Merge remote-tracking branch 'origin/pr/2834' into development
* origin/pr/2834:
ssl: Remove key exporter bug workaround
ssl: Disallow modification of hello.random by export
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index f500bf6..1bc470b 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -305,6 +305,14 @@
#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
+#endif
+
+#if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
+#endif
+
#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
#endif
diff --git a/scripts/config.pl b/scripts/config.pl
index 3942584..b4b0058 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -26,6 +26,8 @@
# MBEDTLS_ECP_DP_M221_ENABLED
# MBEDTLS_ECP_DP_M383_ENABLED
# MBEDTLS_ECP_DP_M511_ENABLED
+# MBEDTLS_MEMORY_BACKTRACE
+# MBEDTLS_MEMORY_BUFFER_ALLOC_C
# MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
# MBEDTLS_NO_PLATFORM_ENTROPY
# MBEDTLS_REMOVE_ARC4_CIPHERSUITES
@@ -37,6 +39,8 @@
# - this could be enabled if the respective tests were adapted
# MBEDTLS_ZLIB_SUPPORT
# MBEDTLS_PKCS11_C
+# MBEDTLS_NO_UDBL_DIVISION
+# MBEDTLS_NO_64BIT_MULTIPLICATION
# MBEDTLS_PSA_CRYPTO_SPM
# MBEDTLS_PSA_INJECT_ENTROPY
# MBEDTLS_ECP_RESTARTABLE
@@ -89,6 +93,9 @@
MBEDTLS_ECP_DP_M221_ENABLED
MBEDTLS_ECP_DP_M383_ENABLED
MBEDTLS_ECP_DP_M511_ENABLED
+MBEDTLS_MEMORY_DEBUG
+MBEDTLS_MEMORY_BACKTRACE
+MBEDTLS_MEMORY_BUFFER_ALLOC_C
MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
MBEDTLS_NO_PLATFORM_ENTROPY
MBEDTLS_RSA_NO_CRT
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index ef96e2d..c7bf428 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -660,6 +660,22 @@
if_build_succeeded tests/compat.sh
}
+component_test_full_cmake_gcc_asan () {
+ msg "build: full config, cmake, gcc, ASan"
+ scripts/config.pl full
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: main suites (inc. selftests) (full config, ASan build)"
+ make test
+
+ msg "test: ssl-opt.sh (full config, ASan build)"
+ if_build_succeeded tests/ssl-opt.sh
+
+ msg "test: compat.sh (full config, ASan build)"
+ if_build_succeeded tests/compat.sh
+}
+
component_test_ref_configs () {
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
@@ -789,7 +805,6 @@
component_test_full_cmake_clang () {
msg "build: cmake, full config, clang" # ~ 50s
scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On .
make
@@ -859,7 +874,6 @@
# full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan"
scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # slow and makes ASan mostly ineffective
scripts/config.pl set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C
scripts/config.pl unset MBEDTLS_USE_PSA_CRYPTO
@@ -892,7 +906,6 @@
scripts/config.pl full # includes CHECK_PARAMS
# Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed().
scripts/config.pl unset MBEDTLS_CHECK_PARAMS_ASSERT
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
# Only build and run tests. Do not build sample programs, because
# they don't have a mbedtls_param_failed() function.
make CC=gcc CFLAGS='-Werror -O1' lib test
@@ -902,7 +915,6 @@
msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C"
scripts/config.pl full # includes CHECK_PARAMS
# Keep MBEDTLS_PARAM_FAILED as assert.
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
@@ -917,7 +929,6 @@
component_test_check_params_silent () {
msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()"
scripts/config.pl full # includes CHECK_PARAMS
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
# Set MBEDTLS_PARAM_FAILED to nothing.
sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H"
make CC=gcc CFLAGS='-Werror -O1' all test
@@ -938,7 +949,6 @@
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
@@ -981,6 +991,34 @@
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib
}
+component_test_memory_buffer_allocator_backtrace () {
+ msg "build: default config with memory buffer allocator and backtrace enabled"
+ scripts/config.pl set MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ scripts/config.pl set MBEDTLS_PLATFORM_MEMORY
+ scripts/config.pl set MBEDTLS_MEMORY_BACKTRACE
+ scripts/config.pl set MBEDTLS_MEMORY_DEBUG
+ CC=gcc cmake .
+ make
+
+ msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE"
+ make test
+}
+
+component_test_memory_buffer_allocator () {
+ msg "build: default config with memory buffer allocator"
+ scripts/config.pl set MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ scripts/config.pl set MBEDTLS_PLATFORM_MEMORY
+ CC=gcc cmake .
+ make
+
+ msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C"
+ make test
+
+ msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C"
+ # MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out.
+ if_build_succeeded tests/ssl-opt.sh -e '^DTLS proxy'
+}
+
component_test_no_max_fragment_length () {
# Run max fragment length tests with MFL disabled
msg "build: default config except MFL extension (ASan build)" # ~ 30s
@@ -1090,7 +1128,6 @@
# Build once with -O0, to compile out the i386 specific inline assembly
msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # slow and makes ASan mostly ineffective
make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
msg "test: i386, make, gcc -O0 (ASan build)"
@@ -1107,7 +1144,6 @@
# Build again with -O1, to compile in the i386 specific inline assembly
msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s
scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # slow and makes ASan mostly ineffective
make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
msg "test: i386, make, gcc -O1 (ASan build)"
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index e15802f..7b369bb 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -39,25 +39,36 @@
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
const mbedtls_md_info_t *md_info;
mbedtls_x509_csr csr;
+ int ret = 0;
+
+ mbedtls_x509_csr_init( &csr );
if( mbedtls_x509_csr_parse( &csr, buf, buflen ) != 0 )
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ {
+ ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ goto cleanup;
+ }
md_info = mbedtls_md_info_from_type( csr.sig_md );
if( mbedtls_md( md_info, csr.cri.p, csr.cri.len, hash ) != 0 )
{
/* Note: this can't happen except after an internal error */
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ goto cleanup;
}
if( mbedtls_pk_verify_ext( csr.sig_pk, csr.sig_opts, &csr.pk,
csr.sig_md, hash, mbedtls_md_get_size( md_info ),
csr.sig.p, csr.sig.len ) != 0 )
{
- return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
+ ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;
+ goto cleanup;
}
- return( 0 );
+cleanup:
+
+ mbedtls_x509_csr_free( &csr );
+ return( ret );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */