Merge remote-tracking branch 'public/pr/2110' into mbedtls-2.1-proposed
diff --git a/.travis.yml b/.travis.yml
index 91a36c9..3a12b56 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -10,6 +10,7 @@
- tests/scripts/check-doxy-blocks.pl
- tests/scripts/check-names.sh
- tests/scripts/check-files.py
+- tests/scripts/doxygen.sh
- cmake -D CMAKE_BUILD_TYPE:String="Check" .
- make
- make test
@@ -24,6 +25,10 @@
secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k="
addons:
+ apt:
+ packages:
+ - doxygen
+ - graphviz
coverity_scan:
project:
name: "ARMmbed/mbedtls"
diff --git a/CMakeLists.txt b/CMakeLists.txt
index f032ad4..d321357 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -130,20 +130,9 @@
add_subdirectory(programs)
endif()
-# targets for doxygen only work on Unix
-if(UNIX)
- ADD_CUSTOM_TARGET(apidoc
- COMMAND mkdir -p apidoc
- COMMAND cp include/mbedtls/config.h include/mbedtls/config.h.bak
- COMMAND scripts/config.pl realfull
- COMMAND doxygen doxygen/mbedtls.doxyfile
- COMMAND mv include/mbedtls/config.h.bak include/mbedtls/config.h
- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
-
- ADD_CUSTOM_TARGET(apidoc_clean
- COMMAND rm -rf apidoc
- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
-endif(UNIX)
+ADD_CUSTOM_TARGET(apidoc
+ COMMAND doxygen doxygen/mbedtls.doxyfile
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
if(ENABLE_TESTING)
enable_testing()
diff --git a/ChangeLog b/ChangeLog
index 8c82d08..6268dfb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,16 +3,24 @@
= mbed TLS x.x.x branch released xxxx-xx-xx
Bugfix
- * Fix failure in hmac_drbg in the benchmark sample application, when
- MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095
- * Fix a bug in the update function for SSL ticket keys which previously
- invalidated keys of a lifetime of less than a 1s. Fixes #1968.
+ * Fix failure in hmac_drbg in the benchmark sample application, when
+ MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095
+ * Fix a bug in the update function for SSL ticket keys which previously
+ invalidated keys of a lifetime of less than a 1s. Fixes #1968.
+ * Fix potential build failures related to the 'apidoc' target, introduced
+ in the previous patch release. Found by Robert Scheck. #390 #391
Changes
+ * "make apidoc" now generates the documentation for the current
+ configuration. Run "scripts/apidoc_full.sh" to generate the full
+ documentation. This aligns the behavior with Mbed TLS versions 2.2 and
+ later and reverts it back to how it behaved in version 2.1.3.
* Add tests for session resumption in DTLS.
* Close a test gap in (D)TLS between the client side and the server side:
test the handling of large packets and small packets on the client side
in the same way as on the server side.
+ * Change the dtls_client and dtls_server samples to work by default over
+ IPv6 and optionally by a build option over IPv4.
= mbed TLS 2.1.15 branch released 2018-08-31
diff --git a/Makefile b/Makefile
index 0eece74..dd76b40 100644
--- a/Makefile
+++ b/Makefile
@@ -87,10 +87,7 @@
apidoc:
mkdir -p apidoc
- cp include/mbedtls/config.h include/mbedtls/config.h.bak
- scripts/config.pl realfull
doxygen doxygen/mbedtls.doxyfile
- mv include/mbedtls/config.h.bak include/mbedtls/config.h
apidoc_clean:
rm -rf apidoc
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 89a10c2..381ff3a 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -664,7 +664,7 @@
# directories like "/usr/src/myproject". Separate the files or directories
# with spaces.
-INPUT = .
+INPUT = include doxygen/input
# This tag can be used to specify the character encoding of the source files
# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
@@ -696,7 +696,7 @@
# Note that relative paths are relative to the directory from which doxygen is
# run.
-EXCLUDE = configs
+EXCLUDE =
# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
# directories that are symbolic links (a Unix file system feature) are excluded
@@ -710,7 +710,7 @@
# against the file with absolute path, so to exclude all test directories
# for example use the pattern */test/*
-EXCLUDE_PATTERNS =
+EXCLUDE_PATTERNS = *_internal.h *_wrap.h
# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
# (namespaces, classes, functions, etc.) that should be excluded from the
@@ -1485,13 +1485,13 @@
# which can be used by a validating XML parser to check the
# syntax of the XML files.
-XML_SCHEMA =
+#XML_SCHEMA =
# The XML_DTD tag can be used to specify an XML DTD,
# which can be used by a validating XML parser to check the
# syntax of the XML files.
-XML_DTD =
+#XML_DTD =
# If the XML_PROGRAMLISTING tag is set to YES Doxygen will
# dump the program listings (including syntax highlighting
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 2527d8d..97db808 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -60,9 +60,18 @@
#include "mbedtls/certs.h"
#include "mbedtls/timing.h"
+/* Uncomment out the following line to default to IPv4 and disable IPv6 */
+//#define FORCE_IPV4
+
#define SERVER_PORT "4433"
#define SERVER_NAME "localhost"
-#define SERVER_ADDR "127.0.0.1" /* forces IPv4 */
+
+#ifdef FORCE_IPV4
+#define SERVER_ADDR "127.0.0.1" /* Forces IPv4 */
+#else
+#define SERVER_ADDR "::1"
+#endif
+
#define MESSAGE "Echo this"
#define READ_TIMEOUT_MS 1000
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index df0fc78..4f8177f 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -33,6 +33,15 @@
#define mbedtls_fprintf fprintf
#endif
+/* Uncomment out the following line to default to IPv4 and disable IPv6 */
+//#define FORCE_IPV4
+
+#ifdef FORCE_IPV4
+#define BIND_IP "0.0.0.0" /* Forces IPv4 */
+#else
+#define BIND_IP "::"
+#endif
+
#if !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
!defined(MBEDTLS_SSL_COOKIE_C) || !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
@@ -169,7 +178,7 @@
printf( " . Bind on udp/*/4433 ..." );
fflush( stdout );
- if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_UDP ) ) != 0 )
+ if( ( ret = mbedtls_net_bind( &listen_fd, BIND_IP, "4433", MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
goto exit;
diff --git a/scripts/apidoc_full.sh b/scripts/apidoc_full.sh
new file mode 100755
index 0000000..bebab10
--- /dev/null
+++ b/scripts/apidoc_full.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+# Generate doxygen documentation with a full config.h (this ensures that every
+# available flag is documented, and avoids warnings about documentation
+# without a corresponding #define).
+#
+# /!\ This must not be a Makefile target, as it would create a race condition
+# when multiple targets are invoked in the same parallel build.
+
+set -eu
+
+CONFIG_H='include/mbedtls/config.h'
+
+if [ -r $CONFIG_H ]; then :; else
+ echo "$CONFIG_H not found" >&2
+ exit 1
+fi
+
+CONFIG_BAK=${CONFIG_H}.bak
+cp -p $CONFIG_H $CONFIG_BAK
+
+scripts/config.pl realfull
+make apidoc
+
+mv $CONFIG_BAK $CONFIG_H
diff --git a/tests/.jenkins/Jenkinsfile b/tests/.jenkins/Jenkinsfile
new file mode 100644
index 0000000..ed04053
--- /dev/null
+++ b/tests/.jenkins/Jenkinsfile
@@ -0,0 +1 @@
+mbedtls.run_job()
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 53c5e37..7b50daf 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -384,21 +384,27 @@
