From patchwork Thu Dec 19 22:04:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1213743 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="rR6He08A"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47f5XH3vLVz9sPL for ; Fri, 20 Dec 2019 09:05:03 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=5wO60C9u5tY0MuXB22EpKPIciy0T2Gsw8PbO18uZDtU=; b=rR6He08AYArlWF W9qaqfKPDQDwLutyG9xu7/B6VUOjvOAoIE7+UgFpC/8XO6wHPgNXiONDftUfaRi15f6/WYNjQY9Bp 6U53YatpcwCguzVsoTM5iFbj1umaf7bvt92hWxk94sIfkLvvXiNyTd9b0sdB/fj3g4S0fgTovO3Gd nds4qX7I2x1DeTfAVe47JQmj0VZGt8udEzY+8R6UN0Bq6F6X4xeqUj+7TuGeLnl4+bsj45c2S2FbS e4y0Up/pdePZnC7TALjZMHstObjwXcwGFl47KLwAvtKemmr6UFZ+mQeFNdoRY/W65Hw5IXEW8UMGU sUT3bqAuqX+av0Umnjxg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3un-0004rw-6j; Thu, 19 Dec 2019 22:05:01 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3uH-0003XS-EL for openwrt-devel@lists.openwrt.org; Thu, 19 Dec 2019 22:04:31 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id C11194B90; Thu, 19 Dec 2019 23:04:27 +0100 (CET) Received: by meh.true.cz (OpenSMTPD) with ESMTP id 89f3a5a9; Thu, 19 Dec 2019 23:04:18 +0100 (CET) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Date: Thu, 19 Dec 2019 23:04:13 +0100 Message-Id: <20191219220421.22206-2-ynezz@true.cz> In-Reply-To: <20191219220421.22206-1-ynezz@true.cz> References: <20191219220421.22206-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191219_140429_705369_E5E025BF X-CRM114-Status: UNSURE ( 6.84 ) X-CRM114-Notice: Please train this message. X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [178.217.244.18 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record Subject: [OpenWrt-Devel] [PATCH ucert 1/9] cmake: add proper include and library dependencies X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Otherwise it's not possible to compile it properly if the dependencies are not installed in the standard include/libraries paths. Signed-off-by: Petr Štetiar --- CMakeLists.txt | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 4c81184caf82..14888ac38135 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -5,7 +5,13 @@ ADD_DEFINITIONS(-Os -ggdb -Wall --std=gnu99 -Wmissing-declarations) SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "") -find_library(json NAMES json-c json) +FIND_PATH(ubox_include_dir NAMES libubox/usock.h) +FIND_PATH(jsonc_include_dir NAMES json-c/json.h) +INCLUDE_DIRECTORIES(${ubox_include_dir} ${jsonc_include_dir}) + +FIND_LIBRARY(ubox NAMES ubox) +FIND_LIBRARY(blobmsg_json NAMES blobmsg_json) +FIND_LIBRARY(json NAMES json-c json) IF(UCERT_HOST_BUILD) ADD_DEFINITIONS(-DUCERT_HOST_BUILD) @@ -19,10 +25,10 @@ ENDIF() ADD_EXECUTABLE(ucert ucert.c usign-exec.c) IF(UCERT_FULL) ADD_DEFINITIONS(-DUCERT_FULL) -TARGET_LINK_LIBRARIES(ucert ubox blobmsg_json ${json}) +TARGET_LINK_LIBRARIES(ucert ${ubox} ${blobmsg_json} ${json}) ELSE() ADD_DEFINITIONS(-DUCERT_STRIP_MESSAGES) -TARGET_LINK_LIBRARIES(ucert ubox) +TARGET_LINK_LIBRARIES(ucert ${ubox}) ENDIF() INSTALL(TARGETS ucert RUNTIME DESTINATION bin) From patchwork Thu Dec 19 22:04:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1213745 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="TDQaJEcp"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47f5Xn144Qz9sPL for ; Fri, 20 Dec 2019 09:05:29 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=jCDr8ccHYOO1Nt7aFvtgeBTqhUDxwmCgygG6DayExlk=; b=TDQaJEcpjkbp40 KqIqXfQtDv8iuvoTV3/LHzOL1wbVvVaUV1mo5uJnK2cIaK1SMpsft3HnjC+LPHt7xSCUhkPCP6imH OQbdVqueehVQlJfUEG0aggM1meW/qkINB3YAlJ2OKnaY194eIqSJyEZ+QztwzmWC8O918QwQMPOR4 /b1XYBGMwk6rdmGxHPS03e1uz59a2x8mDEpmQRma3CNEKKYeiGGz4KQqAeMXM3T8lAXrHUPB1b6F3 BtC9jD/wNwBntdd6AHGHHT6KjCGhaLgm7zn7Pg8fx49jmfoZy+FnI33bEgSPDQIaxNRoQt1OluMYo bEFbU+t79GgEBSb6lnlQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3vD-0006Xv-Ci; Thu, 19 Dec 2019 22:05:27 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3uI-0003an-LW for openwrt-devel@lists.openwrt.org; Thu, 19 Dec 2019 22:04:34 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id EC4814B91; Thu, 19 Dec 2019 23:04:28 +0100 (CET) Received: by meh.true.cz (OpenSMTPD) with ESMTP id 82b2e697; Thu, 19 Dec 2019 23:04:18 +0100 (CET) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Date: Thu, 19 Dec 2019 23:04:14 +0100 Message-Id: <20191219220421.22206-3-ynezz@true.cz> In-Reply-To: <20191219220421.22206-1-ynezz@true.cz> References: <20191219220421.22206-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191219_140430_897931_C46B641D X-CRM114-Status: UNSURE ( 7.94 ) X-CRM114-Notice: Please train this message. X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [178.217.244.18 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record Subject: [OpenWrt-Devel] [PATCH ucert 2/9] add initial GitLab CI support X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Uses currently proof-of-concept openwrt-ci[1] in order to: * improve the quality of the codebase in various areas * decrease code review time and help merging contributions faster * get automagic feedback loop on various platforms and tools - out of tree build with OpenWrt SDK on following targets: * ath79-generic * imx6-generic * malta-be * mvebu-cortexa53 - out of tree native build on x86/64 with GCC (versions 7, 8, 9) and Clang 10 - out of tree native x86/64 static code analysis with cppcheck and scan-build from Clang 10 1. https://gitlab.com/ynezz/openwrt-ci/ Signed-off-by: Petr Štetiar --- .gitlab-ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 000000000000..94f65e71b111 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,6 @@ +variables: + CI_TARGET_BUILD_DEPENDS: ucert + +include: + - remote: https://gitlab.com/ynezz/openwrt-ci/raw/master/openwrt-ci/gitlab/main.yml + - remote: https://gitlab.com/ynezz/openwrt-ci/raw/master/openwrt-ci/gitlab/pipeline.yml From patchwork Thu Dec 19 22:04:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1213747 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="lAJFSECC"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47f5YP43GGz9sPT for ; Fri, 20 Dec 2019 09:06:01 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=dE5/83D/XNQBWk0+dZ0e61YnwFwZxicvOMpsz1cy3j4=; b=lAJFSECCekYhac /UpI7TNYKLebWeNkfUDtz9W7WBp7yurIIQJN74DxW2q14HGSHFqg0zvPV2TT7XCT+5aISpnWkzsfb iS3BvYEKHU5DPWqQmh0Kt+1vbTTZj4Ol+5+Gc8SekKCBlrsIJA0SG43V4zc5Rnv6Z/jNE8UP04mSx 2jqzuOiq1bhVZJ0SKD42PDNSFknqHaDKtHcVkhkxOnXKdppD4Op2lm9vYD0uL21VXrZWQgDa8zW0y hhPUoi+HAt+wfRrU9LqWZ0LRAk7O+JoCNL9aJwfhGIbKYcsp9q9KJgqM6T3qcm6AZpudR1+Jf6ek/ SHsNprZvpMLlwfJISzzw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3ve-0007hp-Ne; Thu, 19 Dec 2019 22:05:54 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3uI-0003bV-Rp for openwrt-devel@lists.openwrt.org; Thu, 19 Dec 2019 22:04:38 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id 207A24B92; Thu, 19 Dec 2019 23:04:29 +0100 (CET) Received: by meh.true.cz (OpenSMTPD) with ESMTP id 5a7ee360; Thu, 19 Dec 2019 23:04:19 +0100 (CET) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Date: Thu, 19 Dec 2019 23:04:15 +0100 Message-Id: <20191219220421.22206-4-ynezz@true.cz> In-Reply-To: <20191219220421.22206-1-ynezz@true.cz> References: <20191219220421.22206-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191219_140431_239740_6386F0BB X-CRM114-Status: GOOD ( 10.70 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [178.217.244.18 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record Subject: [OpenWrt-Devel] [PATCH ucert 3/9] cmake: enable hardening compiler flags and fix the reported issues X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Lets enable some useful flags in order to spot possible issues during QA on CI (GCC version 6 and higher). Fix warnings uncovered by this new flags as reported by clang-9 on x86/64: ucert.c:158:33: error: comparison of integers of different signs: 