From 06d5a3226bc9e0127dff69ec80f30053612277e4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 13 Jul 2021 17:12:53 +0200 Subject: [PATCH 1/3] Remove obsolete MBEDTLS_xxx dependencies This file had temporary MBEDTLS_xxx dependencies because it was created when support for PSA_WANT_xxx was still incomplete. Switch to the PSA_WANT_xxx dependencies This fixes the bug that "PSA storage read: AES-GCM+CTR" was never executed because there was a typo in a dependency. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto_storage_format.misc.data | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_storage_format.misc.data b/tests/suites/test_suite_psa_crypto_storage_format.misc.data index 114c402a2..48e3804b4 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.misc.data +++ b/tests/suites/test_suite_psa_crypto_storage_format.misc.data @@ -3,11 +3,9 @@ # debugging changes to the test code or to the test case generation. PSA storage read: AES-GCM+CTR -#depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_CTR -depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_CTR_C +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_CTR key_storage_read:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:PSA_ALG_CTR:"404142434445464748494a4b4c4d4e4f":"505341004b45590000000000010000000024800001010000000250050010c00410000000404142434445464748494a4b4c4d4e4f":1 PSA storage save: AES-GCM+CTR -#depends_on:PSA_WANT_KEY_TYPE_AES -depends_on:MBEDTLS_AES_C +depends_on:PSA_WANT_KEY_TYPE_AES key_storage_save:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:PSA_ALG_CTR:"404142434445464748494a4b4c4d4e4f":"505341004b45590000000000010000000024800001010000000250050010c00410000000404142434445464748494a4b4c4d4e4f" From cdd80c4cf9ce727eb0b7941336a88de18efd026c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 13 Jul 2021 18:14:25 +0200 Subject: [PATCH 2/3] Use python3 when building on non-Windows for Windows The makefiles look for python3 on Unix-like systems where python is often Python 2. This uses sh code so it doesn't work on Windows. On Windows, the makefiles just assume that python is Python 3. The code was incorrectly deciding not to try python3 based on WINDOWS_BUILD, which indicates that the build is *for* Windows. Switch to checking WINDOWS, which indicates that the build is *on* Windows. Fix #4774 Signed-off-by: Gilles Peskine --- ChangeLog.d/makefile-python-windows.txt | 4 ++++ tests/Makefile | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/makefile-python-windows.txt diff --git a/ChangeLog.d/makefile-python-windows.txt b/ChangeLog.d/makefile-python-windows.txt new file mode 100644 index 000000000..57ccc1a39 --- /dev/null +++ b/ChangeLog.d/makefile-python-windows.txt @@ -0,0 +1,4 @@ +Bugfix + * The GNU makefiles invoke python3 in preference to python except on Windows. + The check was accidentally not performed when cross-compiling for Windows + on Linux. Fix this. Fixes #4774. diff --git a/tests/Makefile b/tests/Makefile index 59ed45a66..6be6f330f 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -49,11 +49,15 @@ LOCAL_LDFLAGS += -lws2_32 ifdef SHARED SHARED_SUFFIX=.$(DLEXT) endif -PYTHON ?= python else DLEXT ?= so EXEXT= SHARED_SUFFIX= +endif + +ifdef WINDOWS +PYTHON ?= python +else PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) endif From e7738c3abac5ce4c81645eaf6a9512c5deef3eef Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 13 Jul 2021 20:34:55 +0200 Subject: [PATCH 3/3] Fix typo in test dependencies Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5954004d4..58f94378d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8186,7 +8186,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SHA256_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C run_test "DTLS fragmenting: both (MTU=512)" \ @@ -8217,7 +8217,7 @@ not_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ @@ -8241,7 +8241,7 @@ only_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \ @@ -8293,7 +8293,7 @@ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ @@ -8342,7 +8342,7 @@ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ @@ -8378,7 +8378,7 @@ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ @@ -8407,7 +8407,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SHA256_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_CHACHAPOLY_C run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ @@ -8438,7 +8438,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SHA256_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C @@ -8470,7 +8470,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SHA256_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CCM_C @@ -8502,7 +8502,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SHA256_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CIPHER_MODE_CBC @@ -8535,7 +8535,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SHA256_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CIPHER_MODE_CBC @@ -8564,7 +8564,7 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C client_needs_more_time 2 @@ -8588,7 +8588,7 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C client_needs_more_time 2