# Indicative running times are given for reference.
msg "test: recursion.pl" # < 1s
-tests/scripts/recursion.pl library/*.c
+record_status tests/scripts/recursion.pl library/*.c
msg "test: freshness of generated source files" # < 1s
-tests/scripts/check-generated-files.sh
+record_status tests/scripts/check-generated-files.sh
msg "test: doxygen markup outside doxygen blocks" # < 1s
-tests/scripts/check-doxy-blocks.pl
+record_status tests/scripts/check-doxy-blocks.pl
msg "test: check-files.py" # < 1s
cleanup
-tests/scripts/check-files.py
+record_status tests/scripts/check-files.py
msg "test/build: declared and exported names" # < 3s
cleanup
-tests/scripts/check-names.sh
+record_status tests/scripts/check-names.sh
+
+if which doxygen >/dev/null; then
+ msg "test: doxygen warnings" # ~ 3s
+ cleanup
+ tests/scripts/doxygen.sh
+fi
@@ -440,7 +446,7 @@
make
msg "test: ssl-opt.sh, MFL-related tests"
-tests/ssl-opt.sh -f "Max fragment length"
+if_build_succeeded tests/ssl-opt.sh -f "Max fragment length"
msg "build: Default + SSLv3 (ASan build)" # ~ 6 min
cleanup
@@ -484,10 +490,10 @@
make test
msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
-tests/ssl-opt.sh -f RSA
+if_build_succeeded tests/ssl-opt.sh -f RSA
msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
-tests/compat.sh -t RSA
+if_build_succeeded tests/compat.sh -t RSA
msg "build: cmake, full config, clang" # ~ 50s
diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py
index f560d03..0fb2117 100755
--- a/tests/scripts/check-files.py
+++ b/tests/scripts/check-files.py
@@ -155,6 +155,12 @@
".c", ".h", ".sh", ".pl", ".py", ".md", ".function", ".data",
"Makefile", "CMakeLists.txt", "ChangeLog"
)
+ self.excluded_directories = ['.git', 'mbed-os']
+ self.excluded_paths = list(map(os.path.normpath, [
+ 'cov-int',
+ 'examples',
+ 'yotta/module'
+ ]))
self.issues_to_check = [
PermissionIssueTracker(),
EndOfFileNewlineIssueTracker(),
@@ -179,12 +185,19 @@
console = logging.StreamHandler()
self.logger.addHandler(console)
+ def prune_branch(self, root, d):
+ if d in self.excluded_directories:
+ return True
+ if os.path.normpath(os.path.join(root, d)) in self.excluded_paths:
+ return True
+ return False
+
def check_files(self):
- for root, dirs, files in sorted(os.walk(".")):
+ for root, dirs, files in os.walk("."):
+ dirs[:] = sorted(d for d in dirs if not self.prune_branch(root, d))
for filename in sorted(files):
filepath = os.path.join(root, filename)
- if (os.path.join("yotta", "module") in filepath or
- not filepath.endswith(self.files_to_check)):
+ if not filepath.endswith(self.files_to_check):
continue
for issue_to_check in self.issues_to_check:
if issue_to_check.should_check_file(filepath):
diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh
new file mode 100755
index 0000000..e7758c9
--- /dev/null
+++ b/tests/scripts/doxygen.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+# Make sure the doxygen documentation builds without warnings
+
+# Abort on errors (and uninitiliased variables)
+set -eu
+
+if [ -d library -a -d include -a -d tests ]; then :; else
+ echo "Must be run from mbed TLS root" >&2
+ exit 1
+fi
+
+if scripts/apidoc_full.sh > doc.out 2>doc.err; then :; else
+ cat doc.err
+ echo "FAIL" >&2
+ exit 1;
+fi
+
+cat doc.out doc.err | \
+ grep -v "warning: ignoring unsupported tag" \
+ > doc.filtered
+
+if egrep "(warning|error):" doc.filtered; then
+ echo "FAIL" >&2
+ exit 1;
+fi
+
+make apidoc_clean
+rm -f doc.out doc.err doc.filtered