Merge PR #737 - type in ssl.h
diff --git a/CMakeLists.txt b/CMakeLists.txt
index a7ebfc1..3e47224 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -92,7 +92,9 @@
endif(CMAKE_COMPILER_IS_CLANG)
if(MSVC)
- set(CMAKE_C_FLAGS_CHECK "/WX")
+ # Strictest warnings, and treat as errors
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX")
endif(MSVC)
if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
diff --git a/ChangeLog b/ChangeLog
index f96786d..4b7536c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,19 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Bugfix
+ * Fix the redefinition of macro ssl_set_bio to an undefined symbol
+ mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it.
+ Found by omlib-lin. #673
+
+= mbed TLS 2.4.1 branch released 2016-12-13
+
+Changes
+ * Update to CMAC test data, taken from - NIST Special Publication 800-38B -
+ Recommendation for Block Cipher Modes of Operation: The CMAC Mode for
+ Authentication – October 2016
+
= mbed TLS 2.4.0 branch released 2016-10-17
Security
diff --git a/README.md b/README.md
index 3bae47d..f069d98 100644
--- a/README.md
+++ b/README.md
@@ -165,7 +165,7 @@
- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission.
- As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted.
-To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreeement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given.
+To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given.
### Making a Contribution
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index f2fcc8b..0794167 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -21,7 +21,7 @@
*/
/**
- * @mainpage mbed TLS v2.4.0 source code documentation
+ * @mainpage mbed TLS v2.4.1 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 344be8c..e58794e 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v2.4.0"
+PROJECT_NAME = "mbed TLS v2.4.1"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 75e0b97..9a2b96b 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -58,9 +58,13 @@
/**
* \brief Set the CMAC key and prepare to authenticate the input
* data.
- * Should be called with an initialised cipher context.
+ * Should be called with an initialized cipher context.
*
- * \param ctx Cipher context
+ * \param ctx Cipher context. This should be a cipher context,
+ * initialized to be one of the following types:
+ * MBEDTLS_CIPHER_AES_128_ECB, MBEDTLS_CIPHER_AES_192_ECB,
+ * MBEDTLS_CIPHER_AES_256_ECB or
+ * MBEDTLS_CIPHER_DES_EDE3_ECB.
* \param key CMAC key
* \param keybits length of the CMAC key in bits
* (must be acceptable by the cipher)
@@ -115,7 +119,7 @@
int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
/**
- * \brief Output = Generic_CMAC( hmac key, input buffer )
+ * \brief Output = Generic_CMAC( cmac key, input buffer )
*
* \param cipher_info message digest info
* \param key CMAC key
diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h
index 27abbd9..af51b5f 100644
--- a/include/mbedtls/compat-1.3.h
+++ b/include/mbedtls/compat-1.3.h
@@ -2453,7 +2453,6 @@
#define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
#define ssl_set_authmode mbedtls_ssl_conf_authmode
#define ssl_set_bio mbedtls_ssl_set_bio
-#define ssl_set_bio mbedtls_ssl_set_bio_timeout
#define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
#define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
#define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 6fc9c77..0f7e29b 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1525,7 +1525,7 @@
* library/pkwrite.c
* library/x509_create.c
* library/x509write_crt.c
- * library/mbedtls_x509write_csr.c
+ * library/x509write_csr.c
*/
#define MBEDTLS_ASN1_WRITE_C
@@ -1886,7 +1886,7 @@
*
* Enable the generic message digest layer.
*
- * Module: library/mbedtls_md.c
+ * Module: library/md.c
* Caller:
*
* Uncomment to enable generic message digest wrappers.
@@ -1898,7 +1898,7 @@
*
* Enable the MD2 hash algorithm.
*
- * Module: library/mbedtls_md2.c
+ * Module: library/md2.c
* Caller:
*
* Uncomment to enable support for (rare) MD2-signed X.509 certs.
@@ -1910,7 +1910,7 @@
*
* Enable the MD4 hash algorithm.
*
- * Module: library/mbedtls_md4.c
+ * Module: library/md4.c
* Caller:
*
* Uncomment to enable support for (rare) MD4-signed X.509 certs.
@@ -1922,8 +1922,8 @@
*
* Enable the MD5 hash algorithm.
*
- * Module: library/mbedtls_md5.c
- * Caller: library/mbedtls_md.c
+ * Module: library/md5.c
+ * Caller: library/md.c
* library/pem.c
* library/ssl_tls.c
*
@@ -1980,11 +1980,11 @@
* library/rsa.c
* library/x509.c
* library/x509_create.c
- * library/mbedtls_x509_crl.c
- * library/mbedtls_x509_crt.c
- * library/mbedtls_x509_csr.c
+ * library/x509_crl.c
+ * library/x509_crt.c
+ * library/x509_csr.c
* library/x509write_crt.c
- * library/mbedtls_x509write_csr.c
+ * library/x509write_csr.c
*
* This modules translates between OIDs and internal values.
*/
@@ -2012,9 +2012,9 @@
* Module: library/pem.c
* Caller: library/dhm.c
* library/pkparse.c
- * library/mbedtls_x509_crl.c
- * library/mbedtls_x509_crt.c
- * library/mbedtls_x509_csr.c
+ * library/x509_crl.c
+ * library/x509_crt.c
+ * library/x509_csr.c
*
* Requires: MBEDTLS_BASE64_C
*
@@ -2030,7 +2030,7 @@
* Module: library/pem.c
* Caller: library/pkwrite.c
* library/x509write_crt.c
- * library/mbedtls_x509write_csr.c
+ * library/x509write_csr.c
*
* Requires: MBEDTLS_BASE64_C
*
@@ -2060,8 +2060,8 @@
* Enable the generic public (asymetric) key parser.
