Merge pull request #8010 from marekjansta/fix-x509-ec-algorithm-identifier-2.28
Backport 2.28: Fixed x509 certificate generation to conform to RFCs when using ECC key
diff --git a/BRANCHES.md b/BRANCHES.md
index 6d2e5c0..f912e95 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -76,6 +76,6 @@
- [`development`](https://github.com/Mbed-TLS/mbedtls/)
- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28)
maintained until at least the end of 2024, see
- <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3>.
+ <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.4>.
Users are urged to always use the latest version of a maintained branch.
diff --git a/ChangeLog b/ChangeLog
index 4033839..c977a68 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,35 @@
Mbed TLS ChangeLog (Sorted per branch, date)
+= Mbed TLS 2.28.4 branch released 2023-08-04
+
+Features
+ * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by
+ setting the CMake variable of the same name at configuration time.
+
+Bugfix
+ * Fix crypt_and_hash decryption fail when used with a stream cipher
+ mode of operation, due to the input not being a multiple of the block
+ size. Resolves #7417.
+ * Fix a bug where mbedtls_x509_string_to_names() would return success
+ when given a invalid name string, if it did not contain '=' or ','.
+ * Fix missing PSA initialization in sample programs when
+ MBEDTLS_USE_PSA_CRYPTO is enabled.
+ * Fix clang and armclang compilation error when targeting certain Arm
+ M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23,
+ SecurCore SC000). Fixes #1077.
+ * Fixed an issue that caused compile errors when using CMake and the IAR
+ toolchain.
+ * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516.
+ * Fix builds on Windows with clang.
+ * Fix compilation warnings in aes.c for certain combinations
+ of configuration options.
+ * Fix a compilation error on some platforms when including mbedtls/ssl.h
+ with all TLS support disabled. Fixes #6628.
+
+Changes
+ * Update test data to avoid failures of unit tests after 2023-08-07, and
+ update expiring certififcates in the certs module.
+
= Mbed TLS 2.28.3 branch released 2023-03-28
Features
diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md
index d2ea73d..2fbc989 100644
--- a/ChangeLog.d/00README.md
+++ b/ChangeLog.d/00README.md
@@ -21,6 +21,9 @@
* Performance improvements, unless they are particularly significant.
* Changes to parts of the code base that users don't interact with directly,
such as test code and test data.
+* Fixes for compiler warnings. Releases typically contain a number of fixes
+ of this kind, so we will only mention them in the Changelog if they are
+ particularly significant.
Until Mbed TLS 2.24.0, we required changelog entries in more cases.
Looking at older changelog entries is good practice for how to write a
diff --git a/ChangeLog.d/armclang-compile-fix.txt b/ChangeLog.d/armclang-compile-fix.txt
deleted file mode 100644
index 93ad6af..0000000
--- a/ChangeLog.d/armclang-compile-fix.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix clang and armclang compilation error when targeting certain Arm
- M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23,
- SecurCore SC000). Fixes #1077.
-
diff --git a/ChangeLog.d/bugfix_iar_typo.txt b/ChangeLog.d/bugfix_iar_typo.txt
deleted file mode 100644
index 95f97b1..0000000
--- a/ChangeLog.d/bugfix_iar_typo.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fixed an issue that caused compile errors when using CMake and the IAR
- toolchain.
diff --git a/ChangeLog.d/cmake-pass-through-config-defines.txt b/ChangeLog.d/cmake-pass-through-config-defines.txt
deleted file mode 100644
index 6122f37..0000000
--- a/ChangeLog.d/cmake-pass-through-config-defines.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by
- setting the CMake variable of the same name at configuration time.
diff --git a/ChangeLog.d/fix-crypt_and_hash-decrypt-issue.txt b/ChangeLog.d/fix-crypt_and_hash-decrypt-issue.txt
deleted file mode 100644
index ded9b2d..0000000
--- a/ChangeLog.d/fix-crypt_and_hash-decrypt-issue.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix crypt_and_hash decryption fail when used with a stream cipher
- mode of operation due to the input not being multiple of block size.
