymmetric_sign( slot, alg, @@ -2764,8 +2741,7 @@ void asymmetric_encrypt( int key_type_arg, NULL, &key_bits ) == PSA_SUCCESS ); output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg ); - output = mbedtls_calloc( 1, output_size ); - TEST_ASSERT( output_size == 0 || output != NULL ); + ASSERT_ALLOC( output, output_size ); /* Encrypt the input */ actual_status = psa_asymmetric_encrypt( slot, alg, @@ -2840,11 +2816,9 @@ void asymmetric_encrypt_decrypt( int key_type_arg, NULL, &key_bits ) == PSA_SUCCESS ); output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg ); - output = mbedtls_calloc( 1, output_size ); - TEST_ASSERT( output != NULL ); + ASSERT_ALLOC( output, output_size ); output2_size = input_data->len; - output2 = mbedtls_calloc( 1, output2_size ); - TEST_ASSERT( output2 != NULL ); + ASSERT_ALLOC( output2, output2_size ); /* We test encryption by checking that encrypt-then-decrypt gives back * the original plaintext because of the non-optional random @@ -2899,8 +2873,7 @@ void asymmetric_decrypt( int key_type_arg, TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_data->len ) ); output_size = key_data->len; - output = mbedtls_calloc( 1, output_size ); - TEST_ASSERT( output != NULL ); + ASSERT_ALLOC( output, output_size ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -2968,8 +2941,7 @@ void asymmetric_decrypt_fail( int key_type_arg, TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) ); output_size = key_data->len; - output = mbedtls_calloc( 1, output_size ); - TEST_ASSERT( output != NULL ); + ASSERT_ALLOC( output, output_size ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -3082,8 +3054,7 @@ void derive_output( int alg_arg, if( output_sizes[i] == 0 ) expected_outputs[i] = NULL; } - output_buffer = mbedtls_calloc( 1, output_buffer_size ); - TEST_ASSERT( output_buffer != NULL ); + ASSERT_ALLOC( output_buffer, output_buffer_size ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); @@ -3292,13 +3263,13 @@ void derive_key_export( int alg_arg, size_t bytes2 = bytes2_arg; size_t capacity = bytes1 + bytes2; psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; - uint8_t *output_buffer = mbedtls_calloc( 1, capacity ); - uint8_t *export_buffer = mbedtls_calloc( 1, capacity ); + uint8_t *output_buffer = NULL; + uint8_t *export_buffer = NULL; psa_key_policy_t policy; size_t length; - TEST_ASSERT( output_buffer != NULL ); - TEST_ASSERT( export_buffer != NULL ); + ASSERT_ALLOC( output_buffer, capacity ); + ASSERT_ALLOC( export_buffer, capacity ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); @@ -3362,13 +3333,13 @@ void generate_random( int bytes_arg ) { size_t bytes = bytes_arg; const unsigned char trail[] = "don't overwrite me"; - unsigned char *output = mbedtls_calloc( 1, bytes + sizeof( trail ) ); - unsigned char *changed = mbedtls_calloc( 1, bytes ); + unsigned char *output = NULL; + unsigned char *changed = NULL; size_t i; unsigned run; - TEST_ASSERT( output != NULL ); - TEST_ASSERT( bytes == 0 || changed != NULL ); + ASSERT_ALLOC( output, bytes + sizeof( trail ) ); + ASSERT_ALLOC( changed, bytes ); memcpy( output + bytes, trail, sizeof( trail ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); From 3c22596d9b1d5d82e8eaff48c20f215c4f93ffc2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 Sep 2018 13:56:31 +0200 Subject: [PATCH 04/16] New macro ASSERT_COMPARE to compare two buffers ASSERT_COMPARE tests that the two buffers have the same size and content. The intended use is to replace TEST_ASSERT( size1 == size2 ) followed by memcmp on the content. Keep using memcmp when comparing two buffers that have the same size by construction. --- tests/suites/helpers.function | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 0a4cf8737..f416b3035 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -121,6 +121,27 @@ typedef struct data_tag } \ while( 0 ) +/** Compare two buffers and fail the test case if they differ. + * + * This macro expands to an instruction, not an expression. + * It may jump to the \c exit label. + * + * \param p1 Pointer to the start of the first buffer. + * \param size1 Size of the first buffer in bytes. + * This expression may be evaluated multiple times. + * \param p2 Pointer to the start of the second buffer. + * \param size2 Size of the second buffer in bytes. + * This expression may be evaluated multiple times. + */ +#define ASSERT_COMPARE( p1, size1, p2, size2 ) \ + do \ + { \ + TEST_ASSERT( ( size1 ) == ( size2 ) ); \ + if( ( size1 ) != 0 ) \ + TEST_ASSERT( memcmp( ( p1 ), ( p2 ), ( size1 ) ) == 0 ); \ + } \ + while( 0 ) + #define assert(a) if( !