*
* Module: library/pkparse.c
- * Caller: library/mbedtls_x509_crt.c
- * library/mbedtls_x509_csr.c
+ * Caller: library/x509_crt.c
+ * library/x509_csr.c
*
* Requires: MBEDTLS_PK_C
*
@@ -2152,8 +2152,8 @@
*
* Enable the RIPEMD-160 hash algorithm.
*
- * Module: library/mbedtls_ripemd160.c
- * Caller: library/mbedtls_md.c
+ * Module: library/ripemd160.c
+ * Caller: library/md.c
*
*/
#define MBEDTLS_RIPEMD160_C
@@ -2181,8 +2181,8 @@
*
* Enable the SHA1 cryptographic hash algorithm.
*
- * Module: library/mbedtls_sha1.c
- * Caller: library/mbedtls_md.c
+ * Module: library/sha1.c
+ * Caller: library/md.c
* library/ssl_cli.c
* library/ssl_srv.c
* library/ssl_tls.c
@@ -2197,9 +2197,9 @@
*
* Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
*
- * Module: library/mbedtls_sha256.c
+ * Module: library/sha256.c
* Caller: library/entropy.c
- * library/mbedtls_md.c
+ * library/md.c
* library/ssl_cli.c
* library/ssl_srv.c
* library/ssl_tls.c
@@ -2214,9 +2214,9 @@
*
* Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
*
- * Module: library/mbedtls_sha512.c
+ * Module: library/sha512.c
* Caller: library/entropy.c
- * library/mbedtls_md.c
+ * library/md.c
* library/ssl_cli.c
* library/ssl_srv.c
*
@@ -2364,9 +2364,9 @@
* Enable X.509 core for using certificates.
*
* Module: library/x509.c
- * Caller: library/mbedtls_x509_crl.c
- * library/mbedtls_x509_crt.c
- * library/mbedtls_x509_csr.c
+ * Caller: library/x509_crl.c
+ * library/x509_crt.c
+ * library/x509_csr.c
*
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
* MBEDTLS_PK_PARSE_C
@@ -2380,7 +2380,7 @@
*
* Enable X.509 certificate parsing.
*
- * Module: library/mbedtls_x509_crt.c
+ * Module: library/x509_crt.c
* Caller: library/ssl_cli.c
* library/ssl_srv.c
* library/ssl_tls.c
@@ -2396,8 +2396,8 @@
*
* Enable X.509 CRL parsing.
*
- * Module: library/mbedtls_x509_crl.c
- * Caller: library/mbedtls_x509_crt.c
+ * Module: library/x509_crl.c
+ * Caller: library/x509_crt.c
*
* Requires: MBEDTLS_X509_USE_C
*
@@ -2410,7 +2410,7 @@
*
* Enable X.509 Certificate Signing Request (CSR) parsing.
*
- * Module: library/mbedtls_x509_csr.c
+ * Module: library/x509_csr.c
* Caller: library/x509_crt_write.c
*
* Requires: MBEDTLS_X509_USE_C
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 35185df..54653df 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -206,7 +206,7 @@
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
*
* \note This function does NOT take care of message
- * padding. Also, be sure to set input[0] = 0 or assure that
+ * padding. Also, be sure to set input[0] = 0 or ensure that
* input is smaller than N.
*
* \note The input and output buffers must be large
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 69fc502..1a6c9cc 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2513,7 +2513,6 @@
* \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or
* MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
* \param preset a MBEDTLS_SSL_PRESET_XXX value
- * (currently unused).
*
* \note See \c mbedtls_ssl_conf_transport() for notes on DTLS.
*
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 6c0cc9b..3270346 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -39,16 +39,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 4
-#define MBEDTLS_VERSION_PATCH 0
+#define MBEDTLS_VERSION_PATCH 1
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02040000
-#define MBEDTLS_VERSION_STRING "2.4.0"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.4.0"
+#define MBEDTLS_VERSION_NUMBER 0x02040100
+#define MBEDTLS_VERSION_STRING "2.4.1"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.4.1"
#if defined(MBEDTLS_VERSION_C)
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 54dac16..f219bf1 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -157,7 +157,7 @@
#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
#define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14)
-#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* Parsed (and then ?) */
+#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16)
/*
* Storage format identifiers
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 6eb11f2..8882ddf 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -140,15 +140,15 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto})
- set_target_properties(mbedcrypto PROPERTIES VERSION 2.4.0 SOVERSION 0)
+ set_target_properties(mbedcrypto PROPERTIES VERSION 2.4.1 SOVERSION 0)
target_link_libraries(mbedcrypto ${libs})
add_library(mbedx509 SHARED ${src_x509})
- set_target_properties(mbedx509 PROPERTIES VERSION 2.4.0 SOVERSION 0)
+ set_target_properties(mbedx509 PROPERTIES VERSION 2.4.1 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
add_library(mbedtls SHARED ${src_tls})
- set_target_properties(mbedtls PROPERTIES VERSION 2.4.0 SOVERSION 10)
+ set_target_properties(mbedtls PROPERTIES VERSION 2.4.1 SOVERSION 10)
target_link_libraries(mbedtls ${libs} mbedx509)
install(TARGETS mbedtls mbedx509 mbedcrypto
diff --git a/library/cmac.c b/library/cmac.c
index ee2fe05..b2fe713 100644
--- a/library/cmac.c
+++ b/library/cmac.c
@@ -26,7 +26,7 @@
*
* - NIST SP 800-38B Recommendation for Block Cipher Modes of Operation: The
* CMAC Mode for Authentication
- * http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38b.pdf
+ * http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf
*
* - RFC 4493 - The AES-CMAC Algorithm
* https://tools.ietf.org/html/rfc4493
@@ -62,7 +62,7 @@
#if defined(MBEDTLS_SELF_TEST)
#include <stdio.h>
#define mbedtls_printf printf
-#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C || MBEDTLS_DES_C */
+#endif /* MBEDTLS_SELF_TEST */
#endif /* MBEDTLS_PLATFORM_C */
/* Implementation that should never be optimized out by the compiler */
@@ -80,7 +80,7 @@
* with R_64 = 0x1B and R_128 = 0x87
*
* Input and output MUST NOT point to the same buffer
- * Block size must be 8 byes or 16 bytes - the block sizes for DES and AES.
+ * Block size must be 8 bytes or 16 bytes - the block sizes for DES and AES.
*/
static int cmac_multiply_by_u( unsigned char *output,
const unsigned char *input,
@@ -105,7 +105,7 @@
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
- for( i = blocksize - 1; i >= 0; i-- )
+ for( i = (int)blocksize - 1; i >= 0; i-- )
{
output[i] = input[i] << 1 | overflow;
overflow = input[i] >> 7;
@@ -209,7 +209,7 @@
if( ctx == NULL || ctx->cipher_info == NULL || key == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- if( ( retval = mbedtls_cipher_setkey( ctx, key, keybits,
+ if( ( retval = mbedtls_cipher_setkey( ctx, key, (int)keybits,
MBEDTLS_ENCRYPT ) ) != 0 )
return( retval );
@@ -244,8 +244,8 @@
{
mbedtls_cmac_context_t* cmac_ctx;
unsigned char *state;
- int n, j, ret = 0;
- size_t olen, block_size;
+ int ret = 0;
+ size_t n, j, olen, block_size;
if( ctx == NULL || ctx->cipher_info == NULL || input == NULL ||
ctx->cmac_ctx == NULL )
@@ -280,8 +280,9 @@
/* n is the number of blocks including any final partial block */
n = ( ilen + block_size - 1 ) / block_size;
- /* Iterate across the input data in block sized chunks */
- for( j = 0; j < n - 1; j++ )
+ /* Iterate across the input data in block sized chunks, excluding any
+ * final partial or complete block */
+ for( j = 1; j < n; j++ )
{
cmac_xor_block( state, input, state, block_size );
@@ -469,8 +470,9 @@
#if defined(MBEDTLS_SELF_TEST)
/*
- * CMAC test data from SP800-38B Appendix D.1 (corrected)
- * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf
+ * CMAC test data for SP800-38B
+ * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/AES_CMAC.pdf
+ * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/TDES_CMAC.pdf
*
* AES-CMAC-PRF-128 test data from RFC 4615
* https://tools.ietf.org/html/rfc4615#page-4
@@ -482,128 +484,148 @@
#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C)
/* All CMAC test inputs are truncated from the same 64 byte buffer. */
static const unsigned char test_message[] = {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
- 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
- 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
- 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
- 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
- 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
- 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
+ /* PT */
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+ 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+ 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+ 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
};
#endif /* MBEDTLS_AES_C || MBEDTLS_DES_C */
#if defined(MBEDTLS_AES_C)
/* Truncation point of message for AES CMAC tests */
static const unsigned int aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = {
+ /* Mlen */
0,
16,
- 40,
+ 20,
64
};
-/* AES 128 CMAC Test Data */
+/* CMAC-AES128 Test Data */
static const unsigned char aes_128_key[16] = {
- 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
- 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
};
static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
{
- 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66,
- 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde
+ /* K1 */
+ 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66,
+ 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde
},
{
- 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc,
- 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b
+ /* K2 */
+ 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc,
+ 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b
}
};
static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
{
- 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
- 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
+ /* Example #1 */
+ 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
+ 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
},
{
- 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
- 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
+ /* Example #2 */
+ 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
+ 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
},
{
- 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
- 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
+ /* Example #3 */
+ 0x7d, 0x85, 0x44, 0x9e, 0xa6, 0xea, 0x19, 0xc8,
+ 0x23, 0xa7, 0xbf, 0x78, 0x83, 0x7d, 0xfa, 0xde
},
{
- 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
- 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
+ /* Example #4 */
+ 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
+ 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
}
};
-/* AES 192 CMAC Test Data */
+/* CMAC-AES192 Test Data */
static const unsigned char aes_192_key[24] = {
- 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
- 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
- 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
+ 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
+ 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
};
static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
{
- 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27,
- 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96
+ /* K1 */
+ 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27,
+ 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96
},
{
- 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e,
- 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c
+ /* K2 */
+ 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e,
+ 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c
}
};
static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
{
- 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
- 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
+ /* Example #1 */
+ 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
+ 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
},
{
- 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
- 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
+ /* Example #2 */
+ 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
+ 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
},
{
