From 0e4d9afa61cd33f4757abf60f834ba596dfc46a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 18 Aug 2015 13:33:14 +0200 Subject: [PATCH 1/7] Use Freescale's RNGA on the K64F --- yotta/data/entropy_hardware_poll.c | 69 ++++++++++++++++++++---------- yotta/data/target_config.h | 6 +-- 2 files changed, 49 insertions(+), 26 deletions(-) diff --git a/yotta/data/entropy_hardware_poll.c b/yotta/data/entropy_hardware_poll.c index 192430257..3a61e22ae 100644 --- a/yotta/data/entropy_hardware_poll.c +++ b/yotta/data/entropy_hardware_poll.c @@ -1,5 +1,5 @@ /* - * Temporary "entropy" collector for Cortex-M4 + * Hardware entropy collector for the K64F, using Freescale's RNGA * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 @@ -20,46 +20,69 @@ */ /* - * WARNING: this is a temporary hack! - * 1. Currently does not provide strong entropy, should be replaced to use the - * on-board hardware RNG (see IOTSSL-303) - * 2. This should be in a separete yotta module which would be a target + * WARNING: this is temporary! + * This should be in a separate yotta module which would be a target * dependency of mbedtls (see IOTSSL-313) */ -#if defined(TARGET_LIKE_CORTEX_M4) +#if defined(TARGET_LIKE_K64F) -#include "MK64F12.h" -#include "core_cm4.h" -#include +/* + * Reference: "K64 Sub-Family Reference Manual, Rev. 2", chapter 34 + */ -unsigned long hardclock( void ) +#include "fsl_clock_manager.h" + +/* + * Get one byte of entropy from the RNG, assuming it is up and running. + * As recommended (34.1.1), get only one bit of each output. + */ +static void rng_get_byte( unsigned char *byte ) { - static int dwt_started = 0; + size_t bit; - if( dwt_started == 0 ) + /* 34.5 Steps 3-4-5: poll SR and read from OR when ready */ + for( bit = 0; bit < 8; bit++ ) { - CoreDebug->DEMCR |= CoreDebug_DEMCR_TRCENA_Msk; - DWT->CTRL |= DWT_CTRL_CYCCNTENA_Msk; + while( ( RNG->SR & RNG_SR_OREG_LVL_MASK ) == 0 ); + *byte |= ( RNG->OR & 1 ) << bit; } - - return( DWT->CYCCNT ); } +/* + * Get len bytes of entropy from the hardware RNG. + */ int mbedtls_hardware_poll( void *data, unsigned char *output, size_t len, size_t *olen ) { - unsigned long timer = hardclock(); + size_t i; + int ret; ((void) data); - *olen = 0; - if( len < sizeof(unsigned long) ) - return( 0 ); + CLOCK_SYS_EnableRngaClock( 0 ); - memcpy( output, &timer, sizeof(unsigned long) ); - *olen = sizeof(unsigned long); + /* Set "Interrupt Mask", "High Assurance" and "Go", + * unset "Clear interrupt" and "Sleep" */ + RNG->CR = RNG_CR_INTM_MASK | RNG_CR_HA_MASK | RNG_CR_GO_MASK; - return( 0 ); + for( i = 0; i < len; i++ ) + rng_get_byte( output + i ); + + /* Just be extra sure that we didn't do it wrong */ + if( ( RNG->SR & RNG_SR_SECV_MASK ) != 0 ) + { + ret = -1; + goto cleanup; + } + + *olen = len; + ret = 0; + +cleanup: + /* Disable clock to save power - assume we're the only users of RNG */ + CLOCK_SYS_DisableRngaClock( 0 ); + + return( ret ); } #endif diff --git a/yotta/data/target_config.h b/yotta/data/target_config.h index df1a208b3..f350ce3ec 100644 --- a/yotta/data/target_config.h +++ b/yotta/data/target_config.h @@ -26,10 +26,10 @@ #endif /* - * WARNING: this is a temporary hack! - * 2. This should be in a separete yotta module which would be a target + * WARNING: this is temporary! + * This should be in a separate yotta module which would be a target * dependency of mbedtls (see IOTSSL-313) */ -#if defined(TARGET_LIKE_CORTEX_M4) +#if defined(TARGET_LIKE_K64F) #define MBEDTLS_ENTROPY_HARDWARE_ALT #endif From 10c575be3ee5d332923a888cf261b650e590eb32 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 23 Feb 2016 14:42:48 +0000 Subject: [PATCH 2/7] Fix odd bitlength RSA key generation Fix issue that caused a hang up when generating RSA keys of odd bitlength. --- ChangeLog | 1 + library/rsa.c | 