Merge 'iotssl-1099-incorrect-renego-dtls'
Fix an incorrect condition in ssl_check_ctr_renegotiate() that compared
64 bits of record counter instead of 48 bits as described in RFC 6347
Section 4.3.1. This would cause the function's return value to be
occasionally incorrect and the renegotiation routines to be triggered
at unexpected times.
diff --git a/ChangeLog b/ChangeLog
index 43aa8bb..fbc24cf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,12 @@
= mbed TLS x.x.x branch released xxxx-xx-xx
Bugfix
+ * Fix the redefinition of macro ssl_set_bio to an undefined symbol
+ mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it.
+ Found by omlib-lin. #673
+ * Fix unused variable/function compilation warnings in pem.c, x509_crt.c and
+ x509_csr.c that are reported when building mbed TLS with a config.h that
+ does not define MBEDTLS_PEM_PARSE_C. Found by omnium21. #562
* Fix incorrect renegotiation condition in ssl_check_ctr_renegotiate() that
would compare 64 bits of the record counter instead of 48 bits as indicated
in RFC 6347 Section 4.3.1. This could cause the execution of the
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 75e0b97..9a2b96b 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -58,9 +58,13 @@
/**
* \brief Set the CMAC key and prepare to authenticate the input
* data.
- * Should be called with an initialised cipher context.
+ * Should be called with an initialized cipher context.
*
- * \param ctx Cipher context
+ * \param ctx Cipher context. This should be a cipher context,
+ * initialized to be one of the following types:
+ * MBEDTLS_CIPHER_AES_128_ECB, MBEDTLS_CIPHER_AES_192_ECB,
+ * MBEDTLS_CIPHER_AES_256_ECB or
+ * MBEDTLS_CIPHER_DES_EDE3_ECB.
* \param key CMAC key
* \param keybits length of the CMAC key in bits
* (must be acceptable by the cipher)
@@ -115,7 +119,7 @@
int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
/**
- * \brief Output = Generic_CMAC( hmac key, input buffer )
+ * \brief Output = Generic_CMAC( cmac key, input buffer )
*
* \param cipher_info message digest info
* \param key CMAC key
diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h
index 27abbd9..af51b5f 100644
--- a/include/mbedtls/compat-1.3.h
+++ b/include/mbedtls/compat-1.3.h
@@ -2453,7 +2453,6 @@
#define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
#define ssl_set_authmode mbedtls_ssl_conf_authmode
#define ssl_set_bio mbedtls_ssl_set_bio
-#define ssl_set_bio mbedtls_ssl_set_bio_timeout
#define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
#define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
#define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 19fc1f1..8042693 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1146,7 +1146,7 @@
*
* \note See the documentation of \c mbedtls_ssl_set_timer_t and
* \c mbedtls_ssl_get_timer_t for the conventions this pair of
- * callbacks must fallow.
+ * callbacks must follow.
*
* \note On some platforms, timing.c provides
* \c mbedtls_timing_set_delay() and
diff --git a/library/debug.c b/library/debug.c
index a9cd814..f9229b3 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -71,7 +71,7 @@
*/
#if defined(MBEDTLS_THREADING_C)
char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */
- mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", ssl, str );
+ mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", (void*)ssl, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr );
#else
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 6a013e9..80be6ec 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -133,7 +133,8 @@
/*
* Initiate a TCP connection with host:port and the given protocol
*/
-int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto )
+int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host,
+ const char *port, int proto )
{
int ret;
struct addrinfo hints, *addr_list, *cur;
@@ -322,7 +323,7 @@
{
/* TCP: actual accept() */
ret = client_ctx->fd = (int) accept( bind_ctx->fd,
- (struct sockaddr *) &client_addr, &n );
+ (struct sockaddr *) &client_addr, &n );
}
else
{
diff --git a/library/pem.c b/library/pem.c
index 1ee3966..b6ad53b 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -44,12 +44,12 @@
#define mbedtls_free free
#endif
+#if defined(MBEDTLS_PEM_PARSE_C)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
-#if defined(MBEDTLS_PEM_PARSE_C)
void mbedtls_pem_init( mbedtls_pem_context *ctx )
{
memset( ctx, 0, sizeof( mbedtls_pem_context ) );
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 80af725..056dc16 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -969,8 +969,8 @@
*/
int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
{
- int success = 0, first_error = 0, total_failed = 0;
#if defined(MBEDTLS_PEM_PARSE_C)
+ int success = 0, first_error = 0, total_failed = 0;
int buf_format = MBEDTLS_X509_FORMAT_DER;
#endif
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 603d06b..f92b66c 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -265,8 +265,8 @@
*/
int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen )
{
- int ret;
#if defined(MBEDTLS_PEM_PARSE_C)
+ int ret;
size_t use_len;
mbedtls_pem_context pem;
#endif
diff --git a/scripts/data_files/rename-1.3-2.0.txt b/scripts/data_files/rename-1.3-2.0.txt
index 397f6be..cb3381a 100644
--- a/scripts/data_files/rename-1.3-2.0.txt
+++ b/scripts/data_files/rename-1.3-2.0.txt
@@ -1996,7 +1996,6 @@
ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
ssl_set_authmode mbedtls_ssl_conf_authmode
ssl_set_bio mbedtls_ssl_set_bio
-ssl_set_bio_timeout mbedtls_ssl_set_bio_timeout
ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites
diff --git a/scripts/output_env.sh b/scripts/output_env.sh
index 441fe18..1afaac3 100755
--- a/scripts/output_env.sh
+++ b/scripts/output_env.sh
@@ -1,5 +1,5 @@
-#!/bin/sh
-#
+#! /usr/bin/env sh
+
# output_env.sh
#
# This file is part of mbed TLS (https://tls.mbed.org)
@@ -17,144 +17,92 @@
# - version of libc, clang, asan and valgrind if installed
# - version of gnuTLS and OpenSSL
-echo
-echo "* Operating system and architecture:"
-uname -a
+print_version()
+{
+ BIN="$1"
+ shift
+ ARGS="$1"
+ shift
+ FAIL_MSG="$1"
+ shift
-echo
-if `hash armcc > /dev/null 2>&1`; then
- echo "* armcc:"
- armcc --vsn | head -n 2
-else
- echo "* armcc not found!"
-fi
-
-echo
-if `hash arm-none-eabi-gcc > /dev/null 2>&1`; then
- echo "* gcc-arm:"
- arm-none-eabi-gcc --version | head -n 1
-else
- echo "* gcc-arm not found!"
-fi
-
-echo
-if `hash gcc > /dev/null 2>&1`; then
- echo "* gcc:"
- gcc --version | head -n 1
-else
- echo "* gcc not found!"
-fi
-
-echo
-if `hash clang > /dev/null 2>&1`; then
- echo "* clang:"
- clang --version | head -n 2
- clang -v 2>&1 | grep Selected
-else
- echo "* clang not found!"
-fi
-
-echo
-if `hash ldd > /dev/null 2>&1`; then
- echo "* libc:"
- ldd --version | head -n 1
-else
- echo "* No ldd present: can't determine libc version!"
-fi
-
-echo
-if `hash valgrind > /dev/null 2>&1`; then
- echo "* valgrind:"
- valgrind --version
-else
- echo "* valgrind not found!"
-fi
-
-echo
-if `hash openssl > /dev/null 2>&1`; then
- echo "* openssl:"
- openssl version
-else
- echo "* openssl not found!"
-fi
-
-if [ -n "${OPENSSL+set}" ]; then
- echo
- if `hash "$OPENSSL" > /dev/null 2>&1`; then
- echo "* $OPENSSL at environment variable 'OPENSSL':"
- $OPENSSL version
- else
- echo "* $OPENSSL at environment variable 'OPENSSL' not found!"
+ if ! `type "$BIN" > /dev/null 2>&1`; then
+ echo "* $FAIL_MSG"
+ return 0
fi
-fi
+
+ BIN=`which "$BIN"`
+ VERSION_STR=`$BIN $ARGS 2>&1`
+
+ # Apply all filters
+ while [ $# -gt 0 ]; do
+ FILTER="$1"
+ shift
+ VERSION_STR=`echo "$VERSION_STR" | $FILTER`
+ done
+
+ echo "* ${BIN##*/}: $BIN: $VERSION_STR"
+}
+
+print_version "uname" "-a" ""
+echo
+
+: ${ARMC5_CC:=armcc}
+print_version "$ARMC5_CC" "--vsn" "armcc not found!" "head -n 2"
+echo
+
+: ${ARMC6_CC:=armclang}
+print_version "$ARMC6_CC" "--vsn" "armclang not found!" "head -n 2"
+echo
+
+print_version "arm-none-eabi-gcc" "--version" "gcc-arm not found!" "head -n 1"
+echo
+
+print_version "gcc" "--version" "gcc not found!" "head -n 1"
+echo
+
+print_version "clang" "--version" "clang not found" "head -n 2"
+echo
+
+print_version "ldd" "--version" \
+ "No ldd present: can't determine libc version!" \
+ "head -n 1"
+echo
+
+print_version "valgrind" "--version" "valgrind not found!"
+echo
+
+: ${OPENSSL:=openssl}
+print_version "$OPENSSL" "version" "openssl not found!"
+echo
if [ -n "${OPENSSL_LEGACY+set}" ]; then
+ print_version "$OPENSSL_LEGACY" "version" "openssl legacy version not found!"
echo
- if `hash "$OPENSSL_LEGACY" > /dev/null 2>&1`; then
- echo "* $OPENSSL_LEGACY at environment variable 'OPENSSL_LEGACY':"
- $OPENSSL_LEGACY version
- else
- echo "* $OPENSSL_LEGACY at environment variable 'OPENSSL_LEGACY' not found!"
- fi
fi
+: ${GNUTLS_CLI:=gnutls-cli}
+print_version "$GNUTLS_CLI" "--version" "gnuTLS client not found!" "head -n 1"
echo
-if `hash gnutls-cli > /dev/null 2>&1`; then
- echo "* gnuTLS client:"
- gnutls-cli --version | head -n 1
-else
- echo "* gnuTLS client not found!"
-fi
+: ${GNUTLS_SERV:=gnutls-serv}
+print_version "$GNUTLS_SERV" "--version" "gnuTLS server not found!" "head -n 1"
echo
-if `hash gnutls-serv > /dev/null 2>&1`; then
- echo "* gnuTLS server:"
- gnutls-serv --version | head -n 1
-else
- echo "* gnuTLS server not found!"
-fi
-
-if [ -n "${GNUTLS_CLI+set}" ]; then
- echo
- if `hash "$GNUTLS_CLI" > /dev/null 2>&1`; then
- echo "* $GNUTLS_CLI at environment variable 'GNUTLS_CLI':"
- $GNUTLS_CLI --version | head -n 1
- else
- echo "* $GNUTLS_CLI at environment variable 'GNUTLS_CLI' not found!"
- fi
-fi
-
-if [ -n "${GNUTLS_SERV+set}" ]; then
- echo
- if `hash "$GNUTLS_SERV" > /dev/null 2>&1`; then
- echo "* $GNUTLS_SERV at environment variable 'GNUTLS_SERV':"
- $GNUTLS_SERV --version | head -n 1
- else
- echo "* $GNUTLS_SERV at environment variable 'GNUTLS_SERV' not found!"
- fi
-fi
if [ -n "${GNUTLS_LEGACY_CLI+set}" ]; then
+ print_version "$GNUTLS_LEGACY_CLI" "--version" \
+ "gnuTLS client legacy version not found!" \
+ "head -n 1"
echo
- if `hash "$GNUTLS_LEGACY_CLI" > /dev/null 2>&1`; then
- echo "* $GNUTLS_LEGACY_CLI at environment variable 'GNUTLS_LEGACY_CLI':"
- $GNUTLS_LEGACY_CLI --version | head -n 1
- else
- echo "* $GNUTLS_LEGACY_CLI at environment variable 'GNUTLS_LEGACY_CLI' not found!"
- fi
fi
if [ -n "${GNUTLS_LEGACY_SERV+set}" ]; then
+ print_version "$GNUTLS_LEGACY_SERV" "--version" \
+ "gnuTLS server legacy version not found!" \
+ "head -n 1"
echo
- if `hash "$GNUTLS_LEGACY_SERV" > /dev/null 2>&1`; then
- echo "* $GNUTLS_LEGACY_SERV at environment variable 'GNUTLS_LEGACY_SERV':"
- $GNUTLS_LEGACY_SERV --version | head -n 1
- else
- echo "* $GNUTLS_LEGACY_SERV at environment variable 'GNUTLS_LEGACY_SERV' not found!"
- fi
fi
-echo
if `hash dpkg > /dev/null 2>&1`; then
echo "* asan:"
dpkg -s libasan2 2> /dev/null | grep -i version
@@ -163,6 +111,4 @@
else
echo "* No dpkg present: can't determine asan version!"
fi
-
echo
-
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 6b33960..ea96901 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#! /usr/bin/env sh
# all.sh
#
@@ -22,8 +22,11 @@
# Abort on errors (and uninitialised variables)
set -eu
-if [ -d library -a -d include -a -d tests ]; then :; else
- err_msg "Must be run from mbed TLS root"
+if [ "$( uname )" != "Linux" ]; then
+ echo "This script only works in Linux" >&2
+ exit 1
+elif [ -d library -a -d include -a -d tests ]; then :; else
+ echo "Must be run from mbed TLS root" >&2
exit 1
fi
@@ -42,6 +45,13 @@
: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
+: ${ARMC5_BIN_DIR:=/usr/bin}
+: ${ARMC6_BIN_DIR:=/usr/bin}
+
+# if MAKEFLAGS is not set add the -j option to speed up invocations of make
+if [ -n "${MAKEFLAGS+set}" ]; then
+ export MAKEFLAGS="-j"
+fi
usage()
{
@@ -58,6 +68,8 @@
printf " --gnutls-serv=<GnuTLS_serv_path>\t\tPath to GnuTLS server executable to use for most tests.\n"
printf " --gnutls-legacy-cli=<GnuTLS_cli_path>\t\tPath to GnuTLS client executable to use for legacy tests.\n"
printf " --gnutls-legacy-serv=<GnuTLS_serv_path>\t\tPath to GnuTLS server executable to use for legacy tests.\n"
+ printf " --armc5-bin-dir=<ARMC5_bin_dir_path>\t\tPath to the ARM Compiler 5 bin directory.\n"
+ printf " --armc6-bin-dir=<ARMC6_bin_dir_path>\t\tPath to the ARM Compiler 6 bin directory.\n"
}
# remove built files as well as the cmake cache/config
@@ -86,6 +98,16 @@
echo "******************************************************************"
}
+armc6_build_test()
+{
+ FLAGS="$1"
+
+ msg "build: ARM Compiler 6 ($FLAGS), make"
+ ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
+ WARNING_CFLAGS='-xc -std=c99' make lib
+ make clean
+}
+
err_msg()
{
echo "$1" >&2
@@ -144,6 +166,14 @@
shift
GNUTLS_LEGACY_SERV="$1"
;;
+ --armc5-bin-dir)
+ shift
+ ARMC5_BIN_DIR="$1"
+ ;;
+ --armc6-bin-dir)
+ shift
+ ARMC6_BIN_DIR="$1"
+ ;;
--help|-h|*)
usage
exit 1
@@ -196,6 +226,13 @@
echo "GNUTLS_SERV: $GNUTLS_SERV"
echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI"
echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV"
+echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
+echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
+
+ARMC5_CC="$ARMC5_BIN_DIR/armcc"
+ARMC5_AR="$ARMC5_BIN_DIR/armar"
+ARMC6_CC="$ARMC6_BIN_DIR/armclang"
+ARMC6_AR="$ARMC6_BIN_DIR/armar"
# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh
# we just export the variables they require
@@ -209,7 +246,8 @@
# Make sure the tools we need are available.
check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \
"$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \
- "arm-none-eabi-gcc" "armcc"
+ "arm-none-eabi-gcc" "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" \
+ "i686-w64-mingw32-gcc"
#
# Test Suites to be executed
@@ -225,7 +263,8 @@
msg "info: output_env.sh"
OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \
GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \
- GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" scripts/output_env.sh
+ GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" ARMC5_CC="$ARMC5_CC" \
+ ARMC6_CC="$ARMC6_CC" scripts/output_env.sh
msg "test: recursion.pl" # < 1s
tests/scripts/recursion.pl library/*.c
@@ -244,6 +283,8 @@
cleanup
tests/scripts/doxygen.sh
+# Note - use of yotta is deprecated, and yotta also requires armcc to be on the
+# path, and uses whatever version of armcc it finds there.
msg "build: create and build yotta module" # ~ 30s
cleanup
tests/scripts/yotta-build.sh
@@ -285,16 +326,16 @@
msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
tests/ssl-opt.sh
-msg "build: cmake, full config, clang" # ~ 50s
+msg "build: cmake, full config, clang, C99" # ~ 50s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
-CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check .
-make
+CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On .
+CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic' make
msg "test: main suites (full config)" # ~ 5s
-make test
+CFLAGS='-Werror -Wall -Wextra' make test
msg "test: ssl-opt.sh default (full config)" # ~ 1s
tests/ssl-opt.sh -f Default
@@ -314,15 +355,17 @@
msg "build: Unix make, -Os (gcc)" # ~ 30s
cleanup
-CC=gcc CFLAGS='-Werror -Os' make
+CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' make
-# this is meant to cath missing #define mbedtls_printf etc
-# disable fsio to catch some more missing #include <stdio.h>
-msg "build: full config except platform/fsio, make, gcc" # ~ 30s
+# Full configuration build, without platform support, file IO and net sockets.
+# This should catch missing mbedtls_printf definitions, and by disabling file
+# IO, it should catch missing '#include <stdio.h>'
+msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_PLATFORM_C
+scripts/config.pl unset MBEDTLS_NET_C
scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY
scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
@@ -332,7 +375,10 @@
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_FS_IO
-CC=gcc CFLAGS='-Werror -O0' make
+# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
+# to re-enable platform integration features otherwise disabled in C99 builds
+CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' make lib programs
+CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make test
# catch compile bugs in _uninit functions
msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s
@@ -341,29 +387,31 @@
scripts/config.pl full
scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
-CC=gcc CFLAGS='-Werror -O0' make
+CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make
msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_SSL_SRV_C
-CC=gcc CFLAGS='-Werror -O0' make
+CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make
msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_SSL_CLI_C
-CC=gcc CFLAGS='-Werror -O0' make
+CC=gcc CFLAGS='-Werror -Wall -Werror -O0' make
+# Note, C99 compliance can also be tested with the sockets support disabled,
+# as that requires a POSIX platform (which isn't the same as C99).
msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
-CC=gcc CFLAGS='-Werror -O0 -std=c99 -pedantic' make lib
+CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' make lib
msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
cleanup
@@ -389,7 +437,7 @@
if uname -a | grep -F x86_64 >/dev/null; then
msg "build: i386, make, gcc" # ~ 30s
cleanup
-CC=gcc CFLAGS='-Werror -m32' make
+CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make
fi # x86_64
msg "build: arm-none-eabi-gcc, make" # ~ 10s
@@ -407,9 +455,9 @@
scripts/config.pl unset MBEDTLS_THREADING_C
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
-CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS=-Werror make lib
+CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib
-msg "build: armcc, make"
+msg "build: ARM Compiler 5, make"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
@@ -428,16 +476,28 @@
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME
-CC=armcc AR=armar WARNING_CFLAGS= make lib
-if which i686-w64-mingw32-gcc >/dev/null; then
-msg "build: cross-mingw64, make" # ~ 30s
+CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' make lib
+make clean
+
+armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a"
+armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m"
+armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a"
+armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main"
+armc6_build_test "--target=aarch64-arm-none-eabi"
+
+msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
cleanup
-CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS=-Werror WINDOWS_BUILD=1 make
+CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 make lib programs
+
+# note Make tests only builds the tests, but doesn't run them
+CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 make tests
WINDOWS_BUILD=1 make clean
-CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS=-Werror WINDOWS_BUILD=1 SHARED=1 make
+
+msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
+CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make lib programs
+CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make tests
WINDOWS_BUILD=1 make clean
-fi
# MemSan currently only available on Linux 64 bits
if uname -a | grep 'Linux.*x86_64' >/dev/null; then
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
index 85eb7e6..bd13f52 100755
--- a/tests/scripts/curves.pl
+++ b/tests/scripts/curves.pl
@@ -49,7 +49,8 @@
system( "scripts/config.pl unset $curve" )
and abort "Failed to disable $curve\n";
- system( "make lib" ) and abort "Failed to build lib: $curve\n";
+ system( "CFLAGS='-Werror -Wall -Wextra' make lib" )
+ and abort "Failed to build lib: $curve\n";
system( "cd tests && make" ) and abort "Failed to build tests: $curve\n";
system( "make test" ) and abort "Failed test suite: $curve\n";
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index 8f4738c..a9a89f1 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -1,9 +1,15 @@
#!/usr/bin/perl
-# test standard configurations:
-# - build
-# - run test suite
-# - run compat.sh
+# test-ref-configs.pl
+#
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
+# Copyright (c) 2013-2016, ARM Limited, All Rights Reserved
+#
+# Purpose
+#
+# For each reference configuration file in the configs directory, build the
+# configuration, run the test suites and compat.sh
#
# Usage: tests/scripts/test-ref-configs.pl [config-name [...]]
@@ -63,7 +69,7 @@
system( "cp configs/$conf $config_h" )
and abort "Failed to activate $conf\n";
- system( "make CFLAGS='-Os -Werror'" ) and abort "Failed to build: $conf\n";
+ system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf\n";
system( "make test" ) and abort "Failed test suite: $conf\n";
my $compat = $data->{'compat'};