Merge remote-tracking branch 'public/pr/2867' into baremetal
diff --git a/Makefile b/Makefile
index 1ae6bd9..1e285a6 100644
--- a/Makefile
+++ b/Makefile
@@ -2,6 +2,22 @@
DESTDIR=/usr/local
PREFIX=mbedtls_
+PROGRAMS_DIR=./programs
+TESTS_DIR=./tests
+
+# Check test environment. If ../library is available then Mbed TLS is used.
+# Otherwise Mbed OS environment is used.
+DIR_FOR_MBED_TLS_ENV=./library
+ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" ""
+ LIBRARY_DIR=./library
+ INCLUDE_DIR=./include
+ CONFIG_FILE=./include/mbedtls/config.h
+else
+ LIBRARY_DIR=./src
+ INCLUDE_DIR=./inc
+ CONFIG_FILE=./inc/mbedtls/test_config.h
+endif
+
.SILENT:
.PHONY: all no_test programs lib tests install uninstall clean test check covtest lcov apidoc apidoc_clean
@@ -12,26 +28,26 @@
no_test: programs
programs: lib
- $(MAKE) -C programs
+ $(MAKE) -C $(PROGRAMS_DIR)
lib:
- $(MAKE) -C library
+ $(MAKE) -C $(LIBRARY_DIR)
tests: lib
- $(MAKE) -C tests
+ $(MAKE) -C $(TESTS_DIR)
ifndef WINDOWS
install: no_test
- mkdir -p $(DESTDIR)/include/mbedtls
- cp -rp include/mbedtls $(DESTDIR)/include
+ mkdir -p $(DESTDIR)/$(INCLUDE_DIR)/mbedtls
+ cp -rp $(INCLUDE_DIR)/mbedtls $(DESTDIR)/$(INCLUDE_DIR)
mkdir -p $(DESTDIR)/lib
- cp -RP library/libmbedtls.* $(DESTDIR)/lib
- cp -RP library/libmbedx509.* $(DESTDIR)/lib
- cp -RP library/libmbedcrypto.* $(DESTDIR)/lib
+ cp -RP $(LIBRARY_DIR)/libmbedtls.* $(DESTDIR)/lib
+ cp -RP $(LIBRARY_DIR)/libmbedx509.* $(DESTDIR)/lib
+ cp -RP $(LIBRARY_DIR)/libmbedcrypto.* $(DESTDIR)/lib
mkdir -p $(DESTDIR)/bin
- for p in programs/*/* ; do \
+ for p in $(PROGRAMS_DIR)/*/* ; do \
if [ -x $$p ] && [ ! -d $$p ] ; \
then \
f=$(PREFIX)`basename $$p` ; \
@@ -40,12 +56,12 @@
done
uninstall:
- rm -rf $(DESTDIR)/include/mbedtls
+ rm -rf $(DESTDIR)/$(INCLUDE_DIR)/mbedtls
rm -f $(DESTDIR)/lib/libmbedtls.*
rm -f $(DESTDIR)/lib/libmbedx509.*
rm -f $(DESTDIR)/lib/libmbedcrypto.*
- for p in programs/*/* ; do \
+ for p in $(PROGRAMS_DIR)/*/* ; do \
if [ -x $$p ] && [ ! -d $$p ] ; \
then \
f=$(PREFIX)`basename $$p` ; \
@@ -73,24 +89,24 @@
ifndef WINDOWS
# If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
- -scripts/config.pl get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \
+ -scripts/config.pl -f $(CONFIG_FILE) get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \
echo '$(CTR_DRBG_128_BIT_KEY_WARNING)'
# If NULL Entropy is configured, display an appropriate warning
- -scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \
+ -scripts/config.pl -f $(CONFIG_FILE) get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \
echo '$(NULL_ENTROPY_WARNING)'
endif
clean:
- $(MAKE) -C library clean
- $(MAKE) -C programs clean
- $(MAKE) -C tests clean
+ $(MAKE) -C $(LIBRARY_DIR) clean
+ $(MAKE) -C $(PROGRAMS_DIR) clean
+ $(MAKE) -C $(TESTS_DIR) clean
ifndef WINDOWS
find . \( -name \*.gcno -o -name \*.gcda -o -name \*.info \) -exec rm {} +
endif
check: lib tests
- $(MAKE) -C tests check
+ $(MAKE) -C $(TESTS_DIR) check
test: check
@@ -99,14 +115,14 @@
# make CFLAGS='--coverage -g3 -O0'
covtest:
$(MAKE) check
- programs/test/selftest
- tests/compat.sh
- tests/ssl-opt.sh
+ $(PROGRAMS_DIR)/test/selftest
+ $(TESTS_DIR)/compat.sh
+ $(TESTS_DIR)/ssl-opt.sh
lcov:
rm -rf Coverage
- lcov --capture --initial --directory library -o files.info
- lcov --capture --directory library -o tests.info
+ lcov --capture --initial --directory $(LIBRARY_DIR) -o files.info
+ lcov --capture --directory $(LIBRARY_DIR) -o tests.info
lcov --add-tracefile files.info --add-tracefile tests.info -o all.info
lcov --remove all.info -o final.info '*.h'
gendesc tests/Descriptions.txt -o descriptions
@@ -122,7 +138,7 @@
endif
## Editor navigation files
-C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function)
+C_SOURCE_FILES = $(wildcard $(INCLUDE_DIR)/*/*.h $(LIBRARY_DIR)/*.[hc] $(PROGRAMS_DIR)/*/*.[hc] $(TESTS_DIR)/suites/*.function)
tags: $(C_SOURCE_FILES)
ctags -o $@ $(C_SOURCE_FILES)
TAGS: $(C_SOURCE_FILES)
diff --git a/library/Makefile b/library/Makefile
index fc67329..4154c6a 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -5,7 +5,20 @@
WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement
LDFLAGS ?=
-LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
+# Check test environment. If ../library is available then Mbed TLS is used.
+# Otherwise Mbed OS environment is used.
+DIR_FOR_MBED_TLS_ENV=../library
+ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" ""
+ # Set include dirs for Mbed TLS test environment
+ INCLUDE_DIRS=-I../include
+else
+ # Set include dirs for Mbed OS test environment
+ INCLUDE_DIRS=-I../inc
+ CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"mbedtls/test_config.h\""
+endif
+
+LOCAL_CFLAGS = $(WARNING_CFLAGS) $(INCLUDE_DIRS) -D_FILE_OFFSET_BITS=64
+
LOCAL_LDFLAGS =
ifdef DEBUG
diff --git a/programs/Makefile b/programs/Makefile
index 9b01e45..ea75c1b 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -7,17 +7,30 @@
WARNING_CXXFLAGS ?= -Wall -W
LDFLAGS ?=
-LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
-LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -D_FILE_OFFSET_BITS=64
-LOCAL_LDFLAGS = -L../library \
+# Check test environment. If ../library is available then Mbed TLS is used.
+# Otherwise Mbed OS environment is used.
+DIR_FOR_MBED_TLS_ENV=../library
+ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" ""
+ LIBRARY_DIR=../library
+ INCLUDE_DIR=-I../include
+else
+ LIBRARY_DIR=../src
+ INCLUDE_DIR=-I../inc
+ CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"mbedtls/test_config.h\""
+endif
+
+LOCAL_CFLAGS = $(WARNING_CFLAGS) $(INCLUDE_DIR) -D_FILE_OFFSET_BITS=64
+
+LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) $(INCLUDE_DIR) -D_FILE_OFFSET_BITS=64
+LOCAL_LDFLAGS = -L$(LIBRARY_DIR) \
-lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX)
ifndef SHARED
-DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
+DEP=$(LIBRARY_DIR)/libmbedcrypto.a $(LIBRARY_DIR)/libmbedx509.a $(LIBRARY_DIR)/libmbedtls.a
else
-DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT)
+DEP=$(LIBRARY_DIR)/libmbedcrypto.$(DLEXT) $(LIBRARY_DIR)/libmbedx509.$(DLEXT) $(LIBRARY_DIR)/libmbedtls.$(DLEXT)
endif
ifdef DEBUG
diff --git a/tests/Makefile b/tests/Makefile
index 20a3fe4..dee011f 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -6,8 +6,21 @@
WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wunused
LDFLAGS ?=
-LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
-LOCAL_LDFLAGS = -L../library \
+# Check test environment. If ../library is available then Mbed TLS is used.
+# Otherwise Mbed OS environment is used.
+DIR_FOR_MBED_TLS_ENV=../library
+ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" ""
+ LIBRARY_DIR=../library
+ INCLUDE_DIR=-I../include
+else
+ LIBRARY_DIR=../src
+ INCLUDE_DIR=-I../inc
+ CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"mbedtls/test_config.h\""
+endif
+
+LOCAL_CFLAGS = $(WARNING_CFLAGS) $(INCLUDE_DIR) -D_FILE_OFFSET_BITS=64
+
+LOCAL_LDFLAGS = -L$(LIBRARY_DIR) \
-lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX)
@@ -18,9 +31,9 @@
LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L
ifndef SHARED
-DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
+DEP=$(LIBRARY_DIR)/libmbedcrypto.a $(LIBRARY_DIR)/libmbedx509.a $(LIBRARY_DIR)/libmbedtls.a
else
-DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT)
+DEP=$(LIBRARY_DIR)/libmbedcrypto.$(DLEXT) $(LIBRARY_DIR)/libmbedx509.$(DLEXT) $(LIBRARY_DIR)/libmbedtls.$(DLEXT)
endif
ifdef DEBUG
@@ -77,7 +90,7 @@
all: $(BINARIES)
$(DEP):
- $(MAKE) -C ../library
+ $(MAKE) -C $(LIBRARY_DIR) $(INCLUDE_DIR)
C_FILES := $(addsuffix .c,$(APPS))
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 49d2d1f..ecb9a6f 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -71,8 +71,6 @@
FAILS=0
SKIPS=0
-CONFIG_H='../include/mbedtls/config.h'
-
MEMCHECK=0
FILTER='.*'
EXCLUDE='^$'
@@ -154,20 +152,6 @@
SKIP_NEXT="YES"
}
-# skip next test if the flag is not enabled in config.h
-requires_config_enabled() {
- if grep "^#define $1" $CONFIG_H > /dev/null; then :; else
- SKIP_NEXT="YES"
- fi
-}
-
-# skip next test if the flag is enabled in config.h
-requires_config_disabled() {
- if grep "^#define $1" $CONFIG_H > /dev/null; then
- SKIP_NEXT="YES"
- fi
-}
-
requires_ciphersuite_enabled() {
if [ -z "$($P_CLI --help | grep "$1")" ]; then
SKIP_NEXT="YES"
@@ -185,6 +169,19 @@
${P_SRV} "query_config=${1}"
}
+# skip next test if the flag is enabled in config.h
+requires_config_disabled() {
+ if get_config_value_or_default $1; then
+ SKIP_NEXT="YES"
+ fi
+}
+
+requires_config_enabled() {
+ if ! get_config_value_or_default $1; then
+ SKIP_NEXT="YES"
+ fi
+}
+
requires_config_value_at_least() {
VAL="$( get_config_value_or_default "$1" )"
if [ -z "$VAL" ]; then
@@ -207,6 +204,17 @@
fi
}
+requires_config_value_exactly() {
+ VAL=$( get_config_value_or_default "$1" )
+ if [ -z "$VAL" ]; then
+ # Should never happen
+ echo "Mbed TLS configuration $1 is not defined"
+ exit 1
+ elif [ "$VAL" -ne "$2" ]; then
+ SKIP_NEXT="YES"
+ fi
+}
+
# skip next test if OpenSSL doesn't support FALLBACK_SCSV
requires_openssl_with_fallback_scsv() {
if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
@@ -300,9 +308,20 @@
}
# Calculate the input & output maximum content lengths set in the config
-MAX_CONTENT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384")
-MAX_IN_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
-MAX_OUT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_OUT_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
+MAX_CONTENT_LEN="$( get_config_value_or_default MBEDTLS_SSL_MAX_CONTENT_LEN )"
+if [ -z "$MAX_CONTENT_LEN" ]; then
+ MAX_CONTENT_LEN=16384
+fi
+
+MAX_IN_LEN="$( get_config_value_or_default MBEDTLS_SSL_IN_CONTENT_LEN )"
+if [ -z "$MAX_IN_LEN" ]; then
+ MAX_IN_LEN=$MAX_CONTENT_LEN
+fi
+
+MAX_OUT_LEN="$( get_config_value_or_default MBEDTLS_SSL_OUT_CONTENT_LEN )"
+if [ -z "$MAX_OUT_LEN" ]; then
+ MAX_OUT_LEN=$MAX_CONTENT_LEN
+fi
if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
MAX_CONTENT_LEN="$MAX_IN_LEN"
@@ -2989,11 +3008,6 @@
# Tests for Max Fragment Length extension
-if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then
- printf "${CONFIG_H} defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n"
- exit 1
-fi
-