14 ++++++++------ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 007f60418..9bf0b1549 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,7 @@ Bugfix in the trusted certificate list. * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the buffer after DER certificates to be included in the raw representation. + * Fix issue that caused a hang up when generating RSA keys of odd bitlength Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, diff --git a/library/rsa.c b/library/rsa.c index fba68ddfc..19abc7f82 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -102,7 +102,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, if( f_rng == NULL || nbits < 128 || exponent < 3 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); + mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); /* * find primes P and Q with Q < P so that: @@ -112,14 +113,15 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, do { - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, ( nbits + 1 ) >> 1, 0, + MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits + 1 ) >> 1, 0, + if( nbits % 2 ) + MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits >> 1 ) + 1, 0, + f_rng, p_rng ) ); + else + MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, f_rng, p_rng ) ); - - if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 ) - mbedtls_mpi_swap( &ctx->P, &ctx->Q ); if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) continue; From 3f5c875654f76cc1eff45bd953cf99a947aa7ac3 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 15 Apr 2016 19:06:59 +0100 Subject: [PATCH 3/7] Adds test for odd bit length RSA key size Also tidy up ChangeLog following review. --- ChangeLog | 2 +- library/rsa.c | 4 ++++ tests/suites/test_suite_rsa.data | 10 ++++++++-- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9bf0b1549..1dba929dd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,7 +16,7 @@ Bugfix in the trusted certificate list. * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the buffer after DER certificates to be included in the raw representation. - * Fix issue that caused a hang up when generating RSA keys of odd bitlength + * Fix issue that caused a hang when generating RSA keys of odd bitlength Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, diff --git a/library/rsa.c b/library/rsa.c index 19abc7f82..9fc80cdc6 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -117,11 +117,15 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, f_rng, p_rng ) ); if( nbits % 2 ) + { MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits >> 1 ) + 1, 0, f_rng, p_rng ) ); + } else + { MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, f_rng, p_rng ) ); + } if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) continue; diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index c43d6ae51..d522332a2 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -345,7 +345,7 @@ mbedtls_rsa_public:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d0419 RSA Public (Data larger than N) mbedtls_rsa_public:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_PUBLIC_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA -RSA Generate Key +RSA Generate Key - 128bit key mbedtls_rsa_gen_key:128:3:0 RSA Generate Key (Number of bits too small) @@ -354,9 +354,15 @@ mbedtls_rsa_gen_key:127:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Generate Key (Exponent too small) mbedtls_rsa_gen_key:128:2:MBEDTLS_ERR_RSA_BAD_INPUT_DATA -RSA Generate Key +RSA Generate Key - 1024 bit key mbedtls_rsa_gen_key:1024:3:0 +RSA Generate Key - 2048 bit key +mbedtls_rsa_gen_key:2048:3:0 + +RSA Generate Key - 1025 bit key +mbedtls_rsa_gen_key:1025:3:0 + RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_encrypt_bad_rng:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_RNG_FAILED From 2e23c8275367d57b0729724e124dc4cade2f6fd3 Mon Sep 17 00:00:00 2001 From: SimonB Date: Sat, 16 Apr 2016 21:54:39 +0100 Subject: [PATCH 4/7] Adds check to avoid overwriting files Adds check to avoid accidental overwriting of config.h or the yotta module, as well as a force option to override any changes. --- tests/scripts/all.sh | 87 ++++++++++++++++++++++++++++++++------------ 1 file changed, 64 insertions(+), 23 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1cc82562c..5ecf868b3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2,20 +2,24 @@ # all.sh # +# This file is part of mbed TLS (https://tls.mbed.org) +# # Copyright (c) 2014-2016, ARM Limited, All Rights Reserved # # Purpose # -# Run all available tests (mostly). +# To run all tests possible or available on the platform. # -# Warning: includes various build modes, so it will mess with the current -# CMake configuration. After this script is run, the CMake cache is lost and -# CMake is not initialised any more! +# Warning: the test is destructive. It includes various build modes and +# configurations, and can and will arbitrarily change the current CMake +# configuration. After this script has been run, the CMake cache will be lost +# and CMake will no longer be initialised. # -# Assumes gcc and clang (recent enough for using ASan with gcc and MemSan with -# clang, or valgrind) are available, as well as cmake and a "good" find. +# The script assumes the presence of gcc and clang (recent enough for using +# ASan with gcc and MemSan with clang, or valgrind) are available, as well as +# cmake and a "good" find. -# Abort on errors (and uninitiliased variables) +# Abort on errors (and uninitialised variables) set -eu if [ -d library -a -d include -a -d tests ]; then :; else @@ -28,23 +32,16 @@ CONFIG_BAK="$CONFIG_H.bak" MEMORY=0 SHORT=0 +FORCE=0 -while [ $# -gt 0 ]; do - case "$1" in - -m*) - MEMORY=${1#-m} - ;; - -s) - SHORT=1 - ;; - *) - echo "Unknown argument: '$1'" >&2 - echo "Use the source, Luke!" >&2 - exit 1 - ;; - esac - shift -done +usage() +{ + echo "Usage: $0" + echo -e " -h|--help\t\tPrint this help." + echo -e " -m|--memory\t\tAdditional optional memory tests." + echo -e " -s|--short\t\tSubset of tests." + echo -e " -f|--force\t\tForce the tests to overwrite any modified files." +} # remove built files as well as the cmake cache/config cleanup() @@ -72,6 +69,50 @@ msg() echo "******************************************************************" } +while [ $# -gt 0 ]; do + case "$1" in + --memory|-m*) + MEMORY=${1#-m} + ;; + --short|-s) + SHORT=1 + ;; + --force|-f) + FORCE=1 + ;; + --help|-h|*) + usage() + exit 1 + ;; + esac + shift +done + +if [ $FORCE -eq 1 ]; then + rm -rf yotta/module + git checkout-index -f -q $CONFIG_H + cleanup +else + + if [ -d yotta/module ]; then + echo "Warning - there is an existing yotta module in the directory 'yotta/module'" >&2 + echo "You can either delete your work and retry, or force the test to overwrite the" + echo "test by rerunning the script as: $0 --force" + exit 1 + fi + + if ! git diff-files --quiet include/mbedtls/config.h; then + echo $? + echo "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " >&2 + echo "You can either delete or preserve your work, or force the test by rerunning the" + echo "script as: $0 --force" + exit 1 + fi +fi + +# +# Test Suites to be executed +# # The test ordering tries to optimize for the following criteria: # 1. Catch possible problems early, by running first tests that run quickly # and/or are more likely to fail than others (eg I use Clang most of the From 098a3b5025c4755e6b97a83c9af7a86bc8c6f2e1 Mon Sep 17 00:00:00 2001 From: SimonB Date: Sat, 16 Apr 2016 21:56:59 +0100 Subject: [PATCH 5/7] Makes basic-build-test.sh test the full config Previously the test worked on the default configuration which missed deprecated or legacy features. This change tests the full configuration and all available tests. --- tests/scripts/basic-build-test.