- 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad,
- 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e
+ /* Example #3 */
+ 0x3d, 0x75, 0xc1, 0x94, 0xed, 0x96, 0x07, 0x04,
+ 0x44, 0xa9, 0xfa, 0x7e, 0xc7, 0x40, 0xec, 0xf8
},
{
- 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
- 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
+ /* Example #4 */
+ 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
+ 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
}
};
-/* AES 256 CMAC Test Data */
+/* CMAC-AES256 Test Data */
static const unsigned char aes_256_key[32] = {
- 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
- 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
- 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
- 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
};
static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
{
- 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac,
- 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f
+ /* K1 */
+ 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac,
+ 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f
},
{
- 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58,
- 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9
+ /* K2 */
+ 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58,
+ 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9
}
};
static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
{
- 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
- 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
+ /* Example #1 */
+ 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
+ 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
},
{
- 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
- 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
+ /* Example #2 */
+ 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
+ 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
},
{
- 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2,
- 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6
+ /* Example #3 */
+ 0x15, 0x67, 0x27, 0xdc, 0x08, 0x78, 0x94, 0x4a,
+ 0x02, 0x3c, 0x1f, 0xe0, 0x3b, 0xad, 0x6d, 0x93
},
{
- 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
- 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
+ /* Example #4 */
+ 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
+ 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
}
};
#endif /* MBEDTLS_AES_C */
@@ -612,66 +634,84 @@
/* Truncation point of message for 3DES CMAC tests */
static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = {
0,
- 8,
+ 16,
20,
32
};
-/* 3DES 2 Key CMAC Test Data */
+/* CMAC-TDES (Generation) - 2 Key Test Data */
static const unsigned char des3_2key_key[24] = {
- 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5,
- 0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38,
- 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5
+ /* Key1 */
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+ /* Key2 */
+ 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xEF, 0x01,
+ /* Key3 */
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
};
static const unsigned char des3_2key_subkeys[2][8] = {
{
- 0x8e, 0xcf, 0x37, 0x3e, 0xd7, 0x1a, 0xfa, 0xef
+ /* K1 */
+ 0x0d, 0xd2, 0xcb, 0x7a, 0x3d, 0x88, 0x88, 0xd9
},
{
- 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5
+ /* K2 */
+ 0x1b, 0xa5, 0x96, 0xf4, 0x7b, 0x11, 0x11, 0xb2
}
};
static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
{
- 0xbd, 0x2e, 0xbf, 0x9a, 0x3b, 0xa0, 0x03, 0x61
+ /* Sample #1 */
+ 0x79, 0xce, 0x52, 0xa7, 0xf7, 0x86, 0xa9, 0x60
},
{
- 0x4f, 0xf2, 0xab, 0x81, 0x3c, 0x53, 0xce, 0x83
+ /* Sample #2 */
+ 0xcc, 0x18, 0xa0, 0xb7, 0x9a, 0xf2, 0x41, 0x3b
},
{
- 0x62, 0xdd, 0x1b, 0x47, 0x19, 0x02, 0xbd, 0x4e
+ /* Sample #3 */
+ 0xc0, 0x6d, 0x37, 0x7e, 0xcd, 0x10, 0x19, 0x69
},
{
- 0x31, 0xb1, 0xe4, 0x31, 0xda, 0xbc, 0x4e, 0xb8
+ /* Sample #4 */
+ 0x9c, 0xd3, 0x35, 0x80, 0xf9, 0xb6, 0x4d, 0xfb
}
};
-/* 3DES 3 Key CMAC Test Data */
+/* CMAC-TDES (Generation) - 3 Key Test Data */
static const unsigned char des3_3key_key[24] = {
- 0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62,
- 0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58,
- 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5
+ /* Key1 */
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xaa, 0xcd, 0xef,
+ /* Key2 */
+ 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01,
+ /* Key3 */
+ 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23
};
static const unsigned char des3_3key_subkeys[2][8] = {
{
- 0x91, 0x98, 0xe9, 0xd3, 0x14, 0xe6, 0x53, 0x5f
+ /* K1 */
+ 0x9d, 0x74, 0xe7, 0x39, 0x33, 0x17, 0x96, 0xc0
},
{
- 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5
+ /* K2 */
+ 0x3a, 0xe9, 0xce, 0x72, 0x66, 0x2f, 0x2d, 0x9b
}
};
static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
{
- 0xb7, 0xa6, 0x88, 0xe1, 0x22, 0xff, 0xaf, 0x95
+ /* Sample #1 */
+ 0x7d, 0xb0, 0xd3, 0x7d, 0xf9, 0x36, 0xc5, 0x50
},
{
- 0x8e, 0x8f, 0x29, 0x31, 0x36, 0x28, 0x37, 0x97
+ /* Sample #2 */
+ 0x30, 0x23, 0x9c, 0xf1, 0xf5, 0x2e, 0x66, 0x09
},
{
- 0x74, 0x3d, 0xdb, 0xe0, 0xce, 0x2d, 0xc2, 0xed
+ /* Sample #3 */
+ 0x6c, 0x9f, 0x3e, 0xe4, 0x92, 0x3f, 0x6b, 0xe2
},
{
- 0x33, 0xe6, 0xb1, 0x09, 0x24, 0x00, 0xea, 0xe5
+ /* Sample #4 */
+ 0x99, 0x42, 0x9b, 0xd0, 0xbF, 0x79, 0x04, 0xe5
}
};
@@ -680,8 +720,9 @@
#if defined(MBEDTLS_AES_C)
/* AES AES-CMAC-PRF-128 Test Data */
static const unsigned char PRFK[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ /* Key */
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0xed, 0xcb
};
@@ -692,25 +733,25 @@
10
};
-/* PRF M */
+/* Message */
static const unsigned char PRFM[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13
};
static const unsigned char PRFT[NB_PRF_TESTS][16] = {
{
- 0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b,
- 0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a
+ 0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b,
+ 0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a
},
{
- 0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52,
- 0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d
+ 0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52,
+ 0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d
},
{
- 0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee,
- 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d
+ 0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee,
+ 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d
}
};
#endif /* MBEDTLS_AES_C */
diff --git a/library/debug.c b/library/debug.c
index a9cd814..f9229b3 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -71,7 +71,7 @@
*/
#if defined(MBEDTLS_THREADING_C)
char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */
- mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", ssl, str );
+ mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", (void*)ssl, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr );
#else
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
diff --git a/library/net_sockets.c b/library/net_sockets.c
index cc06cbf..80be6ec 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -133,7 +133,8 @@
/*
* Initiate a TCP connection with host:port and the given protocol
*/
-int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto )
+int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host,
+ const char *port, int proto )
{
int ret;
struct addrinfo hints, *addr_list, *cur;
@@ -238,7 +239,7 @@
}
}
- /* I we ever get there, it's a success */
+ /* Bind was successful */
ret = 0;
break;
}
@@ -322,7 +323,7 @@
{
/* TCP: actual accept() */
ret = client_ctx->fd = (int) accept( bind_ctx->fd,
- (struct sockaddr *) &client_addr, &n );
+ (struct sockaddr *) &client_addr, &n );
}
else
{
diff --git a/library/pkparse.c b/library/pkparse.c
index 275429e..efdf437 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1187,12 +1187,12 @@
#endif /* MBEDTLS_PEM_PARSE_C */
/*
- * At this point we only know it's not a PEM formatted key. Could be any
- * of the known DER encoded private key formats
- *
- * We try the different DER format parsers to see if one passes without
- * error
- */
+ * At this point we only know it's not a PEM formatted key. Could be any
+ * of the known DER encoded private key formats
+ *
+ * We try the different DER format parsers to see if one passes without
+ * error
+ */
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
pwd, pwdlen ) ) == 0 )
diff --git a/library/platform.c b/library/platform.c
index 2591c45..8b336c3 100644
--- a/library/platform.c
+++ b/library/platform.c
@@ -237,7 +237,7 @@
}
fclose( file );
- return( n );
+ return( (int)n );
}
int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len )
@@ -255,7 +255,7 @@
}
fclose( file );
- return( n );
+ return( (int)n );
}
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 84a04ae..121c135 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3428,7 +3428,7 @@
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
{
- /* Dont check write errors as we can't do anything here.
+ /* Don't check write errors as we can't do anything here.
* If the error is permanent we'll catch it later,
* if it's not, then hopefully it'll work next time. */
(void) ssl->f_send( ssl->p_bio, ssl->out_buf, len );
@@ -6006,8 +6006,9 @@
const char **p;
/*
- * "Empty strings MUST NOT be included and byte strings MUST NOT be
- * truncated". Check lengths now rather than later.
+ * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings
+ * MUST NOT be truncated."
+ * We check lengths now rather than later.
*/
tot_len = 0;
for( p = protos; *p != NULL; p++ )
@@ -7585,7 +7586,7 @@
* and, for DTLS, to/from TLS equivalent.
*
* For TLS this is the identity.
- * For DTLS, use one complement (v -> 255 - v, and then map as follows:
+ * For DTLS, use 1's complement (v -> 255 - v, and then map as follows:
* 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1)
* 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2)
*/
diff --git a/library/x509.c b/library/x509.c
index fad390d..4df542e 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -661,7 +661,7 @@
/*
* X.509 Extensions (No parsing of extensions, pointer should
- * be either manually updated or extensions should be parsed!
+ * be either manually updated or extensions should be parsed!)
*/
int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *ext, int tag )
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 60e14f9..80af725 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1122,7 +1122,7 @@
p = filename + len;
filename[len++] = '*';
- w_ret = MultiByteToWideChar( CP_ACP, 0, filename, len, szDir,
+ w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir,
MAX_PATH - 3 );
if( w_ret == 0 )
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
diff --git a/scripts/config.pl b/scripts/config.pl
index 8921a87..2757f17 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -70,7 +70,7 @@
used:
$config_file
-o | --force - If the symbol isn't present in the configuration
- file when setting it's value, a #define is
+ file when setting its value, a #define is
appended to the end of the file.
EOU
diff --git a/scripts/data_files/rename-1.3-2.0.txt b/scripts/data_files/rename-1.3-2.0.txt
index 397f6be..cb3381a 100644
--- a/scripts/data_files/rename-1.3-2.0.txt
+++ b/scripts/data_files/rename-1.3-2.0.txt
@@ -1996,7 +1996,6 @@
ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
ssl_set_authmode mbedtls_ssl_conf_authmode
ssl_set_bio mbedtls_ssl_set_bio
-ssl_set_bio_timeout mbedtls_ssl_set_bio_timeout
ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites
diff --git a/scripts/output_env.sh b/scripts/output_env.sh
index 441fe18..1afaac3 100755
--- a/scripts/output_env.sh
+++ b/scripts/output_env.sh
@@ -1,5 +1,5 @@
-#!/bin/sh
-#
+#! /usr/bin/env sh
+
# output_env.sh
#
# This file is part of mbed TLS (https://tls.mbed.org)
@@ -17,144 +17,92 @@
# - version of libc, clang, asan and valgrind if installed
# - version of gnuTLS and OpenSSL
-echo
-echo "* Operating system and architecture:"
-uname -a
+print_version()
+{
+ BIN="$1"
+ shift
+ ARGS="$1"
+ shift
+ FAIL_MSG="$1"
+ shift
-echo
-if `hash armcc > /dev/null 2>&1`; then
- echo "* armcc:"
- armcc --vsn | head -n 2
-else
- echo "* armcc not found!"
-fi
-
-echo
-if `hash arm-none-eabi-gcc > /dev/null 2>&1`; then
- echo "* gcc-arm:"
- arm-none-eabi-gcc --version | head -n 1
-else
- echo "* gcc-arm not found!"