( a ) ) \ { \ mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ From bd7dea9e640dddccab75afecf4f739af5c36c9d8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 Sep 2018 13:57:19 +0200 Subject: [PATCH 05/16] Use ASSERT_COMPARE instead of memcmp in PSA tests This commit fixes some missing size comparison. In aead_encrypt_decrypt, aead_encrypt and aead_decrypt, the test code would not have noticed if the library function had reported an output length that was not the expected length. --- tests/suites/test_suite_psa_crypto.function | 79 ++++++++------------- 1 file changed, 31 insertions(+), 48 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index a55cfc7ac..ea1547e1f 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -419,8 +419,7 @@ static int is_oid_of_key_type( psa_key_type_t type, return( 0 ); } - TEST_ASSERT( oid_length == expected_oid_length ); - TEST_ASSERT( memcmp( oid, expected_oid, oid_length ) == 0 ); + ASSERT_COMPARE( expected_oid, expected_oid_length, oid, oid_length ); return( 1 ); exit: @@ -854,8 +853,7 @@ void fill_slots( int max_arg ) TEST_ASSERT( psa_export_key( slot, exported, sizeof( exported ), &exported_size ) == PSA_SUCCESS ); - TEST_ASSERT( exported_size == sizeof( slot ) ); - TEST_ASSERT( memcmp( exported, &slot, sizeof( slot ) ) == 0 ); + ASSERT_COMPARE( &slot, sizeof( slot ), exported, exported_size ); } exit: @@ -992,10 +990,7 @@ void import_export( data_t *data, goto exit; if( canonical_input ) - { - TEST_ASSERT( exported_length == data->len ); - TEST_ASSERT( memcmp( exported, data->x, data->len ) == 0 ); - } + ASSERT_COMPARE( data->x, data->len, exported, exported_length ); else { TEST_ASSERT( psa_set_key_policy( slot2, &policy ) == PSA_SUCCESS ); @@ -1007,9 +1002,8 @@ void import_export( data_t *data, reexported, export_size, &reexported_length ) == PSA_SUCCESS ); - TEST_ASSERT( reexported_length == exported_length ); - TEST_ASSERT( memcmp( reexported, exported, - exported_length ) == 0 ); + ASSERT_COMPARE( exported, exported_length, + reexported, reexported_length ); } destroy: @@ -1580,9 +1574,8 @@ void hash_finish( int alg_arg, data_t *input, data_t *expected_hash ) TEST_ASSERT( psa_hash_finish( &operation, actual_hash, sizeof( actual_hash ), &actual_hash_length ) == PSA_SUCCESS ); - TEST_ASSERT( actual_hash_length == expected_hash->len ); - TEST_ASSERT( memcmp( expected_hash->x, actual_hash, - expected_hash->len ) == 0 ); + ASSERT_COMPARE( expected_hash->x, expected_hash->len, + actual_hash, actual_hash_length ); exit: mbedtls_psa_crypto_free( ); @@ -1795,9 +1788,8 @@ void cipher_encrypt( int alg_arg, int key_type_arg, if( expected_status == PSA_SUCCESS ) { TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS ); - TEST_ASSERT( total_output_length == expected_output->len ); - TEST_ASSERT( memcmp( expected_output->x, output, - expected_output->len ) == 0 ); + ASSERT_COMPARE( expected_output->x, expected_output->len, + output, total_output_length ); } exit: @@ -1872,9 +1864,8 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, total_output_length += function_output_length; TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS ); - TEST_ASSERT( total_output_length == expected_output->len ); - TEST_ASSERT( memcmp( expected_output->x, output, - expected_output->len ) == 0 ); + ASSERT_COMPARE( expected_output->x, expected_output->len, + output, total_output_length ); exit: mbedtls_free( output ); @@ -1951,9 +1942,8 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, total_output_length += function_output_length; TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS ); - TEST_ASSERT( total_output_length == expected_output->len ); - TEST_ASSERT( memcmp( expected_output->x, output, - expected_output->len ) == 0 ); + ASSERT_COMPARE( expected_output->x, expected_output->len, + output, total_output_length ); exit: mbedtls_free( output ); @@ -2026,9 +2016,8 @@ void cipher_decrypt( int alg_arg, int key_type_arg, if( expected_status == PSA_SUCCESS ) { TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS ); - TEST_ASSERT( total_output_length == expected_output->len ); - TEST_ASSERT( memcmp( expected_output->x, output, - expected_output->len ) == 0 ); + ASSERT_COMPARE( expected_output->x, expected_output->len, + output, total_output_length ); } exit: @@ -2115,8 +2104,7 @@ void cipher_verify_output( int alg_arg, int key_type_arg, TEST_ASSERT( psa_cipher_abort( &operation2 ) == PSA_SUCCESS ); - TEST_ASSERT( input->len == output2_length ); - TEST_ASSERT( memcmp( input->x, output2, input->len ) == 0 ); + ASSERT_COMPARE( input->x, input->len, output2, output2_length ); exit: mbedtls_free( output1 ); @@ -2224,8 +2212,7 @@ void cipher_verify_output_multipart( int alg_arg, TEST_ASSERT( psa_cipher_abort( &operation2 ) == PSA_SUCCESS ); - TEST_ASSERT( input->len == output2_length ); - TEST_ASSERT( memcmp( input->x, output2, input->len ) == 0 ); + ASSERT_COMPARE( input->x, input->len, output2, output2_length ); exit: mbedtls_free( output1 ); @@ -2299,8 +2286,8 @@ void aead_encrypt_decrypt( int key_type_arg, output_data2, output_length, &output_length2 ) == expected_result ); - TEST_ASSERT( memcmp( input_data->x, output_data2, - input_data->len ) == 0 ); + ASSERT_COMPARE( input_data->x, input_data->len, + output_data2, output_length2 ); } exit: @@ -2357,8 +2344,8 @@ void aead_encrypt( int key_type_arg, data_t * key_data, output_data, output_size, &output_length ) == PSA_SUCCESS ); - TEST_ASSERT( memcmp( output_data, expected_result->x, - output_length ) == 0 ); + ASSERT_COMPARE( expected_result->x, expected_result->len, + output_data, output_length ); exit: psa_destroy_key( slot ); @@ -2416,10 +2403,8 @@ void aead_decrypt( int key_type_arg, data_t * key_data, &output_length ) == expected_result ); if( expected_result == PSA_SUCCESS ) - { - TEST_ASSERT( memcmp( output_data, expected_data->x, - output_length ) == 0 ); - } + ASSERT_COMPARE( expected_data->x, expected_data->len, + output_data, output_length ); exit: psa_destroy_key( slot ); @@ -2491,9 +2476,8 @@ void sign_deterministic( int key_type_arg, data_t *key_data, signature, signature_size, &signature_length ) == PSA_SUCCESS ); /* Verify that the signature is what is expected. */ - TEST_ASSERT( signature_length == output_data->len ); - TEST_ASSERT( memcmp( signature, output_data->x, - output_data->len ) == 0 ); + ASSERT_COMPARE( output_data->x, output_data->len, + signature, signature_length ); exit: psa_destroy_key( slot ); @@ -2837,9 +2821,8 @@ void asymmetric_encrypt_decrypt( int key_type_arg, label->x, label->len, output2, output2_size, &output2_length ) == PSA_SUCCESS ); - TEST_ASSERT( output2_length == input_data->len ); - TEST_ASSERT( memcmp( input_data->x, output2, - input_data->len ) == 0 ); + ASSERT_COMPARE( input_data->x, input_data->len, + output2, output2_length ); exit: psa_destroy_key( slot ); @@ -2891,8 +2874,8 @@ void asymmetric_decrypt( int key_type_arg, output, output_size, &output_length ) == PSA_SUCCESS ); - TEST_ASSERT( expected_data->len == output_length ); - TEST_ASSERT( memcmp( expected_data->x, output, output_length ) == 0 ); + ASSERT_COMPARE( expected_data->x, expected_data->len, + output, output_length ); /* If the label is empty, the test framework puts a non-null pointer * in label->x. Test that a null pointer works as well. */ @@ -2906,8 +2889,8 @@ void asymmetric_decrypt( int key_type_arg, output, output_size, &output_length ) == PSA_SUCCESS ); - TEST_ASSERT( expected_data->len == output_length ); - TEST_ASSERT( memcmp( expected_data->x, output, output_length ) == 0 ); + ASSERT_COMPARE( expected_data->x, expected_data->len, + output, output_length ); } exit: From 79722b06725113fcd1c5381d77b8eabf957d65aa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Sep 2018 15:46:41 +0200 Subject: [PATCH 06/16] Fix incorrect test dependencies for MBEDTLS_PKCS1_V21 --- tests/suites/test_suite_psa_crypto.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 38c5fee98..0319782fa 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -691,7 +691,7 @@ depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW PSA import/exercise RSA keypair, PSS-SHA-256 -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256) PSA import/exercise RSA public key, PKCS#1 v1.5 raw @@ -699,7 +699,7 @@ depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 import_and_exercise_key:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW PSA import/exercise RSA public key, PSS-SHA-256 -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C import_and_exercise_key:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256) PSA import/exercise: ECP SECP256R1 keypair, ECDSA From a84f97c9bd6e96979f41266fa2a34d377b75ede9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Sep 2018 15:50:21 +0200 Subject: [PATCH 07/16] Update build script for tests after mbedcrypto exporter Update to the latest syntax changes of generate_test_code.py. This was missed in the rebase onto mbedtls-2.13. --- crypto/tests/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/tests/Makefile b/crypto/tests/Makefile index 2de5ffa7a..f76c1c0f8 100644 --- a/crypto/tests/Makefile +++ b/crypto/tests/Makefile @@ -41,7 +41,7 @@ $(C_FILES): %.c: suites/$$(func.$$*).function suites/%.data scripts/generate_tes -t suites/main_test.function \ -p suites/host_test.function \ -s suites \ - --help-file suites/helpers.function \ + --helpers-file suites/helpers.function \ -o . @@ -70,7 +70,7 @@ $(EMBEDDED_TESTS): embedded_%: suites/$$(func.$$*).function suites/%.data script -t suites/main_test.function \ -p suites/target_test.function \ -s suites \ - --help-file suites/helpers.function \ + --helpers-file suites/helpers.function \ -o ./TESTS/mbedcrypto/$* gen-embedded-test: $(EMBEDDED_TESTS) From 1596554c9930cbd1c5ef1f0e07196cfab192bcea Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Sep 2018 13:42:26 +0200 Subject: [PATCH 08/16] Fix "make WINDOWS_BUILD=1 clean" on non-Windows hosts The clean rule was not using the correct names for the compiled executable files. --- tests/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Makefile b/tests/Makefile index 4d2edd456..b6e49bf8a 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -105,7 +105,7 @@ $(BINARIES): %$(EXEXT): %.c $(DEP) clean: ifndef WINDOWS - rm -rf $(APPS) *.c *.datax TESTS + rm -rf $(BINARIES) *.c *.datax TESTS else del /Q /F *.c *.exe *.datax ifneq ($(wildcard TESTS/.*),) From 899c6521955ca6a8f505ef1d01c6efe541059e8f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Sep 2018 15:54:40 +0200 Subject: [PATCH 09/16] In keep-going mode, don't hard-fail on some auxiliary script Add record_status in front of the invocation of several scripts where it was missing. --- tests/scripts/all.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 996204662..a323d1553 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -436,25 +436,25 @@ OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \ ARMC6_CC="$ARMC6_CC" RUN_ARMCC="$RUN_ARMCC" scripts/output_env.sh msg "test: recursion.pl" # < 1s -tests/scripts/recursion.pl library/*.c +record_status tests/scripts/recursion.pl library/*.c msg "test: freshness of generated source files" # < 1s -tests/scripts/check-generated-files.sh +record_status tests/scripts/check-generated-files.sh msg "test: doxygen markup outside doxygen blocks" # < 1s -tests/scripts/check-doxy-blocks.pl +record_status tests/scripts/check-doxy-blocks.pl msg "test: check-files.py" # < 1s cleanup -tests/scripts/check-files.py +record_status tests/scripts/check-files.py msg "test/build: declared and exported names" # < 3s cleanup -tests/scripts/check-names.sh +record_status tests/scripts/check-names.sh msg "test: doxygen warnings" # ~ 3s cleanup -tests/scripts/doxygen.sh +record_status tests/scripts/doxygen.sh msg "test: Mbed Crypto exporter " # ~ 30s cleanup @@ -1079,10 +1079,10 @@ for optimization_flag in -O2 -O3 -Ofast -Os; do done msg "Lint: Python scripts" -tests/scripts/check-python-files.sh +record_status tests/scripts/check-python-files.sh msg "uint test: generate_test_code.py" -./tests/scripts/test_generate_test_code.py +record_status ./tests/scripts/test_generate_test_code.py ################################################################ #### Termination From 99ca35e968421d7ae0c5e3d93a9a2bd67da9386e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Sep 2018 17:49:57 +0200 Subject: [PATCH 10/16] Look for documentation only in specific directories Generate the documentation from include and doxygen/input only. Don't get snared by files containing Doxygen comments that lie in other directories such as tests, yotta, crypto/include, ... The only difference this makes in a fresh checkout is that the documentation no longer lists target_config.h. This file is from yotta, does not contain any Doxygen comment, and its inclusion in the rendered documentation was clearly an oversight. --- doxygen/mbedtls.doxyfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 43d6e6e72..5ad20d65b 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -664,7 +664,7 @@ WARN_LOGFILE = # directories like "/usr/src/myproject". Separate the files or directories # with spaces. -INPUT = .. +INPUT = ../include input # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is @@ -696,7 +696,7 @@ RECURSIVE = YES # Note that relative paths are relative to the directory from which doxygen is # run. -EXCLUDE = ../configs ../yotta/module +EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded From f7ab5ad13a4d1749c720c3db28c008343852e336 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Sep 2018 18:19:24 +0200 Subject: [PATCH 11/16] Skip calling memset when the size is 0 memset(NULL, c, 0) has undefined behavior, so don't do it. clang-asan complains. --- tests/suites/test_suite_psa_crypto.function | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ea1547e1f..59cc7166d 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1367,7 +1367,8 @@ void asymmetric_encryption_key_policy( int policy_usage, else TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED ); - memset( buffer, 0, buffer_length ); + if( buffer_length != 0 ) + memset( buffer, 0, buffer_length ); status = psa_asymmetric_decrypt( key_slot, exercise_alg, buffer, buffer_length, NULL, 0, @@ -2741,7 +2742,8 @@ void asymmetric_encrypt( int key_type_arg, if( label->len == 0 ) { output_length = ~0; - memset( output, 0, output_size ); + if( output_size != 0 ) + memset( output, 0, output_size ); actual_status = psa_asymmetric_encrypt( slot, alg, input_data->x, input_data->len, NULL, label->len, @@ -2882,7 +2884,8 @@ void asymmetric_decrypt( int key_type_arg, if( label->len == 0 ) { output_length = ~0; - memset( output, 0, output_size ); + if( output_size != 0 ) + memset( output, 0, output_size ); TEST_ASSERT( psa_asymmetric_decrypt( slot, alg, input_data->x, input_data->len, NULL, label->len, @@ -2949,7 +2952,8 @@ void asymmetric_decrypt_fail( int key_type_arg, if( label->len == 0 ) { output_length = ~0; - memset( output, 0, output_size ); + if( output_size != 0 ) + memset( output, 0, output_size ); actual_status = psa_asymmetric_decrypt( slot, alg, input_data->x, input_data->len, NULL, label->len, @@ -3332,7 +3336,8 @@ void generate_random( int bytes_arg ) * (2^(-8*number_of_runs)). */ for( run = 0; run < 10; run++ ) { - memset( output, 0, bytes ); + if( bytes != 0 ) + memset( output, 0, bytes ); TEST_ASSERT( psa_generate_random( output, bytes ) == PSA_SUCCESS ); /* Check that no more than bytes have been overwritten */ From 3e954cf84de6ae30697080782a8a493432fe3a1c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 Sep 2018 10:12:17 +0200 Subject: [PATCH 12/16] In keep-going mode, don't hard-fail on some tests Add if_build_succeeded in front of the invocation of some test runs where it was missing. --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a323d1553..a63b3fc27 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -539,10 +539,10 @@ msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s make test msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s -tests/ssl-opt.sh -f RSA +if_build_succeeded tests/ssl-opt.sh -f RSA msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min -tests/compat.sh -t RSA +if_build_succeeded tests/compat.sh -t RSA msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" cleanup From 3a33c01a98d8ed899f5e23ff54e6131a95b18615 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Thu, 27 Sep 2018 10:14:36 +0100 Subject: [PATCH 13/16] mbed_crypto: Always describe the current version Even with a shallow clone of the repo where there are no tags available to version with, don't error and instead show a unique abbreviated commit hash as fallback. --- scripts/mbed_crypto.make | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/mbed_crypto.make b/scripts/mbed_crypto.make index 5da57084d..c0e5a0531 100644 --- a/scripts/mbed_crypto.make +++ b/scripts/mbed_crypto.make @@ -213,7 +213,7 @@ crypto/%: % $(call rename_mbedcrypto,$@) crypto/VERSION.txt: FORCE - @git describe --tags --abbrev=12 --dirty > $@ + @git describe --tags --abbrev=12 --dirty --always > $@ mbedcrypto.tar.gz: $(LIB_FILES) $(INC_FILES) $(TEST_FILES) $(OTHER_FILES) @echo $@ From 2bb56095ec50c373b899a4614346e694678f271f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 Sep 2018 11:49:52 +0200 Subject: [PATCH 14/16] Remove redundant check in all.sh test -s can't fail if the subsequent grep succeeds. --- tests/scripts/all.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a63b3fc27..0bce2a886 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1071,7 +1071,6 @@ for optimization_flag in -O2 -O3 -Ofast -Os; do cleanup make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log - if_build_succeeded [ -s test_zeroize.log ] if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log if_build_succeeded not grep -i "error" test_zeroize.log rm -f test_zeroize.log From e04d4e6d13398f6cfd6d85df3f7563b551df1885 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 Sep 2018 11:50:24 +0200 Subject: [PATCH 15/16] Don't try to disable ASLR We don't need to disable ASLR, so don't try. If gdb tries but fails, the test runs normally, but all.sh then trips up because it sees `warning: Error disabling address space randomization: Operation not permitted` and interprets it as an error that indicates a test failure. --- tests/scripts/test_zeroize.gdb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 617ab5544..77c812a0b 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -41,6 +41,9 @@ # number does not need to be updated often. set confirm off +# We don't need to turn off ASLR, so don't try. +set disable-randomization off + file ./programs/test/zeroize break zeroize.c:100 From c426352ec5dfd48a4c7ac7db42d4c194a1ac8322 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Sep 2018 11:48:10 +0200 Subject: [PATCH 16/16] check-files: exclude .git and third-party files Exclude ".git" directories anywhere. This avoids spurious errors in git checkouts that contain branch names that look like a file check-files.py would check. Exclude "mbed-os" anywhere and "examples" from the root. Switch to the new mechanism to exclude "yotta/module". These are directories where we store third-party files that do not need to match our preferences. Exclude "cov-int" from the root. Fix #1691 --- tests/scripts/check-files.py | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index f560d0378..0fb2117a3 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -155,6 +155,12 @@ class IntegrityChecker(object): ".c", ".h", ".sh", ".pl", ".py", ".md", ".function", ".data", "Makefile", "CMakeLists.txt", "ChangeLog" ) + self.excluded_directories = ['.git', 'mbed-os'] + self.excluded_paths = list(map(os.path.normpath, [ + 'cov-int', + 'examples', + 'yotta/module' + ])) self.issues_to_check = [ PermissionIssueTracker(), EndOfFileNewlineIssueTracker(), @@ -179,12 +185,19 @@ class IntegrityChecker(object): console = logging.StreamHandler() self.logger.addHandler(console) + def prune_branch(self, root, d): + if d in self.excluded_directories: + return True + if os.path.normpath(os.path.join(root, d)) in self.excluded_paths: + return True + return False + def check_files(self): - for root, dirs, files in sorted(os.walk(".")): + for root, dirs, files in os.walk("."): + dirs[:] = sorted(d for d in dirs if not self.prune_branch(root, d)) for filename in sorted(files): filepath = os.path.join(root, filename) - if (os.path.join("yotta", "module") in filepath or - not filepath.endswith(self.files_to_check)): + if not filepath.endswith(self.files_to_check): continue for issue_to_check in self.issues_to_check: if issue_to_check.should_check_file(filepath):