sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

Use Botan 3.1.1 for tests

Browse Source 
The all-zero Ed25519 public key is rejected by botan_pubkey_check_key()
when the key is loaded.

Note that Botan 3 requires GCC 11 or CLANG 14, i.e. can't easily be built
on Debian bullseye or Ubuntu 20.04.

The thread-local storage function gets flagged via various botan FFI
functions when using Botan 3, whitelist that instead of all of them.
This commit is contained in:
Tobias Brunner 2023-04-14 09:30:35 +02:00
parent 1762040ef8
commit 36b1a6d76c
4 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
scripts/test.sh
View File

@ -4,7 +4,7 @@
build_botan() build_botan()
{ {
# same revision used in the build recipe of the testing environment # same revision used in the build recipe of the testing environment
BOTAN_REV=2.19.3 BOTAN_REV=3.1.1
BOTAN_DIR=$DEPS_BUILD_DIR/botan BOTAN_DIR=$DEPS_BUILD_DIR/botan
if test -d "$BOTAN_DIR"; then if test -d "$BOTAN_DIR"; then
@ -246,6 +246,10 @@ all|codeql|coverage|sonarcloud|no-dbg)
--disable-python-eggs-install" --disable-python-eggs-install"
# not enabled on the build server # not enabled on the build server
CONFIG="$CONFIG --disable-af-alg" CONFIG="$CONFIG --disable-af-alg"
# unable to build Botan on Ubuntu 20.04
if [ "$ID" = "ubuntu" -a "$VERSION_ID" = "20.04" ]; then
CONFIG="$CONFIG --disable-botan"
fi
if test "$TEST" != "coverage"; then if test "$TEST" != "coverage"; then
CONFIG="$CONFIG --disable-coverage" CONFIG="$CONFIG --disable-coverage"
else else
@ -259,7 +263,9 @@ all|codeql|coverage|sonarcloud|no-dbg)
libselinux1-dev libiptc-dev" libselinux1-dev libiptc-dev"
PYDEPS="tox" PYDEPS="tox"
if test "$1" = "build-deps"; then if test "$1" = "build-deps"; then
if [ "$ID" = "ubuntu" -a "$VERSION_ID" != "20.04" ]; then
build_botan build_botan
fi
build_wolfssl build_wolfssl
build_tss2 build_tss2
fi fi

4
src/libstrongswan/tests/suites/test_ed25519.c
View File

@ -559,10 +559,12 @@ START_TEST(test_ed25519_fail)
pubkey->destroy(pubkey); pubkey->destroy(pubkey);
pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519, pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
BUILD_BLOB_ASN1_DER, zero_pk, BUILD_END); BUILD_BLOB_ASN1_DER, zero_pk, BUILD_END);
ck_assert(pubkey != NULL); if (pubkey)
{
ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[0].msg, ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[0].msg,
sig)); sig));
pubkey->destroy(pubkey); pubkey->destroy(pubkey);
}
} }
END_TEST END_TEST

3
src/libstrongswan/utils/leak_detective.c
View File

@ -542,6 +542,8 @@ static char *whitelist[] = {
"_IO_file_doallocate", "_IO_file_doallocate",
"selinux_check_access", "selinux_check_access",
"on_exit", "on_exit",
/* glibc thread-local storage triggered primarily by Botan */
"__tls_get_addr",
/* ignore dlopen, as we do not dlclose to get proper leak reports */ /* ignore dlopen, as we do not dlclose to get proper leak reports */
"dlopen", "dlopen",
"dlerror", "dlerror",
@ -668,6 +670,7 @@ static char *whitelist[] = {
"botan_kdf", "botan_kdf",
/* C++ due to Botan */ /* C++ due to Botan */
"__cxa_get_globals", "__cxa_get_globals",
"__cxa_thread_atexit",
}; };
/** /**

2
testing/scripts/recipes/011_botan.mk
View File

@ -2,7 +2,7 @@
PKG = botan PKG = botan
SRC = https://github.com/randombit/$(PKG).git SRC = https://github.com/randombit/$(PKG).git
REV = 2.19.3 REV = 3.1.1
NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN) NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN)