Commit graph

9066 commits

Author SHA1 Message Date
Gilles Peskine 77b1f3051a all.sh: reorganize testing around deprecated features
build_deprecated combined the testing of deprecated features, and
testing of the build without deprecated features. Also, it violated the
component naming convention by being called build_xxx but running tests.

Replace it by:
* test_default_no_deprecated: check that you can remove deprecated
  features from the default build.
* test_full_deprecated_warning: check that enabling DEPRECATED_WARNING
  doesn't cause any warning from our own code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 18:24:08 +02:00
Gilles Peskine 1e8cafcd3d Exclude DEPRECATED_WARNING in config full
In the full config, don't set MBEDTLS_DEPRECATED_WARNING. This is debatable:
the full config does not enable deprecated features in this branch, so
MBEDTLS_DEPRECATED_WARNING is compatible with the other features.
Exclude it to keep LTS branches closer to development.

In any case, baremetal and full should have the same settings regarding
deprecated features, so don't do anything about DEPRECATED_xxx in baremetal.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 09:04:40 +02:00
Gilles Peskine 313bb50db3 Strict C99: check it in the full config
Ensure that there is a build with -pedantic in the full config, not
just in "exotic" configurations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-28 15:02:51 +02:00
Gilles Peskine d135bbd7a1 Strict C99: don't use extremely large string literals
Don't use string literals that are longer than 4095 bytes, which is
the minimum that C99 compilers are required to support. Compilers are
extremely likely to support longer literals, but `gcc -std=c99 -pedantic`
complains.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-28 15:02:50 +02:00
Gilles Peskine 5ac979309b Strict C99: make sure that fileno() is declared
<stdio.h> only declares the non-ISO-C function fileno() if an
appropriate POSIX symbol is defined or if using a compiler such as GCC
in non-pedantic mode. Define the appropriate POSIX symbol.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-28 15:02:50 +02:00
Gilles Peskine 971e5e9f98 Strict C99: don't use a signed* when an unsigned* is expected
It works in practice on almost every platform, given that we're only
using the wrong type in cases where the value is guaranteed to stay
within the value bits of a signed int. But even in this case it may or
may not be strictly conforming. Anyway `gcc -std=c99 -pedantic`
rejects it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-28 15:02:50 +02:00
Gilles Peskine 1e557b7f17 Fix build failure with MBEDTLS_PLATFORM_NV_SEED_ALT
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-28 15:02:50 +02:00
Gilles Peskine df4f7c1274 Document and fix the MBEDTLS_xxx_ALT logic for the full config
The intended logic around MBEDTLS_xxx_ALT is to exclude them from full
because they require the alternative implementation of one or more
library functions, except that MBEDTLS_PLATFORM_xxx_ALT are different:
they're alternative implementations of a platform function and they
have a built-in default, so they should be included in full. Document
this.