- Resolves #7417.
diff --git a/ChangeLog.d/fix-string-to-names-retcode.txt b/ChangeLog.d/fix-string-to-names-retcode.txt
deleted file mode 100644
index ac4b3d1..0000000
--- a/ChangeLog.d/fix-string-to-names-retcode.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a bug in which mbedtls_x509_string_to_names() would return success
- when given a invalid name string if it did not contain '=' or ','.
diff --git a/ChangeLog.d/fix-tfm-build.txt b/ChangeLog.d/fix-tfm-build.txt
deleted file mode 100644
index a63bc2f..0000000
--- a/ChangeLog.d/fix-tfm-build.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix compilation warnings in aes.c for certain combinations
- of configuration options.
diff --git a/ChangeLog.d/fix-win32-llvm-build.txt b/ChangeLog.d/fix-win32-llvm-build.txt
deleted file mode 100644
index 826551c..0000000
--- a/ChangeLog.d/fix-win32-llvm-build.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix builds on Windows with clang
diff --git a/ChangeLog.d/inject-entropy.txt b/ChangeLog.d/inject-entropy.txt
deleted file mode 100644
index 7626629..0000000
--- a/ChangeLog.d/inject-entropy.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516.
diff --git a/ChangeLog.d/programs_psa_fix.txt b/ChangeLog.d/programs_psa_fix.txt
deleted file mode 100644
index fe2099e..0000000
--- a/ChangeLog.d/programs_psa_fix.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix missing PSA initialization in sample programs when
- MBEDTLS_USE_PSA_CRYPTO is enabled.
diff --git a/ChangeLog.d/ssl_premaster_secret-empty.txt b/ChangeLog.d/ssl_premaster_secret-empty.txt
deleted file mode 100644
index 0ce5f36..0000000
--- a/ChangeLog.d/ssl_premaster_secret-empty.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a compilation error on some platforms when including mbedtls/ssl.h
- with all TLS support disabled. Fixes #6628.
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index bbf4ea2..d19f93e 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -22,7 +22,7 @@
*/
/**
- * @mainpage Mbed TLS v2.28.3 API Documentation
+ * @mainpage Mbed TLS v2.28.4 API Documentation
*
* This documentation describes the internal structure of Mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 78299ed..2f22e3f 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -1,4 +1,4 @@
-PROJECT_NAME = "mbed TLS v2.28.3"
+PROJECT_NAME = "mbed TLS v2.28.4"
OUTPUT_DIRECTORY = ../apidoc/
FULL_PATH_NAMES = NO
OPTIMIZE_OUTPUT_FOR_C = YES
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 0ef5213..1ae06e6 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -38,16 +38,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 28
-#define MBEDTLS_VERSION_PATCH 3
+#define MBEDTLS_VERSION_PATCH 4
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x021C0300
-#define MBEDTLS_VERSION_STRING "2.28.3"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.28.3"
+#define MBEDTLS_VERSION_NUMBER 0x021C0400
+#define MBEDTLS_VERSION_STRING "2.28.4"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.28.4"
#if defined(MBEDTLS_VERSION_C)
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index a159251..147caaf 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -204,15 +204,15 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
add_library(${mbedcrypto_target} SHARED ${src_crypto})
- set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.28.3 SOVERSION 7)
+ set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.28.4 SOVERSION 7)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
add_library(${mbedx509_target} SHARED ${src_x509})
- set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.28.3 SOVERSION 1)
+ set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.28.4 SOVERSION 1)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
add_library(${mbedtls_target} SHARED ${src_tls})
- set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.28.3 SOVERSION 14)
+ set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.28.4 SOVERSION 14)
target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
endif(USE_SHARED_MBEDTLS_LIBRARY)
diff --git a/library/ecp.c b/library/ecp.c
index 2d80b6f..dc8e279 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -166,7 +166,7 @@
unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES];
/* The list starts with strong hashes */
const mbedtls_md_type_t md_type =
- (const mbedtls_md_type_t) (mbedtls_md_list()[0]);
+ (mbedtls_md_type_t) (mbedtls_md_list()[0]);
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
if (secret_len > MBEDTLS_ECP_MAX_BYTES) {
@@ -2593,6 +2593,7 @@
void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ int have_rng = 1;
size_t i;
unsigned char b;
mbedtls_ecp_point RP;
@@ -2625,9 +2626,8 @@
/* RP.X might be slightly larger than P, so reduce it */
MOD_ADD(RP.X);
- /* Randomize coordinates of the starting point */
- int have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ /* Derandomize coordinates of the starting point */
if (f_rng == NULL) {
have_rng = 0;
}
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index fdcdd43..fade286 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1472,6 +1472,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot;
/* Reject a zero-length output buffer now, since this can never be a
@@ -1498,7 +1499,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
status = psa_driver_wrapper_export_public_key(
@@ -2406,6 +2407,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL;
/* A context must be freshly initialized before it can be set up. */
@@ -2423,7 +2425,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -2594,6 +2596,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot;
uint8_t operation_mac_size = 0;
@@ -2606,7 +2609,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -2732,6 +2735,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot;
*signature_length = 0;
@@ -2764,7 +2768,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -3303,6 +3307,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL;
psa_key_usage_t usage = (cipher_operation == MBEDTLS_ENCRYPT ?
PSA_KEY_USAGE_ENCRYPT :
@@ -3338,7 +3343,7 @@
}
operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -3561,6 +3566,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL;
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
size_t default_iv_length = 0;
@@ -3577,7 +3583,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -3633,6 +3639,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL;
if (!PSA_ALG_IS_CIPHER(alg)) {
@@ -3647,7 +3654,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -4251,6 +4258,7 @@
uint8_t *data = NULL;
size_t bytes = PSA_BITS_TO_BYTES(bits);
psa_status_t status;
+ psa_key_attributes_t attributes;
if (!key_type_is_raw_bytes(slot->attr.type)) {
return PSA_ERROR_INVALID_ARGUMENT;
@@ -4279,7 +4287,7 @@
}
slot->attr.bits = (psa_key_bits_t) bits;
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -4891,14 +4899,16 @@
size_t shared_secret_size,
size_t *shared_secret_length)
{
+ mbedtls_ecp_keypair *ecp = NULL;
+ psa_status_t status;
+
switch (alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
case PSA_ALG_ECDH:
if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(private_key->attr.type)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
- mbedtls_ecp_keypair *ecp = NULL;
- psa_status_t status = mbedtls_psa_ecp_load_representation(
+ status = mbedtls_psa_ecp_load_representation(
private_key->attr.type,
private_key->attr.bits,
private_key->key.data,
@@ -4916,6 +4926,8 @@
return status;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
default:
+ (void) ecp;
+ (void) status;
(void) private_key;
(void) peer_key;
(void) peer_key_length;
@@ -5011,6 +5023,7 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
+ size_t expected_length;
if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
@@ -5030,7 +5043,7 @@
* PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() is exact so the point is moot.
* If FFDH is implemented, PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() can easily
* be exact for it as well. */
- size_t expected_length =
+ expected_length =
PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(slot->attr.type, slot->attr.bits);
if (output_size < expected_length) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
diff --git a/programs/fuzz/common.c b/programs/fuzz/common.c
index 56b9a13..96a24f7 100644
--- a/programs/fuzz/common.c
+++ b/programs/fuzz/common.c
@@ -13,7 +13,7 @@
}
#endif
-void dummy_init()
+void dummy_init(void)
{
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
mbedtls_platform_set_time(dummy_constant_time);
diff --git a/programs/fuzz/common.h b/programs/fuzz/common.h
index 6b5b515..d5b098f 100644
--- a/programs/fuzz/common.h
+++ b/programs/fuzz/common.h
@@ -19,7 +19,7 @@
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
#endif
-void dummy_init();
+void dummy_init(void);
int dummy_send(void *ctx, const unsigned char *buf, size_t len);
int fuzz_recv(void *ctx, unsigned char *buf, size_t len);
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index d503fab..ebdef4f 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -128,12 +128,12 @@
/*
* Basic printing functions
*/
-void print_version()
+void print_version(void)
{
printf("%s v%d.%d\n", PROG_NAME, VER_MAJOR, VER_MINOR);
}
-void print_usage()
+void print_usage(void)
{
print_version();
printf("\nThis program is used to deserialize an Mbed TLS SSL session from the base64 code provided\n"
@@ -182,7 +182,7 @@
/*
* Exit from the program in case of error
*/
-void error_exit()
+void error_exit(void)
{
if (NULL != b64_file) {
fclose(b64_file);
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index cc0bf79..d31947a 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -645,7 +645,7 @@
memcpy(&prev[prev_len++], delay, sizeof(packet));
}
-int send_delayed()
+int send_delayed(void)
{
uint8_t offset;
int ret;
diff --git a/scripts/output_env.sh b/scripts/output_env.sh
index 1d9e0fa..5356132 100755
--- a/scripts/output_env.sh
+++ b/scripts/output_env.sh
@@ -105,9 +105,37 @@
print_version "gcc" "--version" "" "head -n 1"
echo
+if [ -n "${GCC_EARLIEST+set}" ]; then
+ print_version "${GCC_EARLIEST}" "--version" "" "head -n 1"
+else
+ echo " GCC_EARLIEST : Not configured."
+fi
+echo
+
+if [ -n "${GCC_LATEST+set}" ]; then
+ print_version "${GCC_LATEST}" "--version" "" "head -n 1"
+else
+ echo " GCC_LATEST : Not configured."
+fi
+echo
+
print_version "clang" "--version" "" "head -n 2"
echo
+if [ -n "${CLANG_EARLIEST+set}" ]; then
+ print_version "${CLANG_EARLIEST}" "--version" "" "head -n 2"
+else
+ echo " CLANG_EARLIEST : Not configured."
+fi
+echo
+
+if [ -n "${CLANG_LATEST+set}" ]; then
+ print_version "${CLANG_LATEST}" "--version" "" "head -n 2"
+else
+ echo " CLANG_LATEST : Not configured."
+fi
+echo
+
print_version "ldd" "--version" "" "head -n 1"
echo
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 73aa292..c357f43 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -175,6 +175,10 @@
: ${ARMC6_BIN_DIR:=/usr/bin}
: ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
: ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
+ : ${CLANG_LATEST:="clang-latest"}
+ : ${CLANG_EARLIEST:="clang-earliest"}
+ : ${GCC_LATEST:="gcc-latest"}
+ : ${GCC_EARLIEST:="gcc-earliest"}
# if MAKEFLAGS is not set add the -j option to speed up invocations of make
if [ -z "${MAKEFLAGS+set}" ]; then
@@ -190,9 +194,7 @@
# Gather the list of available components. These are the functions
# defined in this script whose name starts with "component_".
- # Parse the script with sed. This way we get the functions in the order
- # they are defined.
- ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0")
+ ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
# Exclude components that are not supported on this platform.
SUPPORTED_COMPONENTS=
@@ -274,6 +276,10 @@
Tool path options:
--armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
--armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory.
+ --clang-earliest=<Clang_earliest_path> Earliest version of clang available
+ --clang-latest=<Clang_latest_path> Latest version of clang available
+ --gcc-earliest=<GCC_earliest_path> Earliest version of GCC available
+ --gcc-latest=<GCC_latest_path> Latest version of GCC available
--gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
--gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
--gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests.
@@ -417,9 +423,13 @@
--armcc) no_armcc=;;
--armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
+ --clang-earliest) shift; CLANG_EARLIEST="$1";;
+ --clang-latest) shift; CLANG_LATEST="$1";;
--error-test) error_test=$((error_test + 1));;
--except) all_except=1;;
--force|-f) FORCE=1;;
+ --gcc-earliest) shift; GCC_EARLIEST="$1";;
+ --gcc-latest) shift; GCC_LATEST="$1";;
--gnutls-cli) shift; GNUTLS_CLI="$1";;
--gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";;
--gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";;
@@ -2946,6 +2956,7 @@
test_build_opt () {
info=$1 cc=$2; shift 2
+ $cc --version
for opt in "$@"; do
msg "build/test: $cc $opt, $info" # ~ 30s
make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror"
@@ -2958,14 +2969,45 @@
done
}
-component_test_clang_opt () {
+# For FreeBSD we invoke the function by name so this condition is added
+# to disable the existing test_clang_opt function for linux.