'unsigned long' and 'int' [-Werror,-Wsign-compare] ucert.c:176:14: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare] ucert.c:314:18: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare] ucert.c:315:18: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare] ucert.c:557:17: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare] Ref: https://developers.redhat.com/blog/2018/03/21/compiler-and-linker-flags-gcc/ Signed-off-by: Petr Štetiar --- CMakeLists.txt | 8 +++++++- ucert.c | 18 +++++++++++------- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 14888ac38135..436abc6857b3 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,7 +1,13 @@ cmake_minimum_required(VERSION 2.6) PROJECT(ucert C) -ADD_DEFINITIONS(-Os -ggdb -Wall --std=gnu99 -Wmissing-declarations) + +ADD_DEFINITIONS(-Wall -Werror) +IF(CMAKE_C_COMPILER_VERSION VERSION_GREATER 6) + ADD_DEFINITIONS(-Wextra -Werror=implicit-function-declaration) + ADD_DEFINITIONS(-Wformat -Werror=format-security -Werror=format-nonliteral) +ENDIF() +ADD_DEFINITIONS(-Os -std=gnu99 -ggdb -Wmissing-declarations -Wno-unused-parameter) SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "") diff --git a/ucert.c b/ucert.c index 569b31d5f16e..8503eeb26cd8 100644 --- a/ucert.c +++ b/ucert.c @@ -48,9 +48,13 @@ static enum { static bool quiet; #ifndef UCERT_STRIP_MESSAGES -#define DPRINTF(format, ...) if (!quiet) fprintf(stderr, "%s(%d): " format, __func__, __LINE__, ## __VA_ARGS__) +#define DPRINTF(format, ...) \ + do { \ + if (!quiet) \ + fprintf(stderr, "%s(%d): " format, __func__, __LINE__, ## __VA_ARGS__); \ + } while (0) #else -#define DPRINTF(format, ...) +#define DPRINTF(format, ...) do { } while (0) #endif /* @@ -133,7 +137,7 @@ static int cert_load(const char *certfile, struct list_head *chain) { struct cert_object *cobj; char filebuf[CERT_BUF_LEN]; int ret = 0, pret = 0; - int len, pos = 0; + size_t len, pos = 0; f = fopen(certfile, "r"); if (!f) @@ -269,8 +273,8 @@ static int chain_verify(const char *msgfile, const char *pubkeyfile, list_for_each_entry(cobj, chain, list) { /* blob has payload, verify that using signature */ if (cobj->cert[CERT_ATTR_PAYLOAD]) { - uint64_t validfrom; - uint64_t expiresat; + time_t validfrom; + time_t expiresat; uint32_t certtype; ret = cert_verify_blob(cobj->cert, chainedpubkey[0]?chainedpubkey:pubkeyfile, pubkeydir); @@ -499,8 +503,8 @@ static int cert_process_revoker(const char *certfile, const char *pubkeydir) { struct blob_attr *payloadtb[CERT_PL_ATTR_MAX]; struct stat st; struct timeval tv; - uint64_t validfrom; - uint32_t certtype; + time_t validfrom; + enum certtype_id certtype; char *fingerprint; char rfname[512]; From patchwork Thu Dec 19 22:04:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1213746 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="lh3U6egU"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47f5Y30rNLz9sPL for ; Fri, 20 Dec 2019 09:05:43 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=+jDV/SrBZNhnyQgLLuYur+nGr+XpDrTFPnMidLP4PlA=; b=lh3U6egUT3faX/ Y6S0n2keI6xOa81Fp7eOwctGmaEkRjTyhQywVbLda9Qp347nWJiQ7YnRXAsJ0RWz18fgty2eAskO6 jMurW3SgW0uN+eje+HeFYT11q+usQnw71gVBQ5fdmNhedPvnyiZtRIS3/5mzBZl1tjSk8dJ6XLsJe O/udboNq91AoWOEoQlGN3/nTtiScJMLw161ZnoHZQALPzOiIDNKjacV7pMuMZ6BSwd5lERJ7r/9Fs c7St22bMIvAPg0j8qiO/1St35DAeUynOA2x4klxuJhkNKWg1uMTSmANhDnQg3mAOFLS4BgFqDctIH 0cxKg1+tVl2Dus4nh2tA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3vQ-0007Cs-H1; Thu, 19 Dec 2019 22:05:40 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3uI-0003c1-Qc for openwrt-devel@lists.openwrt.org; Thu, 19 Dec 2019 22:04:36 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id 621844B93; Thu, 19 Dec 2019 23:04:29 +0100 (CET) Received: by meh.true.cz (OpenSMTPD) with ESMTP id e9cbbe31; Thu, 19 Dec 2019 23:04:19 +0100 (CET) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Date: Thu, 19 Dec 2019 23:04:16 +0100 Message-Id: <20191219220421.22206-5-ynezz@true.cz> In-Reply-To: <20191219220421.22206-1-ynezz@true.cz> References: <20191219220421.22206-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191219_140431_062546_8BC4AE97 X-CRM114-Status: UNSURE ( 5.80 ) X-CRM114-Notice: Please train this message. X-Spam-Score: 0.8 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (0.8 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [178.217.244.18 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.8 UPPERCASE_50_75 message body is 50-75% uppercase Subject: [OpenWrt-Devel] [PATCH ucert 4/9] cmake: reindent the file X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org In order to make the indentation consistent within the file. Signed-off-by: Petr Štetiar --- CMakeLists.txt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 436abc6857b3..78970d2632b5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -20,21 +20,21 @@ FIND_LIBRARY(blobmsg_json NAMES blobmsg_json) FIND_LIBRARY(json NAMES json-c json) IF(UCERT_HOST_BUILD) -ADD_DEFINITIONS(-DUCERT_HOST_BUILD) + ADD_DEFINITIONS(-DUCERT_HOST_BUILD) ENDIF() IF(USE_RPATH) -SET(CMAKE_INSTALL_RPATH "${USE_RPATH}") -SET(CMAKE_MACOSX_RPATH 1) + SET(CMAKE_INSTALL_RPATH "${USE_RPATH}") + SET(CMAKE_MACOSX_RPATH 1) ENDIF() ADD_EXECUTABLE(ucert ucert.c usign-exec.c) IF(UCERT_FULL) -ADD_DEFINITIONS(-DUCERT_FULL) -TARGET_LINK_LIBRARIES(ucert ${ubox} ${blobmsg_json} ${json}) + ADD_DEFINITIONS(-DUCERT_FULL) + TARGET_LINK_LIBRARIES(ucert ${ubox} ${blobmsg_json} ${json}) ELSE() -ADD_DEFINITIONS(-DUCERT_STRIP_MESSAGES) -TARGET_LINK_LIBRARIES(ucert ${ubox}) + ADD_DEFINITIONS(-DUCERT_STRIP_MESSAGES) + TARGET_LINK_LIBRARIES(ucert ${ubox}) ENDIF() INSTALL(TARGETS ucert RUNTIME DESTINATION bin) From patchwork Thu Dec 19 22:04:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1213748 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Sz10dn2T"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47f5Yc39s6z9sPL for ; Fri, 20 Dec 2019 09:06:12 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=Z7/IqisIoYxOA3DlsgZpmf46qut/D52gS2FlSIBuCRg=; b=Sz10dn2TFmijlv GwPieVZVBOyE4vchzznoDk0dpxi9MjyVyWUr8CZPpixR3MNC2ufqcqmPk15Cuj6iN0/nZenEPAP4K CAOdJeCnSKnjakz+dBCSjgX33lcSeAhHvHr/FkobPMHKhLkrtOmhDcaridv+LCeAFtPrwIkqRdtqm BRyst1im27pErnWMuOe8j6/XOzYEv5SB4/isxw2uT3x+8vg/7VlAFsGqCHXluWC5EtRbSVH1G/YNC tT+Un4tUe/BlYOynJK3z/t/xbuT1WvTdJIL/CQfn27ngsJf+eUGj/79WboQUUXWTuOvbrzdFiv6eN xHJfyTDJD4e5Rb9EYd4Q==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3vu-0008H6-Iw; Thu, 19 Dec 2019 22:06:10 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3uL-0003gZ-DT for openwrt-devel@lists.openwrt.org; Thu, 19 Dec 2019 22:04:40 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id 8A15D4B94; Thu, 19 Dec 2019 23:04:29 +0100 (CET) Received: by meh.true.cz (OpenSMTPD) with ESMTP id 88b9da3a; Thu, 19 Dec 2019 23:04:20 +0100 (CET) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Date: Thu, 19 Dec 2019 23:04:17 +0100 Message-Id: <20191219220421.22206-6-ynezz@true.cz> In-Reply-To: <20191219220421.22206-1-ynezz@true.cz> References: <20191219220421.22206-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191219_140433_797660_A6B03431 X-CRM114-Status: UNSURE ( 6.75 ) X-CRM114-Notice: Please train this message. X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [178.217.244.18 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record Subject: [OpenWrt-Devel] [PATCH ucert 5/9] cmake: split usign bits into static library X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org So it could be reused easily in unit tests for example. Signed-off-by: Petr Štetiar --- CMakeLists.txt | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 78970d2632b5..443d79bd4e8b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -28,13 +28,15 @@ IF(USE_RPATH) SET(CMAKE_MACOSX_RPATH 1) ENDIF() -ADD_EXECUTABLE(ucert ucert.c usign-exec.c) +ADD_LIBRARY(ucert_lib STATIC usign-exec.c) +ADD_EXECUTABLE(ucert