Fix a bug whereby MBEDTLS_PLATFORM_xxx_ALT didn't catch symbols where
xxx contains an underscore. As a consequence,
MBEDTLS_PLATFORM_GMTIME_R_ALT and MBEDTLS_PLATFORM_NV_SEED_ALT are now
enabled in the full config. Explicitly exclude
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT because it behaves like the
non-platform ones, requiring an extra build-time dependency.
Explicitly exclude MBEDTLS_PLATFORM_NV_SEED_ALT from baremetal
because it requires MBEDTLS_ENTROPY_NV_SEED, and likewise explicitly
unset it from builds that unset MBEDTLS_ENTROPY_NV_SEED.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-28 15:02:50 +02:00
Gilles Peskine d6189e115d Sort lists for easier maintenance
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-28 11:50:06 +02:00
Gilles Peskine 108ebf2b26 Explain the rationale for inclusion in "full" and "baremetal"
Remove the duplicated, and often out-of-date, list in the comments.
Instead explain in a comment, and have a single copy of the list which
is in the code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-28 11:50:06 +02:00
Gilles Peskine df5614ef1d Enable X509_ALLOW_EXTENSIONS_NON_V3 in config full
Enable MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 in the full config. There's
no reason to keep it out. We weren't testing it at all on the CI.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-28 10:23:59 +02:00
Gilles Peskine 989d05ffd8 Remove obsolete options from config.pl
These options haven't existed for a long time.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-28 10:23:59 +02:00
Gilles Peskine ff873432d4
Merge pull request #3207 from mpg/check-bounds-of-test-intex-in-suites-2.16
[Backport 2.16] Add lower bound check to function index lookup
2020-04-20 15:19:47 +02:00
Gilles Peskine 15316fdb94
Merge pull request #3169 from gilles-peskine-arm/check-windows-files-2.16
Backport 2.16: Check Windows files for sanity as well
2020-04-20 13:59:18 +02:00
Gilles Peskine edf0076a00
Merge pull request #3198 from mpg/fix-overflow-benchmark-2.16
[backport 2.16] Fix arithmetic overflow in benchmark
2020-04-20 12:02:51 +02:00
k-stachowiak 531b00bb39 Make negative function_id value impossible in test suites
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-20 10:04:25 +02:00
Gilles Peskine 12c299caea
Merge pull request #3184 from gilles-peskine-arm/pylint-up-to-2.4-2.16
Backport 2.16: Pass Pylint up to 2.4
2020-04-20 09:47:46 +02:00
Jaeden Amero da1d437389
Merge pull request #3197 from piotr-now/max_pathlen_overflow_mbedtls-2.16
Backport 2.16: Guard from undefined behaviour in case of an INT_MAX max_pathlen
2020-04-17 14:24:49 +01:00
Andrzej Kurek acf7f2ce93 Guard from undefined behaviour in case of an INT_MAX max_pathlen
When parsing a certificate with the basic constraints extension
the max_pathlen that was read from it was incremented regardless
of its value. However, if the max_pathlen is equal to INT_MAX (which
is highly unlikely), an undefined behaviour would occur.
This commit adds a check to ensure that such value is not accepted
as valid. Relevant tests for INT_MAX and INT_MAX-1 are also introduced.
Certificates added in this commit were generated using the
test_suite_x509write, function test_x509_crt_check. Input data taken
from the "Certificate write check Server1 SHA1" test case, so the generated
files are like the "server1.crt", but with the "is_ca" field set to 1 and
max_pathlen as described by the file name.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-17 11:29:20 +02:00
Manuel Pégourié-Gonnard e675a8d9bb Get rid of a magic value in benchmark.c
Also update its value while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-17 11:16:09 +02:00
Manuel Pégourié-Gonnard 01955792b3 Fix integer overflow in benchmark program
When building with MBEDTLS_MEMORY_DEBUG enabled, and running the ecdh part,
the benchmark program would start writing a very large number of space
characters on stdout, and would have to be killed because it never seemed to
terminate.

This was due to an integer overflow in computing how many space to leave after
the title in order to get memory measurements aligned, which resulted in up
to SIZE_MAX spaces being printed.

This commit just fixes the overflow, the next commit is going to fix the magic
number (12).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-17 11:14:30 +02:00
Gilles Peskine a8bc32872a
Merge pull request #3164 from ronald-cron-arm/unmet-dependencies-buffer-overflow-fix-2.16
[backport 2.16] Unmet dependencies buffer overflow fix
2020-04-17 10:08:24 +02:00
Gilles Peskine 11b0269696 Pylint: silence locally-disabled/enabled messages
If we disable or enable a message locally, it's by design. There's no
need to clutter the Pylint output with this information.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 20:51:12 +02:00
Gilles Peskine 867ab917db Pylint: allow using pass even when not strictly necessary
If we take the trouble of using pass, it's because we think the code
is clearer that way. For example, Pylint 2.4 rejects pass in

    def foo():
        """Do nothing."""
        pass

But relying on a docstring as the sole code is weird, hence the use of
pass.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 20:51:12 +02:00
Gilles Peskine 399b82f986 Pylint: minor code simplifications
Simplify the code in minor ways. Each of this changes fixes a warning
from Pylint 2.4 that doesn't appear with Pylint 1.7.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 20:51:08 +02:00
Gilles Peskine 5d1dfd4108 Pylint: abide by useless-object-inheritance warnings
Inheriting from object is a remainder of Python 2 habits and is just
clutter in Python 3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 20:50:51 +02:00
Gilles Peskine a1bb3f86e9 mbedtls_test.py: drop compatibility with Python 2
Python 2 is no longer supported upstream. Actively drop compatibility
with Python 2.

Removing the inheritance of a class on object pacifies recent versions
of Pylint (useless-object-inheritance).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 20:50:51 +02:00
Gilles Peskine af67f8db77 Document more methods in Python scripts
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 20:50:49 +02:00
Gilles Peskine ea16e3dd7f Pylint: disable logging-format-interpolation warning
Pylint warns about things like ``log.info('...'.format(...))``.
It insists on ``log.info('...', ...)``.
This is of minor utility (mainly a performance gain when there are
many messages that use formatting and are below the log level).
Some versions of Pylint (including 1.8, which is the version on
Ubuntu 18.04) only recognize old-style format strings using '%',
and complain about something like ``log.info('{}', foo)`` with
logging-too-many-args (Pylint supports new-style formatting if
declared globally with logging_format_style under [LOGGING] but
this requires Pylint >=2.2).