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index ffca6f94f..d13a8e4ed 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -37,7 +37,9 @@ fi # Step 1 - Make and instrumented build for code coverage export CFLAGS=' --coverage -g3 -O0 ' -make clean; make +make clean +scripts/config.pl full +make # Step 2 - Execute the tests From 8ca7bc42d028c8410ee67012f66ac1a04c220416 Mon Sep 17 00:00:00 2001 From: SimonB Date: Sun, 17 Apr 2016 23:24:50 +0100 Subject: [PATCH 6/7] Adds verbose mode to the test suites Added a verbose option to the generated test suites which can list the dependencies not met for skipped test cases. Also clarifies internal interfaces between the main_test.function and test code, and fixed a bug on calculating available tests in run-test-suites.pl. --- tests/scripts/generate_code.pl | 20 +++--- tests/scripts/run-test-suites.pl | 5 +- tests/suites/helpers.function | 19 ++++- tests/suites/main_test.function | 120 +++++++++++++++++++++++++------ 4 files changed, 131 insertions(+), 33 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 5c623f8a7..5892f7ba3 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -2,6 +2,8 @@ # generate_code.pl # +# This file is part of mbed TLS (https://tls.mbed.org) +# # Copyright (c) 2009-2016, ARM Limited, All Rights Reserved # # Purpose @@ -202,7 +204,7 @@ while($test_cases =~ /\/\* BEGIN_CASE *([\w:]*) \*\/\n(.*?)\n\/\* END_CASE \*\// if( substr($def, 0, 4) eq "int " ) { $param_defs .= " int param$i;\n"; - $param_checks .= " if( verify_int( params[$i], ¶m$i ) != 0 ) return( 2 );\n"; + $param_checks .= " if( verify_int( params[$i], ¶m$i ) != 0 ) return( DISPATCH_INVALID_TEST_DATA );\n"; push @dispatch_params, "param$i"; $mapping_regex .= ":([\\d\\w |\\+\\-\\(\\)]+)"; @@ -211,7 +213,7 @@ while($test_cases =~ /\/\* BEGIN_CASE *([\w:]*) \*\/\n(.*?)\n\/\* END_CASE \*\// elsif( substr($def, 0, 6) eq "char *" ) { $param_defs .= " char *param$i = params[$i];\n"; - $param_checks .= " if( verify_string( ¶m$i ) != 0 ) return( 2 );\n"; + $param_checks .= " if( verify_string( ¶m$i ) != 0 ) return( DISPATCH_INVALID_TEST_DATA );\n"; push @dispatch_params, "param$i"; $mapping_regex .= ":[^:\n]+"; } @@ -248,14 +250,14 @@ $param_defs if( cnt != $param_count ) { mbedtls_fprintf( stderr, "\\nIncorrect argument count (%d != %d)\\n", cnt, $param_count ); - return( 2 ); + return( DISPATCH_INVALID_TEST_DATA ); } $param_checks test_suite_$function_name( $call_params ); - return ( 0 ); + return ( DISPATCH_TEST_SUCCESS ); $function_post_code - return ( 3 ); + return ( DISPATCH_UNSUPPORTED_SUITE ); } else END @@ -283,9 +285,9 @@ while( my ($key, $value) = each(%case_deps) ) if( strcmp( str, "$key" ) == 0 ) { #if defined($key) - return( 0 ); + return( DEPENDENCY_SUPPORTED ); #else - return( 1 ); + return( DEPENDENCY_NOT_SUPPORTED ); #endif } END @@ -298,7 +300,7 @@ while( my ($key, $value) = each(%mapping_values) ) if( strcmp( str, "$key" ) == 0 ) { *value = ( $key ); - return( 0 ); + return( KEY_VALUE_MAPPING_FOUND ); } END @@ -315,7 +317,7 @@ END $dispatch_code =~ s/^(.