Merge pull request #204 from gilles-peskine-arm/merge-crypto-development-20190806

Bring in changes from Mbed TLS as of 2019-08-06
2025-02-26 03:40:26 +00:00 · 2019-08-07 12:58:29 +02:00 · 2019-08-07 12:58:29 +02:00 · 86cef2a316
commit 86cef2a316
parent e3223d1f85 3963993e2a
6 changed files with 71 additions and 31 deletions
--- a/scripts/abi_check.py
+++ b/scripts/abi_check.py
@ -107,7 +107,7 @@ class AbiChecker(object):
        )
        self.log.debug(worktree_output.decode("utf-8"))
        version.commit = subprocess.check_output(
-            [self.git_command, "rev-parse", worktree_rev],
+            [self.git_command, "rev-parse", "HEAD"],
            cwd=git_worktree_path,
            stderr=subprocess.STDOUT
        ).decode("ascii").rstrip()
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@ -48,17 +48,19 @@ test-ca.req.sha256: $(test_ca_key_file_rsa)
 all_intermediate += test-ca.req.sha256
 test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
-	$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@
+	$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
-test-ca.der: test-ca.crt
+all_final += test-ca.crt
 test-ca.crt.der: test-ca.crt
 	$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
-all_final += test-ca.crt test-ca.der
+all_final += test-ca.der
 test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
-	$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@
+	$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
 all_final += test-ca-sha1.crt
 test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
-	$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA256 version=3 output_file=$@
+	$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
 all_final += test-ca-sha256.crt
 cli_crt_key_file_rsa = cli-rsa.key
@ -68,10 +70,10 @@ cli-rsa.csr: $(cli_crt_key_file_rsa)
 all_intermediate += cli-rsa.csr
 cli-rsa-sha1.crt: cli-rsa.csr
-	$(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
+	$(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
 cli-rsa-sha256.crt: cli-rsa.csr
-	$(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@
+	$(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
 all_final += cli-rsa-sha256.crt
 test_ca_int_rsa1 = test-int-ca.crt
@ -671,13 +673,15 @@ all_intermediate += server2.req.sha256
 # server2*
 server2.crt: server2.req.sha256
-	$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
+	$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
 all_final += server2.crt
 server2.der: server2.crt
 	$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
-all_final += server2.crt server2.der
+all_final += server2.der
 server2-sha256.crt: server2.req.sha256
-	$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@
+	$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
 all_final += server2-sha256.crt
--- a/tests/data_files/rsa_pkcs1_1024_clear.pem
+++ b/tests/data_files/rsa_pkcs1_1024_clear.pem
@ -1,15 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQCvBX05buhPt1/btcKxPH/lplSqiqJHC1Qe4f6wsS0lx5cRUxJJ
+MIICXAIBAAKBgQDHOJLFw/RwEAhr+BM17PMBHIolD5WCNh6qHpYSVRqs+Ht1Mwtw
-4RKWKAQtu7bBINFENSTvTA5uHYlW7rIHevEjSd3u5USDvAbCxhlIzQKyAueWrr2U
+VzOc2ZXxTUxEN8i+xKA/5GQ80/PJAkM9w3xbjnmqCYSughM3Cr+Fab0qNWJssf7k
-06fL+FnCwYGcMky4K5zTTt4mOiq//kcz8HeGnoZg99aDTaU9aQ73mF9rwwIDAQAB
+rOBCskF8e+SdJxSbLAdrjkM9P2x2OkaaHHANJZ28CMdA/NgCN2L/fev8LQIDAQAB
-AoGBAIdL8P/C8qcdFGcd3QFxyVTX/b9QKB5PbZnqDh68+C+qWOe1lf+yk9Gr4X8R
+AoGBAL2/t6Qf6PDXhH350apaHnYfjcCQ4FEeZQSZj0y0vGylW0mcrbd5hxJM+BDW
-CzfEjMDzbDfoTYdmIdMn9ku+CEV9PsQJi6L6CjGfukEcKEHte+gxlqjN+dql0AaU
+E98h1tVEiHFygrqhEiCRRCROzmDhjlPVymxBXP+Jev4xeV5mvf2PzgwOR8MTdbFo
-vDNfxMMiF/4EiLzpy3IC5ZRoserRGQAEd9ssp5f6wZ7aP1jBAkEA4qt2CEG7nTCo
+dOSI6t9bhpCyp0Ln8eQzGXtuWsH6arJsyJJ9JzCrzeI48sjNAkEA+lgGSPNyWHZW
-HSIt4etzgdgiFEB/G5dcu/5OGpRn/ZitvXj2B4Nspb4ZKLnRYNl/1FwS1rUuLJhx
+E0zdtznvGphYKPMuDUTGzm1gTZ0oes6qjr4OA9rD3NTGHVW1FVLq63leTiqK8sOS
-oXTGa0iBEwJBAMWrJ2AhWa59byDDwu6FHkbcES5onijV/Lv5kKme+KkLi7RP02Rn
+uJduIauW4wJBAMu4214tyhB720BuLH7vD0mCKipzD0cEuAdf3NEel3KZxnHD4AK+
-5/wXic62Y6vaM4ZSw8c/ERd0kC6EBWWScJECQQC2zb01T331eaY7SLNkPjU7hImH
+xeiEfFCstMg5uMCNLkShGjMZ5zNfRIqxfa8CQDJjW0h9r6s8jlCuLQY/I/A/b6c2
-d7SLFflOC/wFZ6auWRHVetZAnPdke/liZOm9h+uV4mO3EQuaH5+UrM7Q+vpNAkBx
+YzOKf1V3UGXu1wH47P10JZADDV86eHHZGWykVuJ0eFXVXEhGsxZybFlcly8CQDet
-GV7sN+jSV97PxnKweuY58Qy7mwxznQyAmWjWRKlOP9btkocHehRYPzeQWPdqiuzU
+Ks7fZsUAhJhkQ+bhAOWPHGUDkx5OrNjfGyNP4AYi/rgi1zsI1l/IrY0C1lmOZO7C
-PGLcjA9BdmZQ1yUnWsShAkEAuzLRM+3C4EjUYziLe+nLS+KfS2JQvmA+cONkdQHJ
+5u08tkNXBfflRn89KOMCQAwCFgbZqd/VDFyemqwMZAXp+Y1HvGeZI0pr3vBJzO3W
-fd3iCk5xvpX9XnF4TiWspLryW+Vziq5Zu/4cmXeBRHorJA==
+OvIa0KckJ793UjS6Iijfnyy9pWmKJLdKEMe/AtSRDi0=
 -----END RSA PRIVATE KEY-----
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@ -187,6 +187,21 @@ typedef enum
    }                                                                   \
    while( 0 )
 /**
 * \brief   This macro tests the expression passed to it and skips the
 *          running test if it doesn't evaluate to 'true'.
 *
 * \param   TEST    The test expression to be tested.
 */
 #define TEST_ASSUME( TEST )                         \
    do {                                            \
        if( ! (TEST) )                              \
        {                                           \
            test_skip( #TEST, __LINE__, __FILE__ ); \
            goto exit;                              \
        }                                           \
    } while( 0 )
 #if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT)
 /**
 * \brief   This macro tests the statement passed to it as a test step or
@ -372,10 +387,17 @@ typedef enum
 /*----------------------------------------------------------------------------*/
 /* Global variables */
 typedef enum
 {
    TEST_RESULT_SUCCESS = 0,
    TEST_RESULT_FAILED,
    TEST_RESULT_SKIPPED
 } test_result_t;
 static struct
 {
    paramfail_test_state_t paramfail_test_state;
-    int failed;
+    test_result_t result;
    const char *test;
    const char *filename;
    int line_no;
@ -411,7 +433,15 @@ jmp_buf jmp_tmp;
 void test_fail( const char *test, int line_no, const char* filename )
 {
-    test_info.failed = 1;
+    test_info.result = TEST_RESULT_FAILED;
    test_info.test = test;
    test_info.line_no = line_no;
    test_info.filename = filename;
 }
 void test_skip( const char *test, int line_no, const char* filename )
 {
    test_info.result = TEST_RESULT_SKIPPED;
    test_info.test = test;
    test_info.line_no = line_no;
    test_info.filename = filename;
@ -450,7 +480,7 @@ void mbedtls_param_failed( const char *failure_condition,
        /* Record the location of the failure, but not as a failure yet, in case
         * it was part of the test */
        test_fail( failure_condition, line, file );
-        test_info.failed = 0;
+        test_info.result = TEST_RESULT_SUCCESS;
        longjmp( param_fail_jmp, 1 );
    }
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@ -498,7 +498,8 @@ int execute_tests( int argc , const char ** argv )
            if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
                break;
-            mbedtls_fprintf( stdout, "%s%.66s", test_info.failed ? "\n" : "", buf );
+            mbedtls_fprintf( stdout, "%s%.66s",
                    test_info.result == TEST_RESULT_FAILED ? "\n" : "", buf );
            mbedtls_fprintf( stdout, " " );
            for( i = strlen( buf ) + 1; i < 67; i++ )
                mbedtls_fprintf( stdout, "." );
@ -545,7 +546,7 @@ int execute_tests( int argc , const char ** argv )
            // If there are no unmet dependencies execute the test
            if( unmet_dep_count == 0 )
            {
-                test_info.failed = 0;
+                test_info.result = TEST_RESULT_SUCCESS;
                test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_IDLE;
 #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
@ -610,10 +611,15 @@ int execute_tests( int argc , const char ** argv )
            }
            else if( ret == DISPATCH_TEST_SUCCESS )
            {
-                if( test_info.failed == 0 )
+                if( test_info.result == TEST_RESULT_SUCCESS )
                {
                    mbedtls_fprintf( stdout, "PASS\n" );
                }
                else if( test_info.result == TEST_RESULT_SKIPPED )
                {
                    mbedtls_fprintf( stdout, "----\n" );
                    total_skipped++;
                }
                else
                {
                    total_errors++;
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@ -159,7 +159,7 @@ void execute_function_ptr(TestWrapper_t fp, void **params)
    else
    {
        /* Unexpected parameter validation error */
-        test_info.failed = 1;
+        test_info.result = TEST_RESULT_FAILED;
    }
    memset( param_fail_jmp, 0, sizeof(jmp_buf) );