diff options
-rw-r--r-- | user/mbedtls/APKBUILD | 17 | ||||
-rw-r--r-- | user/mbedtls/fix-big-endian-alignment-tests.patch | 313 |
2 files changed, 318 insertions, 12 deletions
diff --git a/user/mbedtls/APKBUILD b/user/mbedtls/APKBUILD index 2b2751e6f..362e112e9 100644 --- a/user/mbedtls/APKBUILD +++ b/user/mbedtls/APKBUILD @@ -11,7 +11,9 @@ depends="" checkdepends="python3" makedepends="cmake" subpackages="$pkgname-dev" -source="mbedtls-$pkgver.tar.gz::https://github.com/ARMmbed/mbedtls/archive/refs/tags/v$pkgver.tar.gz" +source="mbedtls-$pkgver.tar.gz::https://github.com/ARMmbed/mbedtls/archive/refs/tags/v$pkgver.tar.gz + fix-big-endian-alignment-tests.patch + " # secfixes: # 3.3.0-r0: @@ -20,16 +22,6 @@ source="mbedtls-$pkgver.tar.gz::https://github.com/ARMmbed/mbedtls/archive/refs/ # - CVE-2022-46392 # - CVE-2022-46393 -prepare() { - default_prepare - - #1002 -- fails on BE platforms (ppc64, sparc64, ...) - rm -v \ - tests/suites/test_suite_alignment.data \ - tests/suites/test_suite_alignment.function \ - ; -} - build() { if [ "$CBUILD" != "$CHOST" ]; then CMAKE_CROSSOPTS="-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_HOST_SYSTEM_NAME=Linux" @@ -59,4 +51,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="be24d2c926f94a7958c4340574e2c74a745120ccf20bcaeeda18b9c0e732fd1913f37c1f883b74ff772c24fbe8763c25c34e99a20a69e023c3d0d49aedd5f6b5 mbedtls-3.4.0.tar.gz" +sha512sums="be24d2c926f94a7958c4340574e2c74a745120ccf20bcaeeda18b9c0e732fd1913f37c1f883b74ff772c24fbe8763c25c34e99a20a69e023c3d0d49aedd5f6b5 mbedtls-3.4.0.tar.gz +40a4aefd39b63babf1f54bb2ab655278aaca1482da6e0b8943751a55c067307f8a591217b0c3b546a8ae02f7eca72c22da9d74378a5c28e00f8ca97dbcf1b7f8 fix-big-endian-alignment-tests.patch" diff --git a/user/mbedtls/fix-big-endian-alignment-tests.patch b/user/mbedtls/fix-big-endian-alignment-tests.patch new file mode 100644 index 000000000..c03fdb426 --- /dev/null +++ b/user/mbedtls/fix-big-endian-alignment-tests.patch @@ -0,0 +1,313 @@ +See also: + + * https://git.adelielinux.org/adelie/packages/-/issues/1002 + * https://github.com/Mbed-TLS/mbedtls/issues/7428 + * https://github.com/Mbed-TLS/mbedtls/pull/7440 + +From 9dc8b6a6a201ccdbfcbf0de8f76b8b0ddfc2f85c Mon Sep 17 00:00:00 2001 +From: Dave Rodgman <dave.rodgman@arm.com> +Date: Thu, 13 Apr 2023 12:53:35 +0100 +Subject: [PATCH 1/6] Test fixes for big-endian + +Signed-off-by: Dave Rodgman <dave.rodgman@arm.com> +--- + tests/suites/test_suite_alignment.function | 58 ++++++++++++---------- + 1 file changed, 31 insertions(+), 27 deletions(-) + +diff --git a/tests/suites/test_suite_alignment.function b/tests/suites/test_suite_alignment.function +index f6703318ce7..45080cc7b6a 100644 +--- a/tests/suites/test_suite_alignment.function ++++ b/tests/suites/test_suite_alignment.function +@@ -17,6 +17,20 @@ int parse_hex_string(char *hex_string, uint64_t *result) + if (mbedtls_test_unhexify(raw, sizeof(raw), hex_string, &olen) != 0) { + return 0; + } ++ ++ /* If < 8 bytes, shift right and pad with leading zeros for big-endian */ ++ if (MBEDTLS_IS_BIG_ENDIAN) { ++ if (olen < 8) { ++ int offset = 8 - olen; ++ for (int i = olen - 1; i >= 0; i--) { ++ raw[i + offset] = raw[i]; ++ } ++ for (int i = 0; i < offset; i++) { ++ raw[i] = 0; ++ } ++ } ++ } ++ + *result = 0; + for (size_t i = 0; i < olen; i++) { + if (MBEDTLS_IS_BIG_ENDIAN) { +@@ -57,38 +71,28 @@ void mbedtls_unaligned_access(int size, int offset) + break; + } + +- /* Generate expected result */ +- uint64_t expected = 0; +- for (uint8_t i = 0; i < 8; i++) { +- uint8_t shift; +- if (MBEDTLS_IS_BIG_ENDIAN) { +- /* +- * Similar to little-endian case described below, but the shift needs +- * to be inverted +- */ +- shift = 7 - (i * 8); +- } else { +- /* example for offset == 1: +- * expected = (( 1 + 0 ) << (0 * 8)) | (( 1 + 1 ) << (1 * 8)) | (( 1 + 2 ) << (2 * 8))) +- * = (1 << 0) | (2 << 8) | (3 << 16) ... +- * = 0x0807060504030201 +- * x = { 0, 1, 2, 3, ... } +- * ie expected is the value that would be read from x on a LE system, when +- * byte swapping is not performed +- */ +- shift = i * 8; +- } +- uint64_t b = offset + i; +- expected |= b << shift; ++ /* Define expected result by manually aligning the raw bytes, and ++ * reading back with a normal pointer access. */ ++ uint64_t raw_aligned = 0; ++ uint8_t *e8 = (uint8_t *) &raw_aligned; ++ uint8_t *r8 = ((uint8_t *) &raw) + offset; ++ /* Make aligned copy */ ++ for (int i = 0; i < size / 8; i++) { ++ e8[i] = r8[i]; + } +- +- /* Mask out excess bits from expected result */ ++ /* Make a 16/32/64 byte read from the aligned location, and copy to expected */ ++ uint64_t expected = 0; + switch (size) { + case 16: +- expected &= 0xffff; ++ uint16_t *e16 = (uint16_t *) &raw_aligned; ++ expected = *e16; + break; + case 32: +- expected &= 0xffffffff; ++ uint32_t *e32 = (uint32_t *) &raw_aligned; ++ expected = *e32; ++ break; ++ case 64: ++ expected = raw_aligned; + break; + } + + +From 0a05e703dbc303fc5e1154e926bc96cb312ace89 Mon Sep 17 00:00:00 2001 +From: Dave Rodgman <dave.rodgman@arm.com> +Date: Thu, 13 Apr 2023 13:01:34 +0100 +Subject: [PATCH 2/6] Tidy-up + +Signed-off-by: Dave Rodgman <dave.rodgman@arm.com> +--- + tests/suites/test_suite_alignment.function | 29 ++++++++-------------- + 1 file changed, 11 insertions(+), 18 deletions(-) + +diff --git a/tests/suites/test_suite_alignment.function b/tests/suites/test_suite_alignment.function +index 45080cc7b6a..cd4502005f0 100644 +--- a/tests/suites/test_suite_alignment.function ++++ b/tests/suites/test_suite_alignment.function +@@ -19,15 +19,13 @@ int parse_hex_string(char *hex_string, uint64_t *result) + } + + /* If < 8 bytes, shift right and pad with leading zeros for big-endian */ +- if (MBEDTLS_IS_BIG_ENDIAN) { +- if (olen < 8) { +- int offset = 8 - olen; +- for (int i = olen - 1; i >= 0; i--) { +- raw[i + offset] = raw[i]; +- } +- for (int i = 0; i < offset; i++) { +- raw[i] = 0; +- } ++ if (MBEDTLS_IS_BIG_ENDIAN && olen < 8) { ++ int offset = 8 - olen; ++ for (int i = olen - 1; i >= 0; i--) { ++ raw[i + offset] = raw[i]; ++ } ++ for (int i = 0; i < offset; i++) { ++ raw[i] = 0; + } + } + +@@ -73,13 +71,8 @@ void mbedtls_unaligned_access(int size, int offset) + + /* Define expected result by manually aligning the raw bytes, and + * reading back with a normal pointer access. */ +- uint64_t raw_aligned = 0; +- uint8_t *e8 = (uint8_t *) &raw_aligned; +- uint8_t *r8 = ((uint8_t *) &raw) + offset; +- /* Make aligned copy */ +- for (int i = 0; i < size / 8; i++) { +- e8[i] = r8[i]; +- } ++ uint64_t raw_aligned; ++ memcpy(&raw_aligned, ((uint8_t*)&raw) + offset, size / 8); + /* Make a 16/32/64 byte read from the aligned location, and copy to expected */ + uint64_t expected = 0; + switch (size) { +@@ -98,7 +91,7 @@ void mbedtls_unaligned_access(int size, int offset) + + TEST_EQUAL(r, expected); + +- /* Write sentinel to the part of the array we will testing writing to */ ++ /* Write sentinel to the part of the array we will test writing to */ + for (size_t i = 0; i < (size_t) (size / 8); i++) { + x[i + offset] = 0xff; + } +@@ -319,7 +312,7 @@ void unaligned_access_endian_aware(int size, int offset, int big_endian) + /* Verify read */ + TEST_EQUAL(read, expected); + +- /* Test writing back to memory. First write sentiel */ ++ /* Test writing back to memory. First write sentinel */ + for (size_t i = 0; i < (size_t) (size / 8); i++) { + x[i + offset] = 0xff; + } + +From df2d5b1ca1569f3a6e129e276756d9d15980f719 Mon Sep 17 00:00:00 2001 +From: Dave Rodgman <dave.rodgman@arm.com> +Date: Thu, 13 Apr 2023 13:41:09 +0100 +Subject: [PATCH 3/6] Fix compile error + +Signed-off-by: Dave Rodgman <dave.rodgman@arm.com> +--- + tests/suites/test_suite_alignment.function | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/tests/suites/test_suite_alignment.function b/tests/suites/test_suite_alignment.function +index cd4502005f0..3a5038e98c2 100644 +--- a/tests/suites/test_suite_alignment.function ++++ b/tests/suites/test_suite_alignment.function +@@ -71,21 +71,21 @@ void mbedtls_unaligned_access(int size, int offset) + + /* Define expected result by manually aligning the raw bytes, and + * reading back with a normal pointer access. */ +- uint64_t raw_aligned; +- memcpy(&raw_aligned, ((uint8_t*)&raw) + offset, size / 8); ++ uint64_t raw_aligned_64; ++ uint16_t *raw_aligned_16 = (uint16_t *) &raw_aligned_64; ++ uint32_t *raw_aligned_32 = (uint32_t *) &raw_aligned_64; ++ memcpy(&raw_aligned_64, ((uint8_t *) &raw) + offset, size / 8); + /* Make a 16/32/64 byte read from the aligned location, and copy to expected */ + uint64_t expected = 0; + switch (size) { + case 16: +- uint16_t *e16 = (uint16_t *) &raw_aligned; +- expected = *e16; ++ expected = *raw_aligned_16; + break; + case 32: +- uint32_t *e32 = (uint32_t *) &raw_aligned; +- expected = *e32; ++ expected = *raw_aligned_32; + break; + case 64: +- expected = raw_aligned; ++ expected = raw_aligned_64; + break; + } + + +From b169671c50e7c1779763ac89d35af11dc0997477 Mon Sep 17 00:00:00 2001 +From: Dave Rodgman <dave.rodgman@arm.com> +Date: Thu, 13 Apr 2023 13:46:46 +0100 +Subject: [PATCH 4/6] Tidy-up + +Signed-off-by: Dave Rodgman <dave.rodgman@arm.com> +--- + tests/suites/test_suite_alignment.function | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/tests/suites/test_suite_alignment.function b/tests/suites/test_suite_alignment.function +index 3a5038e98c2..b027c4b1165 100644 +--- a/tests/suites/test_suite_alignment.function ++++ b/tests/suites/test_suite_alignment.function +@@ -20,13 +20,8 @@ int parse_hex_string(char *hex_string, uint64_t *result) + + /* If < 8 bytes, shift right and pad with leading zeros for big-endian */ + if (MBEDTLS_IS_BIG_ENDIAN && olen < 8) { +- int offset = 8 - olen; +- for (int i = olen - 1; i >= 0; i--) { +- raw[i + offset] = raw[i]; +- } +- for (int i = 0; i < offset; i++) { +- raw[i] = 0; +- } ++ memmove(raw + 8 - olen, raw, olen); ++ memset(raw, 0, 8 - olen); + } + + *result = 0; + +From c07df36f9e402ef8b97beb92b25556b04c10c77e Mon Sep 17 00:00:00 2001 +From: Dave Rodgman <dave.rodgman@arm.com> +Date: Thu, 13 Apr 2023 14:54:12 +0100 +Subject: [PATCH 5/6] More fixes for big-endian + +Signed-off-by: Dave Rodgman <dave.rodgman@arm.com> +--- + tests/suites/test_suite_alignment.function | 12 +----------- + 1 file changed, 1 insertion(+), 11 deletions(-) + +diff --git a/tests/suites/test_suite_alignment.function b/tests/suites/test_suite_alignment.function +index b027c4b1165..717c51a6951 100644 +--- a/tests/suites/test_suite_alignment.function ++++ b/tests/suites/test_suite_alignment.function +@@ -18,19 +18,9 @@ int parse_hex_string(char *hex_string, uint64_t *result) + return 0; + } + +- /* If < 8 bytes, shift right and pad with leading zeros for big-endian */ +- if (MBEDTLS_IS_BIG_ENDIAN && olen < 8) { +- memmove(raw + 8 - olen, raw, olen); +- memset(raw, 0, 8 - olen); +- } +- + *result = 0; + for (size_t i = 0; i < olen; i++) { +- if (MBEDTLS_IS_BIG_ENDIAN) { +- *result |= ((uint64_t) raw[i]) << (i * 8); +- } else { +- *result |= ((uint64_t) raw[i]) << ((olen - i - 1) * 8); +- } ++ *result |= ((uint64_t) raw[i]) << ((olen - i - 1) * 8); + } + return 1; + } + +From 9145dc46ed98f0bc19e09d52486ba120c1f14589 Mon Sep 17 00:00:00 2001 +From: Dave Rodgman <dave.rodgman@arm.com> +Date: Thu, 13 Apr 2023 14:59:03 +0100 +Subject: [PATCH 6/6] Ensure variables initialised + +Signed-off-by: Dave Rodgman <dave.rodgman@arm.com> +--- + tests/suites/test_suite_alignment.function | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/suites/test_suite_alignment.function b/tests/suites/test_suite_alignment.function +index 717c51a6951..ed8f918d8c3 100644 +--- a/tests/suites/test_suite_alignment.function ++++ b/tests/suites/test_suite_alignment.function +@@ -12,7 +12,7 @@ + */ + int parse_hex_string(char *hex_string, uint64_t *result) + { +- uint8_t raw[8]; ++ uint8_t raw[8] = {0}; + size_t olen; + if (mbedtls_test_unhexify(raw, sizeof(raw), hex_string, &olen) != 0) { + return 0; +@@ -104,7 +104,7 @@ void mbedtls_unaligned_access(int size, int offset) + /* BEGIN_CASE */ + void mbedtls_byteswap(char *input_str, int size, char *expected_str) + { +- uint64_t input, expected; ++ uint64_t input = 0, expected = 0; + TEST_ASSERT(parse_hex_string(input_str, &input)); + TEST_ASSERT(parse_hex_string(expected_str, &expected)); + |