Merge pull request #6983 from aditya-deshpande-arm/backport-check-files-characters
[Backport 2.28] check_files.py: Allow specific Box Drawings characters to be used
diff --git a/.uncrustify.cfg b/.uncrustify.cfg
index 7ce0905..92b8ce9 100644
--- a/.uncrustify.cfg
+++ b/.uncrustify.cfg
@@ -19,8 +19,6 @@
# limitations under the License.
-# Line length options
-
# Wrap lines at 100 characters
code_width = 100
diff --git a/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt b/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt
new file mode 100644
index 0000000..0a90721
--- /dev/null
+++ b/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix potential undefined behavior in mbedtls_mpi_sub_abs(). Reported by
+ Pascal Cuoq using TrustInSoft Analyzer in #6701; observed independently by
+ Aaron Ucko under Valgrind.
diff --git a/library/bignum.c b/library/bignum.c
index 5ec0541..699d2c6 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1280,7 +1280,7 @@
/* Set the high limbs of X to match A. Don't touch the lower limbs
* because X might be aliased to B, and we must not overwrite the
* significant digits of B. */
- if (A->n > n) {
+ if (A->n > n && A != X) {
memcpy(X->p + n, A->p + n, (A->n - n) * ciL);
}
if (X->n > A->n) {
diff --git a/library/ccm.c b/library/ccm.c
index 82c308a..2d2695e 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -478,7 +478,7 @@
mbedtls_ccm_init(&ctx);
if (mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, key_test_data,
- 8 * sizeof key_test_data) != 0) {
+ 8 * sizeof(key_test_data)) != 0) {
if (verbose != 0) {
mbedtls_printf(" CCM: setup failed");
}
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 8a9f79e2..6ce4f64 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -533,7 +533,7 @@
#if defined(ECP_LOAD_GROUP)
/*
* Create an MPI from embedded constants
- * (assumes len is an exact multiple of sizeof mbedtls_mpi_uint)
+ * (assumes len is an exact multiple of sizeof(mbedtls_mpi_uint))
*/
static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len)
{
@@ -1252,7 +1252,7 @@
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
M.p = Mp;
- memset(Mp, 0, sizeof Mp);
+ memset(Mp, 0, sizeof(Mp));
memcpy(Mp, N->p + P255_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint));
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 255 % (8 * sizeof(mbedtls_mpi_uint))));
M.n++; /* Make room for multiplication by 19 */
@@ -1386,7 +1386,7 @@
if (M.n > p_limbs + adjust) {
M.n = p_limbs + adjust;
}
- memset(Mp, 0, sizeof Mp);
+ memset(Mp, 0, sizeof(Mp));
memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
if (shift != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
@@ -1412,7 +1412,7 @@
if (M.n > p_limbs + adjust) {
M.n = p_limbs + adjust;
}
- memset(Mp, 0, sizeof Mp);
+ memset(Mp, 0, sizeof(Mp));
memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
if (shift != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
diff --git a/library/entropy.c b/library/entropy.c
index 1a4ac96..af78acc 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -706,7 +706,7 @@
goto cleanup;
}
- if ((ret = mbedtls_entropy_update_manual(&ctx, buf, sizeof buf)) != 0) {
+ if ((ret = mbedtls_entropy_update_manual(&ctx, buf, sizeof(buf))) != 0) {
goto cleanup;
}
diff --git a/library/ripemd160.c b/library/ripemd160.c
index f5dc5f5..a2e11cd 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -496,7 +496,7 @@
int i, ret = 0;
unsigned char output[20];
- memset(output, 0, sizeof output);
+ memset(output, 0, sizeof(output));
for (i = 0; i < TESTS; i++) {
if (verbose != 0) {
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 9ea96b0..aaeb515 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1645,10 +1645,10 @@
memset(&sb, 0, sizeof(sb));