ucert.c) + IF(UCERT_FULL) ADD_DEFINITIONS(-DUCERT_FULL) - TARGET_LINK_LIBRARIES(ucert ${ubox} ${blobmsg_json} ${json}) + TARGET_LINK_LIBRARIES(ucert ucert_lib ${ubox} ${blobmsg_json} ${json}) ELSE() ADD_DEFINITIONS(-DUCERT_STRIP_MESSAGES) - TARGET_LINK_LIBRARIES(ucert ${ubox}) + TARGET_LINK_LIBRARIES(ucert ucert_lib ${ubox}) ENDIF() INSTALL(TARGETS ucert RUNTIME DESTINATION bin) From patchwork Thu Dec 19 22:04:18 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1213771 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="OI+JwMGe"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47f5ZH1mbYz9sPJ for ; Fri, 20 Dec 2019 09:06:47 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=wiuAkkGoUv96/Tua0+YmpUNjh0K6EDn7pf7csGxo8yk=; b=OI+JwMGe8tlSi2 gcKCTuFknsEsMDTKq1YakJGM015SVj/E3YWLIotXrWKfI/4EGhRwt1Zi3lr1k9OIQXx6t3oZ/lIej Tk+5slv4Bly766pXMhczuy5z5spSwGqrUCokaL4cWI1nErGa6siu26pVqAH8NYJi30l8z0V/U1VDB oLghke9dlPEIVdGWY01VYo+Pscli/2GgczpPwu9OVFbpDJwNYgR/SIxJg9gmWolzcisA6Z/NzkZWv R96+YjCzNrVnQ5LRE1Ssi2txID/+zWInscpYJk7StvE4Xdy+JM6ilP5Q2raX4Ln3yV3Qz6vK7ZwZ2 iFCvxLrxmnRdB0NMyajw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3wP-0000iR-Of; Thu, 19 Dec 2019 22:06:41 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3uL-0003gc-KF for openwrt-devel@lists.openwrt.org; Thu, 19 Dec 2019 22:04:43 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id B48B14B96; Thu, 19 Dec 2019 23:04:30 +0100 (CET) Received: by meh.true.cz (OpenSMTPD) with ESMTP id e3ab126f; Thu, 19 Dec 2019 23:04:20 +0100 (CET) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Date: Thu, 19 Dec 2019 23:04:18 +0100 Message-Id: <20191219220421.22206-7-ynezz@true.cz> In-Reply-To: <20191219220421.22206-1-ynezz@true.cz> References: <20191219220421.22206-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191219_140433_973618_6DEF3B93 X-CRM114-Status: UNSURE ( 9.41 ) X-CRM114-Notice: Please train this message. X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [178.217.244.18 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record Subject: [OpenWrt-Devel] [PATCH ucert 6/9] add cram based unit tests X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org For improved QA etc. for the start with initial test case for dump command. Signed-off-by: Petr Štetiar --- CMakeLists.txt | 14 +++++++ tests/CMakeLists.txt | 14 +++++++ tests/cram/CMakeLists.txt | 21 ++++++++++ tests/cram/inputs/invalid.ucert | Bin 0 -> 362 bytes tests/cram/inputs/key-build.ucert | Bin 0 -> 356 bytes tests/cram/test_ucert.t | 65 ++++++++++++++++++++++++++++++ 6 files changed, 114 insertions(+) create mode 100644 tests/CMakeLists.txt create mode 100644 tests/cram/CMakeLists.txt create mode 100644 tests/cram/inputs/invalid.ucert create mode 100644 tests/cram/inputs/key-build.ucert create mode 100644 tests/cram/test_ucert.t diff --git a/CMakeLists.txt b/CMakeLists.txt index 443d79bd4e8b..71c005990335 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -19,6 +19,14 @@ FIND_LIBRARY(ubox NAMES ubox) FIND_LIBRARY(blobmsg_json NAMES blobmsg_json) FIND_LIBRARY(json NAMES json-c json) +MACRO(ADD_UNIT_TEST_SAN name) + ADD_EXECUTABLE(${name}-san ${name}.c) + TARGET_COMPILE_OPTIONS(${name}-san PRIVATE -g -fno-omit-frame-pointer -fsanitize=undefined,address,leak -fno-sanitize-recover=all) + TARGET_LINK_OPTIONS(${name}-san PRIVATE -fsanitize=undefined,address,leak) + TARGET_LINK_LIBRARIES(${name}-san ucert_lib ${ubox} ${blobmsg_json} ${json}) + TARGET_INCLUDE_DIRECTORIES(${name}-san PRIVATE ${PROJECT_SOURCE_DIR}) +ENDMACRO(ADD_UNIT_TEST_SAN) + IF(UCERT_HOST_BUILD) ADD_DEFINITIONS(-DUCERT_HOST_BUILD) ENDIF() @@ -39,4 +47,10 @@ ELSE() TARGET_LINK_LIBRARIES(ucert ucert_lib ${ubox}) ENDIF() +IF(UNIT_TESTING) + ENABLE_TESTING() + ADD_SUBDIRECTORY(tests) + ADD_UNIT_TEST_SAN(ucert) +ENDIF() + INSTALL(TARGETS ucert RUNTIME DESTINATION bin) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt new file mode 