Disable this warning to remain compatible with Pylint 1.8 and not have
to change abi_check.py to use %-formats instead of {}-formats when
logging.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 20:50:07 +02:00
Gilles Peskine 926f696a73 Pylint: allow if-return-else-return
Allow the perfectly reasonable idiom
    if condition1:
        return value1
    else:
        return value2

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 20:50:01 +02:00
Gilles Peskine 8c3ad4bfcb Make check_python_files non-optional in all.sh
check_python_files was optional in all.sh because we used to have CI
machines where pylint wasn't available. But this had the downside that
check_python_files kept breaking because it wasn't checked in the CI.
Now our CI has pylint and check_python_files should not be optional.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 20:38:21 +02:00
Gilles Peskine c373000307 Make sure to use a Python 3 pylint
On some systems, such as Ubuntu up to 19.04, `pylint` is for Python 2
and `pylint3` is for Python 3, so we should not use `pylint` even if
it's available.

Use the Python module instead of the trivial shell wrapper. This way
we can make sure to use the correct Python version.

Fix #3111

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 20:38:21 +02:00
Janos Follath 2a1d9332d5
Merge pull request #682 from ARMmbed/prepare-rc-2.16.6-updated
Prepare rc 2.16.6 updated
2020-04-09 14:12:23 +01:00
Manuel Pégourié-Gonnard dab3fd64ab Merge branch 'mbedtls-2.16-restricted' into prepare-rc-2.16.6-updated
* mbedtls-2.16-restricted:
  Parse HelloVerifyRequest buffer overread: add changelog entry
  Parse HelloVerifyRequest: avoid buffer overread at the start
  Parse HelloVerifyRequest: avoid buffer overread on the cookie
2020-04-09 12:27:20 +02:00
Manuel Pégourié-Gonnard ef98d49997 Merge remote-tracking branch 'restricted/pr/670' into mbedtls-2.16-restricted
* restricted/pr/670:
  Parse HelloVerifyRequest buffer overread: add changelog entry
  Parse HelloVerifyRequest: avoid buffer overread at the start
  Parse HelloVerifyRequest: avoid buffer overread on the cookie
2020-04-09 11:56:09 +02:00
Janos Follath 85ce08d0ca Add missing ChangeLog entry
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-04-09 09:37:12 +01:00
Janos Follath c04703c58c Bump version to Mbed TLS 2.16.6
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-04-08 17:17:27 +01:00
Janos Follath 816305b8f5 Merge branch 'mbedtls-2.16-restricted' into mbedtls-2.16.6r0
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-04-08 15:12:15 +01:00
Gilles Peskine 84751ec1d4
Merge pull request #3157 from mpg/improve-make-tags-2.16
[backport 2.16] Improve ctags invocation in Makefile
2020-04-06 17:48:48 +02:00
Gilles Peskine ce56956f59 Systematically use Windows line endings in Windows files
Don't mix Windows and Unix line endings, it's the worst of both worlds.

Update the Visual Studio templates and regenerate the generated files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:32:30 +02:00
Gilles Peskine fea21d4c3d Fix a stray CR inside a line
Use CRLF consistently instead of cobbling a \r here and a \n there.

The generated files don't change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:29:44 +02:00
Gilles Peskine 368ccd416b In Windows files, detect CR without LF as well as LF without CR
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:28:53 +02:00
Gilles Peskine 0d5b016709 Check that Windows files have Windows line endings
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:28:52 +02:00
Gilles Peskine cecc726b91 Also check Windows files
Check Windows files for some issues, including permissions. Omit the
checks related to special characters (whitespace, line endings,
encoding) as appropriate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:28:50 +02:00
Gilles Peskine 1978b68a2f Sort the list for easier maintenance
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:28:45 +02:00
Gilles Peskine eb9929e6e1 List each item on a separate line for easier maintenance
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:27:14 +02:00
Janos Follath 3a1b209f9e
Merge pull request #676 from ARMmbed/ecc-projective-2.16-restricted
[backport 2.16] Fix leakage of projective coordinates in ECC
2020-04-06 15:23:38 +01:00
Gilles Peskine d69f51b216 Clarify confusion between file names and suffixes of file names
To test a file name exactly, prepend a / to the base name.

files_to_check actually checks suffixes, not file names, so rename it
to extensions_to_check.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:20:09 +02:00
Ronald Cron b19ad118dd unit tests: Indicate missing unmet dependencies
The identifiers of the unmet dependencies of a test case are
stored in a buffer of fixed size that can be potentially too
small to store all the unmet dependencies. Indicate in test
reports if some unmet dependencies are missing.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 11:58:27 +02:00
Ronald Cron 69cc630750 unit tests: Fix potential buffer overflow
Fix potential buffer overflow when tracking the unmet dependencies
of a test case. The identifiers of unmet dependencies are stored
in an array of fixed size. Ensure that we don't overrun the array.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 11:58:27 +02:00