while ((entry = readdir(dir)) != NULL) {
- snp_ret = mbedtls_snprintf(entry_name, sizeof entry_name,
+ snp_ret = mbedtls_snprintf(entry_name, sizeof(entry_name),
"%s/%s", path, entry->d_name);
- if (snp_ret < 0 || (size_t) snp_ret >= sizeof entry_name) {
+ if (snp_ret < 0 || (size_t) snp_ret >= sizeof(entry_name)) {
ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
goto cleanup;
} else if (stat(entry_name, &sb) == -1) {
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index da28c7d..a348eff 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -78,7 +78,7 @@
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
&entropy,
(const unsigned char *) pers,
- sizeof pers)) != 0) {
+ sizeof(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
ret);
goto exit;
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 8f9867a..e5d2d44 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -77,7 +77,7 @@
size_t len;
if (mbedtls_ecp_point_write_binary(&key->grp, &key->Q,
- MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf) != 0) {
+ MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof(buf)) != 0) {
mbedtls_printf("internal error\n");
return;
}
diff --git a/scripts/code_style.py b/scripts/code_style.py
index 3958e87..dd8305f 100755
--- a/scripts/code_style.py
+++ b/scripts/code_style.py
@@ -1,9 +1,7 @@
#!/usr/bin/env python3
"""Check or fix the code style by running Uncrustify.
-Note: The code style enforced by this script is not yet introduced to
-Mbed TLS. At present this script will only be used to prepare for a future
-change of code style.
+This script must be run from the root of a Git work tree containing Mbed TLS.
"""
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0
@@ -20,7 +18,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import argparse
-import io
import os
import re
import subprocess
@@ -31,12 +28,10 @@
CONFIG_FILE = ".uncrustify.cfg"
UNCRUSTIFY_EXE = "uncrustify"
UNCRUSTIFY_ARGS = ["-c", CONFIG_FILE]
-STDOUT_UTF8 = io.TextIOWrapper(sys.stdout.buffer, encoding='utf-8')
-STDERR_UTF8 = io.TextIOWrapper(sys.stderr.buffer, encoding='utf-8')
CHECK_GENERATED_FILES = "tests/scripts/check-generated-files.sh"
def print_err(*args):
- print("Error: ", *args, file=STDERR_UTF8)
+ print("Error: ", *args, file=sys.stderr)
# Match FILENAME(s) in "check SCRIPT (FILENAME...)"
CHECK_CALL_RE = re.compile(r"\n\s*check\s+[^\s#$&*?;|]+([^\n#$&*?;|]+)",
@@ -69,8 +64,8 @@
"tests/suites/*.function",
"scripts/data_files/*.fmt"]
- result = subprocess.run(git_ls_files_cmd, stdout=subprocess.PIPE, \
- stderr=STDERR_UTF8, check=False)
+ result = subprocess.run(git_ls_files_cmd, stdout=subprocess.PIPE,
+ check=False)
if result.returncode != 0:
print_err("git ls-files returned: " + str(result.returncode))
@@ -90,8 +85,9 @@
"""
Get the version string from Uncrustify
"""
- result = subprocess.run([UNCRUSTIFY_EXE, "--version"], \
- stdout=subprocess.PIPE, stderr=subprocess.PIPE, check=False)
+ result = subprocess.run([UNCRUSTIFY_EXE, "--version"],
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE,
+ check=False)
if result.returncode != 0:
print_err("Could not get Uncrustify version:", str(result.stderr, "utf-8"))
return ""
@@ -106,26 +102,25 @@
style_correct = True
for src_file in src_file_list:
uncrustify_cmd = [UNCRUSTIFY_EXE] + UNCRUSTIFY_ARGS + [src_file]
- result = subprocess.run(uncrustify_cmd, stdout=subprocess.PIPE, \
- stderr=subprocess.PIPE, check=False)
+ result = subprocess.run(uncrustify_cmd, stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE, check=False)
if result.returncode != 0:
- print_err("Uncrustify returned " + str(result.returncode) + \
- " correcting file " + src_file)
+ print_err("Uncrustify returned " + str(result.returncode) +
+ " correcting file " + src_file)
return False
# Uncrustify makes changes to the code and places the result in a new
# file with the extension ".uncrustify". To get the changes (if any)
# simply diff the 2 files.
diff_cmd = ["diff", "-u", src_file, src_file + ".uncrustify"]
- result = subprocess.run(diff_cmd, stdout=subprocess.PIPE, \
- stderr=STDERR_UTF8, check=False)
- if len(result.stdout) > 0:
- print(src_file + " - Incorrect code style.", file=STDOUT_UTF8)
- print("File changed - diff:", file=STDOUT_UTF8)
- print(str(result.stdout, "utf-8"), file=STDOUT_UTF8)
+ cp = subprocess.run(diff_cmd, check=False)
+
+ if cp.returncode == 1:
+ print(src_file + " changed - code style is incorrect.")
style_correct = False
- else:
- print(src_file + " - OK.", file=STDOUT_UTF8)
+ elif cp.returncode != 0:
+ raise subprocess.CalledProcessError(cp.returncode, cp.args,
+ cp.stdout, cp.stderr)
# Tidy up artifact
os.remove(src_file + ".uncrustify")
@@ -139,12 +134,11 @@
code_change_args = UNCRUSTIFY_ARGS + ["--no-backup"]
for src_file in src_file_list:
uncrustify_cmd = [UNCRUSTIFY_EXE] + code_change_args + [src_file]
- result = subprocess.run(uncrustify_cmd, check=False, \
- stdout=STDOUT_UTF8, stderr=STDERR_UTF8)
+ result = subprocess.run(uncrustify_cmd, check=False)
if result.returncode != 0:
- print_err("Uncrustify with file returned: " + \
- str(result.returncode) + " correcting file " + \
- src_file)
+ print_err("Uncrustify with file returned: " +
+ str(result.returncode) + " correcting file " +
+ src_file)
return False
return True
@@ -160,7 +154,7 @@
# Guard against future changes that cause the codebase to require
# more passes.
if not check_style_is_correct(src_file_list):
- print("Code style still incorrect after second run of Uncrustify.")
+ print_err("Code style still incorrect after second run of Uncrustify.")
return 1
else:
return 0
@@ -172,9 +166,9 @@
uncrustify_version = get_uncrustify_version().strip()
if UNCRUSTIFY_SUPPORTED_VERSION not in uncrustify_version:
print("Warning: Using unsupported Uncrustify version '" +
- uncrustify_version + "'", file=STDOUT_UTF8)
+ uncrustify_version + "'")
print("Note: The only supported version is " +
- UNCRUSTIFY_SUPPORTED_VERSION, file=STDOUT_UTF8)
+ UNCRUSTIFY_SUPPORTED_VERSION)
parser = argparse.ArgumentParser()
parser.add_argument('-f', '--fix', action='store_true',
@@ -203,6 +197,7 @@
else:
# Check mode
if check_style_is_correct(src_files):
+ print("Checked {} files, style ok.".format(len(src_files)))
return 0
else:
return 1
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index 29753ff..4c6ee6f 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -284,7 +284,7 @@
}
TEST_EQUAL(test_offset_idx, expected_idx);
- /* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT).
+ /* Call update with too much data (sizeof(entropy) > MAX(_SEED)_INPUT).
* Make sure it's detected as an error and doesn't cause memory
* corruption. */
TEST_ASSERT(mbedtls_ctr_drbg_update_ret(
diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function
index 452acf5..5e950a1 100644
--- a/tests/suites/test_suite_mdx.function
+++ b/tests/suites/test_suite_mdx.function
@@ -12,8 +12,8 @@
unsigned char src_str[100];
unsigned char output[16];
- memset(src_str, 0x00, sizeof src_str);
- memset(output, 0x00, sizeof output);
+ memset(src_str, 0x00, sizeof(src_str));
+ memset(output, 0x00, sizeof(output));
strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
@@ -21,7 +21,7 @@
TEST_ASSERT(ret == 0);
TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
- sizeof output, hash->len) == 0);
+ sizeof(output), hash->len) == 0);
}
/* END_CASE */
@@ -32,8 +32,8 @@
unsigned char src_str[100];
unsigned char output[16];
- memset(src_str, 0x00, sizeof src_str);
- memset(output, 0x00, sizeof output);
+ memset(src_str, 0x00, sizeof(src_str));
+ memset(output, 0x00, sizeof(output));
strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
@@ -41,7 +41,7 @@
TEST_ASSERT(ret == 0);
TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
- sizeof output, hash->len) == 0);
+ sizeof(output), hash->len) == 0);
}
/* END_CASE */
@@ -52,8 +52,8 @@
unsigned char src_str[100];
unsigned char output[16];
- memset(src_str, 0x00, sizeof src_str);
- memset(output, 0x00, sizeof output);
+ memset(src_str, 0x00, sizeof(src_str));
+ memset(output, 0x00, sizeof(output));
strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
@@ -61,7 +61,7 @@
TEST_ASSERT(ret == 0);
TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
- sizeof output, hash->len) == 0);
+ sizeof(output), hash->len) == 0);
}
/* END_CASE */
@@ -72,8 +72,8 @@
unsigned char src_str[100];
unsigned char output[20];
- memset(src_str, 0x00, sizeof src_str);
- memset(output, 0x00, sizeof output);
+ memset(src_str, 0x00, sizeof(src_str));
+ memset(output, 0x00, sizeof(output));
strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
@@ -81,7 +81,7 @@
TEST_ASSERT(ret == 0);
TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
- sizeof output, hash->len) == 0);
+ sizeof(output), hash->len) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 57e95f0..4f24a46 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -902,7 +902,7 @@
USE_PSA_INIT();
memset(hash, 0x2a, hash_len);
- memset(sig, 0, sizeof sig);
+ memset(sig, 0, sizeof(sig));
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
TEST_ASSERT(pk_genkey(&pk, parameter) == 0);
@@ -1095,8 +1095,8 @@
return;
}
- memset(hash, 0x2a, sizeof hash);
- memset(sig, 0, sizeof sig);
+ memset(hash, 0x2a, sizeof(hash));
+ memset(sig, 0, sizeof(sig));
mbedtls_pk_init(&pk);
@@ -1140,11 +1140,11 @@
mbedtls_rsa_init(&raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE);
mbedtls_pk_init(&rsa); mbedtls_pk_init(&alt);
- memset(hash, 0x2a, sizeof hash);
- memset(sig, 0, sizeof sig);
- memset(msg, 0x2a, sizeof msg);
- memset(ciph, 0, sizeof ciph);
- memset(test, 0, sizeof test);
+ memset(hash, 0x2a, sizeof(hash));
+ memset(sig, 0, sizeof(sig));
+ memset(msg, 0x2a, sizeof(msg));
+ memset(ciph, 0, sizeof(ciph));
+ memset(test, 0, sizeof(test));
/* Initialize PK RSA context with random key */
TEST_ASSERT(mbedtls_pk_setup(&rsa,
@@ -1172,29 +1172,29 @@
&sig_len, mbedtls_test_rnd_std_rand, NULL)
== MBEDTLS_ERR_PK_BAD_INPUT_DATA);
#endif /* SIZE_MAX > UINT_MAX */
- TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, sizeof hash, sig,
+ TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, sizeof(hash), sig,
&sig_len, mbedtls_test_rnd_std_rand, NULL)
== 0);
TEST_ASSERT(sig_len == RSA_KEY_LEN);
TEST_ASSERT(mbedtls_pk_verify(&rsa, MBEDTLS_MD_NONE,
- hash, sizeof hash, sig, sig_len) == 0);
+ hash, sizeof(hash), sig, sig_len) == 0);
/* Test decrypt */
- TEST_ASSERT(mbedtls_pk_encrypt(&rsa, msg, sizeof msg,
- ciph, &ciph_len, sizeof ciph,
+ TEST_ASSERT(mbedtls_pk_encrypt(&rsa, msg, sizeof(msg),
+ ciph, &ciph_len, sizeof(ciph),
mbedtls_test_rnd_std_rand, NULL) == 0);
TEST_ASSERT(mbedtls_pk_decrypt(&alt, ciph, ciph_len,
- test, &test_len, sizeof test,
+ test, &test_len, sizeof(test),
mbedtls_test_rnd_std_rand, NULL) == 0);
- TEST_ASSERT(test_len == sizeof msg);
+ TEST_ASSERT(test_len == sizeof(msg));
TEST_ASSERT(memcmp(test, msg, test_len) == 0);
/* Test forbidden operations */
- TEST_ASSERT(mbedtls_pk_encrypt(&alt, msg, sizeof msg,
- ciph, &ciph_len, sizeof ciph,
+ TEST_ASSERT(mbedtls_pk_encrypt(&alt, msg, sizeof(msg),
+ ciph, &ciph_len, sizeof(ciph),
mbedtls_test_rnd_std_rand, NULL) == ret);
TEST_ASSERT(mbedtls_pk_verify(&alt, MBEDTLS_MD_NONE,
- hash, sizeof hash, sig, sig_len) == ret);
+ hash, sizeof(hash), sig, sig_len) == ret);
TEST_ASSERT(mbedtls_pk_debug(&alt, dbg_items) == ret);
exit:
@@ -1257,11 +1257,11 @@
TEST_EQUAL(psa_get_key_lifetime(&attributes),
PSA_KEY_LIFETIME_VOLATILE);
- memset(hash, 0x2a, sizeof hash);
- memset(sig, 0, sizeof sig);
+ memset(hash, 0x2a, sizeof(hash));
+ memset(sig, 0, sizeof(sig));
TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, &sig_len,
+ hash, sizeof(hash), sig, &sig_len,
NULL, NULL) == 0);
/* Export underlying public key for re-importing in a psa context. */
@@ -1282,7 +1282,7 @@
TEST_ASSERT(mbedtls_pk_parse_public_key(&pk, pkey_legacy_start,
klen_legacy) == 0);
TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len) == 0);
+ hash, sizeof(hash), sig, sig_len) == 0);
exit:
/*
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 91ac00d..db7c086 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -1117,9 +1117,9 @@
/* Load a chain with nb_int intermediates (from 01 to nb_int),
* plus one "end-entity" cert (nb_int + 1) */
- ret = mbedtls_snprintf(file_buf, sizeof file_buf, "%s/c%02d.pem", chain_dir,
+ ret = mbedtls_snprintf(file_buf, sizeof(file_buf), "%s/c%02d.pem", chain_dir,
nb_int + 1);
- TEST_ASSERT(ret > 0 && (size_t) ret < sizeof file_buf);
+ TEST_ASSERT(ret > 0 && (size_t) ret < sizeof(file_buf));
TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, file_buf) == 0);
/* Try to verify that chain */
@@ -1212,13 +1212,13 @@
mbedtls_x509_buf oid;
char num_buf[100];
- memset(num_buf, 0x2a, sizeof num_buf);
+ memset(num_buf, 0x2a, sizeof(num_buf));
oid.tag = MBEDTLS_ASN1_OID;
oid.p = oid_buf->x;
oid.len = oid_buf->len;
- TEST_ASSERT((size_t) blen <= sizeof num_buf);
+ TEST_ASSERT((size_t) blen <= sizeof(num_buf));
TEST_ASSERT(mbedtls_oid_get_numeric_string(num_buf, blen, &oid) == ret);