100644 index 000000000000..efefc2e6cde7 --- /dev/null +++ b/tests/CMakeLists.txt @@ -0,0 +1,14 @@ +ADD_SUBDIRECTORY(cram) + +MACRO(ADD_UNIT_TEST name) + ADD_EXECUTABLE(${name} ${name}.c) + TARGET_LINK_LIBRARIES(${name} ubox blobmsg_json ${json}) + TARGET_INCLUDE_DIRECTORIES(${name} PRIVATE ${PROJECT_SOURCE_DIR}) +ENDMACRO(ADD_UNIT_TEST) + +FILE(GLOB test_cases "test-*.c") +FOREACH(test_case ${test_cases}) + GET_FILENAME_COMPONENT(test_case ${test_case} NAME_WE) + ADD_UNIT_TEST(${test_case}) + ADD_UNIT_TEST_SAN(${test_case}) +ENDFOREACH(test_case) diff --git a/tests/cram/CMakeLists.txt b/tests/cram/CMakeLists.txt new file mode 100644 index 000000000000..47247aa026a6 --- /dev/null +++ b/tests/cram/CMakeLists.txt @@ -0,0 +1,21 @@ +FIND_PACKAGE(PythonInterp 3 REQUIRED) +FILE(GLOB test_cases "test_*.t") + +SET(PYTHON_VENV_DIR "${CMAKE_CURRENT_BINARY_DIR}/.venv") +SET(PYTHON_VENV_PIP "${PYTHON_VENV_DIR}/bin/pip") +SET(PYTHON_VENV_CRAM "${PYTHON_VENV_DIR}/bin/cram") + +ADD_CUSTOM_COMMAND( + OUTPUT ${PYTHON_VENV_CRAM} + COMMAND ${PYTHON_EXECUTABLE} -m venv ${PYTHON_VENV_DIR} + COMMAND ${PYTHON_VENV_PIP} install cram +) +ADD_CUSTOM_TARGET(prepare-cram-venv ALL DEPENDS ${PYTHON_VENV_CRAM}) + +ADD_TEST( + NAME cram + COMMAND ${PYTHON_VENV_CRAM} ${test_cases} + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} +) + +SET_PROPERTY(TEST cram APPEND PROPERTY ENVIRONMENT "TEST_BIN_DIR=$") diff --git a/tests/cram/inputs/invalid.ucert b/tests/cram/inputs/invalid.ucert new file mode 100644 index 0000000000000000000000000000000000000000..dbdeb725d490b51fb442ae3c5a5b90a32376f108 GIT binary patch literal 362 zcmZwDyHbNt5P;!Lp`+9mmXtaa8pj0Uj74IIQG^6@K{AdraLxfvJmkVPPw-31Uf?$C_TsUrr8PYjbt&|wj_P)<(Qp~$*0OhO zXW{fp_l6esQJNUkNV+UjQQEv4(A7!H#E$FbN4eLYChq8*g9^aM6Tmxc#fStEyaMdO z&U%cp1t~8t0WSdiu$x$nVkemUn|OclmH&3KTF`)mRcW& zjx5I8F=cqI|BJ0B6vY_z0WNxQ Amp~XIs#+bmp7r6D(2X7dCdj<@`gJN|wF2w-=WI2*4D{^NeTL^k7{gfd*& r|CMc|6e)FzOyAO7W!fBSQm3h@6O{>;uBdHch+F1Ww + Commands: + -A:\t\t\tappend signature (needs -c and -x) (esc) + -D:\t\t\tdump (needs -c) (esc) + -I:\t\t\tissue cert and revoker (needs -c and -p and -s) (esc) + -R:\t\t\tprocess revoker certificate (needs -c and -P) (esc) + -V:\t\t\tverify (needs -c and -p|-P, may have -m) (esc) + Options: + -c :\t\tcertificate file (esc) + -m :\t\tmessage file (verify only) (esc) + -p :\t\tpublic key file (esc) + -P :\t\tpublic key directory (verify only) (esc) + -q:\t\t\tquiet (do not print verification result, use return code only) (esc) + -s :\t\tsecret key file (issue only) (esc) + -x :\t\tsignature file (append only) (esc) + + [1] + + $ ucert -D -c $TEST_INPUTS/key-build.ucert + === CHAIN ELEMENT 01 === + signature: + --- + untrusted comment: signed by key 84bfc88a17166577 + RWSEv8iKFxZld+bQ+NTqCdDlHOuVYNw5Qw7Q8shjfMgFJcTqrzaqO0bysjIQhTadmcwvWiWvHlyMcwAXSix2BYdfghz/zhDjvgU= + --- + payload: + --- + "ucert": { + \t"certtype": 1, (esc) + \t"validfrom": 1546188410, (esc) + \t"expiresat": 1577724410, (esc) + \t"pubkey": "untrusted comment: Local build key\\nRWSEv8iKFxZld6vicE1icWhYNfEV9PM7C9MKUKl+YNEKB+PdAWGDF5Z9\\n" (esc) + } + --- + $ ucert-san -D -c $TEST_INPUTS/key-build.ucert + === CHAIN ELEMENT 01 === + signature: + --- + untrusted comment: signed by key 84bfc88a17166577 + RWSEv8iKFxZld+bQ+NTqCdDlHOuVYNw5Qw7Q8shjfMgFJcTqrzaqO0bysjIQhTadmcwvWiWvHlyMcwAXSix2BYdfghz/zhDjvgU= + --- + payload: + --- + "ucert": { + \t"certtype": 1, (esc) + \t"validfrom": 1546188410, (esc) + \t"expiresat": 1577724410, (esc) + \t"pubkey": "untrusted comment: Local build key\\nRWSEv8iKFxZld6vicE1icWhYNfEV9PM7C9MKUKl+YNEKB+PdAWGDF5Z9\\n" (esc) + } + --- + + $ ucert -D -c $TEST_INPUTS/invalid.ucert + cert_dump(406): cannot parse cert + [1] + + $ ucert-san -D -c $TEST_INPUTS/invalid.ucert + cert_dump(406): cannot parse cert + [1] From patchwork Thu Dec 19 22:04:19 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1213749 