Merge pull request #3286 from gilles-peskine-arm/config-full-clarify-2.16

Backport 2.16: Clarify that the full config enables everything that can be tested together
This commit is contained in:
danh-arm 2020-05-04 10:29:41 +01:00 committed by GitHub
commit 21f2ba54f7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 103 additions and 77 deletions

View file

@ -85,7 +85,8 @@ int main( void )
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
int ret = 1, i, n; int ret = 1, i;
unsigned n;
int exit_code = MBEDTLS_EXIT_FAILURE; int exit_code = MBEDTLS_EXIT_FAILURE;
int mode; int mode;
size_t keylen, ilen, olen; size_t keylen, ilen, olen;

View file

@ -64,7 +64,8 @@ int main( void )
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
FILE *f; FILE *f;
int ret = 1, c; int ret = 1;
unsigned c;
int exit_code = MBEDTLS_EXIT_FAILURE; int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i, olen = 0; size_t i, olen = 0;
mbedtls_pk_context pk; mbedtls_pk_context pk;

View file

@ -65,7 +65,7 @@ int main( int argc, char *argv[] )
FILE *f; FILE *f;
int ret = 1; int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE; int exit_code = MBEDTLS_EXIT_FAILURE;
int c; unsigned c;
size_t i; size_t i;
mbedtls_rsa_context rsa; mbedtls_rsa_context rsa;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;

View file

@ -59,7 +59,8 @@ int main( void )
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
FILE *f; FILE *f;
int ret = 1, c; int ret = 1;
unsigned c;
int exit_code = MBEDTLS_EXIT_FAILURE; int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i; size_t i;
mbedtls_rsa_context rsa; mbedtls_rsa_context rsa;

View file

@ -259,7 +259,9 @@ int main( void )
#define USAGE_ECRESTART "" #define USAGE_ECRESTART ""
#endif #endif
#define USAGE \ /* USAGE is arbitrarily split to stay under the portable string literal
* length limit: 4095 bytes in C99. */
#define USAGE1 \
"\n usage: ssl_client2 param=<>...\n" \ "\n usage: ssl_client2 param=<>...\n" \
"\n acceptable parameters:\n" \ "\n acceptable parameters:\n" \
" server_name=%%s default: localhost\n" \ " server_name=%%s default: localhost\n" \
@ -282,7 +284,8 @@ int main( void )
" skip_close_notify=%%d default: 0 (send close_notify)\n" \ " skip_close_notify=%%d default: 0 (send close_notify)\n" \
"\n" \ "\n" \
USAGE_DTLS \ USAGE_DTLS \
"\n" \ "\n"
#define USAGE2 \
" auth_mode=%%s default: (library default: none)\n" \ " auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \ " options: none, optional, required\n" \
USAGE_IO \ USAGE_IO \
@ -290,7 +293,8 @@ int main( void )
USAGE_PSK \ USAGE_PSK \
USAGE_ECJPAKE \ USAGE_ECJPAKE \
USAGE_ECRESTART \ USAGE_ECRESTART \
"\n" \ "\n"
#define USAGE3 \
" allow_legacy=%%d default: (library default: no)\n" \ " allow_legacy=%%d default: (library default: no)\n" \
USAGE_RENEGO \ USAGE_RENEGO \
" exchanges=%%d default: 1\n" \ " exchanges=%%d default: 1\n" \
@ -307,7 +311,8 @@ int main( void )
USAGE_CURVES \ USAGE_CURVES \
USAGE_RECSPLIT \ USAGE_RECSPLIT \
USAGE_DHMLEN \ USAGE_DHMLEN \
"\n" \ "\n"
#define USAGE4 \
" arc4=%%d default: (library default: 0)\n" \ " arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \ " allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \ " min_version=%%s default: (library default: tls1)\n" \
@ -594,7 +599,10 @@ int main( int argc, char *argv[] )
if( ret == 0 ) if( ret == 0 )
ret = 1; ret = 1;
mbedtls_printf( USAGE ); mbedtls_printf( USAGE1 );
mbedtls_printf( USAGE2 );
mbedtls_printf( USAGE3 );
mbedtls_printf( USAGE4 );
list = mbedtls_ssl_list_ciphersuites(); list = mbedtls_ssl_list_ciphersuites();
while( *list ) while( *list )

View file

@ -366,7 +366,9 @@ int main( void )
#define USAGE_CURVES "" #define USAGE_CURVES ""
#endif #endif
#define USAGE \ /* USAGE is arbitrarily split to stay under the portable string literal
* length limit: 4095 bytes in C99. */
#define USAGE1 \
"\n usage: ssl_server2 param=<>...\n" \ "\n usage: ssl_server2 param=<>...\n" \
"\n acceptable parameters:\n" \ "\n acceptable parameters:\n" \
" server_addr=%%s default: (all interfaces)\n" \ " server_addr=%%s default: (all interfaces)\n" \
@ -387,7 +389,8 @@ int main( void )
USAGE_COOKIES \ USAGE_COOKIES \
USAGE_ANTI_REPLAY \ USAGE_ANTI_REPLAY \
USAGE_BADMAC_LIMIT \ USAGE_BADMAC_LIMIT \
"\n" \ "\n"
#define USAGE2 \
" auth_mode=%%s default: (library default: none)\n" \ " auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \ " options: none, optional, required\n" \
" cert_req_ca_list=%%d default: 1 (send ca list)\n" \ " cert_req_ca_list=%%d default: 1 (send ca list)\n" \
@ -398,7 +401,8 @@ int main( void )
"\n" \ "\n" \
USAGE_PSK \ USAGE_PSK \
USAGE_ECJPAKE \ USAGE_ECJPAKE \
"\n" \ "\n"
#define USAGE3 \
" allow_legacy=%%d default: (library default: no)\n" \ " allow_legacy=%%d default: (library default: no)\n" \
USAGE_RENEGO \ USAGE_RENEGO \
" exchanges=%%d default: 1\n" \ " exchanges=%%d default: 1\n" \
@ -411,7 +415,8 @@ int main( void )
USAGE_EMS \ USAGE_EMS \
USAGE_ETM \ USAGE_ETM \
USAGE_CURVES \ USAGE_CURVES \
"\n" \ "\n"
#define USAGE4 \
" arc4=%%d default: (library default: 0)\n" \ " arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \ " allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \ " min_version=%%s default: (library default: tls1)\n" \
@ -1323,7 +1328,10 @@ int main( int argc, char *argv[] )
if( ret == 0 ) if( ret == 0 )
ret = 1; ret = 1;
mbedtls_printf( USAGE ); mbedtls_printf( USAGE1 );
mbedtls_printf( USAGE2 );
mbedtls_printf( USAGE3 );
mbedtls_printf( USAGE4 );
list = mbedtls_ssl_list_ciphersuites(); list = mbedtls_ssl_list_ciphersuites();
while( *list ) while( *list )

