lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Merge pull request #187 from Patater/tls-development-20190722

Browse Source 
Bring in changes from Mbed TLS as of 2019-07-22
This commit is contained in:
Jaeden Amero
2019-07-31 11:50:15 +01:00
committed by GitHub
parent aad3dabd2b 8dd1690993
commit fe93bc4ed4
95 changed files with 802 additions and 608 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/Makefile
View File

@ -2,7 +2,7 @@
# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS
CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wno-unused-function -Wno-unused-value
WARNING_CFLAGS ?= -Wall -Wextra
LDFLAGS ?=
CRYPTO_INCLUDES ?= -I../include

168
tests/docker/bionic/Dockerfile Normal file
View File

@ -0,0 +1,168 @@
# Dockerfile
#
# Purpose
# -------
# Defines a Docker container suitable to build and run all tests (all.sh),
# except for those that use a proprietary toolchain.
# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
ARG MAKEFLAGS_PARALLEL=""
ARG MY_REGISTRY=
FROM ${MY_REGISTRY}ubuntu:bionic
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update \
&& apt-get -y install software-properties-common \
&& rm -rf /var/lib/apt/lists
RUN add-apt-repository -y ppa:team-gcc-arm-embedded/ppa
RUN apt-get update \
&& apt-get -y install \
# mbedtls build/test dependencies
build-essential \
clang \
cmake \
doxygen \
gcc-arm-none-eabi \
gcc-mingw-w64-i686 \
gcc-multilib \
g++-multilib \
gdb \
git \
graphviz \
lsof \
python \
python3-pip \
python3 \
pylint3 \
valgrind \
wget \
# libnettle build dependencies
libgmp-dev \
m4 \
pkg-config \
&& rm -rf /var/lib/apt/lists/*
# Build a static, legacy openssl from sources with sslv3 enabled
# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh)
# Note: openssl-1.0.2 and earlier has known build issues with parallel make.
RUN cd /tmp \
&& wget https://www.openssl.org/source/old/1.0.1/openssl-1.0.1j.tar.gz -qO- | tar xz \
&& cd openssl-1.0.1j \
&& ./config --openssldir=/usr/local/openssl-1.0.1j no-shared \
&& (make ${MAKEFLAGS_PARALLEL} || make -j 1) \
&& make install_sw \
&& rm -rf /tmp/openssl*
ENV OPENSSL_LEGACY=/usr/local/openssl-1.0.1j/bin/openssl
# Build OPENSSL as 1.0.2g
RUN cd /tmp \
&& wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2g.tar.gz -qO- | tar xz \
&& cd openssl-1.0.2g \
&& ./config --openssldir=/usr/local/openssl-1.0.2g no-shared \
&& (make ${MAKEFLAGS_PARALLEL} || make -j 1) \
&& make install_sw \
&& rm -rf /tmp/openssl*
ENV OPENSSL=/usr/local/openssl-1.0.2g/bin/openssl
# Build a new openssl binary for ARIA/CHACHA20 support
# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh)
RUN cd /tmp \
&& wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz -qO- | tar xz \
&& cd openssl-1.1.1a \
&& ./config --prefix=/usr/local/openssl-1.1.1a -Wl,--enable-new-dtags,-rpath,'${LIBRPATH}' no-shared \
&& make ${MAKEFLAGS_PARALLEL} \
&& make install_sw \
&& rm -rf /tmp/openssl*
ENV OPENSSL_NEXT=/usr/local/openssl-1.1.1a/bin/openssl
# Build libnettle 2.7.1 (needed by legacy gnutls)
RUN cd /tmp \
&& wget https://ftp.gnu.org/gnu/nettle/nettle-2.7.1.tar.gz -qO- | tar xz \
&& cd nettle-2.7.1 \
&& ./configure --disable-documentation \
&& make ${MAKEFLAGS_PARALLEL} \
&& make install \
&& /sbin/ldconfig \
&& rm -rf /tmp/nettle*
# Build legacy gnutls (3.3.8)
RUN cd /tmp \
&& wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.3/gnutls-3.3.8.tar.xz -qO- | tar xJ \
&& cd gnutls-3.3.8 \
&& ./configure --prefix=/usr/local/gnutls-3.3.8 --exec_prefix=/usr/local/gnutls-3.3.8 --disable-shared --disable-guile --disable-doc \
&& make ${MAKEFLAGS_PARALLEL} \
&& make install \
&& rm -rf /tmp/gnutls*
ENV GNUTLS_LEGACY_CLI=/usr/local/gnutls-3.3.8/bin/gnutls-cli
ENV GNUTLS_LEGACY_SERV=/usr/local/gnutls-3.3.8/bin/gnutls-serv
# Build libnettle 3.1 (needed by gnutls)
RUN cd /tmp \
&& wget https://ftp.gnu.org/gnu/nettle/nettle-3.1.tar.gz -qO- | tar xz \
&& cd nettle-3.1 \
&& ./configure --disable-documentation \
&& make ${MAKEFLAGS_PARALLEL} \
&& make install \
&& /sbin/ldconfig \
&& rm -rf /tmp/nettle*
# Build gnutls (3.4.10)
RUN cd /tmp \
&& wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.4/gnutls-3.4.10.tar.xz -qO- | tar xJ \
&& cd gnutls-3.4.10 \
&& ./configure --prefix=/usr/local/gnutls-3.4.10 --exec_prefix=/usr/local/gnutls-3.4.10 \
--with-included-libtasn1 --without-p11-kit \
--disable-shared --disable-guile --disable-doc \
&& make ${MAKEFLAGS_PARALLEL} \
&& make install \
&& rm -rf /tmp/gnutls*
ENV GNUTLS_CLI=/usr/local/gnutls-3.4.10/bin/gnutls-cli
ENV GNUTLS_SERV=/usr/local/gnutls-3.4.10/bin/gnutls-serv
# Build libnettle 3.4 (needed by gnutls next)
RUN cd /tmp \
&& wget https://ftp.gnu.org/gnu/nettle/nettle-3.4.1.tar.gz -qO- | tar xz \
&& cd nettle-3.4.1 \
&& ./configure --disable-documentation \
&& make ${MAKEFLAGS_PARALLEL} \
&& make install \
&& /sbin/ldconfig \
&& rm -rf /tmp/nettle*
# Build gnutls next (3.6.5)
RUN cd /tmp \
&& wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.5.tar.xz -qO- | tar xJ \
&& cd gnutls-3.6.5 \
&& ./configure --prefix=/usr/local/gnutls-3.6.5 --exec_prefix=/usr/local/gnutls-3.6.5 \
--with-included-libtasn1 --with-included-unistring --without-p11-kit \
--disable-shared --disable-guile --disable-doc \
&& make ${MAKEFLAGS_PARALLEL} \
&& make install \
&& rm -rf /tmp/gnutls*
ENV GNUTLS_NEXT_CLI=/usr/local/gnutls-3.6.5/bin/gnutls-cli
ENV GNUTLS_NEXT_SERV=/usr/local/gnutls-3.6.5/bin/gnutls-serv
RUN pip3 install --no-cache-dir \
mbed-host-tests \
mock

31
tests/make-in-docker.sh Executable file
View File

@ -0,0 +1,31 @@
#!/bin/bash -eu
# make-in-docker.sh
#
# Purpose
# -------
# This runs make in a Docker container.
#
# See also:
# - scripts/docker_env.sh for general Docker prerequisites and other information.
# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
source tests/scripts/docker_env.sh
run_in_docker make $@

37
tests/scripts/all-in-docker.sh Executable file
View File

@ -0,0 +1,37 @@
#!/bin/bash -eu
# all-in-docker.sh
#
# Purpose
# -------
# This runs all.sh (except for armcc) in a Docker container.
#
# Notes for users
# ---------------
# See docker_env.sh for prerequisites and other information.
#
# See also all.sh for notes about invocation of that script.
# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
source tests/scripts/docker_env.sh
# Run tests that are possible with openly available compilers
run_in_docker tests/scripts/all.sh \
--no-armcc \
$@

127
tests/scripts/all.sh
View File

@ -223,6 +223,11 @@ cleanup()
rm -f programs/test/cmake_subproject/Makefile
rm -f programs/test/cmake_subproject/cmake_subproject
# Remove any artifacts from the component_test_cmake_as_subdirectory test.
rm -rf programs/test/cmake_subproject/build
rm -f programs/test/cmake_subproject/Makefile
rm -f programs/test/cmake_subproject/cmake_subproject
if [ -f "$CONFIG_BAK" ]; then
mv "$CONFIG_BAK" "$CONFIG_H"
fi
@ -541,7 +546,7 @@ component_check_files () {
component_check_names () {
msg "test/build: declared and exported names" # < 3s
record_status tests/scripts/check-names.sh
record_status tests/scripts/check-names.sh -v
}
component_check_doxygen_warnings () {
@ -580,6 +585,19 @@ component_test_ref_configs () {
record_status tests/scripts/test-ref-configs.pl
}
component_test_no_pem_no_fs () {
msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)"
scripts/config.pl unset MBEDTLS_PEM_PARSE_C
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
}
component_test_rsa_no_crt () {
msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
scripts/config.pl set MBEDTLS_RSA_NO_CRT
@ -642,7 +660,6 @@ component_build_deprecated () {
make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
}
component_test_depends_curves () {
msg "test/build: curves.pl (gcc)" # ~ 4 min
record_status tests/scripts/curves.pl
@ -669,24 +686,38 @@ component_build_default_make_gcc_and_cxx () {
make TEST_CPP=1
}
component_test_use_psa_crypto_full_cmake_asan() {
# MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
component_test_no_use_psa_crypto_full_cmake_asan() {
# full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
msg "build: cmake, full config + MBEDTLS_USE_PSA_CRYPTO, ASan"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
scripts/config.pl unset MBEDTLS_ECP_RESTARTABLE # restartable ECC not supported through PSA
scripts/config.pl set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC
scripts/config.pl set MBEDTLS_PSA_CRYPTO_C
scripts/config.pl set MBEDTLS_USE_PSA_CRYPTO
scripts/config.pl unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: main suites (MBEDTLS_USE_PSA_CRYPTO)"
msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)"
make test
}
component_test_check_params_functionality () {
msg "build+test: MBEDTLS_CHECK_PARAMS functionality"
scripts/config.pl full # includes CHECK_PARAMS
# Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed().
scripts/config.pl unset MBEDTLS_CHECK_PARAMS_ASSERT
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
# Only build and run tests. Do not build sample programs, because
# they don't have a mbedtls_param_failed() function.
make CC=gcc CFLAGS='-Werror -O1' lib test
}
component_test_check_params_without_platform () {
msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C"
scripts/config.pl full # includes CHECK_PARAMS
# Keep MBEDTLS_PARAM_FAILED as assert.
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
@ -704,6 +735,7 @@ component_test_check_params_silent () {
msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()"
scripts/config.pl full # includes CHECK_PARAMS
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
# Set MBEDTLS_PARAM_FAILED to nothing.
sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H"
make CC=gcc CFLAGS='-Werror -O1' all test
}
@ -726,7 +758,6 @@ component_test_no_platform () {
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
# to re-enable platform integration features otherwise disabled in C99 builds
make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs
@ -799,14 +830,14 @@ component_test_aes_fewer_tables_and_rom_tables () {
component_test_make_shared () {
msg "build/test: make shared" # ~ 40s
make SHARED=1 all check
make SHARED=1 all check -j1
}
component_test_m32_o0 () {
# Build once with -O0, to compile out the i386 specific inline assembly
msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
scripts/config.pl full
make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address'
make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
msg "test: i386, make, gcc -O0 (ASan build)"
make test
@ -825,7 +856,7 @@ component_test_m32_o1 () {
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_MEMORY_DEBUG
make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address'
make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
msg "test: i386, make, gcc -O1 (ASan build)"
make test
@ -837,7 +868,7 @@ support_test_m32_o1 () {
component_test_mx32 () {
msg "build: 64-bit ILP32, make, gcc" # ~ 30s
scripts/config.pl full
make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32'
make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32'
msg "test: 64-bit ILP32, make, gcc"
make test
@ -905,39 +936,13 @@ component_test_no_64bit_multiplication () {
component_build_arm_none_eabi_gcc () {
msg "build: arm-none-eabi-gcc, make" # ~ 10s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_TIMING_C
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
# following things are not in the default config
scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
scripts/config.pl unset MBEDTLS_THREADING_C
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
scripts/config.pl baremetal
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
}
component_build_arm_none_eabi_gcc_no_udbl_division () {
msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_TIMING_C
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
# following things are not in the default config
scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
scripts/config.pl unset MBEDTLS_THREADING_C
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
scripts/config.pl baremetal
scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
echo "Checking that software 64-bit division is not required"
@ -946,20 +951,7 @@ component_build_arm_none_eabi_gcc_no_udbl_division () {
component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_TIMING_C
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
# following things are not in the default config
scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
scripts/config.pl unset MBEDTLS_THREADING_C
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
scripts/config.pl baremetal
scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib
echo "Checking that software 64-bit multiplication is not required"
@ -968,24 +960,7 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
component_build_armcc () {
msg "build: ARM Compiler 5, make"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_TIMING_C
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_HAVE_TIME
scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
# following things are not in the default config
scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING
scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
scripts/config.pl unset MBEDTLS_THREADING_C
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME
scripts/config.pl baremetal
make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
make clean
@ -1008,15 +983,15 @@ component_build_armcc () {
component_build_mingw () {
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs -j1
# note Make tests only builds the tests, but doesn't run them
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests -j1
make WINDOWS_BUILD=1 clean
msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs -j1
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests -j1
make WINDOWS_BUILD=1 clean
}
support_build_mingw() {