+)/ $1/mg; -$test_main =~ s/TEST_FILENAME/$test_case_data/; +$test_main =~ s/TEST_FILENAME/$test_case_data/g; $test_main =~ s/FUNCTION_CODE//; $test_main =~ s/DEP_CHECK_CODE/$dep_check_code/; $test_main =~ s/DISPATCH_FUNCTION/$dispatch_code/; diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index fb77e1571..58f827c14 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -2,6 +2,8 @@ # run-test-suites.pl # +# This file is part of mbed TLS (https://tls.mbed.org) +# # Copyright (c) 2015-2016, ARM Limited, All Rights Reserved # # Purpose @@ -66,7 +68,8 @@ for my $suite (@suites) print "(test cases passed:", $suite_cases_passed, " failed:", $suite_cases_failed, " skipped:", $suite_cases_skipped, - " of total:", ( $suite_cases_passed + $suite_cases_failed ), + " of total:", ($suite_cases_passed + $suite_cases_failed + + $suite_cases_skipped), ")\n" } diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index c18eed895..2eff043fd 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -32,9 +32,18 @@ typedef UINT32 uint32_t; /*----------------------------------------------------------------------------*/ -/* Global variables */ +/* Constants */ -static int test_errors = 0; +#define DEPENDENCY_SUPPORTED 0 +#define DEPENDENCY_NOT_SUPPORTED 1 + +#define KEY_VALUE_MAPPING_FOUND 0 +#define KEY_VALUE_MAPPING_NOT_FOUND -1 + +#define DISPATCH_TEST_SUCCESS 0 +#define DISPATCH_TEST_FN_NOT_FOUND 1 +#define DISPATCH_INVALID_TEST_DATA 2 +#define DISPATCH_UNSUPPORTED_SUITE 3 /*----------------------------------------------------------------------------*/ @@ -80,6 +89,12 @@ static int test_errors = 0; #endif +/*----------------------------------------------------------------------------*/ +/* Global variables */ + +static int test_errors = 0; + + /*----------------------------------------------------------------------------*/ /* Helper Functions */ diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 7ec69b45d..525df5b24 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -60,7 +60,7 @@ int verify_int( char *str, int *value ) MAPPING_CODE mbedtls_printf( "Expected integer for parameter and got: %s\n", str ); - return( -1 ); + return( KEY_VALUE_MAPPING_NOT_FOUND ); } @@ -81,7 +81,7 @@ int dep_check( char *str ) DEP_CHECK_CODE - return( 1 ); + return( DEPENDENCY_NOT_SUPPORTED ); } int dispatch_test(int cnt, char *params[50]) @@ -91,14 +91,18 @@ int dispatch_test(int cnt, char *params[50]) ((void) params); #if defined(TEST_SUITE_ACTIVE) + ret = DISPATCH_TEST_SUCCESS; + DISPATCH_FUNCTION { - mbedtls_fprintf( stdout, "FAILED\nSkipping unknown test function '%s'\n", params[0] ); + mbedtls_fprintf( stdout, + "FAILED\nSkipping unknown test function '%s'\n", + params[0] ); fflush( stdout ); - return( 1 ); + ret = DISPATCH_TEST_FN_NOT_FOUND; } #else - return( 3 ); + ret = DISPATCH_UNSUPPORTED_SUITE; #endif return( ret ); } @@ -107,6 +111,19 @@ DISPATCH_FUNCTION /*----------------------------------------------------------------------------*/ /* Main Test code */ +#define USAGE \ + "Usage: %s [OPTIONS] files...\n\n" \ + " Command line arguments:\n" \ + " files... One or more test data file. If no file is specified\n" \ + " the followimg default test case is used:\n" \ + " %s\n\n" \ + " Options:\n" \ + " -v | --verbose Display full information about each test\n" \ + " -h | --help Display this information\n\n", \ + argv[0], \ + "TEST_FILENAME" + + int get_line( FILE *f, char *buf, size_t len ) { char *ret; @@ -216,11 +233,18 @@ static int run_test_snprintf( void ) int main(int argc, const char *argv[]) { - int testfile_index, testfile_count, ret, i, cnt; - int total_errors = 0, total_tests = 0, total_skipped = 0; + /* Local Configurations and options */ const char *default_filename = "TEST_FILENAME"; const char *test_filename = NULL; const char **test_files = NULL; + int testfile_count = 0; + int option_verbose = 0; + + /* Other Local variables */ + int arg_index = 1; + const char *next_arg; + int testfile_index, ret, i, cnt; + int total_errors = 0, total_tests = 0, total_skipped = 0; FILE *file; char buf[5000]; char *params[50]; @@ -253,17 +277,41 @@ int main(int argc, const char *argv[]) return( 0 ); } - if ( argc <= 1 ) + while( arg_index < argc) + { + next_arg = argv[ arg_index ]; + + if( strcmp(next_arg, "--verbose" ) == 0 || + strcmp(next_arg, "-v" ) == 0 ) + { + option_verbose = 1; + } + else if( strcmp(next_arg, "--help" ) == 0 || + strcmp(next_arg, "-h" ) == 0 ) + { + mbedtls_fprintf( stdout, USAGE ); + mbedtls_exit( EXIT_SUCCESS ); + } + else + { + /* Not an option, therefore treat all further arguments as the file + * list. + */ + test_files = &argv[ arg_index ]; + testfile_count = argc - arg_index; + } + + arg_index++; + } + + /* If no files were specified, assume a default */ + if ( test_files == NULL || testfile_count == 0 ) { test_files = &default_filename; testfile_count = 1; } - else - { - test_files = &argv[1]; - testfile_count = argc - 1; - } + /* Now begin to execute the tests in the testfiles */ for ( testfile_index = 0; testfile_index < testfile_count; testfile_index++ ) @@ -280,7 +328,8 @@ int main(int argc, const char *argv[]) while( !feof( file ) ) { - int skip = 0; + int unmet_dep_count = 0; + char *unmet_dependencies[20]; if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) break; @@ -300,32 +349,61 @@ int main(int argc, const char *argv[]) if( strcmp( params[0], "depends_on" ) == 0 ) { for( i = 1; i < cnt; i++ ) - if( dep_check( params[i] ) != 0 ) - skip = 1; + { + if( dep_check( params[i] ) != DEPENDENCY_SUPPORTED ) + { + unmet_dependencies[ i-1 ] = strdup(params[i]); + if( unmet_dependencies[ i-1 ] == NULL ) + { + mbedtls_printf("FATAL: Out of memory\n"); + mbedtls_exit( MBEDTLS_PLATFORM_STD_EXIT_FAILURE ); + } + unmet_dep_count++; + } + } if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) break; cnt = parse_arguments( buf, strlen(buf), params ); } - - if( skip == 0 ) + + // If there are no unmet dependencies execute the test + if( unmet_dep_count == 0 ) { test_errors = 0; ret = dispatch_test( cnt, params ); } - if( skip == 1 || ret == 3 ) + if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE ) { total_skipped++; mbedtls_fprintf( stdout, "----\n" ); + + if( 1 == option_verbose && ret == DISPATCH_UNSUPPORTED_SUITE ) + { + mbedtls_fprintf( stdout, " Test Suite not enabled" ); + } + + if( 1 == option_verbose && unmet_dep_count > 0 ) + { + mbedtls_fprintf( stdout, " Unmet dependencies: " ); + while( unmet_dep_count > 0) + { + mbedtls_fprintf(stdout, "%s ", + unmet_dependencies[unmet_dep_count - 1]); + free(unmet_dependencies[unmet_dep_count - 1]); + unmet_dep_count--; + } + mbedtls_fprintf( stdout, "\n" ); + } fflush( stdout ); } - else if( ret == 0 && test_errors == 0 ) + else if( ret == DISPATCH_TEST_SUCCESS && test_errors == 0 ) { mbedtls_fprintf( stdout, "PASS\n" ); fflush( stdout ); } - else if( ret == 2 ) + else if( ret == DISPATCH_INVALID_TEST_DATA ) { mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" ); fclose(file); From 1ed9f99ef34493f6a7f3a11e813c4a223d1b26b7 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 18 Mar 2016 11:45:44 +0000 Subject: [PATCH 7/7] Fix null pointer dereference in the RSA module. Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt --- ChangeLog | 2 ++ library/rsa.c | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 1dba929dd..ea55df8e1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,8 @@ Bugfix * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the buffer after DER certificates to be included in the raw representation. * Fix issue that caused a hang when generating RSA keys of odd bitlength + * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer + dereference possible. Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, diff --git a/library/rsa.c b/library/rsa.c index 9fc80cdc6..18fc70212 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -596,7 +596,8 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - if( f_rng == NULL ) + // We don't check p_rng because it won't be dereferenced here + if( f_rng == NULL || input == NULL || output == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); olen = ctx->len;