View file

@ -19,30 +19,17 @@
# #
# The following options are disabled instead of enabled with "full". # The following options are disabled instead of enabled with "full".
# #
# MBEDTLS_TEST_NULL_ENTROPY # * Options that require additional build dependencies or unusual hardware.
# MBEDTLS_DEPRECATED_REMOVED # * Options that make testing less effective.
# MBEDTLS_HAVE_SSE2 # * Options that are incompatible with other options, or more generally that
# MBEDTLS_PLATFORM_NO_STD_FUNCTIONS # interact with other parts of the code in such a way that a bulk enabling
# MBEDTLS_ECP_DP_M221_ENABLED # is not a good way to test them.
# MBEDTLS_ECP_DP_M383_ENABLED # * Options that remove features.
# MBEDTLS_ECP_DP_M511_ENABLED
# MBEDTLS_MEMORY_BACKTRACE
# MBEDTLS_MEMORY_BUFFER_ALLOC_C
# MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
# MBEDTLS_NO_PLATFORM_ENTROPY
# MBEDTLS_REMOVE_ARC4_CIPHERSUITES
# MBEDTLS_REMOVE_3DES_CIPHERSUITES
# MBEDTLS_SSL_HW_RECORD_ACCEL
# MBEDTLS_RSA_NO_CRT
# MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
# MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
# - this could be enabled if the respective tests were adapted
# MBEDTLS_ZLIB_SUPPORT
# MBEDTLS_PKCS11_C
# MBEDTLS_NO_UDBL_DIVISION
# MBEDTLS_NO_64BIT_MULTIPLICATION
# and any symbol beginning _ALT
# #
# The baremetal configuration excludes options that require a library or
# operating system feature that is typically not present on bare metal
# systems. Features that are excluded from "full" won't be in "baremetal"
# either.
use warnings; use warnings;
use strict; use strict;
@ -83,53 +70,54 @@ Options
EOU EOU
my @excluded = qw( my @excluded = qw(
MBEDTLS_TEST_NULL_ENTROPY
MBEDTLS_DEPRECATED_REMOVED
MBEDTLS_HAVE_SSE2
MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
MBEDTLS_CTR_DRBG_USE_128_BIT_KEY MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
MBEDTLS_ECP_DP_M221_ENABLED MBEDTLS_DEPRECATED_REMOVED
MBEDTLS_ECP_DP_M383_ENABLED MBEDTLS_DEPRECATED_WARNING
MBEDTLS_ECP_DP_M511_ENABLED MBEDTLS_HAVE_SSE2
MBEDTLS_MEMORY_DEBUG
MBEDTLS_MEMORY_BACKTRACE MBEDTLS_MEMORY_BACKTRACE
MBEDTLS_MEMORY_BUFFER_ALLOC_C MBEDTLS_MEMORY_BUFFER_ALLOC_C
MBEDTLS_MEMORY_DEBUG
MBEDTLS_NO_64BIT_MULTIPLICATION
MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
MBEDTLS_NO_PLATFORM_ENTROPY MBEDTLS_NO_PLATFORM_ENTROPY
MBEDTLS_RSA_NO_CRT MBEDTLS_NO_UDBL_DIVISION
MBEDTLS_REMOVE_ARC4_CIPHERSUITES MBEDTLS_PKCS11_C
MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
MBEDTLS_REMOVE_3DES_CIPHERSUITES MBEDTLS_REMOVE_3DES_CIPHERSUITES
MBEDTLS_REMOVE_ARC4_CIPHERSUITES
MBEDTLS_RSA_NO_CRT
MBEDTLS_SSL_HW_RECORD_ACCEL MBEDTLS_SSL_HW_RECORD_ACCEL
MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 MBEDTLS_TEST_NULL_ENTROPY
MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
MBEDTLS_ZLIB_SUPPORT MBEDTLS_ZLIB_SUPPORT
MBEDTLS_PKCS11_C
MBEDTLS_NO_UDBL_DIVISION
MBEDTLS_NO_64BIT_MULTIPLICATION
_ALT\s*$ _ALT\s*$
); );
# Things that should be disabled in "baremetal" # Things that should be disabled in "baremetal"
my @excluded_baremetal = qw( my @excluded_baremetal = qw(
MBEDTLS_NET_C
MBEDTLS_TIMING_C
MBEDTLS_FS_IO
MBEDTLS_ENTROPY_NV_SEED MBEDTLS_ENTROPY_NV_SEED
MBEDTLS_FS_IO
MBEDTLS_HAVEGE_C
MBEDTLS_HAVE_TIME MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME_DATE MBEDTLS_HAVE_TIME_DATE
MBEDTLS_DEPRECATED_WARNING
MBEDTLS_HAVEGE_C
MBEDTLS_THREADING_C
MBEDTLS_THREADING_PTHREAD
MBEDTLS_MEMORY_BACKTRACE MBEDTLS_MEMORY_BACKTRACE
MBEDTLS_MEMORY_BUFFER_ALLOC_C MBEDTLS_MEMORY_BUFFER_ALLOC_C
MBEDTLS_PLATFORM_TIME_ALT MBEDTLS_NET_C
MBEDTLS_PLATFORM_FPRINTF_ALT MBEDTLS_PLATFORM_FPRINTF_ALT
MBEDTLS_PLATFORM_NV_SEED_ALT
MBEDTLS_PLATFORM_TIME_ALT
MBEDTLS_THREADING_C
MBEDTLS_THREADING_PTHREAD
MBEDTLS_TIMING_C
); );
# Things that should be enabled in "full" even if they match @excluded # Things that should be enabled in "full" even if they match @excluded.
# Platform ALTs enable global variables that allow configuring the behavior
# but default to the default behavior, except for PLATFORM_SETUP_TEARDOWN_ALT
# which requires the application to provide relevant functions like
# non-platform ALTs.
my @non_excluded = qw( my @non_excluded = qw(
PLATFORM_[A-Z0-9]+_ALT PLATFORM_(?!SETUP_TEARDOWN_)[A-Z_0-9]+_ALT
); );
# Things that should be enabled in "baremetal" # Things that should be enabled in "baremetal"