-fi
-
-echo
-if `hash gcc > /dev/null 2>&1`; then
- echo "* gcc:"
- gcc --version | head -n 1
-else
- echo "* gcc not found!"
-fi
-
-echo
-if `hash clang > /dev/null 2>&1`; then
- echo "* clang:"
- clang --version | head -n 2
- clang -v 2>&1 | grep Selected
-else
- echo "* clang not found!"
-fi
-
-echo
-if `hash ldd > /dev/null 2>&1`; then
- echo "* libc:"
- ldd --version | head -n 1
-else
- echo "* No ldd present: can't determine libc version!"
-fi
-
-echo
-if `hash valgrind > /dev/null 2>&1`; then
- echo "* valgrind:"
- valgrind --version
-else
- echo "* valgrind not found!"
-fi
-
-echo
-if `hash openssl > /dev/null 2>&1`; then
- echo "* openssl:"
- openssl version
-else
- echo "* openssl not found!"
-fi
-
-if [ -n "${OPENSSL+set}" ]; then
- echo
- if `hash "$OPENSSL" > /dev/null 2>&1`; then
- echo "* $OPENSSL at environment variable 'OPENSSL':"
- $OPENSSL version
- else
- echo "* $OPENSSL at environment variable 'OPENSSL' not found!"
+ if ! `type "$BIN" > /dev/null 2>&1`; then
+ echo "* $FAIL_MSG"
+ return 0
fi
-fi
+
+ BIN=`which "$BIN"`
+ VERSION_STR=`$BIN $ARGS 2>&1`
+
+ # Apply all filters
+ while [ $# -gt 0 ]; do
+ FILTER="$1"
+ shift
+ VERSION_STR=`echo "$VERSION_STR" | $FILTER`
+ done
+
+ echo "* ${BIN##*/}: $BIN: $VERSION_STR"
+}
+
+print_version "uname" "-a" ""
+echo
+
+: ${ARMC5_CC:=armcc}
+print_version "$ARMC5_CC" "--vsn" "armcc not found!" "head -n 2"
+echo
+
+: ${ARMC6_CC:=armclang}
+print_version "$ARMC6_CC" "--vsn" "armclang not found!" "head -n 2"
+echo
+
+print_version "arm-none-eabi-gcc" "--version" "gcc-arm not found!" "head -n 1"
+echo
+
+print_version "gcc" "--version" "gcc not found!" "head -n 1"
+echo
+
+print_version "clang" "--version" "clang not found" "head -n 2"
+echo
+
+print_version "ldd" "--version" \
+ "No ldd present: can't determine libc version!" \
+ "head -n 1"
+echo
+
+print_version "valgrind" "--version" "valgrind not found!"
+echo
+
+: ${OPENSSL:=openssl}
+print_version "$OPENSSL" "version" "openssl not found!"
+echo
if [ -n "${OPENSSL_LEGACY+set}" ]; then
+ print_version "$OPENSSL_LEGACY" "version" "openssl legacy version not found!"
echo
- if `hash "$OPENSSL_LEGACY" > /dev/null 2>&1`; then
- echo "* $OPENSSL_LEGACY at environment variable 'OPENSSL_LEGACY':"
- $OPENSSL_LEGACY version
- else
- echo "* $OPENSSL_LEGACY at environment variable 'OPENSSL_LEGACY' not found!"
- fi
fi
+: ${GNUTLS_CLI:=gnutls-cli}
+print_version "$GNUTLS_CLI" "--version" "gnuTLS client not found!" "head -n 1"
echo
-if `hash gnutls-cli > /dev/null 2>&1`; then
- echo "* gnuTLS client:"
- gnutls-cli --version | head -n 1
-else
- echo "* gnuTLS client not found!"
-fi
+: ${GNUTLS_SERV:=gnutls-serv}
+print_version "$GNUTLS_SERV" "--version" "gnuTLS server not found!" "head -n 1"
echo
-if `hash gnutls-serv > /dev/null 2>&1`; then
- echo "* gnuTLS server:"
- gnutls-serv --version | head -n 1
-else
- echo "* gnuTLS server not found!"
-fi
-
-if [ -n "${GNUTLS_CLI+set}" ]; then
- echo
- if `hash "$GNUTLS_CLI" > /dev/null 2>&1`; then
- echo "* $GNUTLS_CLI at environment variable 'GNUTLS_CLI':"
- $GNUTLS_CLI --version | head -n 1
- else
- echo "* $GNUTLS_CLI at environment variable 'GNUTLS_CLI' not found!"
- fi
-fi
-
-if [ -n "${GNUTLS_SERV+set}" ]; then
- echo
- if `hash "$GNUTLS_SERV" > /dev/null 2>&1`; then
- echo "* $GNUTLS_SERV at environment variable 'GNUTLS_SERV':"
- $GNUTLS_SERV --version | head -n 1
- else
- echo "* $GNUTLS_SERV at environment variable 'GNUTLS_SERV' not found!"
- fi
-fi
if [ -n "${GNUTLS_LEGACY_CLI+set}" ]; then
+ print_version "$GNUTLS_LEGACY_CLI" "--version" \
+ "gnuTLS client legacy version not found!" \
+ "head -n 1"
echo
- if `hash "$GNUTLS_LEGACY_CLI" > /dev/null 2>&1`; then
- echo "* $GNUTLS_LEGACY_CLI at environment variable 'GNUTLS_LEGACY_CLI':"
- $GNUTLS_LEGACY_CLI --version | head -n 1
- else
- echo "* $GNUTLS_LEGACY_CLI at environment variable 'GNUTLS_LEGACY_CLI' not found!"
