Merge pull request #473 from pjbakker/iotssl-694-config-warnings
Add check to prevent enabling of RSA without selecting PKCS version(s)
diff --git a/ChangeLog b/ChangeLog
index 3b32873..daa6e50 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -26,6 +26,8 @@
* Fix issue that caused a crash if invalid curves were passed to
mbedtls_ssl_conf_curves. #373
* Fix issue in ssl_fork_server which was preventing it from functioning. #429
+ * Fix memory leaks in test framework
+ * Fix test in ssl-opt.sh that does not run properly with valgrind
Changes
* On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,
diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index 1fc7aa6..cac3f14 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -162,10 +162,6 @@
#define MULADDC_INIT \
asm( \
- "movq %3, %%rsi \n\t" \
- "movq %4, %%rdi \n\t" \
- "movq %5, %%rcx \n\t" \
- "movq %6, %%rbx \n\t" \
"xorq %%r8, %%r8 \n\t"
#define MULADDC_CORE \
@@ -181,12 +177,9 @@
"addq $8, %%rdi \n\t"
#define MULADDC_STOP \
- "movq %%rcx, %0 \n\t" \
- "movq %%rdi, %1 \n\t" \
- "movq %%rsi, %2 \n\t" \
- : "=m" (c), "=m" (d), "=m" (s) \
- : "m" (s), "m" (d), "m" (c), "m" (b) \
- : "rax", "rcx", "rdx", "rbx", "rsi", "rdi", "r8" \
+ : "+c" (c), "+D" (d), "+S" (s) \
+ : "b" (b) \
+ : "rax", "rdx", "r8" \
);
#endif /* AMD64 */
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 458bb51..f9f9b9b 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -496,11 +496,12 @@
* \brief Load and parse a public key
*
* \param ctx key to be initialized
- * \param path filename to read the private key from
+ * \param path filename to read the public key from
*
* \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- * specific key type, check the result with mbedtls_pk_can_do().
+ * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If
+ * you need a specific key type, check the result with
+ * mbedtls_pk_can_do().
*
* \note The key is also checked for correctness.
*
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index c39cbf2..b0c34ec 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -81,6 +81,7 @@
void mbedtls_threading_free_alt( void );
#endif /* MBEDTLS_THREADING_ALT */
+#if defined(MBEDTLS_THREADING_C)
/*
* The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock
*
@@ -96,6 +97,7 @@
*/
extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
+#endif /* MBEDTLS_THREADING_C */
#ifdef __cplusplus
}
diff --git a/library/aesni.c b/library/aesni.c
index 83a5868..1ca3c3e 100644
--- a/library/aesni.c
+++ b/library/aesni.c
@@ -100,7 +100,7 @@
asm( "movdqu (%3), %%xmm0 \n\t" // load input
"movdqu (%1), %%xmm1 \n\t" // load round key 0
"pxor %%xmm1, %%xmm0 \n\t" // round 0
- "addq $16, %1 \n\t" // point to next round key
+ "add $16, %1 \n\t" // point to next round key
"subl $1, %0 \n\t" // normal rounds = nr - 1
"test %2, %2 \n\t" // mode?
"jz 2f \n\t" // 0 = decrypt
@@ -108,7 +108,7 @@
"1: \n\t" // encryption loop
"movdqu (%1), %%xmm1 \n\t" // load round key
AESENC xmm1_xmm0 "\n\t" // do round
- "addq $16, %1 \n\t" // point to next round key
+ "add $16, %1 \n\t" // point to next round key
"subl $1, %0 \n\t" // loop
"jnz 1b \n\t"
"movdqu (%1), %%xmm1 \n\t" // load round key
@@ -118,7 +118,7 @@
"2: \n\t" // decryption loop
"movdqu (%1), %%xmm1 \n\t"
AESDEC xmm1_xmm0 "\n\t" // do round
- "addq $16, %1 \n\t"
+ "add $16, %1 \n\t"
"subl $1, %0 \n\t"
"jnz 2b \n\t"
"movdqu (%1), %%xmm1 \n\t" // load round key
diff --git a/library/bignum.c b/library/bignum.c
index d6f415c..4536a3b 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1542,12 +1542,15 @@
/*
* Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36)
*/
-static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
+static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
const mbedtls_mpi *T )
{
size_t i, n, m;
mbedtls_mpi_uint u0, u1, *d;
+ if( T->n < N->n + 1 || T->p == NULL )
+ return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
memset( T->p, 0, T->n * ciL );
d = T->p;
@@ -1575,12 +1578,14 @@
else
/* prevent timing attacks */
mpi_sub_hlp( n, A->p, T->p );
+
+ return( 0 );
}
/*
* Montgomery reduction: A = A * R^-1 mod N
*/
-static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T )
+static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T )
{
mbedtls_mpi_uint z = 1;
mbedtls_mpi U;
@@ -1588,7 +1593,7 @@
U.n = U.s = (int) z;
U.p = &z;
- mpi_montmul( A, &U, N, mm, T );
+ return( mpi_montmul( A, &U, N, mm, T ) );
}
/*
@@ -1665,13 +1670,13 @@
else
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) );
- mpi_montmul( &W[1], &RR, N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montmul( &W[1], &RR, N, mm, &T ) );
/*
* X = R^2 * R^-1 mod N = R mod N
*/
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) );
- mpi_montred( X, N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) );
if( wsize > 1 )
{
@@ -1684,7 +1689,7 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) );
for( i = 0; i < wsize - 1; i++ )
- mpi_montmul( &W[j], &W[j], N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montmul( &W[j], &W[j], N, mm, &T ) );
/*
* W[i] = W[i - 1] * W[1]
@@ -1694,7 +1699,7 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) );
- mpi_montmul( &W[i], &W[1], N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montmul( &W[i], &W[1], N, mm, &T ) );
}
}
@@ -1731,7 +1736,7 @@
/*
* out of window, square X
*/
- mpi_montmul( X, X, N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
continue;
}
@@ -1749,12 +1754,12 @@
* X = X^wsize R^-1 mod N
*/
for( i = 0; i < wsize; i++ )
- mpi_montmul( X, X, N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
/*
* X = X * W[wbits] R^-1 mod N
*/
- mpi_montmul( X, &W[wbits], N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montmul( X, &W[wbits], N, mm, &T ) );
state--;
nbits = 0;
@@ -1767,18 +1772,18 @@
*/
for( i = 0; i < nbits; i++ )
{
- mpi_montmul( X, X, N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
wbits <<= 1;
if( ( wbits & ( one << wsize ) ) != 0 )
- mpi_montmul( X, &W[1], N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montmul( X, &W[1], N, mm, &T ) );
}
/*
* X = A^E * R * R^-1 mod N = A^E mod N
*/
- mpi_montred( X, N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) );
if( neg )
{
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index aefddfa..386f8ad 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -67,8 +67,8 @@
}
/*
- * Non-public function wrapped by ctr_crbg_init(). Necessary to allow NIST
- * tests to succeed (which require known length fixed entropy)
+ * Non-public function wrapped by mbedtls_ctr_drbg_seed(). Necessary to allow
+ * NIST tests to succeed (which require known length fixed entropy)
*/
int mbedtls_ctr_drbg_seed_entropy_len(
mbedtls_ctr_drbg_context *ctx,
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index 972ad2a..e2f45c7 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -67,7 +67,10 @@
}
if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE )
+ {
+ CryptReleaseContext( provider, 0 );
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ }
CryptReleaseContext( provider, 0 );
*olen = len;
diff --git a/library/pkcs12.c b/library/pkcs12.c
index 7023b9d..c603a13 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -93,7 +93,7 @@
unsigned char *key, size_t keylen,
unsigned char *iv, size_t ivlen )
{
- int ret, iterations;
+ int ret, iterations = 0;
mbedtls_asn1_buf salt;
size_t i;
unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
diff --git a/library/rsa.c b/library/rsa.c
index 18fc702..a6cc19b 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -804,7 +804,12 @@
int ret;
size_t ilen, pad_count = 0, i;
unsigned char *p, bad, pad_done = 0;
+#if defined(__clang_analyzer__)
+ /* Shut up Clang, mbedtls_rsa_public/private writes to this */
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { };
+#else
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+#endif
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1182,13 +1187,18 @@
int ret;
size_t siglen;
unsigned char *p;
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
unsigned char result[MBEDTLS_MD_MAX_SIZE];
unsigned char zeros[8];
unsigned int hlen;
size_t slen, msb;
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
+#if defined(__clang_analyzer__)
+ /* Shut up Clang, mbedtls_rsa_public/private writes to this */
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { };
+#else
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+#endif
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1327,10 +1337,15 @@
int ret;
size_t len, siglen, asn1_len;
unsigned char *p, *end;
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
mbedtls_md_type_t msg_md_alg;
const mbedtls_md_info_t *md_info;
mbedtls_asn1_buf oid;
+#if defined(__clang_analyzer__)
+ /* Shut up Clang, mbedtls_rsa_public/private writes to this */
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { };
+#else
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+#endif
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
diff --git a/library/sha512.c b/library/sha512.c
index af610bb..0f9e1e5 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -89,53 +89,6 @@
}
#endif /* PUT_UINT64_BE */
-/*
- * Round constants
- */
-static const uint64_t K[80] =
-{
- UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
- UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
- UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
- UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
- UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
- UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
- UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
- UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
- UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
- UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
- UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
- UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
- UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
- UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
- UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
- UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
- UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
- UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
- UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
- UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
- UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
- UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
- UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
- UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
- UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
- UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
- UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
- UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
- UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
- UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
- UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
- UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
- UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
- UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
- UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
- UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
- UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
- UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
- UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
- UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
-};
-
void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
{
memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
@@ -192,6 +145,54 @@
}
#if !defined(MBEDTLS_SHA512_PROCESS_ALT)
+
+/*
+ * Round constants
+ */
+static const uint64_t K[80] =
+{
+ UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
+ UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
+ UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
+ UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
+ UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
+ UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
+ UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
+ UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
+ UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
+ UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
+ UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
+ UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
+ UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
+ UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
+ UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
+ UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
+ UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
+ UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
+ UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
+ UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
+ UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
+ UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
+ UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
+ UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
+ UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
+ UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
+ UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
+ UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
+ UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
+ UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
+ UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
+ UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
+ UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
+ UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
+ UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
+ UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
+ UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
+ UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
+ UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
+ UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
+};
+
void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] )
{
int i;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 19cc357..9208ec9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2709,7 +2709,7 @@
*/
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
{
- int ret, done = 0;
+ int ret, done = 0, out_msg_type;
size_t len = ssl->out_msglen;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
@@ -2725,7 +2725,9 @@
#endif
if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
{
- if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST &&
+ out_msg_type = ssl->out_msg[0];
+
+ if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST &&
ssl->handshake == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
@@ -2752,7 +2754,7 @@
len += 8;
/* Write message_seq and update it, except for HelloRequest */
- if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST )
+ if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
{
ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF;
@@ -2770,7 +2772,7 @@
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST )
+ if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
}
diff --git a/library/x509_csr.c b/library/x509_csr.c
index f8c45f8..603d06b 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -104,7 +104,7 @@
/*
* Check for valid input
*/
- if( csr == NULL || buf == NULL )
+ if( csr == NULL || buf == NULL || buflen == 0 )
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
mbedtls_x509_csr_init( csr );
@@ -274,14 +274,14 @@
/*
* Check for valid input
*/
- if( csr == NULL || buf == NULL )
+ if( csr == NULL || buf == NULL || buflen == 0 )
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_init( &pem );
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( buflen == 0 || buf[buflen - 1] != '\0' )
+ if( buf[buflen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index f071d31..d1e81d4 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -83,8 +83,13 @@
int nb_err1, nb_err2;
int nb_tot1, nb_tot2;
unsigned char sum[MBEDTLS_MD_MAX_SIZE];
- char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1], line[1024];
+ char line[1024];
char diff;
+#if defined(__clang_analyzer__)
+ char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { };
+#else
+ char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1];
+#endif
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 1cca818..23eb2a4 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -10,6 +10,11 @@
set(libs ${libs} ${ZLIB_LIBRARIES})
endif(ENABLE_ZLIB_SUPPORT)
+find_package(Perl)
+if(NOT PERL_FOUND)
+ message(FATAL_ERROR "Cannot build test suites without Perl")
+endif()
+
function(add_test_suite suite_name)
if(ARGV1)
set(data_name ${ARGV1})
@@ -19,7 +24,7 @@
add_custom_command(
OUTPUT test_suite_${data_name}.c
- COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl ${CMAKE_CURRENT_SOURCE_DIR}/suites test_suite_${suite_name} test_suite_${data_name}
+ COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl ${CMAKE_CURRENT_SOURCE_DIR}/suites test_suite_${suite_name} test_suite_${data_name}
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl mbedtls suites/helpers.function suites/main_test.function suites/test_suite_${suite_name}.function suites/test_suite_${data_name}.data
)
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index d13a8e4..d961230 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -39,6 +39,7 @@
export CFLAGS=' --coverage -g3 -O0 '
make clean
scripts/config.pl full
+scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
make
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index c08af7b..536add2 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -130,6 +130,13 @@
fi
}
+# skip the next test if valgrind is NOT in use
+only_with_valgrind() {
+ if [ "$MEMCHECK" -eq 0 ]; then
+ SKIP_NEXT="YES"
+ fi
+}
+
# multiply the client timeout delay by the given factor for the next test
needs_more_time() {
CLI_DELAY_FACTOR=$1
@@ -408,32 +415,33 @@
# check other assertions
# lines beginning with == are added by valgrind, ignore them
+ # lines with 'Serious error when reading debug info', are valgrind issues as well
while [ $# -gt 0 ]
do
case $1 in
"-s")
- if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then :; else
+ if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
fail "-s $2"
return
fi
;;
"-c")
- if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then :; else
+ if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
fail "-c $2"
return
fi
;;
"-S")
- if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then
+ if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
fail "-S $2"
return
fi
;;
"-C")
- if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then
+ if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
fail "-C $2"
return
fi
@@ -3048,13 +3056,22 @@
-S "The operation timed out" \
-s "Client initiated reconnection from same port"
-run_test "DTLS client reconnect from same port: reconnect, nbio" \
+not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts)
+run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \
"$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
0 \
-S "The operation timed out" \
-s "Client initiated reconnection from same port"
+only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout
+run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \
+ "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \
+ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \
+ 0 \
+ -S "The operation timed out" \
+ -s "Client initiated reconnection from same port"
+
run_test "DTLS client reconnect from same port: no cookies" \
"$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index f0d0520..edf1d12 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -28,6 +28,8 @@
#ifdef _MSC_VER
#include <basetsd.h>
typedef UINT32 uint32_t;
+#define strncasecmp _strnicmp
+#define strcasecmp _stricmp
#else
#include <stdint.h>
#endif
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index c5d6cd8..f182485 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -321,6 +321,9 @@
testfile_index < testfile_count;
testfile_index++ )
{
+ int unmet_dep_count = 0;
+ char *unmet_dependencies[20];
+
test_filename = test_files[ testfile_index ];
file = fopen( test_filename, "r" );
@@ -333,8 +336,12 @@
while( !feof( file ) )
{
- int unmet_dep_count = 0;
- char *unmet_dependencies[20];
+ if( unmet_dep_count > 0 )
+ {
+ mbedtls_printf("FATAL: Dep count larger than zero at start of loop\n");
+ mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+ }
+ unmet_dep_count = 0;
if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
break;
@@ -357,8 +364,15 @@
{
if( dep_check( params[i] ) != DEPENDENCY_SUPPORTED )
{
- unmet_dependencies[ i-1 ] = strdup(params[i]);
- if( unmet_dependencies[ i-1 ] == NULL )
+ if( 0 == option_verbose )
+ {
+ /* Only one count is needed if not verbose */
+ unmet_dep_count++;
+ break;
+ }
+
+ unmet_dependencies[ unmet_dep_count ] = strdup(params[i]);
+ if( unmet_dependencies[ unmet_dep_count ] == NULL )
{
mbedtls_printf("FATAL: Out of memory\n");
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
@@ -392,16 +406,17 @@
if( 1 == option_verbose && unmet_dep_count > 0 )
{
mbedtls_fprintf( stdout, " Unmet dependencies: " );
- while( unmet_dep_count > 0)
+ for( i = 0; i < unmet_dep_count; i++ )
{
mbedtls_fprintf(stdout, "%s ",
- unmet_dependencies[unmet_dep_count - 1]);
- free(unmet_dependencies[unmet_dep_count - 1]);
- unmet_dep_count--;
+ unmet_dependencies[i]);
+ free(unmet_dependencies[i]);
}
mbedtls_fprintf( stdout, "\n" );
}
fflush( stdout );
+
+ unmet_dep_count = 0;
}
else if( ret == DISPATCH_TEST_SUCCESS && test_errors == 0 )
{
@@ -427,6 +442,10 @@
}
}
fclose(file);
+
+ /* In case we encounter early end of file */
+ for( i = 0; i < unmet_dep_count; i++ )
+ free( unmet_dependencies[i] );
}
mbedtls_fprintf( stdout, "\n----------------------------------------------------------------------------\n\n");
diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function
index a36dbc3..04dd68b 100644
--- a/tests/suites/test_suite_memory_buffer_alloc.function
+++ b/tests/suites/test_suite_memory_buffer_alloc.function
@@ -212,7 +212,7 @@
TEST_ASSERT( ptr_c == NULL );
mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks );
- TEST_ASSERT( reported_bytes == 864 );
+ TEST_ASSERT( reported_bytes >= 864 && reported_bytes <= sizeof(buf) );
mbedtls_free( ptr_a );
ptr_a = NULL;