+if [[ $(uname) != "Linux" ]]; then
+ component_test_clang_opt () {
+ scripts/config.py full
+ test_build_opt 'full config' clang -O0 -Os -O2
+ }
+fi
+
+component_test_clang_latest_opt () {
scripts/config.py full
- test_build_opt 'full config' clang -O0 -Os -O2
+ test_build_opt 'full config' "$CLANG_LATEST" -O0 -Os -O2
+}
+support_test_clang_latest_opt () {
+ type "$CLANG_LATEST" >/dev/null 2>/dev/null
}
-component_test_gcc_opt () {
+component_test_clang_earliest_opt () {
scripts/config.py full
- test_build_opt 'full config' gcc -O0 -Os -O2
+ test_build_opt 'full config' "$CLANG_EARLIEST" -O0
+}
+support_test_clang_earliest_opt () {
+ type "$CLANG_EARLIEST" >/dev/null 2>/dev/null
+}
+
+component_test_gcc_latest_opt () {
+ scripts/config.py full
+ test_build_opt 'full config' "$GCC_LATEST" -O0 -Os -O2
+}
+support_test_gcc_latest_opt () {
+ type "$GCC_LATEST" >/dev/null 2>/dev/null
+}
+
+component_test_gcc_earliest_opt () {
+ scripts/config.py full
+ test_build_opt 'full config' "$GCC_EARLIEST" -O0
+}
+support_test_gcc_earliest_opt () {
+ type "$GCC_EARLIEST" >/dev/null 2>/dev/null
}
component_build_mbedtls_config_file () {
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 839fccd..ed78449 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -654,6 +654,11 @@
code = code.replace(name, 'test_' + name, 1)
name = 'test_' + name
+ # If a test function has no arguments then add 'void' argument to
+ # avoid "-Wstrict-prototypes" warnings from clang
+ if len(args) == 0:
+ code = code.replace('()', '(void)', 1)
+
for line in funcs_f:
if re.search(END_CASE_REGEX, line):
break
diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
index fe748ae..b32d184 100755
--- a/tests/scripts/test_generate_test_code.py
+++ b/tests/scripts/test_generate_test_code.py
@@ -647,7 +647,7 @@
self.assertEqual(arg, [])
expected = '''#line 1 "test_suite_ut.function"
-void test_func()
+void test_func(void)
{
ba ba black sheep
have you any wool
@@ -690,7 +690,7 @@
expected = '''#line 1 "test_suite_ut.function"
-void test_func()
+void test_func(void)
{
ba ba black sheep
have you any wool
@@ -750,7 +750,7 @@
void
-test_func()
+test_func(void)
{
ba ba black sheep
have you any wool
@@ -803,7 +803,7 @@
-void test_func()
+void test_func(void)
{
ba ba black sheep
have you any wool
@@ -1139,7 +1139,7 @@
#if defined(MBEDTLS_ENTROPY_NV_SEED)
#if defined(MBEDTLS_FS_IO)
#line 13 "test_suite_ut.function"
-void test_func1()
+void test_func1(void)
{
exit:
;
@@ -1156,7 +1156,7 @@
#if defined(MBEDTLS_ENTROPY_NV_SEED)
#if defined(MBEDTLS_FS_IO)
#line 19 "test_suite_ut.function"
-void test_func2()
+void test_func2(void)
{
exit:
;
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index bc9a204..bd1f46c 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -806,13 +806,15 @@
int *written,
const int expected_fragments)
{
+ int ret;
+
/* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
* a valid no-op for TLS connections. */
if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0);
}
- int ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written);
+ ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written);
if (ret > 0) {
*written += ret;
}
@@ -852,13 +854,15 @@
int *read, int *fragments,
const int expected_fragments)
{
+ int ret;
+
/* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
* a valid no-op for TLS connections. */
if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0);
}
- int ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read);
+ ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read);
if (ret > 0) {
(*fragments)++;
*read += ret;
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 4b57192..8226a68 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compile time library version
-check_compiletime_version:"2.28.3"
+check_compiletime_version:"2.28.4"
Check runtime library version
-check_runtime_version:"2.28.3"
+check_runtime_version:"2.28.4"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0