- fi
fi
if [ -n "${GNUTLS_LEGACY_SERV+set}" ]; then
+ print_version "$GNUTLS_LEGACY_SERV" "--version" \
+ "gnuTLS server legacy version not found!" \
+ "head -n 1"
echo
- if `hash "$GNUTLS_LEGACY_SERV" > /dev/null 2>&1`; then
- echo "* $GNUTLS_LEGACY_SERV at environment variable 'GNUTLS_LEGACY_SERV':"
- $GNUTLS_LEGACY_SERV --version | head -n 1
- else
- echo "* $GNUTLS_LEGACY_SERV at environment variable 'GNUTLS_LEGACY_SERV' not found!"
- fi
fi
-echo
if `hash dpkg > /dev/null 2>&1`; then
echo "* asan:"
dpkg -s libasan2 2> /dev/null | grep -i version
@@ -163,6 +111,4 @@
else
echo "* No dpkg present: can't determine asan version!"
fi
-
echo
-
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 21583c4..dc27979 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -39,7 +39,9 @@
endif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)
if(MSVC)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /w") # no warnings here
+ # If a warning level has been defined, suppress all warnings for test code
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W0")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-")
endif(MSVC)
add_test_suite(aes aes.ecb)
@@ -113,7 +115,7 @@
if (CMAKE_HOST_UNIX)
set(command ln -s ${target} ${link})
else()
- set(command cmd.exe /c mklink /d ${link} ${target})
+ set(command cmd.exe /c mklink /j ${link} ${target})
endif()
execute_process(COMMAND ${command}
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 6b33960..ea96901 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#! /usr/bin/env sh
# all.sh
#
@@ -22,8 +22,11 @@
# Abort on errors (and uninitialised variables)
set -eu
-if [ -d library -a -d include -a -d tests ]; then :; else
- err_msg "Must be run from mbed TLS root"
+if [ "$( uname )" != "Linux" ]; then
+ echo "This script only works in Linux" >&2
+ exit 1
+elif [ -d library -a -d include -a -d tests ]; then :; else
+ echo "Must be run from mbed TLS root" >&2
exit 1
fi
@@ -42,6 +45,13 @@
: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
+: ${ARMC5_BIN_DIR:=/usr/bin}
+: ${ARMC6_BIN_DIR:=/usr/bin}
+
+# if MAKEFLAGS is not set add the -j option to speed up invocations of make
+if [ -n "${MAKEFLAGS+set}" ]; then
+ export MAKEFLAGS="-j"
+fi
usage()
{
@@ -58,6 +68,8 @@
printf " --gnutls-serv=<GnuTLS_serv_path>\t\tPath to GnuTLS server executable to use for most tests.\n"
printf " --gnutls-legacy-cli=<GnuTLS_cli_path>\t\tPath to GnuTLS client executable to use for legacy tests.\n"
printf " --gnutls-legacy-serv=<GnuTLS_serv_path>\t\tPath to GnuTLS server executable to use for legacy tests.\n"
+ printf " --armc5-bin-dir=<ARMC5_bin_dir_path>\t\tPath to the ARM Compiler 5 bin directory.\n"
+ printf " --armc6-bin-dir=<ARMC6_bin_dir_path>\t\tPath to the ARM Compiler 6 bin directory.\n"
}
# remove built files as well as the cmake cache/config
@@ -86,6 +98,16 @@
echo "******************************************************************"
}
+armc6_build_test()
+{
+ FLAGS="$1"
+
+ msg "build: ARM Compiler 6 ($FLAGS), make"
+ ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
+ WARNING_CFLAGS='-xc -std=c99' make lib
+ make clean
+}
+
err_msg()
{
echo "$1" >&2
@@ -144,6 +166,14 @@
shift
GNUTLS_LEGACY_SERV="$1"
;;
+ --armc5-bin-dir)
+ shift
+ ARMC5_BIN_DIR="$1"
+ ;;
+ --armc6-bin-dir)
+ shift
+ ARMC6_BIN_DIR="$1"
+ ;;
--help|-h|*)
usage
exit 1
@@ -196,6 +226,13 @@
echo "GNUTLS_SERV: $GNUTLS_SERV"
echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI"
echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV"
+echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
+echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
+
+ARMC5_CC="$ARMC5_BIN_DIR/armcc"
+ARMC5_AR="$ARMC5_BIN_DIR/armar"
+ARMC6_CC="$ARMC6_BIN_DIR/armclang"
+ARMC6_AR="$ARMC6_BIN_DIR/armar"
# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh
# we just export the variables they require
@@ -209,7 +246,8 @@
# Make sure the tools we need are available.
check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \
"$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \
- "arm-none-eabi-gcc" "armcc"
+ "arm-none-eabi-gcc" "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" \
+ "i686-w64-mingw32-gcc"
#
# Test Suites to be executed
@@ -225,7 +263,8 @@
msg "info: output_env.sh"
OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \
GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \
- GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" scripts/output_env.sh
+ GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" ARMC5_CC="$ARMC5_CC" \
+ ARMC6_CC="$ARMC6_CC" scripts/output_env.sh
msg "test: recursion.pl" # < 1s
tests/scripts/recursion.pl library/*.c
@@ -244,6 +283,8 @@
cleanup
tests/scripts/doxygen.sh
+# Note - use of yotta is deprecated, and yotta also requires armcc to be on the
+# path, and uses whatever version of armcc it finds there.
msg "build: create and build yotta module" # ~ 30s
cleanup
tests/scripts/yotta-build.sh
@@ -285,16 +326,16 @@
msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
tests/ssl-opt.sh
-msg "build: cmake, full config, clang" # ~ 50s
+msg "build: cmake, full config, clang, C99" # ~ 50s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
-CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check .