View file

@ -818,24 +818,32 @@ component_test_full_cmake_clang () {
if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
} }
component_build_deprecated () { component_test_default_no_deprecated () {
msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s # Test that removing the deprecated features from the default
scripts/config.pl full # configuration leaves something consistent.
scripts/config.pl set MBEDTLS_DEPRECATED_WARNING msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s
# Build with -O -Wextra to catch a maximum of issues.
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s
# No cleanup, just tweak the configuration and rebuild
make clean
scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING
scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED
# Build with -O -Wextra to catch a maximum of issues. make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs
make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s
make test
} }
component_test_full_deprecated_warning () {
# Test that there is nothing deprecated in the full configuration.
# A deprecated feature would trigger a warning (made fatal) from
# MBEDTLS_DEPRECATED_WARNING.
msg "build: make, full + MBEDTLS_DEPRECATED_WARNING" # ~ 30s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_DEPRECATED_REMOVED
scripts/config.pl set MBEDTLS_DEPRECATED_WARNING
# There are currently no tests for any deprecated feature.
# If some are added, 'make test' would trigger warnings here.
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
msg "test: make, full + MBEDTLS_DEPRECATED_WARNING" # ~ 5s
make test
}
component_test_depends_curves () { component_test_depends_curves () {
msg "test/build: curves.pl (gcc)" # ~ 4 min msg "test/build: curves.pl (gcc)" # ~ 4 min
@ -886,6 +894,7 @@ component_test_check_params_without_platform () {
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY
scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
@ -915,6 +924,7 @@ component_test_no_platform () {
scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_FS_IO scripts/config.pl unset MBEDTLS_FS_IO
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
@ -929,6 +939,7 @@ component_build_no_std_function () {
scripts/config.pl full scripts/config.pl full
scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
} }
@ -1013,6 +1024,7 @@ component_test_null_entropy () {
scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
scripts/config.pl set MBEDTLS_ENTROPY_C scripts/config.pl set MBEDTLS_ENTROPY_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT
scripts/config.pl unset MBEDTLS_HAVEGE_C scripts/config.pl unset MBEDTLS_HAVEGE_C
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON . CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON .
@ -1095,7 +1107,7 @@ test_build_opt () {
info=$1 cc=$2; shift 2 info=$1 cc=$2; shift 2
for opt in "$@"; do for opt in "$@"; do
msg "build/test: $cc $opt, $info" # ~ 30s msg "build/test: $cc $opt, $info" # ~ 30s
make CC="$cc" CFLAGS="$opt -Wall -Wextra -Werror" make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror"
# We're confident enough in compilers to not run _all_ the tests, # We're confident enough in compilers to not run _all_ the tests,
# but at least run the unit tests. In particular, runs with # but at least run the unit tests. In particular, runs with
# optimizations use inline assembly whereas runs with -O0 # optimizations use inline assembly whereas runs with -O0

View file

@ -19,6 +19,12 @@
* This file is part of Mbed TLS (https://tls.mbed.org) * This file is part of Mbed TLS (https://tls.mbed.org)
*/ */
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
#if !defined(_POSIX_C_SOURCE)
#define _POSIX_C_SOURCE 1 // for fileno() from <stdio.h>
#endif
#endif
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include <mbedtls/config.h> #include <mbedtls/config.h>
#else #else

View file

@ -1,6 +1,7 @@
/* BEGIN_HEADER */ /* BEGIN_HEADER */
#include "mbedtls/entropy.h" #include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h" #include "mbedtls/entropy_poll.h"
#include "mbedtls/md.h"
#include "string.h" #include "string.h"
/* /*