From f0328b02c2513dcaa81f7e5dca80311caa89c8e6 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sat, 17 Jun 2023 14:04:12 +0200 Subject: [PATCH 1/6] Update base OS version of CI Signed-off-by: Steffen Jaeckel --- .github/workflows/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index fbd68ee54..afed94c63 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -32,7 +32,7 @@ jobs: strategy: matrix: cc: [ gcc, clang ] - os: [ ubuntu-18.04 ] + os: [ ubuntu-20.04, ubuntu-22.04 ] config: - { BUILDNAME: 'META_BUILDS', BUILDOPTIONS: '-DGMP_DESC', BUILDSCRIPT: '.ci/meta_builds.sh' } - { BUILDNAME: 'VALGRIND', BUILDOPTIONS: '', BUILDSCRIPT: '.ci/valgrind.sh' } @@ -56,10 +56,10 @@ jobs: - name: install dependencies run: | sudo apt-get update -qq - sudo apt-get install -y libtommath-dev libgmp-dev libtfm-dev valgrind libtool-bin clang-tools lcov + sudo apt-get install -y libgmp-dev valgrind libtool-bin clang-tools lcov ruby clang sudo gem install coveralls-lcov curl -s https://packagecloud.io/install/repositories/libtom/packages/script.deb.sh | sudo bash - sudo apt-get install libtfm1=0.13-5ubuntu1 + sudo apt-get install libtfm-git-dev libtommath-git-dev - name: run tests env: CC: "${{ matrix.cc }}" From 87665fb276981877b55109e13a1166ce2331261f Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sat, 17 Jun 2023 14:16:57 +0200 Subject: [PATCH 2/6] Calm `scan-build` static analyser Signed-off-by: Steffen Jaeckel --- src/encauth/ccm/ccm_test.c | 16 ++++++++-------- src/misc/pkcs5/pkcs_5_test.c | 3 +++ src/misc/ssh/ssh_encode_sequence_multi.c | 2 +- .../der/custom_type/der_encode_custom_type.c | 4 ++-- .../asn1/der/sequence/der_encode_sequence_ex.c | 2 +- src/pk/dsa/dsa_import.c | 16 ++++++++-------- src/pk/ecc/ecc_import_pkcs8.c | 6 +++--- src/pk/rsa/rsa_verify_hash.c | 2 +- tests/der_test.c | 5 ++--- tests/pkcs_1_test.c | 4 ++-- 10 files changed, 31 insertions(+), 29 deletions(-) diff --git a/src/encauth/ccm/ccm_test.c b/src/encauth/ccm/ccm_test.c index 04d97b19e..bd71da968 100644 --- a/src/encauth/ccm/ccm_test.c +++ b/src/encauth/ccm/ccm_test.c @@ -215,14 +215,14 @@ int ccm_test(void) XMEMCPY(tag3, tests[x].tag, tests[x].taglen); tag3[0] ^= 0xff; /* set the tag to the wrong value */ taglen = tests[x].taglen; - if ((err = ccm_memory(idx, - tests[x].key, 16, - NULL, - tests[x].nonce, tests[x].noncelen, - tests[x].header, tests[x].headerlen, - buf2, tests[x].ptlen, - buf, - tag3, &taglen, 1 )) != CRYPT_ERROR) { + if (ccm_memory(idx, + tests[x].key, 16, + NULL, + tests[x].nonce, tests[x].noncelen, + tests[x].header, tests[x].headerlen, + buf2, tests[x].ptlen, + buf, + tag3, &taglen, 1 ) != CRYPT_ERROR) { return CRYPT_FAIL_TESTVECTOR; } if (compare_testvector(buf2, tests[x].ptlen, zero, tests[x].ptlen, "CCM decrypt wrong tag", x)) { diff --git a/src/misc/pkcs5/pkcs_5_test.c b/src/misc/pkcs5/pkcs_5_test.c index 73bc4a1ad..f90c0eef1 100644 --- a/src/misc/pkcs5/pkcs_5_test.c +++ b/src/misc/pkcs5/pkcs_5_test.c @@ -169,6 +169,7 @@ int pkcs_5_test (void) (unsigned char*)cases_5_2[i].S, cases_5_2[i].S_len, cases_5_2[i].c, hash, DK, &dkLen)) != CRYPT_OK) { + LTC_UNUSED_PARAM(err); #ifdef LTC_TEST_DBG printf("\npkcs_5_alg2() #%d: Failed/1 (%s)\n", i, error_to_string(err)); #endif @@ -186,6 +187,7 @@ int pkcs_5_test (void) (unsigned char*)cases_5_1[i].S, cases_5_1[i].c, hash, DK, &dkLen)) != CRYPT_OK) { + LTC_UNUSED_PARAM(err); #ifdef LTC_TEST_DBG printf("\npkcs_5_alg1() #%d: Failed/1 (%s)\n", i, error_to_string(err)); #endif @@ -203,6 +205,7 @@ int pkcs_5_test (void) (unsigned char*)cases_5_1o[i].S, cases_5_1o[i].c, hash, DK, &dkLen)) != CRYPT_OK) { + LTC_UNUSED_PARAM(err); #ifdef LTC_TEST_DBG printf("\npkcs_5_alg1_openssl() #%d: Failed/1 (%s)\n", i, error_to_string(err)); #endif diff --git a/src/misc/ssh/ssh_encode_sequence_multi.c b/src/misc/ssh/ssh_encode_sequence_multi.c index d2be6897e..4bec5e12e 100644 --- a/src/misc/ssh/ssh_encode_sequence_multi.c +++ b/src/misc/ssh/ssh_encode_sequence_multi.c @@ -134,7 +134,7 @@ int ssh_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...) STORE32H(size, out); out += 4; } - if ((err = mp_to_unsigned_bin(vdata, out)) != CRYPT_OK) { + if (mp_to_unsigned_bin(vdata, out) != CRYPT_OK) { err = CRYPT_ERROR; goto error; } diff --git a/src/pk/asn1/der/custom_type/der_encode_custom_type.c b/src/pk/asn1/der/custom_type/der_encode_custom_type.c index 2e21b4aaa..586fb316b 100644 --- a/src/pk/asn1/der/custom_type/der_encode_custom_type.c +++ b/src/pk/asn1/der/custom_type/der_encode_custom_type.c @@ -36,7 +36,7 @@ int der_encode_custom_type(const ltc_asn1_list *root, /* get size of output that will be required */ y = 0; z = 0; - if ((err = der_length_custom_type(root, &y, &z)) != CRYPT_OK) return CRYPT_INVALID_ARG; + if (der_length_custom_type(root, &y, &z) != CRYPT_OK) return CRYPT_INVALID_ARG; /* too big ? */ if (*outlen < y) { @@ -46,7 +46,7 @@ int der_encode_custom_type(const ltc_asn1_list *root, } /* get length of the identifier, so we know the offset where to start writing */ - if ((err = der_length_asn1_identifier(root, &id_len)) != CRYPT_OK) return CRYPT_INVALID_ARG; + if (der_length_asn1_identifier(root, &id_len) != CRYPT_OK) return CRYPT_INVALID_ARG; x = id_len; diff --git a/src/pk/asn1/der/sequence/der_encode_sequence_ex.c b/src/pk/asn1/der/sequence/der_encode_sequence_ex.c index d5c81bbd9..2ea33a6d4 100644 --- a/src/pk/asn1/der/sequence/der_encode_sequence_ex.c +++ b/src/pk/asn1/der/sequence/der_encode_sequence_ex.c @@ -33,7 +33,7 @@ int der_encode_sequence_ex(const ltc_asn1_list *list, unsigned long inlen, /* get size of output that will be required */ y = 0; z = 0; - if ((err = der_length_sequence_ex(list, inlen, &y, &z)) != CRYPT_OK) return CRYPT_INVALID_ARG; + if (der_length_sequence_ex(list, inlen, &y, &z) != CRYPT_OK) return CRYPT_INVALID_ARG; /* too big ? */ if (*outlen < y) { diff --git a/src/pk/dsa/dsa_import.c b/src/pk/dsa/dsa_import.c index 995e0d225..b5660d398 100644 --- a/src/pk/dsa/dsa_import.c +++ b/src/pk/dsa/dsa_import.c @@ -72,14 +72,14 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key) } } /* get key type */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &zero, - LTC_ASN1_INTEGER, 1UL, key->p, - LTC_ASN1_INTEGER, 1UL, key->q, - LTC_ASN1_INTEGER, 1UL, key->g, - LTC_ASN1_INTEGER, 1UL, key->y, - LTC_ASN1_INTEGER, 1UL, key->x, - LTC_ASN1_EOL, 0UL, NULL)) == CRYPT_OK) { + if (der_decode_sequence_multi(in, inlen, + LTC_ASN1_SHORT_INTEGER, 1UL, &zero, + LTC_ASN1_INTEGER, 1UL, key->p, + LTC_ASN1_INTEGER, 1UL, key->q, + LTC_ASN1_INTEGER, 1UL, key->g, + LTC_ASN1_INTEGER, 1UL, key->y, + LTC_ASN1_INTEGER, 1UL, key->x, + LTC_ASN1_EOL, 0UL, NULL) == CRYPT_OK) { key->type = PK_PRIVATE; } else { /* public */ diff --git a/src/pk/ecc/ecc_import_pkcs8.c b/src/pk/ecc/ecc_import_pkcs8.c index a6fd7bfbb..81ac6ed6b 100644 --- a/src/pk/ecc/ecc_import_pkcs8.c +++ b/src/pk/ecc/ecc_import_pkcs8.c @@ -64,7 +64,7 @@ int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, if (err != CRYPT_OK) return err; - if ((err = pkcs8_decode_flexi(in, inlen, pwd, pwdlen, &l)) == CRYPT_OK) { + if (pkcs8_decode_flexi(in, inlen, pwd, pwdlen, &l) == CRYPT_OK) { /* Setup for basic structure */ n=0; @@ -73,7 +73,7 @@ int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OCTET_STRING, &priv_key); LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); - if (((err = s_der_flexi_sequence_cmp(l, flexi_should)) == CRYPT_OK) && + if ((s_der_flexi_sequence_cmp(l, flexi_should) == CRYPT_OK) && (pk_oid_cmp_with_asn1(pka_ec_oid, seq->child) == CRYPT_OK)) { ltc_asn1_list *version, *field, *point, *point_g, *order, *p_cofactor; @@ -154,7 +154,7 @@ int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, /* load private key value 'k' */ len = priv_key->size; - if ((err = der_decode_sequence_flexi(priv_key->data, &len, &p)) == CRYPT_OK) { + if (der_decode_sequence_flexi(priv_key->data, &len, &p) == CRYPT_OK) { if (p->type == LTC_ASN1_SEQUENCE && LTC_ASN1_IS_TYPE(p->child, LTC_ASN1_INTEGER) && LTC_ASN1_IS_TYPE(p->child->next, LTC_ASN1_OCTET_STRING)) { diff --git a/src/pk/rsa/rsa_verify_hash.c b/src/pk/rsa/rsa_verify_hash.c index ca4cdf9c4..d946a2028 100644 --- a/src/pk/rsa/rsa_verify_hash.c +++ b/src/pk/rsa/rsa_verify_hash.c @@ -136,7 +136,7 @@ int rsa_verify_hash_ex(const unsigned char *sig, unsigned long sigle LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2); LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, tmpbuf, siglen); - if ((err = der_decode_sequence_strict(out, outlen, siginfo, 2)) != CRYPT_OK) { + if (der_decode_sequence_strict(out, outlen, siginfo, 2) != CRYPT_OK) { /* fallback to Legacy:missing NULL */ LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 1); if ((err = der_decode_sequence_strict(out, outlen, siginfo, 2)) != CRYPT_OK) { diff --git a/tests/der_test.c b/tests/der_test.c index 3b8354bd0..70683b81a 100644 --- a/tests/der_test.c +++ b/tests/der_test.c @@ -1272,19 +1272,18 @@ static void der_Xcode_run(const der_Xcode_t* x) { unsigned long l1, l2, sz; void *d1, *d2; - int err; l1 = 1; d1 = XMALLOC(l1 * x->type_sz); sz = (x->in_sz * x->factor)/x->type_sz; - if ((err = x->encode(x->in, sz, d1, &l1)) == CRYPT_BUFFER_OVERFLOW) { + if (x->encode(x->in, sz, d1, &l1) == CRYPT_BUFFER_OVERFLOW) { d1 = XREALLOC(d1, l1 * x->type_sz); } DO(x->encode(x->in, sz, d1, &l1)); l2 = 1; d2 = XMALLOC(l2 * x->type_sz); - while ((err = x->decode(d1, l1, d2, &l2)) == CRYPT_BUFFER_OVERFLOW) { + while (x->decode(d1, l1, d2, &l2) == CRYPT_BUFFER_OVERFLOW) { d2 = XREALLOC(d2, l2 * x->type_sz); } DO(x->decode(d1, l1, d2, &l2)); diff --git a/tests/pkcs_1_test.c b/tests/pkcs_1_test.c index 9bc9a2777..00d90bfed 100644 --- a/tests/pkcs_1_test.c +++ b/tests/pkcs_1_test.c @@ -14,7 +14,7 @@ int pkcs_1_test(void) { unsigned char buf[3][128]; int res1, res2, res3, prng_idx, hash_idx; - unsigned long x, y, l1, l2, l3, i1, i2, lparamlen, saltlen, modlen; + unsigned long x, y, l1, l2, l3, i1, lparamlen, saltlen, modlen; static const unsigned char lparam[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 }; /* get hash/prng */ @@ -75,7 +75,7 @@ int pkcs_1_test(void) DO(pkcs_1_pss_decode(buf[0], l3, buf[1], l1, saltlen, hash_idx, modlen, &res2)); buf[0][i1] ^= 1; - buf[1][i2 = abs(rand()) % (l1 - 1)] ^= 1; + buf[1][abs(rand()) % (l1 - 1)] ^= 1; pkcs_1_pss_decode(buf[0], l3, buf[1], l1, saltlen, hash_idx, modlen, &res3); if (!(res1 == 1 && res2 == 0 && res3 == 0)) { fprintf(stderr, "PSS failed: %d, %d, %d, %lu, %lu\n", res1, res2, res3, l3, saltlen); From e1a52a5b94aa1bb96bcce138ee290e0322fc830e Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sat, 17 Jun 2023 21:29:41 +0200 Subject: [PATCH 3/6] Fix Valgrind CI run when building with Clang Clang creates now DWARFv5 debug infos which isn't supported in old Valgrind versions. Instruct Clang to create DWARFv4 debug infos, so we can run our tests in Valgrind. Signed-off-by: Steffen Jaeckel --- .ci/valgrind.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.ci/valgrind.sh b/.ci/valgrind.sh index 87ad88421..e813f367e 100755 --- a/.ci/valgrind.sh +++ b/.ci/valgrind.sh @@ -21,7 +21,10 @@ make clean &>/dev/null echo "Build for valgrind..." -make -j$MAKE_JOBS CFLAGS="$2 $CFLAGS $4" EXTRALIBS="$5" test LTC_DEBUG=1 1>gcc_1.txt 2>gcc_2.txt +# set DWARFv4 as debug format for clang, since it creates DWARFv5 as default which isn't support in old valgrind +[ -z "$(echo $CC | grep "clang")" ] || GFLAG="-gdwarf-4" + +make -j$MAKE_JOBS CFLAGS="$2 $CFLAGS $4 $GFLAG" EXTRALIBS="$5" test LTC_DEBUG=1 1>gcc_1.txt 2>gcc_2.txt echo "Run tests with valgrind..." From 8076d86366c2fd2ca73f57e25ba3a846cf29f9c9 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Mon, 19 Jun 2023 16:44:40 +0200 Subject: [PATCH 4/6] Fix missing include paths of ltm and tfm Default include paths of ltm and tfm have changed. Try to get include paths from pkg-config. Signed-off-by: Steffen Jaeckel --- makefile_include.mk | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/makefile_include.mk b/makefile_include.mk index 9564fac66..7ce66824f 100644 --- a/makefile_include.mk +++ b/makefile_include.mk @@ -55,10 +55,10 @@ endif ifndef EXTRALIBS ifneq ($(shell echo $(CFLAGS) | grep USE_LTM),) -EXTRALIBS=$(shell PKG_CONFIG_PATH=$(LIBPATH)/pkgconfig pkg-config libtommath --libs) +EXTRALIBS=$(shell PKG_CONFIG_PATH=$(LIBPATH)/pkgconfig pkg-config --libs libtommath) else ifneq ($(shell echo $(CFLAGS) | grep USE_TFM),) -EXTRALIBS=$(shell PKG_CONFIG_PATH=$(LIBPATH)/pkgconfig pkg-config tomsfastmath --libs) +EXTRALIBS=$(shell PKG_CONFIG_PATH=$(LIBPATH)/pkgconfig pkg-config --libs tomsfastmath) endif endif endif @@ -76,6 +76,12 @@ endef # by giving them as a parameter to make: # make CFLAGS="-I./src/headers/ -DLTC_SOURCE ..." ... # +ifneq ($(shell echo $(CFLAGS) | grep LTM_DESC),) +LTC_CFLAGS+=$(shell PKG_CONFIG_PATH=$(LIBPATH)/pkgconfig pkg-config --cflags-only-I libtommath) +endif +ifneq ($(shell echo $(CFLAGS) | grep TFM_DESC),) +LTC_CFLAGS+=$(shell PKG_CONFIG_PATH=$(LIBPATH)/pkgconfig pkg-config --cflags-only-I tomsfastmath) +endif LTC_CFLAGS += -I./src/headers/ -DLTC_SOURCE -Wall -Wsign-compare -Wshadow ifdef OLD_GCC From acec8a5c3e480f1b7056caec394d89a06abeac9d Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Mon, 19 Jun 2023 17:15:59 +0200 Subject: [PATCH 5/6] More error logs on CI failure Signed-off-by: Steffen Jaeckel --- .github/workflows/main.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index afed94c63..1b9d0944c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -71,14 +71,16 @@ jobs: - name: regular logs if: ${{ !failure() }} run: | - cat gcc_1.txt - cat gcc_2.txt + cat gcc_1.txt || true + cat gcc_2.txt || true - name: error logs if: ${{ failure() }} run: | - cat test_std.txt - cat test_err.txt - cat tv.txt + cat gcc_1.txt || true + cat gcc_2.txt || true + cat test_std.txt || true + cat test_err.txt || true + cat tv.txt || true - name: pack build directory if: ${{ failure() }} run: | From 90359498e1c2b4d1b382c9f3575e0fb85ff47253 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Mon, 19 Jun 2023 17:16:23 +0200 Subject: [PATCH 6/6] Remove pre-installed libtommath Signed-off-by: Steffen Jaeckel --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1b9d0944c..804a01f39 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -57,6 +57,7 @@ jobs: run: | sudo apt-get update -qq sudo apt-get install -y libgmp-dev valgrind libtool-bin clang-tools lcov ruby clang + sudo apt-get remove -y libtommath1 sudo gem install coveralls-lcov curl -s https://packagecloud.io/install/repositories/libtom/packages/script.deb.sh | sudo bash sudo apt-get install libtfm-git-dev libtommath-git-dev