yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-05-08 20:22:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'public/pr/2146' into development-proposed

Browse source
This commit is contained in:
Simon Butcher 2018-11-21 16:27:47 +00:00
parent 556d7d9e3b bc554f66ef
commit 55517ae95f
17 changed files with 269 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.gitmodules vendored Normal file
View file

@ -0,0 +1,4 @@
[submodule "crypto"]
path = crypto
url = git@github.com:ARMmbed/mbedtls-psa.git
branch = feature-psa

7
CMakeLists.txt
View file

@ -9,6 +9,7 @@ option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library.
option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF) option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF)
option(ENABLE_PROGRAMS "Build mbed TLS programs." ON) option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
option(USE_CRYPTO_SUBMODULE "Build and use libmbedcrypto from the crypto submodule." OFF)
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF) option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
@ -167,8 +168,6 @@ else()
set(LIB_INSTALL_DIR lib) set(LIB_INSTALL_DIR lib)
endif() endif()
include_directories(include/)
if(ENABLE_ZLIB_SUPPORT) if(ENABLE_ZLIB_SUPPORT)
find_package(ZLIB) find_package(ZLIB)
@ -179,6 +178,10 @@ endif(ENABLE_ZLIB_SUPPORT)
add_subdirectory(library) add_subdirectory(library)
add_subdirectory(include) add_subdirectory(include)
if(USE_CRYPTO_SUBMODULE)
add_subdirectory(crypto/library)
add_subdirectory(crypto/include)
endif()
if(ENABLE_PROGRAMS) if(ENABLE_PROGRAMS)
add_subdirectory(programs) add_subdirectory(programs)

9
ChangeLog
View file

@ -1,5 +1,14 @@
mbed TLS ChangeLog (Sorted per branch, date) mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS x.xx.x branch released xxxx-xx-xx
Features
* Add an experimental build option, USE_CRYPTO_SUBMODULE, to enable use of
Mbed Crypto as the source of the cryptography implementation.
* Add an experimental configuration option, MBEDTLS_PSA_CRYPTO_C, to enable
the PSA Crypto API from Mbed Crypto when additionally used with the
USE_CRYPTO_SUBMODULE build option.
= mbed TLS 2.14.0 branch released 2018-11-19 = mbed TLS 2.14.0 branch released 2018-11-19
Security Security

12
Makefile
View file

@ -28,7 +28,13 @@ install: no_test
mkdir -p $(DESTDIR)/lib mkdir -p $(DESTDIR)/lib
cp -RP library/libmbedtls.* $(DESTDIR)/lib cp -RP library/libmbedtls.* $(DESTDIR)/lib
cp -RP library/libmbedx509.* $(DESTDIR)/lib cp -RP library/libmbedx509.* $(DESTDIR)/lib
ifdef USE_CRYPTO_SUBMODULE
mkdir -p $(DESTDIR)/include/psa
cp -rp crypto/include/psa $(DESTDIR)/include
cp -RP crypto/library/libmbedcrypto.* $(DESTDIR)/lib
else
cp -RP library/libmbedcrypto.* $(DESTDIR)/lib cp -RP library/libmbedcrypto.* $(DESTDIR)/lib
endif
mkdir -p $(DESTDIR)/bin mkdir -p $(DESTDIR)/bin
for p in programs/*/* ; do \ for p in programs/*/* ; do \
@ -44,6 +50,9 @@ uninstall:
rm -f $(DESTDIR)/lib/libmbedtls.* rm -f $(DESTDIR)/lib/libmbedtls.*
rm -f $(DESTDIR)/lib/libmbedx509.* rm -f $(DESTDIR)/lib/libmbedx509.*
rm -f $(DESTDIR)/lib/libmbedcrypto.* rm -f $(DESTDIR)/lib/libmbedcrypto.*
ifdef USE_CRYPTO_SUBMODULE
$(MAKE) -C crypto uninstall
endif
for p in programs/*/* ; do \ for p in programs/*/* ; do \
if [ -x $$p ] && [ ! -d $$p ] ; \ if [ -x $$p ] && [ ! -d $$p ] ; \
@ -85,6 +94,9 @@ clean:
$(MAKE) -C library clean $(MAKE) -C library clean
$(MAKE) -C programs clean $(MAKE) -C programs clean
$(MAKE) -C tests clean $(MAKE) -C tests clean
ifdef USE_CRYPTO_SUBMODULE
$(MAKE) -C crypto clean
endif
ifndef WINDOWS ifndef WINDOWS
find . \( -name \*.gcno -o -name \*.gcda -o -name \*.info \) -exec rm {} + find . \( -name \*.gcno -o -name \*.gcda -o -name \*.info \) -exec rm {} +
endif endif

