Merge pull request #3286 from gilles-peskine-arm/config-full-clarify-2.16
Backport 2.16: Clarify that the full config enables everything that can be tested together
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index a5acf5b..472c28a 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -85,7 +85,8 @@
int main( int argc, char *argv[] )
{
- int ret = 1, i, n;
+ int ret = 1, i;
+ unsigned n;
int exit_code = MBEDTLS_EXIT_FAILURE;
int mode;
size_t keylen, ilen, olen;
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index bf42507..998c7ac 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -64,7 +64,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret = 1, c;
+ int ret = 1;
+ unsigned c;
int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i, olen = 0;
mbedtls_pk_context pk;
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index ff71bd0..c725f7c 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -65,7 +65,7 @@
FILE *f;
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
- int c;
+ unsigned c;
size_t i;
mbedtls_rsa_context rsa;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 94f0ef9..74030e4 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -59,7 +59,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret = 1, c;
+ int ret = 1;
+ unsigned c;
int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i;
mbedtls_rsa_context rsa;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 13d0d17..53b23a7 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -259,7 +259,9 @@
#define USAGE_ECRESTART ""
#endif
-#define USAGE \
+/* USAGE is arbitrarily split to stay under the portable string literal
+ * length limit: 4095 bytes in C99. */
+#define USAGE1 \
"\n usage: ssl_client2 param=<>...\n" \
"\n acceptable parameters:\n" \
" server_name=%%s default: localhost\n" \
@@ -282,7 +284,8 @@
" skip_close_notify=%%d default: 0 (send close_notify)\n" \
"\n" \
USAGE_DTLS \
- "\n" \
+ "\n"
+#define USAGE2 \
" auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \
USAGE_IO \
@@ -290,7 +293,8 @@
USAGE_PSK \
USAGE_ECJPAKE \
USAGE_ECRESTART \
- "\n" \
+ "\n"
+#define USAGE3 \
" allow_legacy=%%d default: (library default: no)\n" \
USAGE_RENEGO \
" exchanges=%%d default: 1\n" \
@@ -307,7 +311,8 @@
USAGE_CURVES \
USAGE_RECSPLIT \
USAGE_DHMLEN \
- "\n" \
+ "\n"
+#define USAGE4 \
" arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \
@@ -594,7 +599,10 @@
if( ret == 0 )
ret = 1;
- mbedtls_printf( USAGE );
+ mbedtls_printf( USAGE1 );
+ mbedtls_printf( USAGE2 );
+ mbedtls_printf( USAGE3 );
+ mbedtls_printf( USAGE4 );
list = mbedtls_ssl_list_ciphersuites();
while( *list )
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index b429b24..7aa977e 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -366,7 +366,9 @@
#define USAGE_CURVES ""
#endif
-#define USAGE \
+/* USAGE is arbitrarily split to stay under the portable string literal
+ * length limit: 4095 bytes in C99. */
+#define USAGE1 \
"\n usage: ssl_server2 param=<>...\n" \
"\n acceptable parameters:\n" \
" server_addr=%%s default: (all interfaces)\n" \
@@ -387,7 +389,8 @@
USAGE_COOKIES \
USAGE_ANTI_REPLAY \
USAGE_BADMAC_LIMIT \
- "\n" \
+ "\n"
+#define USAGE2 \
" auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \
" cert_req_ca_list=%%d default: 1 (send ca list)\n" \
@@ -398,7 +401,8 @@
"\n" \
USAGE_PSK \
USAGE_ECJPAKE \
- "\n" \
+ "\n"
+#define USAGE3 \
" allow_legacy=%%d default: (library default: no)\n" \
USAGE_RENEGO \
" exchanges=%%d default: 1\n" \
@@ -411,7 +415,8 @@
USAGE_EMS \
USAGE_ETM \
USAGE_CURVES \
- "\n" \
+ "\n"
+#define USAGE4 \
" arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \
@@ -1323,7 +1328,10 @@
if( ret == 0 )
ret = 1;
- mbedtls_printf( USAGE );
+ mbedtls_printf( USAGE1 );
+ mbedtls_printf( USAGE2 );
+ mbedtls_printf( USAGE3 );
+ mbedtls_printf( USAGE4 );
list = mbedtls_ssl_list_ciphersuites();
while( *list )
diff --git a/scripts/config.pl b/scripts/config.pl
index c2be0ba..ba563d6 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -19,30 +19,17 @@
#
# The following options are disabled instead of enabled with "full".
#
-# MBEDTLS_TEST_NULL_ENTROPY
-# MBEDTLS_DEPRECATED_REMOVED
-# MBEDTLS_HAVE_SSE2
-# MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-# MBEDTLS_ECP_DP_M221_ENABLED
-# MBEDTLS_ECP_DP_M383_ENABLED
-# MBEDTLS_ECP_DP_M511_ENABLED
-# MBEDTLS_MEMORY_BACKTRACE
-# MBEDTLS_MEMORY_BUFFER_ALLOC_C
-# MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-# MBEDTLS_NO_PLATFORM_ENTROPY
-# MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-# MBEDTLS_REMOVE_3DES_CIPHERSUITES
-# MBEDTLS_SSL_HW_RECORD_ACCEL
-# MBEDTLS_RSA_NO_CRT
-# MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
-# MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-# - this could be enabled if the respective tests were adapted
-# MBEDTLS_ZLIB_SUPPORT
-# MBEDTLS_PKCS11_C
-# MBEDTLS_NO_UDBL_DIVISION
-# MBEDTLS_NO_64BIT_MULTIPLICATION
-# and any symbol beginning _ALT
+# * Options that require additional build dependencies or unusual hardware.
+# * Options that make testing less effective.
+# * Options that are incompatible with other options, or more generally that
+# interact with other parts of the code in such a way that a bulk enabling
+# is not a good way to test them.
+# * Options that remove features.
#
+# The baremetal configuration excludes options that require a library or
+# operating system feature that is typically not present on bare metal
+# systems. Features that are excluded from "full" won't be in "baremetal"
+# either.
use warnings;
use strict;
@@ -83,53 +70,54 @@
EOU
my @excluded = qw(
-MBEDTLS_TEST_NULL_ENTROPY
-MBEDTLS_DEPRECATED_REMOVED
-MBEDTLS_HAVE_SSE2
-MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
-MBEDTLS_ECP_DP_M221_ENABLED
-MBEDTLS_ECP_DP_M383_ENABLED
-MBEDTLS_ECP_DP_M511_ENABLED
-MBEDTLS_MEMORY_DEBUG
+MBEDTLS_DEPRECATED_REMOVED
+MBEDTLS_DEPRECATED_WARNING
+MBEDTLS_HAVE_SSE2
MBEDTLS_MEMORY_BACKTRACE
MBEDTLS_MEMORY_BUFFER_ALLOC_C
+MBEDTLS_MEMORY_DEBUG
+MBEDTLS_NO_64BIT_MULTIPLICATION
MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
MBEDTLS_NO_PLATFORM_ENTROPY
-MBEDTLS_RSA_NO_CRT
-MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+MBEDTLS_NO_UDBL_DIVISION
+MBEDTLS_PKCS11_C
+MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
MBEDTLS_REMOVE_3DES_CIPHERSUITES
+MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+MBEDTLS_RSA_NO_CRT
MBEDTLS_SSL_HW_RECORD_ACCEL
-MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+MBEDTLS_TEST_NULL_ENTROPY
MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
MBEDTLS_ZLIB_SUPPORT
-MBEDTLS_PKCS11_C
-MBEDTLS_NO_UDBL_DIVISION
-MBEDTLS_NO_64BIT_MULTIPLICATION
_ALT\s*$
);
# Things that should be disabled in "baremetal"
my @excluded_baremetal = qw(
-MBEDTLS_NET_C
-MBEDTLS_TIMING_C
-MBEDTLS_FS_IO
MBEDTLS_ENTROPY_NV_SEED
+MBEDTLS_FS_IO
+MBEDTLS_HAVEGE_C
MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME_DATE
-MBEDTLS_DEPRECATED_WARNING
-MBEDTLS_HAVEGE_C
-MBEDTLS_THREADING_C
-MBEDTLS_THREADING_PTHREAD
MBEDTLS_MEMORY_BACKTRACE
MBEDTLS_MEMORY_BUFFER_ALLOC_C
-MBEDTLS_PLATFORM_TIME_ALT
+MBEDTLS_NET_C
MBEDTLS_PLATFORM_FPRINTF_ALT
+MBEDTLS_PLATFORM_NV_SEED_ALT
+MBEDTLS_PLATFORM_TIME_ALT
+MBEDTLS_THREADING_C
+MBEDTLS_THREADING_PTHREAD
+MBEDTLS_TIMING_C
);
-# Things that should be enabled in "full" even if they match @excluded
+# Things that should be enabled in "full" even if they match @excluded.
+# Platform ALTs enable global variables that allow configuring the behavior
+# but default to the default behavior, except for PLATFORM_SETUP_TEARDOWN_ALT
+# which requires the application to provide relevant functions like
+# non-platform ALTs.
my @non_excluded = qw(
-PLATFORM_[A-Z0-9]+_ALT
+PLATFORM_(?!SETUP_TEARDOWN_)[A-Z_0-9]+_ALT
);
# Things that should be enabled in "baremetal"
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 4e49515..444e713 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -818,24 +818,32 @@
if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
}
-component_build_deprecated () {
- msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
- scripts/config.pl full
- scripts/config.pl set MBEDTLS_DEPRECATED_WARNING
- # Build with -O -Wextra to catch a maximum of issues.
- make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs
- make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
-
- msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s
- # No cleanup, just tweak the configuration and rebuild
- make clean
- scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING
+component_test_default_no_deprecated () {
+ # Test that removing the deprecated features from the default
+ # configuration leaves something consistent.
+ msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s
scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED
- # Build with -O -Wextra to catch a maximum of issues.
- make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs
- make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
+ make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
+
+ msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s
+ make test
}
+component_test_full_deprecated_warning () {
+ # Test that there is nothing deprecated in the full configuration.
+ # A deprecated feature would trigger a warning (made fatal) from
+ # MBEDTLS_DEPRECATED_WARNING.
+ msg "build: make, full + MBEDTLS_DEPRECATED_WARNING" # ~ 30s
+ scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_DEPRECATED_REMOVED
+ scripts/config.pl set MBEDTLS_DEPRECATED_WARNING
+ # There are currently no tests for any deprecated feature.
+ # If some are added, 'make test' would trigger warnings here.
+ make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
+
+ msg "test: make, full + MBEDTLS_DEPRECATED_WARNING" # ~ 5s
+ make test
+}
component_test_depends_curves () {
msg "test/build: curves.pl (gcc)" # ~ 4 min
@@ -886,6 +894,7 @@
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY
+ scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
@@ -915,6 +924,7 @@
scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
+ scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_FS_IO
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
@@ -929,6 +939,7 @@
scripts/config.pl full
scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
+ scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
}
@@ -1013,6 +1024,7 @@
scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
scripts/config.pl set MBEDTLS_ENTROPY_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
+ scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT
scripts/config.pl unset MBEDTLS_HAVEGE_C
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON .
@@ -1095,7 +1107,7 @@
info=$1 cc=$2; shift 2
for opt in "$@"; do
msg "build/test: $cc $opt, $info" # ~ 30s
- make CC="$cc" CFLAGS="$opt -Wall -Wextra -Werror"
+ make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror"
# We're confident enough in compilers to not run _all_ the tests,
# but at least run the unit tests. In particular, runs with
# optimizations use inline assembly whereas runs with -O0
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index bfc5279..8944fd9 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -19,6 +19,12 @@
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
+#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
+#if !defined(_POSIX_C_SOURCE)
+#define _POSIX_C_SOURCE 1 // for fileno() from <stdio.h>
+#endif
+#endif
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include <mbedtls/config.h>
#else
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index cf19732..889d3bc 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -1,6 +1,7 @@
/* BEGIN_HEADER */
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
+#include "mbedtls/md.h"
#include "string.h"
/*