-make
+CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On .
+CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic' make
msg "test: main suites (full config)" # ~ 5s
-make test
+CFLAGS='-Werror -Wall -Wextra' make test
msg "test: ssl-opt.sh default (full config)" # ~ 1s
tests/ssl-opt.sh -f Default
@@ -314,15 +355,17 @@
msg "build: Unix make, -Os (gcc)" # ~ 30s
cleanup
-CC=gcc CFLAGS='-Werror -Os' make
+CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' make
-# this is meant to cath missing #define mbedtls_printf etc
-# disable fsio to catch some more missing #include <stdio.h>
-msg "build: full config except platform/fsio, make, gcc" # ~ 30s
+# Full configuration build, without platform support, file IO and net sockets.
+# This should catch missing mbedtls_printf definitions, and by disabling file
+# IO, it should catch missing '#include <stdio.h>'
+msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_PLATFORM_C
+scripts/config.pl unset MBEDTLS_NET_C
scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY
scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
@@ -332,7 +375,10 @@
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_FS_IO
-CC=gcc CFLAGS='-Werror -O0' make
+# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
+# to re-enable platform integration features otherwise disabled in C99 builds
+CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' make lib programs
+CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make test
# catch compile bugs in _uninit functions
msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s
@@ -341,29 +387,31 @@
scripts/config.pl full
scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
-CC=gcc CFLAGS='-Werror -O0' make
+CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make
msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_SSL_SRV_C
-CC=gcc CFLAGS='-Werror -O0' make
+CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make
msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_SSL_CLI_C
-CC=gcc CFLAGS='-Werror -O0' make
+CC=gcc CFLAGS='-Werror -Wall -Werror -O0' make
+# Note, C99 compliance can also be tested with the sockets support disabled,
+# as that requires a POSIX platform (which isn't the same as C99).
msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
-CC=gcc CFLAGS='-Werror -O0 -std=c99 -pedantic' make lib
+CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' make lib
msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
cleanup
@@ -389,7 +437,7 @@
if uname -a | grep -F x86_64 >/dev/null; then
msg "build: i386, make, gcc" # ~ 30s
cleanup
-CC=gcc CFLAGS='-Werror -m32' make
+CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make
fi # x86_64
msg "build: arm-none-eabi-gcc, make" # ~ 10s
@@ -407,9 +455,9 @@
scripts/config.pl unset MBEDTLS_THREADING_C
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
-CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS=-Werror make lib
+CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib
-msg "build: armcc, make"
+msg "build: ARM Compiler 5, make"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
@@ -428,16 +476,28 @@
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME
-CC=armcc AR=armar WARNING_CFLAGS= make lib
-if which i686-w64-mingw32-gcc >/dev/null; then
-msg "build: cross-mingw64, make" # ~ 30s
+CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' make lib
+make clean
+
+armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a"
+armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m"
+armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a"
+armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main"
+armc6_build_test "--target=aarch64-arm-none-eabi"
+
+msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
cleanup
-CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS=-Werror WINDOWS_BUILD=1 make
+CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 make lib programs
+
+# note Make tests only builds the tests, but doesn't run them
+CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 make tests
WINDOWS_BUILD=1 make clean
-CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS=-Werror WINDOWS_BUILD=1 SHARED=1 make
+
+msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
+CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make lib programs
+CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make tests
WINDOWS_BUILD=1 make clean
-fi
# MemSan currently only available on Linux 64 bits
if uname -a | grep 'Linux.*x86_64' >/dev/null; then
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
index 85eb7e6..bd13f52 100755
--- a/tests/scripts/curves.pl
+++ b/tests/scripts/curves.pl
@@ -49,7 +49,8 @@
system( "scripts/config.pl unset $curve" )
and abort "Failed to disable $curve\n";
- system( "make lib" ) and abort "Failed to build lib: $curve\n";
+ system( "CFLAGS='-Werror -Wall -Wextra' make lib" )
+ and abort "Failed to build lib: $curve\n";
system( "cd tests && make" ) and abort "Failed to build tests: $curve\n";
system( "make test" ) and abort "Failed test suite: $curve\n";
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index 8f4738c..a9a89f1 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -1,9 +1,15 @@
#!/usr/bin/perl
-# test standard configurations:
-# - build
-# - run test suite
-# - run compat.sh
+# test-ref-configs.pl
+#
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
+# Copyright (c) 2013-2016, ARM Limited, All Rights Reserved
+#
+# Purpose
+#
+# For each reference configuration file in the configs directory, build the
+# configuration, run the test suites and compat.sh
#
# Usage: tests/scripts/test-ref-configs.pl [config-name [...]]
@@ -63,7 +69,7 @@
system( "cp configs/$conf $config_h" )
and abort "Failed to activate $conf\n";
- system( "make CFLAGS='-Os -Werror'" ) and abort "Failed to build: $conf\n";
+ system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf\n";
system( "make test" ) and abort "Failed test suite: $conf\n";
my $compat = $data->{'compat'};
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index afff5a4..a7bb41d 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -261,7 +261,9 @@
char buf[5000];
char *params[50];
void *pointer;
+#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
int stdout_fd = -1;
+#endif /* __unix__ || __APPLE__ __MACH__ */
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
!defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 52f09ed..22e608f 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"2.4.0"
+check_compiletime_version:"2.4.1"
Check runtime library version
-check_runtime_version:"2.4.0"
+check_runtime_version:"2.4.1"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0