37
README.md
View file

@ -158,6 +158,43 @@ Configurations
We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt` We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`
Using Mbed Crypto as a submodule
--------------------------------
As an experimental feature, you can use Mbed Crypto as the source of the cryptography implementation, with Mbed TLS providing the X.509 and TLS parts of the library. Mbed Crypto is currently provided for evaluation only and should not be used in production. At this point, you should only use this option if you want to try out the experimental PSA Crypto API.
To enable the use of Mbed Crypto as a submodule:
1. Check out the `crypto` submodule and update it.
git submodule init crypto
git submodule update crypto
2. (Optional) TO enable the PSA Crypto API, set the build configuration option `MBEDTLS_PSA_CRYPTO_C`. You can either edit `include/mbedtls/config.h` directly or use the configuration script:
scripts/config.pl set MBEDTLS_PSA_CRYPTO_C
3. Activate the build option `USE_CRYPTO_SUBMODULE`. With GNU make, set `USE_CRYPTO_SUBMODULE=1` on each make invocation:
make USE_CRYPTO_SUBMODULE=1
make USE_CRYPTO_SUBMODULE=1 test
tests/ssl-opt.sh -f Default
Note that you need to pass `USE_CRYPTO_SUBMODULE=1` even to `make clean`. For example, if you change `config.h`, run this before rebuilding:
make USE_CRYPTO_SUBMODULE=1 clean
With CMake, create a build directory (recommended) and pass `-DUSE_CRYPTO_SUBMODULE=1` to `cmake`:
mkdir build
cd build
cmake -DUSE_CRYPTO_SUBMODULE=1 ..
make
make test
tests/ssl-opt.sh -f Default
Note that this does not enable the PSA-specific tests and utility programs. To use these programs, use Mbed Crypto as a standalone project.
Porting Mbed TLS Porting Mbed TLS
---------------- ----------------

1
crypto Submodule

@ -0,0 +1 @@
Subproject commit dbb83ac5f7b96077b21fc9fe72b2687986acf963

6
include/mbedtls/check_config.h
View file

@ -496,6 +496,12 @@
#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously" #error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
#endif #endif
#if defined(MBEDTLS_PSA_CRYPTO_C) && \
!( defined(MBEDTLS_CTR_DRBG_C) && \
defined(MBEDTLS_ENTROPY_C) )
#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_OID_C) ) !defined(MBEDTLS_OID_C) )
#error "MBEDTLS_RSA_C defined, but not all prerequisites" #error "MBEDTLS_RSA_C defined, but not all prerequisites"

19
include/mbedtls/config.h
View file

@ -2590,6 +2590,25 @@
*/ */
#define MBEDTLS_POLY1305_C #define MBEDTLS_POLY1305_C
/**
* \def MBEDTLS_PSA_CRYPTO_C
*
* Enable the Platform Security Architecture cryptography API.
*
* \note This option only has an effect when the build option
* USE_CRYPTO_SUBMODULE is also in use.
*
* \warning This feature is experimental and available on an opt-in basis only.
* PSA APIs are subject to change at any time. The implementation comes with
* less assurance and support than the rest of Mbed TLS.
*
* Module: crypto/library/psa_crypto.c
*
* Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
*
*/
//#define MBEDTLS_PSA_CRYPTO_C
/** /**
* \def MBEDTLS_RIPEMD160_C * \def MBEDTLS_RIPEMD160_C
* *

