diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index a5acf5b8b..472c28aa8 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -85,7 +85,8 @@ int main( void ) int main( int argc, char *argv[] ) { - int ret = 1, i, n; + int ret = 1, i; + unsigned n; int exit_code = MBEDTLS_EXIT_FAILURE; int mode; size_t keylen, ilen, olen; diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index bf425079e..998c7ac89 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -64,7 +64,8 @@ int main( void ) int main( int argc, char *argv[] ) { FILE *f; - int ret = 1, c; + int ret = 1; + unsigned c; int exit_code = MBEDTLS_EXIT_FAILURE; size_t i, olen = 0; mbedtls_pk_context pk; diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index ff71bd055..c725f7ca1 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -65,7 +65,7 @@ int main( int argc, char *argv[] ) FILE *f; int ret = 1; int exit_code = MBEDTLS_EXIT_FAILURE; - int c; + unsigned c; size_t i; mbedtls_rsa_context rsa; mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index 94f0ef9ce..74030e45e 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -59,7 +59,8 @@ int main( void ) int main( int argc, char *argv[] ) { FILE *f; - int ret = 1, c; + int ret = 1; + unsigned c; int exit_code = MBEDTLS_EXIT_FAILURE; size_t i; mbedtls_rsa_context rsa; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 13d0d1780..53b23a750 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -259,7 +259,9 @@ int main( void ) #define USAGE_ECRESTART "" #endif -#define USAGE \ +/* USAGE is arbitrarily split to stay under the portable string literal + * length limit: 4095 bytes in C99. */ +#define USAGE1 \ "\n usage: ssl_client2 param=<>...\n" \ "\n acceptable parameters:\n" \ " server_name=%%s default: localhost\n" \ @@ -282,7 +284,8 @@ int main( void ) " skip_close_notify=%%d default: 0 (send close_notify)\n" \ "\n" \ USAGE_DTLS \ - "\n" \ + "\n" +#define USAGE2 \ " auth_mode=%%s default: (library default: none)\n" \ " options: none, optional, required\n" \ USAGE_IO \ @@ -290,7 +293,8 @@ int main( void ) USAGE_PSK \ USAGE_ECJPAKE \ USAGE_ECRESTART \ - "\n" \ + "\n" +#define USAGE3 \ " allow_legacy=%%d default: (library default: no)\n" \ USAGE_RENEGO \ " exchanges=%%d default: 1\n" \ @@ -307,7 +311,8 @@ int main( void ) USAGE_CURVES \ USAGE_RECSPLIT \ USAGE_DHMLEN \ - "\n" \ + "\n" +#define USAGE4 \ " arc4=%%d default: (library default: 0)\n" \ " allow_sha1=%%d default: 0\n" \ " min_version=%%s default: (library default: tls1)\n" \ @@ -594,7 +599,10 @@ int main( int argc, char *argv[] ) if( ret == 0 ) ret = 1; - mbedtls_printf( USAGE ); + mbedtls_printf( USAGE1 ); + mbedtls_printf( USAGE2 ); + mbedtls_printf( USAGE3 ); + mbedtls_printf( USAGE4 ); list = mbedtls_ssl_list_ciphersuites(); while( *list ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b429b2491..7aa977ef8 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -366,7 +366,9 @@ int main( void ) #define USAGE_CURVES "" #endif -#define USAGE \ +/* USAGE is arbitrarily split to stay under the portable string literal + * length limit: 4095 bytes in C99. */ +#define USAGE1 \ "\n usage: ssl_server2 param=<>...\n" \ "\n acceptable parameters:\n" \ " server_addr=%%s default: (all interfaces)\n" \ @@ -387,7 +389,8 @@ int main( void ) USAGE_COOKIES \ USAGE_ANTI_REPLAY \ USAGE_BADMAC_LIMIT \ - "\n" \ + "\n" +#define USAGE2 \ " auth_mode=%%s default: (library default: none)\n" \ " options: none, optional, required\n" \ " cert_req_ca_list=%%d default: 1 (send ca list)\n" \ @@ -398,7 +401,8 @@ int main( void ) "\n" \ USAGE_PSK \ USAGE_ECJPAKE \ - "\n" \ + "\n" +#define USAGE3 \ " allow_legacy=%%d default: (library default: no)\n" \ USAGE_RENEGO \ " exchanges=%%d default: 1\n" \ @@ -411,7 +415,8 @@ int main( void ) USAGE_EMS \ USAGE_ETM \ USAGE_CURVES \ - "\n" \ + "\n" +#define USAGE4 \ " arc4=%%d default: (library default: 0)\n" \ " allow_sha1=%%d default: 0\n" \ " min_version=%%s default: (library default: tls1)\n" \ @@ -1323,7 +1328,10 @@ int main( int argc, char *argv[] ) if( ret == 0 ) ret = 1; - mbedtls_printf( USAGE ); + mbedtls_printf( USAGE1 ); + mbedtls_printf( USAGE2 ); + mbedtls_printf( USAGE3 ); + mbedtls_printf( USAGE4 ); list = mbedtls_ssl_list_ciphersuites(); while( *list ) diff --git a/scripts/config.pl b/scripts/config.pl index c2be0ba56..ba563d6eb 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -19,30 +19,17 @@ # # The following options are disabled instead of enabled with "full". # -# MBEDTLS_TEST_NULL_ENTROPY -# MBEDTLS_DEPRECATED_REMOVED -# MBEDTLS_HAVE_SSE2 -# MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -# MBEDTLS_ECP_DP_M221_ENABLED -# MBEDTLS_ECP_DP_M383_ENABLED -# MBEDTLS_ECP_DP_M511_ENABLED -# MBEDTLS_MEMORY_BACKTRACE -# MBEDTLS_MEMORY_BUFFER_ALLOC_C -# MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES -# MBEDTLS_NO_PLATFORM_ENTROPY -# MBEDTLS_REMOVE_ARC4_CIPHERSUITES -# MBEDTLS_REMOVE_3DES_CIPHERSUITES -# MBEDTLS_SSL_HW_RECORD_ACCEL -# MBEDTLS_RSA_NO_CRT -# MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 -# MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION -# - this could be enabled if the respective tests were adapted -# MBEDTLS_ZLIB_SUPPORT -# MBEDTLS_PKCS11_C -# MBEDTLS_NO_UDBL_DIVISION -# MBEDTLS_NO_64BIT_MULTIPLICATION -# and any symbol beginning _ALT +# * Options that require additional build dependencies or unusual hardware. +# * Options that make testing less effective. +# * Options that are incompatible with other options, or more generally that +# interact with other parts of the code in such a way that a bulk enabling +# is not a good way to test them. +# * Options that remove features. # +# The baremetal configuration excludes options that require a library or +# operating system feature that is typically not present on bare metal +# systems. Features that are excluded from "full" won't be in "baremetal" +# either. use warnings; use strict; @@ -83,53 +70,54 @@ Options EOU my @excluded = qw( -MBEDTLS_TEST_NULL_ENTROPY -MBEDTLS_DEPRECATED_REMOVED -MBEDTLS_HAVE_SSE2 -MBEDTLS_PLATFORM_NO_STD_FUNCTIONS MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -MBEDTLS_ECP_DP_M221_ENABLED -MBEDTLS_ECP_DP_M383_ENABLED -MBEDTLS_ECP_DP_M511_ENABLED -MBEDTLS_MEMORY_DEBUG +MBEDTLS_DEPRECATED_REMOVED +MBEDTLS_DEPRECATED_WARNING +MBEDTLS_HAVE_SSE2 MBEDTLS_MEMORY_BACKTRACE MBEDTLS_MEMORY_BUFFER_ALLOC_C +MBEDTLS_MEMORY_DEBUG +MBEDTLS_NO_64BIT_MULTIPLICATION MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES MBEDTLS_NO_PLATFORM_ENTROPY -MBEDTLS_RSA_NO_CRT -MBEDTLS_REMOVE_ARC4_CIPHERSUITES +MBEDTLS_NO_UDBL_DIVISION +MBEDTLS_PKCS11_C +MBEDTLS_PLATFORM_NO_STD_FUNCTIONS MBEDTLS_REMOVE_3DES_CIPHERSUITES +MBEDTLS_REMOVE_ARC4_CIPHERSUITES +MBEDTLS_RSA_NO_CRT MBEDTLS_SSL_HW_RECORD_ACCEL -MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 +MBEDTLS_TEST_NULL_ENTROPY MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_ZLIB_SUPPORT -MBEDTLS_PKCS11_C -MBEDTLS_NO_UDBL_DIVISION -MBEDTLS_NO_64BIT_MULTIPLICATION _ALT\s*$ ); # Things that should be disabled in "baremetal" my @excluded_baremetal = qw( -MBEDTLS_NET_C -MBEDTLS_TIMING_C -MBEDTLS_FS_IO MBEDTLS_ENTROPY_NV_SEED +MBEDTLS_FS_IO +MBEDTLS_HAVEGE_C MBEDTLS_HAVE_TIME MBEDTLS_HAVE_TIME_DATE -MBEDTLS_DEPRECATED_WARNING -MBEDTLS_HAVEGE_C -MBEDTLS_THREADING_C -MBEDTLS_THREADING_PTHREAD MBEDTLS_MEMORY_BACKTRACE MBEDTLS_MEMORY_BUFFER_ALLOC_C -MBEDTLS_PLATFORM_TIME_ALT +MBEDTLS_NET_C MBEDTLS_PLATFORM_FPRINTF_ALT +MBEDTLS_PLATFORM_NV_SEED_ALT +MBEDTLS_PLATFORM_TIME_ALT +MBEDTLS_THREADING_C +MBEDTLS_THREADING_PTHREAD +MBEDTLS_TIMING_C ); -# Things that should be enabled in "full" even if they match @excluded +# Things that should be enabled in "full" even if they match @excluded. +# Platform ALTs enable global variables that allow configuring the behavior +# but default to the default behavior, except for PLATFORM_SETUP_TEARDOWN_ALT +# which requires the application to provide relevant functions like +# non-platform ALTs. my @non_excluded = qw( -PLATFORM_[A-Z0-9]+_ALT +PLATFORM_(?!SETUP_TEARDOWN_)[A-Z_0-9]+_ALT ); # Things that should be enabled in "baremetal" diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4e4951552..444e713f5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -818,24 +818,32 @@ component_test_full_cmake_clang () { if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' } -component_build_deprecated () { - msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s - scripts/config.pl full - scripts/config.pl set MBEDTLS_DEPRECATED_WARNING - # Build with -O -Wextra to catch a maximum of issues. - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests - - msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s - # No cleanup, just tweak the configuration and rebuild - make clean - scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING +component_test_default_no_deprecated () { + # Test that removing the deprecated features from the default + # configuration leaves something consistent. + msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED - # Build with -O -Wextra to catch a maximum of issues. - make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs - make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' + + msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s + make test } +component_test_full_deprecated_warning () { + # Test that there is nothing deprecated in the full configuration. + # A deprecated feature would trigger a warning (made fatal) from + # MBEDTLS_DEPRECATED_WARNING. + msg "build: make, full + MBEDTLS_DEPRECATED_WARNING" # ~ 30s + scripts/config.pl full + scripts/config.pl unset MBEDTLS_DEPRECATED_REMOVED + scripts/config.pl set MBEDTLS_DEPRECATED_WARNING + # There are currently no tests for any deprecated feature. + # If some are added, 'make test' would trigger warnings here. + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' + + msg "test: make, full + MBEDTLS_DEPRECATED_WARNING" # ~ 5s + make test +} component_test_depends_curves () { msg "test/build: curves.pl (gcc)" # ~ 4 min @@ -886,6 +894,7 @@ component_test_check_params_without_platform () { scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY + scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED @@ -915,6 +924,7 @@ component_test_no_platform () { scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_FS_IO # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, @@ -929,6 +939,7 @@ component_build_no_std_function () { scripts/config.pl full scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' } @@ -1013,6 +1024,7 @@ component_test_null_entropy () { scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES scripts/config.pl set MBEDTLS_ENTROPY_C scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT scripts/config.pl unset MBEDTLS_HAVEGE_C CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON . @@ -1095,7 +1107,7 @@ test_build_opt () { info=$1 cc=$2; shift 2 for opt in "$@"; do msg "build/test: $cc $opt, $info" # ~ 30s - make CC="$cc" CFLAGS="$opt -Wall -Wextra -Werror" + make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" # We're confident enough in compilers to not run _all_ the tests, # but at least run the unit tests. In particular, runs with # optimizations use inline assembly whereas runs with -O0 diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index bfc5279fe..8944fd912 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -19,6 +19,12 @@ * This file is part of Mbed TLS (https://tls.mbed.org) */ +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) +#if !defined(_POSIX_C_SOURCE) +#define _POSIX_C_SOURCE 1 // for fileno() from +#endif +#endif + #if !defined(MBEDTLS_CONFIG_FILE) #include #else diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index cf197323b..889d3bca7 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -1,6 +1,7 @@ /* BEGIN_HEADER */ #include "mbedtls/entropy.h" #include "mbedtls/entropy_poll.h" +#include "mbedtls/md.h" #include "string.h" /*