Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
Fix copypasta in msg
When not using PSA crypto, disable it
Disable MEMORY_BUFFER_ALLOC with ASan
Remove config.pl calls with no effect
ssl-opt.sh: wait for proxy to start before running the script further
Adapt ChangeLog
Fix mpi_bigendian_to_host() on bigendian systems
diff --git a/ChangeLog b/ChangeLog
index e72579d..3504152 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -76,6 +76,9 @@
* Improve code clarity in x509_crt module, removing false-positive
uninitialized variable warnings on some recent toolchains (GCC8, etc).
Discovered and fixed by Andy Gross (Linaro), #2392.
+ * Fix bug in endianness conversion in bignum module. This lead to
+ functionally incorrect code on bigendian systems which don't have
+ __BYTE_ORDER__ defined. Reported by Brendan Shanks. Fixes #2622.
Changes
* Replace multiple uses of MD2 by SHA-256 in X.509 test suite. Fixes #821.
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 7fbc740..ef96e2d 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -857,11 +857,11 @@
component_test_no_use_psa_crypto_full_cmake_asan() {
# full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
- msg "build: cmake, full config + MBEDTLS_USE_PSA_CRYPTO, ASan"
+ msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan"
scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # slow and makes ASan mostly ineffective
scripts/config.pl set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC
- scripts/config.pl set MBEDTLS_PSA_CRYPTO_C
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C
scripts/config.pl unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
@@ -902,7 +902,6 @@
msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C"
scripts/config.pl full # includes CHECK_PARAMS
# Keep MBEDTLS_PARAM_FAILED as assert.
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
@@ -1091,6 +1090,7 @@
# Build once with -O0, to compile out the i386 specific inline assembly
msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # slow and makes ASan mostly ineffective
make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
msg "test: i386, make, gcc -O0 (ASan build)"
@@ -1107,9 +1107,7 @@
# Build again with -O1, to compile in the i386 specific inline assembly
msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s
scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
- scripts/config.pl unset MBEDTLS_MEMORY_DEBUG
+ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # slow and makes ASan mostly ineffective
make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
msg "test: i386, make, gcc -O1 (ASan build)"
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 55a4fe1..47b6b80 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -426,9 +426,9 @@
fi
}
-# Wait for process $2 to be listening on port $1
+# Wait for process $2 named $3 to be listening on port $1. Print error to $4.
if type lsof >/dev/null 2>/dev/null; then
- wait_server_start() {
+ wait_app_start() {
START_TIME=$(date +%s)
if [ "$DTLS" -eq 1 ]; then
proto=UDP
@@ -438,8 +438,8 @@
# Make a tight loop, server normally takes less than 1s to start.
while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do
if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
- echo "SERVERSTART TIMEOUT"
- echo "SERVERSTART TIMEOUT" >> $SRV_OUT
+ echo "$3 START TIMEOUT"
+ echo "$3 START TIMEOUT" >> $4
break
fi
# Linux and *BSD support decimal arguments to sleep. On other
@@ -448,12 +448,22 @@
done
}
else
- echo "Warning: lsof not available, wait_server_start = sleep"
- wait_server_start() {
+ echo "Warning: lsof not available, wait_app_start = sleep"
+ wait_app_start() {
sleep "$START_DELAY"
}
fi
+# Wait for server process $2 to be listening on port $1.
+wait_server_start() {
+ wait_app_start $1 $2 "SERVER" $SRV_OUT
+}
+
+# Wait for proxy process $2 to be listening on port $1.
+wait_proxy_start() {
+ wait_app_start $1 $2 "PROXY" $PXY_OUT
+}
+
# Given the client or server debug output, parse the unix timestamp that is
# included in the first 4 bytes of the random bytes and check that it's within
# acceptable bounds
@@ -610,7 +620,7 @@
echo "$PXY_CMD" > $PXY_OUT
$PXY_CMD >> $PXY_OUT 2>&1 &
PXY_PID=$!
- # assume proxy starts faster than server
+ wait_proxy_start "$PXY_PORT" "$PXY_PID"
fi
check_osrv_dtls