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Oo8VBY8K"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47f5Yy1JrVz9sPL for ; Fri, 20 Dec 2019 09:06:30 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=6JJQmr6hVZRBBglRzm7KK/rzlRUjhPp7zI8UoGqCgmU=; b=Oo8VBY8KowBg3U 6D4hoCq32d3fK0rTJE1gr1bzXBE4ZYRNcMYtKTUj3VyoIbX2CRgpJ3Sl0O5W0nWcQRW3PEBuaMOtq +uB86o//fFLPnEC6aiY1XpNLZfeK4+FUle3fzc6zkYpSDwGHROZ5DFhEEmoTcMBsGCVqwxgeVRIAF dvRca8m6NDBhZo7vpeVBGKbfJr5qjrhHimWVmG88PYVXxnzhEBmnrq90KK4lY4o3uuB7I4785EEWB l9t5Gj3BjRH18jYusemx8qHMYqBis3sY27eg0Oxc9+PuZLzDzpZxiTtz6i202Loqkwc/QAwoKj+3P /IxyV/7ld027tXDFpQxA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3wB-0000HZ-Nq; Thu, 19 Dec 2019 22:06:27 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3uL-0003gj-Gg for openwrt-devel@lists.openwrt.org; Thu, 19 Dec 2019 22:04:41 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id 035574B97; Thu, 19 Dec 2019 23:04:30 +0100 (CET) Received: by meh.true.cz (OpenSMTPD) with ESMTP id 75dda45c; Thu, 19 Dec 2019 23:04:21 +0100 (CET) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Date: Thu, 19 Dec 2019 23:04:19 +0100 Message-Id: <20191219220421.22206-8-ynezz@true.cz> In-Reply-To: <20191219220421.22206-1-ynezz@true.cz> References: <20191219220421.22206-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191219_140433_879554_2BAE4E63 X-CRM114-Status: UNSURE ( 8.97 ) X-CRM114-Notice: Please train this message. X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [178.217.244.18 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record Subject: [OpenWrt-Devel] [PATCH ucert 7/9] fix possibly garbage value returned in cert_process_revoker X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Fixes following warning reported by clang-9 scan-build analyzer: ucert.c:585:2: warning: Undefined or garbage value returned to caller return ret; ^~~~~~~~~~ Signed-off-by: Petr Štetiar --- ucert.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ucert.c b/ucert.c index 8503eeb26cd8..b9c5c889ddfa 100644 --- a/ucert.c +++ b/ucert.c @@ -508,7 +508,7 @@ static int cert_process_revoker(const char *certfile, const char *pubkeydir) { char *fingerprint; char rfname[512]; - int ret; + int ret = -1; if (cert_load(certfile, &certchain)) { DPRINTF("cannot parse cert\n"); From patchwork Thu Dec 19 22:04:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1213775 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="luReAVSl"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47f5ZS02NLz9sPJ for ; Fri, 20 Dec 2019 09:06:56 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=C+2CfLrem/8PPa36WgpWAKvcz9XiZLm9njoPS3qPkvw=; b=luReAVSlD0Hp3y 8CnBUofdLlu6/BXNw5MZhaIqrfbJWoOQNK2I23+iCb0sFr7Ti/HSCiApRdMhpYX9uiW/S4RLX7wWq BgX5HxHrPlMs5O4ievOvRntIMXuZYsiuFCuQ23ytfW3hg8XlM0E2idAIjrEARhO9ZFhUSSysh0FEV 3ddq5cFbNdxr5LBUnSvbiUEE7cGF4gItpxudn5/I8b+Efs7zL6nt+L5BeXZcWQ2bxVGQokQnbHBfW PRKwduKe+WaxRvZCPHNxxtgiohMxo7mFAHRmu0Z2ylwTh3gIBGrKRqB3Ihej1DWrI3C7TtVOj3BdG xMUs1tZwk3r8LcQLeVvg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3wc-00018Q-CV; Thu, 19 Dec 2019 22:06:54 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3uM-0003gk-0z for openwrt-devel@lists.openwrt.org; Thu, 19 Dec 2019 22:04:44 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id 43E294B98; Thu, 19 Dec 2019 23:04:31 +0100 (CET) Received: by meh.true.cz (OpenSMTPD) with ESMTP id f38bf7f8; Thu, 19 Dec 2019 23:04:21 +0100 (CET) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Date: Thu, 19 Dec 2019 23:04:20 +0100 Message-Id: <20191219220421.22206-9-ynezz@true.cz> In-Reply-To: <20191219220421.22206-1-ynezz@true.cz> References: <20191219220421.22206-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191219_140434_253084_E11E22ED X-CRM114-Status: UNSURE ( 8.94 ) X-CRM114-Notice: Please train this message. X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [178.217.244.18 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record Subject: [OpenWrt-Devel] [PATCH ucert 8/9] fix leaking memory in cert_dump_blob X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Fixes following valgrind reported memory leak: 189 bytes in 1 blocks are definitely lost in loss record 3 of 4 at realloc by blobmsg_format_json_with_cb by blobmsg_format_json_indent by cert_dump_blob (ucert.c:386) by cert_dump (ucert.c:405) by main (ucert.c:728) Signed-off-by: Petr Štetiar --- ucert.