4
tests/scripts/basic-build-test.sh
View File

@ -43,6 +43,7 @@ echo
# Step 1 - Make and instrumented build for code coverage
export CFLAGS=' --coverage -g3 -O0 '
export LDFLAGS=' --coverage'
make clean
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
@ -53,6 +54,9 @@ make -j
# Step 2 - Execute the tests
TEST_OUTPUT=out_${PPID}
cd tests
if [ ! -f "seedfile" ]; then
dd if=/dev/urandom of="seedfile" bs=32 count=1
fi
# Step 2a - Unit Tests
perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT

47
tests/scripts/basic-in-docker.sh Executable file
View File

@ -0,0 +1,47 @@
#!/bin/bash -eu
# basic-in-docker.sh
#
# Purpose
# -------
# This runs a rough equivalent of the travis.yml in a Docker container.
# The tests are run for both clang and gcc.
#
# Notes for users
# ---------------
# See docker_env.sh for prerequisites and other information.
# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
source tests/scripts/docker_env.sh
run_in_docker tests/scripts/recursion.pl library/*.c
run_in_docker tests/scripts/check-generated-files.sh
run_in_docker tests/scripts/check-doxy-blocks.pl
run_in_docker tests/scripts/check-names.sh
run_in_docker tests/scripts/check-files.py
run_in_docker tests/scripts/doxygen.sh
for compiler in clang gcc; do
run_in_docker -e CC=${compiler} cmake -D CMAKE_BUILD_TYPE:String="Check" .
run_in_docker -e CC=${compiler} make
run_in_docker -e CC=${compiler} make test
run_in_docker programs/test/selftest
run_in_docker tests/scripts/test-ref-configs.pl
run_in_docker tests/scripts/curves.pl
done

36
tests/scripts/check-files.py
View File

@ -1,14 +1,12 @@
#!/usr/bin/env python3
# This file is part of Mbed TLS (https://tls.mbed.org)
# Copyright (c) 2018, Arm Limited, All Rights Reserved
"""
This file is part of Mbed TLS (https://tls.mbed.org)
Copyright (c) 2018, Arm Limited, All Rights Reserved
Purpose
This script checks the current state of the source code for minor issues,
including incorrect file permissions, presence of tabs, non-Unix line endings,
trailing whitespace, presence of UTF-8 BOM, and TODO comments.
trailing whitespace, and presence of UTF-8 BOM.
Note: requires python 3, must be run from Mbed TLS root.
"""
@ -170,19 +168,6 @@ class MergeArtifactIssueTracker(LineIssueTracker):
return True
return False
class TodoIssueTracker(LineIssueTracker):
"""Track lines containing ``TODO``."""
heading = "TODO present:"
files_exemptions = frozenset([
os.path.basename(__file__),
"benchmark.c",
"pull_request_template.md",
])
def issue_with_line(self, line, _filepath):
return b"todo" in line.lower()
class IntegrityChecker(object):
"""Sanity-check files under the current directory."""
@ -211,7 +196,6 @@ class IntegrityChecker(object):
TrailingWhitespaceIssueTracker(),
TabIssueTracker(),
MergeArtifactIssueTracker(),
TodoIssueTracker(),
]
@staticmethod
@ -257,15 +241,7 @@ class IntegrityChecker(object):
def run_main():
parser = argparse.ArgumentParser(
description=(
"This script checks the current state of the source code for "
"minor issues, including incorrect file permissions, "
"presence of tabs, non-Unix line endings, trailing whitespace, "
"presence of UTF-8 BOM, and TODO comments. "
"Note: requires python 3, must be run from Mbed TLS root."
)
)
parser = argparse.ArgumentParser(description=__doc__)
parser.add_argument(
"-l", "--log_file", type=str, help="path to optional output log",
)