38
library/CMakeLists.txt
View file

@ -140,42 +140,80 @@ elseif(USE_STATIC_MBEDTLS_LIBRARY)
endif() endif()
if(USE_STATIC_MBEDTLS_LIBRARY) if(USE_STATIC_MBEDTLS_LIBRARY)
if(NOT USE_CRYPTO_SUBMODULE)
add_library(${mbedcrypto_static_target} STATIC ${src_crypto}) add_library(${mbedcrypto_static_target} STATIC ${src_crypto})
set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto) set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
target_link_libraries(${mbedcrypto_static_target} ${libs}) target_link_libraries(${mbedcrypto_static_target} ${libs})
target_include_directories(${mbedcrypto_static_target} PUBLIC ${CMAKE_SOURCE_DIR}/include/)
endif()
add_library(${mbedx509_static_target} STATIC ${src_x509}) add_library(${mbedx509_static_target} STATIC ${src_x509})
set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509) set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509)
target_link_libraries(${mbedx509_static_target} ${libs} ${mbedcrypto_static_target}) target_link_libraries(${mbedx509_static_target} ${libs} ${mbedcrypto_static_target})
target_include_directories(${mbedx509_static_target}
PUBLIC ${CMAKE_SOURCE_DIR}/include/
PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/)
add_library(${mbedtls_static_target} STATIC ${src_tls}) add_library(${mbedtls_static_target} STATIC ${src_tls})
set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls) set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls)
target_link_libraries(${mbedtls_static_target} ${libs} ${mbedx509_static_target}) target_link_libraries(${mbedtls_static_target} ${libs} ${mbedx509_static_target})
target_include_directories(${mbedtls_static_target}
PUBLIC ${CMAKE_SOURCE_DIR}/include/
PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/
)
if(USE_CRYPTO_SUBMODULE)
install(TARGETS ${mbedtls_static_target} ${mbedx509_static_target}
DESTINATION ${LIB_INSTALL_DIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
else()
install(TARGETS ${mbedtls_static_target} ${mbedx509_static_target} ${mbedcrypto_static_target} install(TARGETS ${mbedtls_static_target} ${mbedx509_static_target} ${mbedcrypto_static_target}
DESTINATION ${LIB_INSTALL_DIR} DESTINATION ${LIB_INSTALL_DIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
endif()
endif(USE_STATIC_MBEDTLS_LIBRARY) endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY)
if(NOT USE_CRYPTO_SUBMODULE)
add_library(mbedcrypto SHARED ${src_crypto}) add_library(mbedcrypto SHARED ${src_crypto})
set_target_properties(mbedcrypto PROPERTIES VERSION 2.14.0 SOVERSION 3) set_target_properties(mbedcrypto PROPERTIES VERSION 2.14.0 SOVERSION 3)
target_link_libraries(mbedcrypto ${libs}) target_link_libraries(mbedcrypto ${libs})
target_include_directories(mbedcrypto PUBLIC ${CMAKE_SOURCE_DIR}/include/)
endif()
add_library(mbedx509 SHARED ${src_x509}) add_library(mbedx509 SHARED ${src_x509})
set_target_properties(mbedx509 PROPERTIES VERSION 2.14.0 SOVERSION 0) set_target_properties(mbedx509 PROPERTIES VERSION 2.14.0 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto) target_link_libraries(mbedx509 ${libs} mbedcrypto)
target_include_directories(mbedx509
PUBLIC ${CMAKE_SOURCE_DIR}/include/
PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/)
add_library(mbedtls SHARED ${src_tls}) add_library(mbedtls SHARED ${src_tls})
set_target_properties(mbedtls PROPERTIES VERSION 2.14.0 SOVERSION 12) set_target_properties(mbedtls PROPERTIES VERSION 2.14.0 SOVERSION 12)
target_link_libraries(mbedtls ${libs} mbedx509) target_link_libraries(mbedtls ${libs} mbedx509)
target_include_directories(mbedtls
PUBLIC ${CMAKE_SOURCE_DIR}/include/
PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/)
if(USE_CRYPTO_SUBMODULE)
install(TARGETS mbedtls mbedx509
DESTINATION ${LIB_INSTALL_DIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
else()
install(TARGETS mbedtls mbedx509 mbedcrypto install(TARGETS mbedtls mbedx509 mbedcrypto
DESTINATION ${LIB_INSTALL_DIR} DESTINATION ${LIB_INSTALL_DIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
endif()
endif(USE_SHARED_MBEDTLS_LIBRARY) endif(USE_SHARED_MBEDTLS_LIBRARY)
if(USE_CRYPTO_SUBMODULE)
add_custom_target(lib DEPENDS mbedx509 mbedtls)
if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
add_dependencies(lib mbedx509_static mbedtls_static)
endif()
else()
add_custom_target(lib DEPENDS mbedcrypto mbedx509 mbedtls) add_custom_target(lib DEPENDS mbedcrypto mbedx509 mbedtls)
if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
add_dependencies(lib mbedcrypto_static mbedx509_static mbedtls_static) add_dependencies(lib mbedcrypto_static mbedx509_static mbedtls_static)
endif() endif()
endif()

16
library/Makefile
View file

@ -63,6 +63,13 @@ DLEXT = dylib
endif endif
endif endif
ifdef USE_CRYPTO_SUBMODULE
# Look in crypto for libmbedcrypto.
LOCAL_LDFLAGS += -L../crypto/library
LOCAL_CFLAGS += -I../crypto/include
CRYPTO := ../crypto/library/
else
OBJS_CRYPTO= aes.o aesni.o arc4.o \ OBJS_CRYPTO= aes.o aesni.o arc4.o \
aria.o asn1parse.o asn1write.o \ aria.o asn1parse.o asn1write.o \
base64.o bignum.o blowfish.o \ base64.o bignum.o blowfish.o \
@ -85,6 +92,8 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \
sha1.o sha256.o sha512.o \ sha1.o sha256.o sha512.o \
threading.o timing.o version.o \ threading.o timing.o version.o \
version_features.o xtea.o version_features.o xtea.o
CRYPTO :=
endif
OBJS_X509= certs.o pkcs11.o x509.o \ OBJS_X509= certs.o pkcs11.o x509.o \
x509_create.o x509_crl.o x509_crt.o \ x509_create.o x509_crl.o x509_crt.o \
@ -148,7 +157,7 @@ ifneq ($(APPLE_BUILD),0)
endif endif
endif endif
libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so libmbedx509.$(SOEXT_X509): $(OBJS_X509) $(CRYPTO)libmbedcrypto.so
echo " LD $@" echo " LD $@"
$(CC) -shared -Wl,-soname,$@ -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509) $(CC) -shared -Wl,-soname,$@ -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509)
@ -165,6 +174,10 @@ libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll
$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_X509) -lws2_32 -lwinmm -lgdi32 -L. -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS) $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_X509) -lws2_32 -lwinmm -lgdi32 -L. -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
# crypto # crypto
ifdef USE_CRYPTO_SUBMODULE
libmbedcrypto.%:
$(MAKE) CRYPTO_INCLUDES:="-I../../include -I../include" -C ../crypto/library $@
else
libmbedcrypto.a: $(OBJS_CRYPTO) libmbedcrypto.a: $(OBJS_CRYPTO)
echo " AR $@" echo " AR $@"
$(AR) $(ARFLAGS) $@ $(OBJS_CRYPTO) $(AR) $(ARFLAGS) $@ $(OBJS_CRYPTO)
@ -190,6 +203,7 @@ libmbedcrypto.dylib: $(OBJS_CRYPTO)
libmbedcrypto.dll: $(OBJS_CRYPTO) libmbedcrypto.dll: $(OBJS_CRYPTO)
echo " LD $@" echo " LD $@"
$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_CRYPTO) -lws2_32 -lwinmm -lgdi32 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS) $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_CRYPTO) -lws2_32 -lwinmm -lgdi32 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
endif
.c.o: .c.o:
echo " CC $<" echo " CC $<"

3
library/version_features.c
View file

@ -681,6 +681,9 @@ static const char *features[] = {
#if defined(MBEDTLS_POLY1305_C) #if defined(MBEDTLS_POLY1305_C)
"MBEDTLS_POLY1305_C", "MBEDTLS_POLY1305_C",
#endif /* MBEDTLS_POLY1305_C */ #endif /* MBEDTLS_POLY1305_C */
#if defined(MBEDTLS_PSA_CRYPTO_C)
"MBEDTLS_PSA_CRYPTO_C",
#endif /* MBEDTLS_PSA_CRYPTO_C */
#if defined(MBEDTLS_RIPEMD160_C) #if defined(MBEDTLS_RIPEMD160_C)
"MBEDTLS_RIPEMD160_C", "MBEDTLS_RIPEMD160_C",
#endif /* MBEDTLS_RIPEMD160_C */ #endif /* MBEDTLS_RIPEMD160_C */