if [ $MAX_CONTENT_LEN -ne 16384 ]; then
printf "Using non-default maximum content length $MAX_CONTENT_LEN\n"
fi
@@ -3026,6 +3040,7 @@
-s "1 bytes read"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096
run_test "Max fragment length, DTLS: enabled, default, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
@@ -3043,6 +3058,7 @@
# content length configuration.)
requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 16384
run_test "Max fragment length: disabled, larger message" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
@@ -3054,6 +3070,7 @@
-s "1 bytes read"
requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 16384
run_test "Max fragment length DTLS: disabled, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
@@ -3063,6 +3080,7 @@
-c "fragment larger than.*maximum "
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096
run_test "Max fragment length: used by client" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=4096" \
@@ -3075,6 +3093,7 @@
-c "found max_fragment_length extension"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096
run_test "Max fragment length: used by server" \
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3" \
@@ -3087,6 +3106,7 @@
-C "found max_fragment_length extension"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096
requires_gnutls
run_test "Max fragment length: gnutls server" \
"$G_SRV" \
@@ -3097,6 +3117,7 @@
-c "found max_fragment_length extension"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 2048
run_test "Max fragment length: client, message just fits" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
@@ -3111,6 +3132,7 @@
-s "2048 bytes read"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 2048
run_test "Max fragment length: client, larger message" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
@@ -3126,6 +3148,7 @@
-s "297 bytes read"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 2048
run_test "Max fragment length: DTLS client, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
@@ -3951,21 +3974,10 @@
# default value (8)
MAX_IM_CA='8'
-MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA)
-
-if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then
- printf "The ${CONFIG_H} file contains a value for the configuration of\n"
- printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script’s\n"
- printf "test value of ${MAX_IM_CA}. \n"
- printf "\n"
- printf "The tests assume this value and if it changes, the tests in this\n"
- printf "script should also be adjusted.\n"
- printf "\n"
-
- exit 1
-fi
+MAX_IM_CA_CONFIG="$( get_config_value_or_default MBEDTLS_X509_MAX_INTERMEDIATE_CA )"
requires_full_size_output_buffer
+requires_config_value_exactly "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8
run_test "Authentication: server max_int chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \
@@ -3974,6 +3986,7 @@
-C "X509 - A fatal error occurred"
requires_full_size_output_buffer
+requires_config_value_exactly "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8
run_test "Authentication: server max_int+1 chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -3982,6 +3995,7 @@
-c "X509 - A fatal error occurred"
requires_full_size_output_buffer
+requires_config_value_exactly "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8
run_test "Authentication: server max_int+1 chain, client optional" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -3991,6 +4005,7 @@
-c "X509 - A fatal error occurred"
requires_full_size_output_buffer
+requires_config_value_exactly "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8
run_test "Authentication: server max_int+1 chain, client none" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \