From 733676b97894cda2bc2bb565f32361e80a41df04 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Sat, 14 Nov 2015 13:09:01 +0000 Subject: [PATCH 01/48] Allow test suites to be run on Windows For a start, they don't even compile with Visual Studio due to strcasecmp being missing. Secondly, on Windows Perl scripts aren't executable and have to be run using the Perl interpreter directly; thankfully CMake is able to find cygwin Perl straight away without problems. --- tests/CMakeLists.txt | 7 ++++++- tests/suites/helpers.function | 2 ++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 1cca81830..23eb2a432 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -10,6 +10,11 @@ if(ENABLE_ZLIB_SUPPORT) set(libs ${libs} ${ZLIB_LIBRARIES}) endif(ENABLE_ZLIB_SUPPORT) +find_package(Perl) +if(NOT PERL_FOUND) + message(FATAL_ERROR "Cannot build test suites without Perl") +endif() + function(add_test_suite suite_name) if(ARGV1) set(data_name ${ARGV1}) @@ -19,7 +24,7 @@ function(add_test_suite suite_name) add_custom_command( OUTPUT test_suite_${data_name}.c - COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl ${CMAKE_CURRENT_SOURCE_DIR}/suites test_suite_${suite_name} test_suite_${data_name} + COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl ${CMAKE_CURRENT_SOURCE_DIR}/suites test_suite_${suite_name} test_suite_${data_name} DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl mbedtls suites/helpers.function suites/main_test.function suites/test_suite_${suite_name}.function suites/test_suite_${data_name}.data ) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 8f681dbd4..6af918cad 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -15,6 +15,8 @@ #ifdef _MSC_VER #include typedef UINT32 uint32_t; +#define strncasecmp _strnicmp +#define strcasecmp _stricmp #else #include #endif From 6c8edca2d41580e1ca9dcaf8fd4fba70670a19c9 Mon Sep 17 00:00:00 2001 From: James Cowgill Date: Thu, 17 Dec 2015 01:40:26 +0000 Subject: [PATCH 02/48] Fix build errors on x32 by using the generic 'add' instruction On x32 systems, pointers are 4-bytes wide and are therefore stored in %e?x registers (instead of %r?x registers). These registers must be accessed using "addl" instead of "addq", however the GNU assembler will acccept the generic "add" instruction and determine the correct opcode based on the registers passed to it. --- library/aesni.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/aesni.c b/library/aesni.c index 83a5868bd..1ca3c3ef5 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -100,7 +100,7 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, asm( "movdqu (%3), %%xmm0 \n\t" // load input "movdqu (%1), %%xmm1 \n\t" // load round key 0 "pxor %%xmm1, %%xmm0 \n\t" // round 0 - "addq $16, %1 \n\t" // point to next round key + "add $16, %1 \n\t" // point to next round key "subl $1, %0 \n\t" // normal rounds = nr - 1 "test %2, %2 \n\t" // mode? "jz 2f \n\t" // 0 = decrypt @@ -108,7 +108,7 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, "1: \n\t" // encryption loop "movdqu (%1), %%xmm1 \n\t" // load round key AESENC xmm1_xmm0 "\n\t" // do round - "addq $16, %1 \n\t" // point to next round key + "add $16, %1 \n\t" // point to next round key "subl $1, %0 \n\t" // loop "jnz 1b \n\t" "movdqu (%1), %%xmm1 \n\t" // load round key @@ -118,7 +118,7 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, "2: \n\t" // decryption loop "movdqu (%1), %%xmm1 \n\t" AESDEC xmm1_xmm0 "\n\t" // do round - "addq $16, %1 \n\t" + "add $16, %1 \n\t" "subl $1, %0 \n\t" "jnz 2b \n\t" "movdqu (%1), %%xmm1 \n\t" // load round key From 21e402a3aef100414546ac77a8093ea7c0e917c0 Mon Sep 17 00:00:00 2001 From: James Cowgill Date: Thu, 17 Dec 2015 01:51:09 +0000 Subject: [PATCH 03/48] Fix segfault on x32 by using better register constraints in bn_mul.h On x32, pointers are only 4-bytes wide and need to be loaded using the "movl" instruction instead of "movq" to avoid loading garbage into the register. The MULADDC routines for x86-64 are adjusted to work on x32 as well by getting gcc to load all the registers for us in advance (and storing them later) by using better register constraints. The b, c, D and S constraints correspond to the rbx, rcx, rdi and rsi registers respectively. --- include/mbedtls/bn_mul.h | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h index 5408d4146..71dd672c2 100644 --- a/include/mbedtls/bn_mul.h +++ b/include/mbedtls/bn_mul.h @@ -162,10 +162,6 @@ #define MULADDC_INIT \ asm( \ - "movq %3, %%rsi \n\t" \ - "movq %4, %%rdi \n\t" \ - "movq %5, %%rcx \n\t" \ - "movq %6, %%rbx \n\t" \ "xorq %%r8, %%r8 \n\t" #define MULADDC_CORE \ @@ -181,12 +177,9 @@ "addq $8, %%rdi \n\t" #define MULADDC_STOP \ - "movq %%rcx, %0 \n\t" \ - "movq %%rdi, %1 \n\t" \ - "movq %%rsi, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "rax", "rcx", "rdx", "rbx", "rsi", "rdi", "r8" \ + : "+c" (c), "+D" (d), "+S" (s) \ + : "b" (b) \ + : "rax", "rdx", "r8" \ ); #endif /* AMD64 */ From 00b78a9c54ab2c5c2941d395fd3202272d148b88 Mon Sep 17 00:00:00 2001 From: Alexey Skalozub Date: Wed, 13 Jan 2016 17:39:58 +0200 Subject: [PATCH 04/48] Move K inside MBEDTLS_SHA512_PROCESS_ALT block It is used only by `mbedtls_sha512_process()`, and in case `MBEDTLS_SHA512_PROCESS_ALT` is defined, it still cannot be reused because of `static` declaration. --- library/sha512.c | 95 ++++++++++++++++++++++++------------------------ 1 file changed, 48 insertions(+), 47 deletions(-) diff --git a/library/sha512.c b/library/sha512.c index af610bb43..0f9e1e535 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -89,53 +89,6 @@ static void mbedtls_zeroize( void *v, size_t n ) { } #endif /* PUT_UINT64_BE */ -/* - * Round constants - */ -static const uint64_t K[80] = -{ - UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD), - UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC), - UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019), - UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118), - UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE), - UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2), - UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1), - UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694), - UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3), - UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65), - UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483), - UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5), - UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210), - UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4), - UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725), - UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70), - UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926), - UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF), - UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8), - UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B), - UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001), - UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30), - UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910), - UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8), - UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53), - UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8), - UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB), - UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3), - UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60), - UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC), - UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9), - UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B), - UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207), - UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178), - UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6), - UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B), - UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493), - UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C), - UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A), - UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) -}; - void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_sha512_context ) ); @@ -192,6 +145,54 @@ void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ) } #if !defined(MBEDTLS_SHA512_PROCESS_ALT) + +/* + * Round constants + */ +static const uint64_t K[80] = +{ + UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD), + UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC), + UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019), + UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118), + UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE), + UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2), + UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1), + UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694), + UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3), + UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65), + UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483), + UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5), + UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210), + UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4), + UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725), + UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70), + UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926), + UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF), + UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8), + UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B), + UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001), + UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30), + UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910), + UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8), + UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53), + UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8), + UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB), + UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3), + UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60), + UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC), + UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9), + UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B), + UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207), + UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178), + UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6), + UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B), + UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493), + UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C), + UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A), + UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) +}; + void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ) { int i; From d19ea90f11c657db2c1a4232a40c460eb1a92400 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Tue, 26 Jan 2016 11:39:26 +0100 Subject: [PATCH 05/48] Fix handle leak in mbedtls_platform_entropy_poll() on Windows on error --- library/entropy_poll.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 25a27bef3..01bd58efc 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -61,7 +61,10 @@ int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len } if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE ) + { + CryptReleaseContext( provider, 0 ); return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + } CryptReleaseContext( provider, 0 ); *olen = len; From 2cc69fffcf431085f18f4e59c3c5188297f97b87 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Wed, 13 Apr 2016 11:44:29 +0100 Subject: [PATCH 06/48] Shut up a clang-analyzer warning The function appears to be safe, since grow() is called with sensible arguments in previous functions. Ideally Clang would be clever enough to realise this. Even if N has size MBEDTLS_MPI_MAX_LIMBS, which will cause the grow to fail, the affected lines in montmul won't be reached. Having this sanity check can hardly hurt though. --- library/bignum.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 7841bea43..81af57d5a 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1542,12 +1542,15 @@ static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ) /* * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) */ -static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, +static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) { size_t i, n, m; mbedtls_mpi_uint u0, u1, *d; + if( T->n < N->n + 1 || T->p == NULL ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + memset( T->p, 0, T->n * ciL ); d = T->p; @@ -1575,12 +1578,14 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi else /* prevent timing attacks */ mpi_sub_hlp( n, A->p, T->p ); + + return( 0 ); } /* * Montgomery reduction: A = A * R^-1 mod N */ -static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) +static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) { mbedtls_mpi_uint z = 1; mbedtls_mpi U; @@ -1588,7 +1593,7 @@ static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint U.n = U.s = (int) z; U.p = &z; - mpi_montmul( A, &U, N, mm, T ); + return( mpi_montmul( A, &U, N, mm, T ) ); } /* @@ -1665,13 +1670,13 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi else MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) ); - mpi_montmul( &W[1], &RR, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( &W[1], &RR, N, mm, &T ) ); /* * X = R^2 * R^-1 mod N = R mod N */ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) ); - mpi_montred( X, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) ); if( wsize > 1 ) { @@ -1684,7 +1689,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) ); for( i = 0; i < wsize - 1; i++ ) - mpi_montmul( &W[j], &W[j], N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( &W[j], &W[j], N, mm, &T ) ); /* * W[i] = W[i - 1] * W[1] @@ -1694,7 +1699,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) ); - mpi_montmul( &W[i], &W[1], N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( &W[i], &W[1], N, mm, &T ) ); } } @@ -1731,7 +1736,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi /* * out of window, square X */ - mpi_montmul( X, X, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); continue; } @@ -1749,12 +1754,12 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi * X = X^wsize R^-1 mod N */ for( i = 0; i < wsize; i++ ) - mpi_montmul( X, X, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); /* * X = X * W[wbits] R^-1 mod N */ - mpi_montmul( X, &W[wbits], N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( X, &W[wbits], N, mm, &T ) ); state--; nbits = 0; @@ -1767,18 +1772,18 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi */ for( i = 0; i < nbits; i++ ) { - mpi_montmul( X, X, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); wbits <<= 1; if( ( wbits & ( one << wsize ) ) != 0 ) - mpi_montmul( X, &W[1], N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( X, &W[1], N, mm, &T ) ); } /* * X = A^E * R * R^-1 mod N = A^E mod N */ - mpi_montred( X, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) ); if( neg ) { From 409401c044da02c84cb3ec5f4edb01d79a1f16a7 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Wed, 13 Apr 2016 11:48:25 +0100 Subject: [PATCH 07/48] Shut up a few clang-analyze warnings about use of uninitialized variables The functions are all safe, Clang just isn't clever enough to realise it. --- library/pkcs12.c | 2 +- library/rsa.c | 19 +++++++++++++++++-- programs/hash/generic_sum.c | 2 +- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/library/pkcs12.c b/library/pkcs12.c index 7023b9dbc..c603a1357 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -93,7 +93,7 @@ static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_ty unsigned char *key, size_t keylen, unsigned char *iv, size_t ivlen ) { - int ret, iterations; + int ret, iterations = 0; mbedtls_asn1_buf salt; size_t i; unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2]; diff --git a/library/rsa.c b/library/rsa.c index fba68ddfc..60559e2ac 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -797,7 +797,12 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int ret; size_t ilen, pad_count = 0, i; unsigned char *p, bad, pad_done = 0; +#ifdef __clang_analyzer__ + /* Shut up Clang, mbedtls_rsa_public/private writes to this */ + unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; +#else unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; +#endif if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1175,13 +1180,18 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, int ret; size_t siglen; unsigned char *p; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; unsigned char result[MBEDTLS_MD_MAX_SIZE]; unsigned char zeros[8]; unsigned int hlen; size_t slen, msb; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; +#ifdef __clang_analyzer__ + /* Shut up Clang, mbedtls_rsa_public/private writes to this */ + unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; +#else + unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; +#endif if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1320,10 +1330,15 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, int ret; size_t len, siglen, asn1_len; unsigned char *p, *end; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; mbedtls_md_type_t msg_md_alg; const mbedtls_md_info_t *md_info; mbedtls_asn1_buf oid; +#ifdef __clang_analyzer__ + /* Shut up Clang, mbedtls_rsa_public/private writes to this */ + unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; +#else + unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; +#endif if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index f071d311e..7805a79bc 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -83,7 +83,7 @@ static int generic_check( const mbedtls_md_info_t *md_info, char *filename ) int nb_err1, nb_err2; int nb_tot1, nb_tot2; unsigned char sum[MBEDTLS_MD_MAX_SIZE]; - char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1], line[1024]; + char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { }, line[1024]; char diff; if( ( f = fopen( filename, "rb" ) ) == NULL ) From daf534dcf921895604c2a73a767d7ce9a6de1906 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Wed, 13 Apr 2016 11:50:33 +0100 Subject: [PATCH 08/48] Remove a dead store to silence clang-analyze --- library/ssl_cli.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 52ddf9a92..d1ef7dd35 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -265,7 +265,6 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECP_C) for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) { - info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); #else for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) { From 5d5e421d089bf02488f5a0f06ae3a727ff9aadd7 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Wed, 13 Apr 2016 11:51:05 +0100 Subject: [PATCH 09/48] Refactor slightly to silence a clang-analyze warning Since the buffer is used in a few places, it seems Clang isn't clever enough to realise that the first byte is never touched. So, even though the function has a correct null check for ssl->handshake, Clang complains. Pulling the handshake type out into its own variable is enough for Clang's analysis to kick in though. --- library/ssl_tls.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1c44b7ddb..2e41bcad2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2708,7 +2708,7 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ) */ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) { - int ret, done = 0; + int ret, done = 0, out_msg_type; size_t len = ssl->out_msglen; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) ); @@ -2724,7 +2724,9 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) #endif if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) { - if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST && + out_msg_type = ssl->out_msg[0]; + + if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST && ssl->handshake == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); @@ -2751,7 +2753,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) len += 8; /* Write message_seq and update it, except for HelloRequest */ - if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ) + if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) { ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF; ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF; @@ -2769,7 +2771,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ) + if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) ssl->handshake->update_checksum( ssl, ssl->out_msg, len ); } From 42d47f0fb5414bc5cb07e0353303a6d81297dda3 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Wed, 13 Apr 2016 11:53:27 +0100 Subject: [PATCH 10/48] Silence a clang-analyze warning The check is already effectively performed later in the function, but implicitly, so Clang's analysis fail to notice the functions are in fact safe. Pulling the check up to the top helps Clang to verify the behaviour. --- library/x509_csr.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/x509_csr.c b/library/x509_csr.c index f8c45f8d2..603d06b64 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -104,7 +104,7 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, /* * Check for valid input */ - if( csr == NULL || buf == NULL ) + if( csr == NULL || buf == NULL || buflen == 0 ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); mbedtls_x509_csr_init( csr ); @@ -274,14 +274,14 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz /* * Check for valid input */ - if( csr == NULL || buf == NULL ) + if( csr == NULL || buf == NULL || buflen == 0 ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); #if defined(MBEDTLS_PEM_PARSE_C) mbedtls_pem_init( &pem ); /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( buflen == 0 || buf[buflen - 1] != '\0' ) + if( buf[buflen - 1] != '\0' ) ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else ret = mbedtls_pem_read_buffer( &pem, From 42256118870538bb48d2cadeb16c787a528fe570 Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 01:05:22 +0100 Subject: [PATCH 11/48] Fixes memory leak in memory_buffer_alloc.c debug Debug symbols were being leaked in memory_buffer_alloc.c --- library/memory_buffer_alloc.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index b2c775a3d..545d5a2c3 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -417,6 +417,12 @@ static void buffer_alloc_free( void *ptr ) heap.total_used -= hdr->size; #endif +#if defined(MBEDTLS_MEMORY_BACKTRACE) + free( hdr->trace ); + hdr->trace = NULL; + hdr->trace_count = 0; +#endif + // Regroup with block before // if( hdr->prev != NULL && hdr->prev->alloc == 0 ) @@ -432,9 +438,6 @@ static void buffer_alloc_free( void *ptr ) if( hdr->next != NULL ) hdr->next->prev = hdr; -#if defined(MBEDTLS_MEMORY_BACKTRACE) - free( old->trace ); -#endif memset( old, 0, sizeof(memory_header) ); } @@ -474,9 +477,6 @@ static void buffer_alloc_free( void *ptr ) if( hdr->next != NULL ) hdr->next->prev = hdr; -#if defined(MBEDTLS_MEMORY_BACKTRACE) - free( old->trace ); -#endif memset( old, 0, sizeof(memory_header) ); } @@ -491,11 +491,6 @@ static void buffer_alloc_free( void *ptr ) heap.first_free = hdr; } -#if defined(MBEDTLS_MEMORY_BACKTRACE) - hdr->trace = NULL; - hdr->trace_count = 0; -#endif - if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_FREE ) && verify_chain() != 0 ) mbedtls_exit( 1 ); } From c1d2eb3fd692810d782916af66f457369ffb12c2 Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 15:52:52 +0100 Subject: [PATCH 12/48] Adds line number substitution in test cases Expanded generate_code.pl to substitute !LINE_NO! in test cases. --- tests/scripts/generate_code.pl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 93c003b01..9c595917e 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -95,6 +95,8 @@ for my $line (@test_cases_lines) { $line = $line."#line $index \"$test_case_file\"\n"; } + $line =~ s/!LINE_NO!/$index/; + $test_cases = $test_cases.$line; $index++; } From 43dba3d94e3be8e4f8a300e084c2b0b038ae9e9a Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 21:31:51 +0100 Subject: [PATCH 13/48] Fixes off by 1 error reported in line number errors --- tests/scripts/generate_code.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 9c595917e..e940b5a1a 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -77,7 +77,7 @@ close(TEST_HELPERS); open(TEST_MAIN, "$test_main_file") or die "Opening test main '$test_main_file': $!"; my @test_main_lines = split/^/, ; my $test_main; -my $index = 1; +my $index = 2; for my $line (@test_main_lines) { $line =~ s/!LINE_NO!/$index/; $test_main = $test_main.$line; @@ -88,7 +88,7 @@ close(TEST_MAIN); open(TEST_CASES, "$test_case_file") or die "Opening test cases '$test_case_file': $!"; my @test_cases_lines = split/^/, ; my $test_cases; -my $index = 1; +my $index = 2; for my $line (@test_cases_lines) { if ($line =~ /^\/\* BEGIN_CASE .*\*\//) { From 31a6c491397ec70c0effa34947e3488f18a4ad0a Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 21:32:44 +0100 Subject: [PATCH 14/48] Adds reporting of file/line no. in failed tests Tests in tests/suites will now report the file and line number of failed test assertions. --- tests/suites/helpers.