42
tests/scripts/check-names.sh
View File

@ -2,26 +2,42 @@
#
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
#
# Purpose
#
# This script confirms that the naming of all symbols and identifiers in mbed
# TLS are consistent with the house style and are also self-consistent.
#
# Copyright (c) 2015-2019, ARM Limited, All Rights Reserved
set -eu
if [ $# -ne 0 ] && [ "$1" = "--help" ]; then
cat <<EOF
$0 [-v]
This script confirms that the naming of all symbols and identifiers in mbed
TLS are consistent with the house style and are also self-consistent.
-v If the script fails unexpectedly, print a command trace.
EOF
exit
fi
if grep --version|head -n1|grep GNU >/dev/null; then :; else
echo "This script requires GNU grep.">&2
exit 1
fi
trace=
if [ $# -ne 0 ] && [ "$1" = "-v" ]; then
shift
trace='-x'
exec 2>check-names.err
trap 'echo "FAILED UNEXPECTEDLY, status=$?";
cat check-names.err' EXIT
set -x
fi
printf "Analysing source code...\n"
tests/scripts/list-macros.sh
sh $trace tests/scripts/list-macros.sh
tests/scripts/list-enum-consts.pl
tests/scripts/list-identifiers.sh
tests/scripts/list-symbols.sh
sh $trace tests/scripts/list-identifiers.sh
sh $trace tests/scripts/list-symbols.sh
FAIL=0
@ -82,6 +98,12 @@ else
FAIL=1
fi
if [ -n "$trace" ]; then
set +x
trap - EXIT
rm check-names.err
fi
printf "\nOverall: "
if [ "$FAIL" -eq 0 ]; then
rm macros actual-macros enum-consts identifiers exported-symbols

2
tests/scripts/curves.pl
View File

@ -57,7 +57,7 @@ for my $curve (@curves) {
system( "CFLAGS='-Werror -Wall -Wextra' make lib" )
and abort "Failed to build lib: $curve\n";
system( "cd tests && make" ) and abort "Failed to build tests: $curve\n";
system( "make" ) and abort "Failed to build tests: $curve\n";
system( "make test" ) and abort "Failed test suite: $curve\n";
}

93
tests/scripts/docker_env.sh Executable file
View File

@ -0,0 +1,93 @@
#!/bin/bash -eu
# docker_env.sh
#
# Purpose
# -------
#
# This is a helper script to enable running tests under a Docker container,
# thus making it easier to get set up as well as isolating test dependencies
# (which include legacy/insecure configurations of openssl and gnutls).
#
# Notes for users
# ---------------
# This script expects a Linux x86_64 system with a recent version of Docker
# installed and available for use, as well as http/https access. If a proxy
# server must be used, invoke this script with the usual environment variables
# (http_proxy and https_proxy) set appropriately. If an alternate Docker
# registry is needed, specify MBEDTLS_DOCKER_REGISTRY to point at the
# host name.
#
#
# Running this script directly will check for Docker availability and set up
# the Docker image.
# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# default values, can be overridden by the environment
: ${MBEDTLS_DOCKER_GUEST:=bionic}
DOCKER_IMAGE_TAG="armmbed/mbedtls-test:${MBEDTLS_DOCKER_GUEST}"
# Make sure docker is available
if ! which docker > /dev/null; then
echo "Docker is required but doesn't seem to be installed. See https://www.docker.com/ to get started"
exit 1
fi
# Figure out if we need to 'sudo docker'
if groups | grep docker > /dev/null; then
DOCKER="docker"
else
echo "Using sudo to invoke docker since you're not a member of the docker group..."
DOCKER="sudo docker"
fi
# Build the Docker image
echo "Getting docker image up to date (this may take a few minutes)..."
${DOCKER} image build \
-t ${DOCKER_IMAGE_TAG} \
--cache-from=${DOCKER_IMAGE_TAG} \
--build-arg MAKEFLAGS_PARALLEL="-j $(nproc)" \
--network host \
${http_proxy+--build-arg http_proxy=${http_proxy}} \
${https_proxy+--build-arg https_proxy=${https_proxy}} \
${MBEDTLS_DOCKER_REGISTRY+--build-arg MY_REGISTRY="${MBEDTLS_DOCKER_REGISTRY}/"} \
tests/docker/${MBEDTLS_DOCKER_GUEST}
run_in_docker()
{
ENV_ARGS=""
while [ "$1" == "-e" ]; do
ENV_ARGS="${ENV_ARGS} $1 $2"
shift 2
done
${DOCKER} container run -it --rm \
--cap-add SYS_PTRACE \
--user "$(id -u):$(id -g)" \
--volume $PWD:$PWD \
--workdir $PWD \
-e MAKEFLAGS \
-e PYLINTHOME=/tmp/.pylintd \
${ENV_ARGS} \
${DOCKER_IMAGE_TAG} \
$@
}