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ucert.c b/ucert.c index b9c5c889ddfa..76960a200be0 100644 --- a/ucert.c +++ b/ucert.c @@ -371,6 +371,7 @@ clean_and_return: /* dump single chain element to console */ static void cert_dump_blob(struct blob_attr *cert[CERT_ATTR_MAX]) { int i; + char *json = NULL; for (i = 0; i < CERT_ATTR_MAX; i++) { struct blob_attr *v = cert[i]; @@ -383,7 +384,13 @@ static void cert_dump_blob(struct blob_attr *cert[CERT_ATTR_MAX]) { fprintf(stdout, "signature:\n---\n%s---\n", (char *) blob_data(v)); break; case BLOB_ATTR_NESTED: - fprintf(stdout, "payload:\n---\n%s\n---\n", blobmsg_format_json_indent(blob_data(v), false, 0)); + json = blobmsg_format_json_indent(blob_data(v), false, 0); + if (!json) { + DPRINTF("cannot parse payload\n"); + continue; + } + fprintf(stdout, "payload:\n---\n%s\n---\n", json); + free(json); break; } } From patchwork Thu Dec 19 22:04:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1213776 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="OvW3KygH"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47f5Zh6bfHz9sPJ for ; Fri, 20 Dec 2019 09:07:08 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=hBDAGnF6nEOO+QShA8fGqqZwvh75Ingpvbz6ItANVpk=; b=OvW3KygHrv+P/E J16xxMy9rr3ZQmeHxmeZ92i4Te4gj014loaYMj+F4Uqg2aJY7GGT+cwl2UAj5ZdI99nP5u5Hk7xNs iC0RsOt7st9G25eWI9qKWqoXSBkgZt/1coAegyryZPO7MK5VO5SWzRms3u/IxID3eL/i7RSBg1gbL 1t6B87KHNR/EnM/QNMDl3TOAX5stAvNRSkMb5rGWmsgylOkxdTwJWGyWGcIuriKo2BVa/h7+5jz94 bBjzweMy00+CjWxPk4BtBfN3qIld53yg7pRQq+5feZt3/040lDn/Qnfw0nSd58Osbmu8rSuNBgbeS QXDVu+m8+O7HQRAlOQ1Q==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3wp-0001QK-4l; Thu, 19 Dec 2019 22:07:07 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3uO-0003ms-9Z for openwrt-devel@lists.openwrt.org; Thu, 19 Dec 2019 22:04:46 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id 6BFF24B99; Thu, 19 Dec 2019 23:04:31 +0100 (CET) Received: by meh.true.cz (OpenSMTPD) with ESMTP id cefa8409; Thu, 19 Dec 2019 23:04:21 +0100 (CET) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Date: Thu, 19 Dec 2019 23:04:21 +0100 Message-Id: <20191219220421.22206-10-ynezz@true.cz> In-Reply-To: <20191219220421.22206-1-ynezz@true.cz> References: <20191219220421.22206-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191219_140436_529858_33EF8870 X-CRM114-Status: UNSURE ( 9.54 ) X-CRM114-Notice: Please train this message. X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [178.217.244.18 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record Subject: [OpenWrt-Devel] [PATCH ucert 9/9] fix certificate blob parsing vulnerability by using blob_parse_untrusted X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org blob_parse expects blobs from trusted inputs, but in this case it can be supplied with possibly malicious certificates from untrusted inputs as well, so in order to prevent such conditions, switch to blob_parse_untrusted which should hopefully handle such inputs appropriately. Signed-off-by: Petr Štetiar --- ucert.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ucert.c b/ucert.c index 76960a200be0..d822199eb7f8 100644 --- a/ucert.c +++ b/ucert.c @@ -154,7 +154,7 @@ static int cert_load(const char *certfile, struct list_head *chain) { bufpt = (struct blob_attr *)filebuf; do { - pret = blob_parse(bufpt, certtb, cert_policy, CERT_ATTR_MAX); + pret = blob_parse_untrusted(bufpt, len, certtb, cert_policy, CERT_ATTR_MAX); if (pret <= 0) /* no attributes found */ break;