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index cc9ab7c42..31b8f586f 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -57,7 +57,7 @@ typedef UINT32 uint32_t; do { \ if( ! (TEST) ) \ { \ - test_fail( #TEST ); \ + test_fail( #TEST, __LINE__, __FILE__ ); \ goto exit; \ } \ } while( 0 ) @@ -348,11 +348,11 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } -static void test_fail( const char *test ) +static void test_fail( const char *test, int line_no, char* filename ) { test_errors++; if( test_errors == 1 ) mbedtls_printf( "FAILED\n" ); - mbedtls_printf( " %s\n", test ); + mbedtls_printf( " %s\n at line %d, %s\n", test, line_no, filename ); } From 37f2620db68081c5131fa2798b6bdfb50dcbc27f Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 21:58:19 +0100 Subject: [PATCH 15/48] Adds line numbering in errors for test helpers Adds to the 'generate_code.pl' tool, support to insert line numbers before test suite helper code. --- tests/scripts/generate_code.pl | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index e940b5a1a..49af2db7f 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -90,6 +90,11 @@ my @test_cases_lines = split/^/, ; my $test_cases; my $index = 2; for my $line (@test_cases_lines) { + if ($line =~ /^\/\* BEGIN_SUITE_HELPERS .*\*\//) + { + $line = $line."#line $index \"$test_case_file\"\n"; + } + if ($line =~ /^\/\* BEGIN_CASE .*\*\//) { $line = $line."#line $index \"$test_case_file\"\n"; From 5be3a256919f06da30bebf4a6754b5c9a29e98c6 Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 22:15:42 +0100 Subject: [PATCH 16/48] Clarifies documentation on reported memory statistics --- include/mbedtls/memory_buffer_alloc.h | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h index 661bc08dc..d5df316fd 100644 --- a/include/mbedtls/memory_buffer_alloc.h +++ b/include/mbedtls/memory_buffer_alloc.h @@ -98,8 +98,10 @@ void mbedtls_memory_buffer_alloc_status( void ); /** * \brief Get the peak heap usage so far * - * \param max_used Peak number of bytes reauested by the application - * \param max_blocks Peak number of blocks reauested by the application + * \param max_used Peak number of bytes in use or committed. This + * includes bytes in allocated blocks too small to split + * into smaller blocks but larger than the requested size. + * \param max_blocks Peak number of blocks in use, including free and used */ void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks ); @@ -111,8 +113,10 @@ void mbedtls_memory_buffer_alloc_max_reset( void ); /** * \brief Get the current heap usage * - * \param cur_used Number of bytes reauested by the application - * \param cur_blocks Number of blocks reauested by the application + * \param cur_used Current number of bytes in use or committed. This + * includes bytes in allocated blocks too small to split + * into smaller blocks but larger than the requested size. + * \param cur_blocks Current number of blocks in use, including free and used */ void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks ); #endif /* MBEDTLS_MEMORY_DEBUG */ From a0ed709f05c41f321bbe3ed76779c7f047c293c4 Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 23:25:02 +0100 Subject: [PATCH 17/48] Additional tests to test stack buffer allocator Adds additional tests to the test suite for memory_buffer_alloc.c --- .../test_suite_memory_buffer_alloc.data | 16 ++ .../test_suite_memory_buffer_alloc.function | 218 ++++++++++++++++++ 2 files changed, 234 insertions(+) diff --git a/tests/suites/test_suite_memory_buffer_alloc.data b/tests/suites/test_suite_memory_buffer_alloc.data index a0b046010..8d3813a7b 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.data +++ b/tests/suites/test_suite_memory_buffer_alloc.data @@ -1,2 +1,18 @@ Memory buffer alloc self test mbedtls_memory_buffer_alloc_self_test: + +Memory buffer alloc - free in middle, alloc at end +memory_buffer_alloc_free_alloc:100:100:100:0:0:1:0:0:200:0 + +Memory buffer alloc - free in middle, realloc +memory_buffer_alloc_free_alloc:100:100:100:0:0:1:0:0:100:0 + +Memory buffer alloc - free in middle, merge, realloc +memory_buffer_alloc_free_alloc:100:100:100:100:0:1:1:0:201:0 + +Memory buffer alloc - free at end, merge, realloc +memory_buffer_alloc_free_alloc:100:64:100:100:0:0:0:1:200:0 + +Memory buffer alloc - Out of Memory test +memory_buffer_alloc_oom_test: + diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function index 59b06431b..a36dbc3d1 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.function +++ b/tests/suites/test_suite_memory_buffer_alloc.function @@ -1,6 +1,7 @@ /* BEGIN_HEADER */ #include "mbedtls/memory_buffer_alloc.h" #define TEST_SUITE_MEMORY_BUFFER_ALLOC + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -8,9 +9,226 @@ * END_DEPENDENCIES */ +/* BEGIN_SUITE_HELPERS */ +static int check_pointer( void *p ) +{ + if( p == NULL ) + return( -1 ); + + if( (size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0 ) + return( -1 ); + + return( 0 ); +} +/* END_SUITE_HELPERS */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void mbedtls_memory_buffer_alloc_self_test( ) { TEST_ASSERT( mbedtls_memory_buffer_alloc_self_test( 0 ) == 0 ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */ +void memory_buffer_alloc_free_alloc( int a_bytes, int b_bytes, int c_bytes, + int d_bytes, + int free_a, int free_b, int free_c, + int free_d, + int e_bytes, int f_bytes ) +{ + unsigned char buf[1024]; + unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL, *ptr_d = NULL, + *ptr_e = NULL, *ptr_f = NULL; + + size_t reported_blocks; + size_t allocated_bytes = 0, reported_bytes; + + mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) ); + + mbedtls_memory_buffer_set_verify( MBEDTLS_MEMORY_VERIFY_ALWAYS ); + + if( a_bytes > 0 ) + { + ptr_a = mbedtls_calloc( a_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_a ) == 0 ); + + allocated_bytes += a_bytes * sizeof(char); + } + + if( b_bytes > 0 ) + { + ptr_b = mbedtls_calloc( b_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_b ) == 0 ); + + allocated_bytes += b_bytes * sizeof(char); + } + + if( c_bytes > 0 ) + { + ptr_c = mbedtls_calloc( c_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_c ) == 0 ); + + allocated_bytes += c_bytes * sizeof(char); + } + + if( d_bytes > 0 ) + { + ptr_d = mbedtls_calloc( d_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_d ) == 0 ); + + allocated_bytes += d_bytes * sizeof(char); + } + + mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); + TEST_ASSERT( reported_bytes == allocated_bytes ); + + if( free_a ) + { + mbedtls_free( ptr_a ); + ptr_a = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + allocated_bytes -= a_bytes * sizeof(char); + } + + if( free_b ) + { + mbedtls_free( ptr_b ); + ptr_b = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + allocated_bytes -= b_bytes * sizeof(char); + } + + if( free_c ) + { + mbedtls_free( ptr_c ); + ptr_c = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + allocated_bytes -= c_bytes * sizeof(char); + } + + if( free_d ) + { + mbedtls_free( ptr_d ); + ptr_d = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + allocated_bytes -= d_bytes * sizeof(char); + } + + mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); + TEST_ASSERT( reported_bytes == allocated_bytes ); + + if( e_bytes > 0 ) + { + ptr_e = mbedtls_calloc( e_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_e ) == 0 ); + } + + if( f_bytes > 0 ) + { + ptr_f = mbedtls_calloc( f_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_f ) == 0 ); + } + + /* Once blocks are reallocated, the block allocated to the memory request + * may be bigger than the request itself, which is indicated by the reported + * bytes, and makes it hard to know what the reported size will be, so + * we don't check the size after blocks have been reallocated. */ + + if( ptr_a != NULL ) + { + mbedtls_free( ptr_a ); + ptr_a = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + } + + if( ptr_b != NULL ) + { + mbedtls_free( ptr_b ); + ptr_b = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + } + + if( ptr_c != NULL ) + { + mbedtls_free( ptr_c ); + ptr_c = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + } + + if( ptr_d != NULL ) + { + mbedtls_free( ptr_d ); + ptr_d = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + } + + if( ptr_e != NULL ) + { + mbedtls_free( ptr_e ); + ptr_e = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + } + + if( ptr_f != NULL ) + { + mbedtls_free( ptr_f ); + ptr_f = NULL; + } + + mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); + TEST_ASSERT( reported_bytes == 0 ); + + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + +exit: + mbedtls_memory_buffer_alloc_free( ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */ +void memory_buffer_alloc_oom_test() +{ + unsigned char buf[1024]; + unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL; + size_t reported_blocks, reported_bytes; + + (void)ptr_c; + + mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) ); + + mbedtls_memory_buffer_set_verify( MBEDTLS_MEMORY_VERIFY_ALWAYS ); + + ptr_a = mbedtls_calloc( 432, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_a ) == 0 ); + + ptr_b = mbedtls_calloc( 432, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_b ) == 0 ); + + ptr_c = mbedtls_calloc( 431, sizeof(char) ); + TEST_ASSERT( ptr_c == NULL ); + + mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); + TEST_ASSERT( reported_bytes == 864 ); + + mbedtls_free( ptr_a ); + ptr_a = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + mbedtls_free( ptr_b ); + ptr_b = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); + TEST_ASSERT( reported_bytes == 0 ); + + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + +exit: + mbedtls_memory_buffer_alloc_free( ); +} +/* END_CASE */ + From 7e8a6fb78ca8e2b0fa4bbf37dfc19c78e0cdb37f Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Mon, 2 May 2016 11:06:47 +0200 Subject: [PATCH 18/48] Fix minor doc issue --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 67c62b744..96643eb46 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -976,7 +976,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, * pointers and data. * * \param ssl SSL context - * \return 0 if successful, or POLASSL_ERR_SSL_MALLOC_FAILED, + * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED, MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or * MBEDTLS_ERR_SSL_COMPRESSION_FAILED */ From d96924de9c1f0357804cd68075e47f0e0f7f5a0a Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 6 May 2016 00:22:18 +0100 Subject: [PATCH 19/48] Widens test parameters in memory alloc tests --- tests/suites/helpers.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 31b8f586f..f0d052013 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -348,7 +348,7 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } -static void test_fail( const char *test, int line_no, char* filename ) +static void test_fail( const char *test, int line_no, const char* filename ) { test_errors++; if( test_errors == 1 ) From 1aa590a1e4e5b4eaa91534958e47d9888b3d2864 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Mon, 9 May 2016 14:36:33 +0100 Subject: [PATCH 20/48] Add check to prevent enabling of RSA without selecting PKCS version(s) --- include/mbedtls/check_config.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index b6448ecef..8c0c68986 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -362,6 +362,11 @@ #error "MBEDTLS_RSA_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) || \ + !defined(MBEDTLS_PKCS1_V15) ) +#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled" +#endif + #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) ) #error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites" From d9dcd4321bdbe119b55b7556292ff0b06f8246b2 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Mon, 9 May 2016 15:13:04 +0100 Subject: [PATCH 21/48] Fix logic to allow at least one PKCS version enabled --- include/mbedtls/check_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 8c0c68986..d31555df7 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -362,7 +362,7 @@ #error "MBEDTLS_RSA_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) || \ +#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) && \ !defined(MBEDTLS_PKCS1_V15) ) #error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled" #endif From 6507891e65e7f8aabc08f0e0196ebdd1f1b9891a Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 10 May 2016 10:50:43 +0100 Subject: [PATCH 22/48] Add ability to only run select numbered tests in ssl-opt.sh In order to reduce debugging time, allows you to only run interesting tests (by number) from the commandline. e.g. the command 'tests/ssl-opt.sh -n 246,258' will only run test 246 and 258 (as per the number in the log file names) --- tests/ssl-opt.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c08af7b04..d8df4ea87 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -33,12 +33,15 @@ MEMCHECK=0 FILTER='.*' EXCLUDE='^$' +RUN_TEST_NUMBER='' + print_usage() { echo "Usage: $0 [options]" printf " -h|--help\tPrint this help.\n" printf " -m|--memcheck\tCheck memory leaks and errors.\n" printf " -f|--filter\tOnly matching tests are executed (default: '$FILTER')\n" printf " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')\n" + printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" } get_options() { @@ -53,6 +56,9 @@ get_options() { -m|--memcheck) MEMCHECK=1 ;; + -n|--number) + shift; RUN_TEST_NUMBER=$1 + ;; -h|--help) print_usage exit 0 @@ -293,6 +299,13 @@ run_test() { print_name "$NAME" + # Do we only run numbered tests? + if [ "X$RUN_TEST_NUMBER" = "X" ]; then : + elif echo ",$RUN_TEST_NUMBER," | grep ",$TESTS," >/dev/null; then : + else + SKIP_NEXT="YES" + fi + # should we skip? if [ "X$SKIP_NEXT" = "XYES" ]; then SKIP_NEXT="NO" From 9911faa1b42dda8ec5fc8938f4e8791829a5d99c Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 10 May 2016 11:18:17 +0100 Subject: [PATCH 23/48] Add option to print test numbers in ssl-opt.sh output Allows for easy selection of tests based on numbers for use with the '-n' option --- tests/ssl-opt.sh | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d8df4ea87..37fad8640 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -33,6 +33,7 @@ MEMCHECK=0 FILTER='.*' EXCLUDE='^$' +SHOW_TEST_NUMBER=0 RUN_TEST_NUMBER='' print_usage() { @@ -42,6 +43,7 @@ print_usage() { printf " -f|--filter\tOnly matching tests are executed (default: '$FILTER')\n" printf " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')\n" printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" + printf " -s|--show-numbers\tShow test numbers in front of test names\n" } get_options() { @@ -59,6 +61,9 @@ get_options() { -n|--number) shift; RUN_TEST_NUMBER=$1 ;; + -s|--show-numbers) + SHOW_TEST_NUMBER=1 + ;; -h|--help) print_usage exit 0 @@ -143,12 +148,19 @@ needs_more_time() { # print_name print_name() { - printf "$1 " - LEN=$(( 72 - `echo "$1" | wc -c` )) + TESTS=$(( $TESTS + 1 )) + LINE="" + + if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then + LINE="$TESTS " + fi + + LINE="$LINE$1" + printf "$LINE " + LEN=$(( 72 - `echo "$LINE" | wc -c` )) for i in `seq 1 $LEN`; do printf '.'; done printf ' ' - TESTS=$(( $TESTS + 1 )) } # fail From 73b851d23b3d16515deca8ac0374b2df1d262d39 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 10 May 2016 11:47:13 +0100 Subject: [PATCH 24/48] Add option to preserve all logs in ssl-opt.sh Useful to also allow saving of correct logs in order to compare differences with failed logs --- tests/ssl-opt.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 37fad8640..e61025149 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -36,6 +36,8 @@ EXCLUDE='^$' SHOW_TEST_NUMBER=0 RUN_TEST_NUMBER='' +PRESERVE_LOGS=0 + print_usage() { echo "Usage: $0 [options]" printf " -h|--help\tPrint this help.\n" @@ -44,6 +46,7 @@ print_usage() { printf " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')\n" printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" printf " -s|--show-numbers\tShow test numbers in front of test names\n" + printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" } get_options() { @@ -64,6 +67,9 @@ get_options() { -s|--show-numbers) SHOW_TEST_NUMBER=1 ;; + -p|--preserve-logs) + PRESERVE_LOGS=1 + ;; -h|--help) print_usage exit 0 @@ -485,6 +491,11 @@ run_test() { # if we're here, everything is ok echo "PASS" + if [ "$PRESERVE_LOGS" -gt 0 ]; then + mv $SRV_OUT o-srv-${TESTS}.log + mv $CLI_OUT o-cli-${TESTS}.log + fi + rm -f $SRV_OUT $CLI_OUT $PXY_OUT } From 295639bfa1c077cac8fa320cd82befc78762750f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 10 May 2016 19:39:36 +0100 Subject: [PATCH 25/48] Fixes minor typos in comments in pk.h and ctr_drbg.c Fixes typos in PRs #475 and #437 --- include/mbedtls/pk.h | 7 ++++--- library/ctr_drbg.c | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 458bb512a..f9f9b9bb0 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -496,11 +496,12 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, * \brief Load and parse a public key * * \param ctx key to be initialized - * \param path filename to read the private key from + * \param path filename to read the public key from * * \note On entry, ctx must be empty, either freshly initialised - * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a - * specific key type, check the result with mbedtls_pk_can_do(). + * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If + * you need a specific key type, check the result with + * mbedtls_pk_can_do(). * * \note The key is also checked for correctness. * diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index aefddfa1d..6962d68b9 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -67,7 +67,7 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ) } /* - * Non-public function wrapped by ctr_crbg_init(). Necessary to allow NIST + * Non-public function wrapped by mbedtls_ctr_drbg_init(). Necessary to allow NIST * tests to succeed (which require known length fixed entropy) */ int mbedtls_ctr_drbg_seed_entropy_len( From e9f25c8a60b27fe4b3b9244ada24ba72d0b43a34 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 10 May 2016 20:57:03 +0100 Subject: [PATCH 26/48] Widens test bounds on memory alloc tests --- tests/suites/test_suite_memory_buffer_alloc.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function index a36dbc3d1..04dd68bec 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.function +++ b/tests/suites/test_suite_memory_buffer_alloc.function @@ -212,7 +212,7 @@ void memory_buffer_alloc_oom_test() TEST_ASSERT( ptr_c == NULL ); mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); - TEST_ASSERT( reported_bytes == 864 ); + TEST_ASSERT( reported_bytes >= 864 && reported_bytes <= sizeof(buf) ); mbedtls_free( ptr_a ); ptr_a = NULL; From 699d7193a18afbc72699ca955827a9855e2523b9 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 10 May 2016 21:16:54 +0100 Subject: [PATCH 27/48] Disables backtrace config from basic-build-test.sh The configuration MBEDTLS_MEMORY_BACKTRACE is intended for debug and is not necessary for test coverage. Because it causes timing problems in some tests the configuration has been removed as it's not present in equivalent tests in the all.sh test script. --- tests/scripts/basic-build-test.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index d13a8e4ed..d961230ed 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -39,6 +39,7 @@ fi export CFLAGS=' --coverage -g3 -O0 ' make clean scripts/config.pl full +scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE make From 71c7ac55973b409205f75a08cc45429538050bbf Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 10 May 2016 23:47:30 +0100 Subject: [PATCH 28/48] Corrects incorrectly named function in ctr_drbg.c comment --- library/ctr_drbg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 6962d68b9..386f8adb0 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -67,8 +67,8 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ) } /* - * Non-public function wrapped by mbedtls_ctr_drbg_init(). Necessary to allow NIST - * tests to succeed (which require known length fixed entropy) + * Non-public function wrapped by mbedtls_ctr_drbg_seed(). Necessary to allow + * NIST tests to succeed (which require known length fixed entropy) */ int mbedtls_ctr_drbg_seed_entropy_len( mbedtls_ctr_drbg_context *ctx, From 17ddff5eafeef9947c68f799e43515860da072e3 Mon Sep 17 00:00:00 2001 From: Embedthis Software Date: Thu, 10 Sep 2015 11:45:13 -0700 Subject: [PATCH 29/48] Fix single threaded builds --- include/mbedtls/threading.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index c39cbf24d..b416d478a 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -81,6 +81,7 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * void mbedtls_threading_free_alt( void ); #endif /* MBEDTLS_THREADING_ALT */ +#if defined(MBEDTLS_THREADING_C) /* * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock * @@ -96,6 +97,7 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); */ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; +#endif #ifdef __cplusplus } From e049ccd40595961da7e1dfb448923aea1f84f715 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 10 May 2016 16:17:27 +0100 Subject: [PATCH 30/48] Add end guard comment --- include/mbedtls/threading.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index b416d478a..b0c34ecc7 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -97,7 +97,7 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); */ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#endif +#endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus } From 2dd49d1e47dad8bbd98d27694334d1e82d802690 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 11 May 2016 23:15:58 +0100 Subject: [PATCH 31/48] Reverts change in commit daf534d Commit daf534d from PR #457 breaks the build. This may reintroduce a clang-analyse warning, but this is the wrong fix for that. The fix removed a call to mbedtls_ecp_curve_info_from_grp_id() to find the curve info. This fix adds that back in. --- library/ssl_cli.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 509484e36..cd39db027 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -267,6 +267,7 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECP_C) for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) { + info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); #else for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) { From d1fe7aabc92fb67efe6a7ed20a61e47f58623576 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 12:46:02 +0100 Subject: [PATCH 32/48] Put clang analyzer fix inside __clang_analyzer__ guard --- programs/hash/generic_sum.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index 7805a79bc..d1e81d491 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -83,8 +83,13 @@ static int generic_check( const mbedtls_md_info_t *md_info, char *filename ) int nb_err1, nb_err2; int nb_tot1, nb_tot2; unsigned char sum[MBEDTLS_MD_MAX_SIZE]; - char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { }, line[1024]; + char line[1024]; char diff; +#if defined(__clang_analyzer__) + char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { }; +#else + char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1]; +#endif if( ( f = fopen( filename, "rb" ) ) == NULL ) { From 21cc5741cf5a40585a1ca855ab24cfbadb074a54 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 12:46:28 +0100 Subject: [PATCH 33/48] Cleanup ifdef statements --- library/rsa.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 9386a762f..a6cc19b2f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -804,7 +804,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int ret; size_t ilen, pad_count = 0, i; unsigned char *p, bad, pad_done = 0; -#ifdef __clang_analyzer__ +#if defined(__clang_analyzer__) /* Shut up Clang, mbedtls_rsa_public/private writes to this */ unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; #else @@ -1193,7 +1193,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, size_t slen, msb; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; -#ifdef __clang_analyzer__ +#if defined(__clang_analyzer__) /* Shut up Clang, mbedtls_rsa_public/private writes to this */ unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; #else @@ -1340,7 +1340,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, mbedtls_md_type_t msg_md_alg; const mbedtls_md_info_t *md_info; mbedtls_asn1_buf oid; -#ifdef __clang_analyzer__ +#if defined(__clang_analyzer__) /* Shut up Clang, mbedtls_rsa_public/private writes to this */ unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; #else From 6e5191518727d1d32fa1d863efa22eb32a238078 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 15:52:48 +0100 Subject: [PATCH 34/48] Fix verbose test framework mote to use unmet_dep_count for index --- tests/suites/main_test.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index c5d6cd86b..edc9944b6 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -357,8 +357,8 @@ int main(int argc, const char *argv[]) { if( dep_check( params[i] ) != DEPENDENCY_SUPPORTED ) { - unmet_dependencies[ i-1 ] = strdup(params[i]); - if( unmet_dependencies[ i-1 ] == NULL ) + unmet_dependencies[ unmet_dep_count ] = strdup(params[i]); + if( unmet_dependencies[ unmet_dep_count ] == NULL ) { mbedtls_printf("FATAL: Out of memory\n"); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); From 2a259c63e359d85234528e78de18746a13382f34 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 15:55:37 +0100 Subject: [PATCH 35/48] Fox verbose test framework not to duplicate strings if not verbose --- tests/suites/main_test.function | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index edc9944b6..e8577d22a 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -357,6 +357,13 @@ int main(int argc, const char *argv[]) { if( dep_check( params[i] ) != DEPENDENCY_SUPPORTED ) { + if( 0 == option_verbose ) + { + /* Only one count is needed if not verbose */ + unmet_dep_count++; + break; + } + unmet_dependencies[ unmet_dep_count ] = strdup(params[i]); if( unmet_dependencies[ unmet_dep_count ] == NULL ) { From 53f01199e2f2fbcf22e556d2ce7370dfaa352828 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 15:59:48 +0100 Subject: [PATCH 36/48] Fix memory-leak in verbose test framework in case of unexpected input --- tests/suites/main_test.function | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index e8577d22a..f18248578 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -321,6 +321,9 @@ int main(int argc, const char *argv[]) testfile_index < testfile_count; testfile_index++ ) { + int unmet_dep_count = 0; + char *unmet_dependencies[20]; + test_filename = test_files[ testfile_index ]; file = fopen( test_filename, "r" ); @@ -333,8 +336,12 @@ int main(int argc, const char *argv[]) while( !feof( file ) ) { - int unmet_dep_count = 0; - char *unmet_dependencies[20]; + if( unmet_dep_count > 0 ) + { + mbedtls_printf("FATAL: Dep count larger than zero at start of loop\n"); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); + } + unmet_dep_count = 0; if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) break; @@ -399,16 +406,17 @@ int main(int argc, const char *argv[]) if( 1 == option_verbose && unmet_dep_count > 0 ) { mbedtls_fprintf( stdout, " Unmet dependencies: " ); - while( unmet_dep_count > 0) + for( i = 0; i < unmet_dep_count; i++ ) { mbedtls_fprintf(stdout, "%s ", - unmet_dependencies[unmet_dep_count - 1]); - free(unmet_dependencies[unmet_dep_count - 1]); - unmet_dep_count--; + unmet_dependencies[i]); + free(unmet_dependencies[i]); } mbedtls_fprintf( stdout, "\n" ); } fflush( stdout ); + + unmet_dep_count = 0; } else if( ret == DISPATCH_TEST_SUCCESS && test_errors == 0 ) { @@ -434,6 +442,10 @@ int main(int argc, const char *argv[]) } } fclose(file); + + /* In case we encounter early end of file */ + for( i = 0; i < unmet_dep_count; i++ ) + free( unmet_dependencies[i] ); } mbedtls_fprintf( stdout, "\n----------------------------------------------------------------------------\n\n"); From 8f0e4c263a4f3a88c11d73920a399a353a0ae64f Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 16:38:27 +0100 Subject: [PATCH 37/48] Amended ChangeLog --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 3b32873b2..069966041 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,7 @@ Bugfix * Fix issue that caused a crash if invalid curves were passed to mbedtls_ssl_conf_curves. #373 * Fix issue in ssl_fork_server which was preventing it from functioning. #429 + * Fix memory leaks in test framework Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, From 629c1ad3981fcca53934c8a49351ca238bdd0318 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Fri, 13 May 2016 10:16:46 +0100 Subject: [PATCH 38/48] Add fix to ignore valgrind messages related to compressed debug symbols The glibc package recently enabled compressed debug symbols but valgrind doesn't support them yet. Results in messages like: --14923-- WARNING: Serious error when reading debug info --14923-- When reading debug info from /lib/x86_64-linux-gnu/ld-2.21.so: --14923-- Ignoring non-Dwarf2/3/4 block in .debug_info First line has 'error' in it which triggers some of the ssl-opt tests --- tests/ssl-opt.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c08af7b04..7cf31156d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -408,32 +408,33 @@ run_test() { # check other assertions # lines beginning with == are added by valgrind, ignore them + # lines with 'Serious error when reading debug info', are valgrind issues as well while [ $# -gt 0 ] do case $1 in "-s") - if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then :; else + if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else fail "-s $2" return fi ;; "-c") - if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then :; else + if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else fail "-c $2" return fi ;; "-S") - if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then + if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then fail "-S $2" return fi ;; "-C") - if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then + if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then fail "-C $2" return fi From b8c8018343fbef0f82f128edeefb94468188a2e0 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Fri, 13 May 2016 10:33:25 +0100 Subject: [PATCH 39/48] Split test into valgrind and no-valgrind version Running valgrind on: "DTLS client reconnect from same port: reconnect, nbio" results in timeouts. New version added that runs only under valgrind. Original only runs when valgrind is not used --- tests/ssl-opt.sh | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7cf31156d..536add274 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -130,6 +130,13 @@ not_with_valgrind() { fi } +# skip the next test if valgrind is NOT in use +only_with_valgrind() { + if [ "$MEMCHECK" -eq 0 ]; then + SKIP_NEXT="YES" + fi +} + # multiply the client timeout delay by the given factor for the next test needs_more_time() { CLI_DELAY_FACTOR=$1 @@ -3049,13 +3056,22 @@ run_test "DTLS client reconnect from same port: reconnect" \ -S "The operation timed out" \ -s "Client initiated reconnection from same port" -run_test "DTLS client reconnect from same port: reconnect, nbio" \ +not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts) +run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \ "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ 0 \ -S "The operation timed out" \ -s "Client initiated reconnection from same port" +only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout +run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \ + "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \ + "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \ + 0 \ + -S "The operation timed out" \ + -s "Client initiated reconnection from same port" + run_test "DTLS client reconnect from same port: no cookies" \ "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \ From f8e3794792a178d6addda6e72178cbb99d0d6a76 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Fri, 13 May 2016 10:50:41 +0100 Subject: [PATCH 40/48] Update ChangeLog to reflect --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 069966041..daa6e503c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,7 @@ Bugfix mbedtls_ssl_conf_curves. #373 * Fix issue in ssl_fork_server which was preventing it from functioning. #429 * Fix memory leaks in test framework + * Fix test in ssl-opt.sh that does not run properly with valgrind Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, From a8a318db45234b791b9afab13ec76cca9263b326 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Wed, 18 May 2016 14:38:02 -0700 Subject: [PATCH 41/48] fix indentation in output of selftest.c --- library/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index 9386a762f..3f41840e1 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1688,7 +1688,7 @@ int mbedtls_rsa_self_test( int verbose ) #if defined(MBEDTLS_SHA1_C) if( verbose != 0 ) - mbedtls_printf( "PKCS#1 data sign : " ); + mbedtls_printf( " PKCS#1 data sign : " ); mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum ); From 7ee51c626aa1a867ced0ebb3afe1470ee01f19a7 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 19 May 2016 00:22:37 +0100 Subject: [PATCH 42/48] Fixes whitespace errors in x509_crl.c --- library/x509_crl.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/library/x509_crl.c b/library/x509_crl.c index 125a77399..7b2b4733b 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -502,14 +502,15 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s { mbedtls_pem_init( &pem ); - /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( buflen == 0 || buf[buflen - 1] != '\0' ) - ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; - else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN X509 CRL-----", - "-----END X509 CRL-----", - buf, NULL, 0, &use_len ); + // Avoid calling mbedtls_pem_read_buffer() on non-null-terminated + // string + if( buflen == 0 || buf[buflen - 1] != '\0' ) + ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; + else + ret = mbedtls_pem_read_buffer( &pem, + "-----BEGIN X509 CRL-----", + "-----END X509 CRL-----", + buf, NULL, 0, &use_len ); if( ret == 0 ) { From 99239d6ff1cb28fbfb5ce4622507e2c43cb66987 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 19 May 2016 22:12:18 +0100 Subject: [PATCH 43/48] Fixes RC4 config dependencies in tests in ssl-opt.h Adds dependencies on MBEDTLS_REMOVE_ARC4_CIPHERSUITES for tests that require RC4 to be disabled (the default config). --- tests/ssl-opt.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b939c7158..d926d718a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -611,12 +611,14 @@ run_test "Default, DTLS" \ # Tests for rc4 option +requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES run_test "RC4: server disabled, client enabled" \ "$P_SRV" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1 \ -s "SSL - The server has no ciphersuites in common" +requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES run_test "RC4: server half, client enabled" \ "$P_SRV arc4=1" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ From 7c0ad8b8cf665afa434c1581f89ff83f5fe55322 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 19 May 2016 22:15:34 +0100 Subject: [PATCH 44/48] Adds parallel builds to basic-build-test.sh To speed up test time, added parallel builds --- tests/scripts/basic-build-test.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index d961230ed..010c0c67f 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -2,6 +2,8 @@ # basic-build-tests.sh # +# This file is part of mbed TLS (https://tls.mbed.org) +# # Copyright (c) 2016, ARM Limited, All Rights Reserved # # Purpose @@ -40,7 +42,7 @@ export CFLAGS=' --coverage -g3 -O0 ' make clean scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE -make +make -j # Step 2 - Execute the tests From 80d70cb4681771bb3b0f1c4254a55f3084549eb4 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 19 May 2016 23:43:11 +0100 Subject: [PATCH 45/48] Updates copyright and attribution in comment header in ssl-opt.sh --- tests/ssl-opt.sh | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d926d718a..07627b01c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1,12 +1,23 @@ #!/bin/sh -# Test various options that are not covered by compat.sh +# ssl-opt.sh # -# Here the goal is not to cover every ciphersuite/version, but -# rather specific options (max fragment length, truncated hmac, etc) -# or procedures (session resumption from cache or ticket, renego, etc). +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# Executes tests to prove various TLS/SSL options and extensions. +# +# The goal is not to cover every ciphersuite/version, but instead to cover +# specific options (max fragment length, truncated hmac, etc) or procedures +# (session resumption from cache or ticket, renego, etc). +# +# The tests assume a build with default options, with exceptions expressed +# with a dependency. The tests focus on functionality and do not consider +# performance. # -# Assumes a build with default options. set -u From 3b36bd12f6f2aa7fa271371502f19c31683e2175 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 20 May 2016 00:00:37 +0100 Subject: [PATCH 46/48] Adds casts to zeroize functions to allow building as C++ --- library/aes.c | 2 +- library/arc4.c | 2 +- library/asn1parse.c | 2 +- library/blowfish.c | 2 +- library/camellia.c | 2 +- library/ccm.c | 2 +- library/cipher.c | 2 +- library/des.c | 2 +- library/sha1.c | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/library/aes.c b/library/aes.c index ec9313de3..36660306e 100644 --- a/library/aes.c +++ b/library/aes.c @@ -56,7 +56,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* diff --git a/library/arc4.c b/library/arc4.c index ff0e993e7..05b33d3fd 100644 --- a/library/arc4.c +++ b/library/arc4.c @@ -49,7 +49,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } void mbedtls_arc4_init( mbedtls_arc4_context *ctx ) diff --git a/library/asn1parse.c b/library/asn1parse.c index b37523def..e59d2509f 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -45,7 +45,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* diff --git a/library/blowfish.c b/library/blowfish.c index 89be4d122..9003f0dfe 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -41,7 +41,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* diff --git a/library/camellia.c b/library/camellia.c index e015ca24b..d50513fd0 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -50,7 +50,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* diff --git a/library/ccm.c b/library/ccm.c index 3463a0b32..13a8fd1a2 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -51,7 +51,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } #define CCM_ENCRYPT 0 diff --git a/library/cipher.c b/library/cipher.c index ccc068503..0dc51520f 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -51,7 +51,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } static int supported_init = 0; diff --git a/library/des.c b/library/des.c index 61f214af3..09f95cfc3 100644 --- a/library/des.c +++ b/library/des.c @@ -50,7 +50,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* diff --git a/library/sha1.c b/library/sha1.c index 8c77cbaa8..2ccf2a2f5 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -49,7 +49,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* From 12833ed3c82acee7509587029d755fe10be2fc10 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 20 May 2016 00:19:09 +0100 Subject: [PATCH 47/48] Adds additional casts to calloc calls Casts added to allow compilation of the library as C++ --- library/asn1parse.c | 3 ++- library/asn1write.c | 4 +++- library/bignum.c | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/library/asn1parse.c b/library/asn1parse.c index e59d2509f..ffa2f5299 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -269,7 +269,8 @@ int mbedtls_asn1_get_sequence_of( unsigned char **p, /* Allocate and assign next pointer */ if( *p < end ) { - cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); + cur->next = (mbedtls_asn1_sequence*)mbedtls_calloc( 1, + sizeof( mbedtls_asn1_sequence ) ); if( cur->next == NULL ) return( MBEDTLS_ERR_ASN1_ALLOC_FAILED ); diff --git a/library/asn1write.c b/library/asn1write.c index 00ed73c11..027c858e7 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -312,7 +312,9 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data { // Add new entry if not present yet based on OID // - if( ( cur = mbedtls_calloc( 1, sizeof(mbedtls_asn1_named_data) ) ) == NULL ) + cur = (mbedtls_asn1_named_data*)mbedtls_calloc( 1, + sizeof(mbedtls_asn1_named_data) ); + if( cur == NULL ) return( NULL ); cur->oid.len = oid_len; diff --git a/library/bignum.c b/library/bignum.c index 4536a3b86..4c99e04d6 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -120,7 +120,7 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ) if( X->n < nblimbs ) { - if( ( p = mbedtls_calloc( nblimbs, ciL ) ) == NULL ) + if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( nblimbs, ciL ) ) == NULL ) return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); if( X->p != NULL ) @@ -158,7 +158,7 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ) if( i < nblimbs ) i = nblimbs; - if( ( p = mbedtls_calloc( i, ciL ) ) == NULL ) + if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( i, ciL ) ) == NULL ) return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); if( X->p != NULL ) From 27f9ccc959d314d70646766693a1bdd3495875d8 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 23 May 2016 11:13:17 +0100 Subject: [PATCH 48/48] Adds check for valgrind to ssl-opt.sh (#488) Provides graceful exit rather than fail silently if valgrind isn't installed. --- tests/ssl-opt.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 07627b01c..bfc603f9a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -551,6 +551,12 @@ if [ ! -x "$P_PXY" ]; then echo "Command '$P_PXY' is not an executable file" exit 1 fi +if [ "$MEMCHECK" -gt 0 ]; then + if which valgrind >/dev/null 2>&1; then :; else + echo "Memcheck not possible. Valgrind not found" + exit 1 + fi +fi if which $OPENSSL_CMD >/dev/null 2>&1; then :; else echo "Command '$OPENSSL_CMD' not found" exit 1