15
tests/scripts/list-symbols.sh
View File

@ -14,8 +14,21 @@ fi
cp include/mbedtls/config.h include/mbedtls/config.h.bak
scripts/config.pl full
CFLAGS=-fno-asynchronous-unwind-tables make clean lib >/dev/null 2>&1
make clean
make_ret=
CFLAGS=-fno-asynchronous-unwind-tables make lib \
>list-symbols.make.log 2>&1 ||
{
make_ret=$?
echo "Build failure: CFLAGS=-fno-asynchronous-unwind-tables make lib"
cat list-symbols.make.log >&2
}
rm list-symbols.make.log
mv include/mbedtls/config.h.bak include/mbedtls/config.h
if [ -n "$make_ret" ]; then
exit "$make_ret"
fi
if uname | grep -F Darwin >/dev/null; then
nm -gUj library/libmbed*.a 2>/dev/null | sed -n -e 's/^_//p'
elif uname | grep -F Linux >/dev/null; then

22
tests/scripts/mbedtls_test.py
View File

@ -79,7 +79,7 @@ class TestDataParser(object):
split_colon_fn = lambda x: re.sub(r'\\' + split_char, split_char, x)
if len(split_char) > 1:
raise ValueError('Expected split character. Found string!')
out = map(split_colon_fn, re.split(r'(?<!\\)' + split_char, inp_str))
out = list(map(split_colon_fn, re.split(r'(?<!\\)' + split_char, inp_str)))
out = [x for x in out if x]
return out
@ -99,11 +99,11 @@ class TestDataParser(object):
# Check dependencies
dependencies = []
line = data_f.next().strip()
line = next(data_f).strip()
match = re.search('depends_on:(.*)', line)
if match:
dependencies = [int(x) for x in match.group(1).split(':')]
line = data_f.next().strip()
line = next(data_f).strip()
# Read test vectors
line = line.replace('\\n', '\n')
@ -115,7 +115,7 @@ class TestDataParser(object):
err_str_fmt = "Number of test arguments({}) should be even: {}"
raise TestDataParserError(err_str_fmt.format(args_count, line))
grouped_args = [(args[i * 2], args[(i * 2) + 1])
for i in range(len(args)/2)]
for i in range(int(len(args)/2))]
self.tests.append((name, function_name, dependencies,
grouped_args))
@ -261,21 +261,21 @@ class MbedTlsTest(BaseHostTest):
data_bytes += bytearray([function_id, len(parameters)])
for typ, param in parameters:
if typ == 'int' or typ == 'exp':
i = int(param)
data_bytes += 'I' if typ == 'int' else 'E'
i = int(param, 0)
data_bytes += b'I' if typ == 'int' else b'E'
self.align_32bit(data_bytes)
data_bytes += self.int32_to_big_endian_bytes(i)
elif typ == 'char*':
param = param.strip('"')
i = len(param) + 1 # + 1 for null termination
data_bytes += 'S'
data_bytes += b'S'
self.align_32bit(data_bytes)
data_bytes += self.int32_to_big_endian_bytes(i)
data_bytes += bytearray(list(param))
data_bytes += '\0' # Null terminate
data_bytes += bytearray(param, encoding='ascii')
data_bytes += b'\0' # Null terminate
elif typ == 'hex':
binary_data = self.hex_str_bytes(param)
data_bytes += 'H'
data_bytes += b'H'
self.align_32bit(data_bytes)
i = len(binary_data)
data_bytes += self.int32_to_big_endian_bytes(i)
@ -310,7 +310,7 @@ class MbedTlsTest(BaseHostTest):
param_bytes, length = self.test_vector_to_bytes(function_id,
dependencies, args)
self.send_kv(length, param_bytes)
self.send_kv(''.join('{:02x}'.format(x) for x in length), ''.join('{:02x}'.format(x) for x in param_bytes))
@staticmethod
def get_result(value):

14
tests/suites/helpers.function
View File

@ -409,7 +409,7 @@ jmp_buf jmp_tmp;
/*----------------------------------------------------------------------------*/
/* Helper Functions */
static void test_fail( const char *test, int line_no, const char* filename )
void test_fail( const char *test, int line_no, const char* filename )
{
test_info.failed = 1;
test_info.test = test;
@ -500,7 +500,7 @@ static void close_output( FILE* out_stream )
}
#endif /* __unix__ || __APPLE__ __MACH__ */
static int unhexify( unsigned char *obuf, const char *ibuf )
int unhexify( unsigned char *obuf, const char *ibuf )
{
unsigned char c, c2;
int len = strlen( ibuf ) / 2;
@ -534,7 +534,7 @@ static int unhexify( unsigned char *obuf, const char *ibuf )
return len;
}
static void hexify( unsigned char *obuf, const unsigned char *ibuf, int len )
void hexify( unsigned char *obuf, const unsigned char *ibuf, int len )
{
unsigned char l, h;
@ -588,7 +588,7 @@ static unsigned char *zero_alloc( size_t len )
*
* For convenience, dies if allocation fails.
*/
static unsigned char *unhexify_alloc( const char *ibuf, size_t *olen )
unsigned char *unhexify_alloc( const char *ibuf, size_t *olen )
{
unsigned char *obuf;
@ -639,7 +639,7 @@ static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
*
* rng_state shall be NULL.
*/
static int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len )
int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len )
{
if( rng_state != NULL )
rng_state = NULL;
@ -666,7 +666,7 @@ typedef struct
*
* After the buffer is empty it will return rand();
*/
static int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len )
int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len )
{
rnd_buf_info *info = (rnd_buf_info *) rng_state;
size_t use_len;
@ -712,7 +712,7 @@ typedef struct
*
* rng_state shall be a pointer to a rnd_pseudo_info structure.
*/
static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
{
rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state;
uint32_t i, *k, sum, delta=0x9E3779B9;

38
tests/suites/target_test.function
View File

@ -59,10 +59,29 @@ int verify_dependencies( uint8_t count, uint8_t * dep_p )
return( DEPENDENCY_SUPPORTED );
}
/**
* \brief Receives hex string on serial interface, and converts to a byte.
*
* \param none
*
* \return unsigned int8
*/
uint8_t receive_byte()
{
uint8_t byte;
uint8_t c[3];
char *endptr;
c[0] = greentea_getc();
c[1] = greentea_getc();
c[2] = '\0';
assert( unhexify( &byte, c ) != 2 );
return( byte );
}
/**
* \brief Receives unsigned integer on serial interface.
* Integers are encoded in network order.
* Integers are encoded in network order, and sent as hex ascii string.
*
* \param none
*
@ -71,10 +90,17 @@ int verify_dependencies( uint8_t count, uint8_t * dep_p )
uint32_t receive_uint32()
{
uint32_t value;
value = (uint8_t)greentea_getc() << 24;
value |= (uint8_t)greentea_getc() << 16;
value |= (uint8_t)greentea_getc() << 8;
value |= (uint8_t)greentea_getc();
const uint8_t c[9] = { greentea_getc(),
greentea_getc(),
greentea_getc(),
greentea_getc(),
greentea_getc(),
greentea_getc(),
greentea_getc(),
greentea_getc(),
'\0'
};
assert( unhexify( &value, c ) != 8 );
return( (uint32_t)value );
}
@ -132,7 +158,7 @@ uint8_t * receive_data( uint32_t * data_len )
greentea_getc(); // read ';' received after key i.e. *data_len
for( i = 0; i < *data_len; i++ )
data[i] = greentea_getc();
data[i] = receive_byte();
/* Read closing braces */
for( i = 0; i < 2; i++ )