4
programs/Makefile
View file

@ -14,6 +14,10 @@ LOCAL_LDFLAGS = -L../library \
-lmbedx509$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX) -lmbedcrypto$(SHARED_SUFFIX)
ifdef USE_CRYPTO_SUBMODULE
LOCAL_LDFLAGS += -L../crypto/library
endif
ifndef SHARED ifndef SHARED
DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
else else

15
scripts/abi_check.py
View file

@ -64,7 +64,7 @@ class AbiChecker(object):
) )
git_worktree_path = tempfile.mkdtemp() git_worktree_path = tempfile.mkdtemp()
worktree_process = subprocess.Popen( worktree_process = subprocess.Popen(
[self.git_command, "worktree", "add", git_worktree_path, git_rev], [self.git_command, "worktree", "add", "--detach", git_worktree_path, git_rev],
cwd=self.repo_path, cwd=self.repo_path,
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
stderr=subprocess.STDOUT stderr=subprocess.STDOUT
@ -75,6 +75,18 @@ class AbiChecker(object):
raise Exception("Checking out worktree failed, aborting") raise Exception("Checking out worktree failed, aborting")
return git_worktree_path return git_worktree_path
def update_git_submodules(self, git_worktree_path):
process = subprocess.Popen(
[self.git_command, "submodule", "update", "--init", '--recursive'],
cwd=git_worktree_path,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT
)
output, _ = process.communicate()
self.log.info(output.decode("utf-8"))
if process.returncode != 0:
raise Exception("git submodule update failed, aborting")
def build_shared_libraries(self, git_worktree_path): def build_shared_libraries(self, git_worktree_path):
my_environment = os.environ.copy() my_environment = os.environ.copy()
my_environment["CFLAGS"] = "-g -Og" my_environment["CFLAGS"] = "-g -Og"
@ -131,6 +143,7 @@ class AbiChecker(object):
def get_abi_dump_for_ref(self, git_rev): def get_abi_dump_for_ref(self, git_rev):
git_worktree_path = self.get_clean_worktree_for_git_revision(git_rev) git_worktree_path = self.get_clean_worktree_for_git_revision(git_rev)
self.update_git_submodules(git_worktree_path)
self.build_shared_libraries(git_worktree_path) self.build_shared_libraries(git_worktree_path)
abi_dumps = self.get_abi_dumps_from_shared_libraries( abi_dumps = self.get_abi_dumps_from_shared_libraries(
git_rev, git_worktree_path git_rev, git_worktree_path

2
scripts/config.pl
View file

@ -28,6 +28,7 @@
# MBEDTLS_ECP_DP_M511_ENABLED # MBEDTLS_ECP_DP_M511_ENABLED
# MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES # MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
# MBEDTLS_NO_PLATFORM_ENTROPY # MBEDTLS_NO_PLATFORM_ENTROPY
# MBEDTLS_PSA_CRYPTO_C
# MBEDTLS_REMOVE_ARC4_CIPHERSUITES # MBEDTLS_REMOVE_ARC4_CIPHERSUITES
# MBEDTLS_SSL_HW_RECORD_ACCEL # MBEDTLS_SSL_HW_RECORD_ACCEL
# MBEDTLS_RSA_NO_CRT # MBEDTLS_RSA_NO_CRT
@ -87,6 +88,7 @@ MBEDTLS_ECP_DP_M383_ENABLED
MBEDTLS_ECP_DP_M511_ENABLED MBEDTLS_ECP_DP_M511_ENABLED
MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
MBEDTLS_NO_PLATFORM_ENTROPY MBEDTLS_NO_PLATFORM_ENTROPY
MBEDTLS_PSA_CRYPTO_C
MBEDTLS_RSA_NO_CRT MBEDTLS_RSA_NO_CRT
MBEDTLS_REMOVE_ARC4_CIPHERSUITES MBEDTLS_REMOVE_ARC4_CIPHERSUITES
MBEDTLS_SSL_HW_RECORD_ACCEL MBEDTLS_SSL_HW_RECORD_ACCEL

11
tests/Makefile
View file

@ -12,15 +12,22 @@ LOCAL_LDFLAGS = -L../library \
-lmbedx509$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX) -lmbedcrypto$(SHARED_SUFFIX)
ifdef USE_CRYPTO_SUBMODULE
LOCAL_LDFLAGS += -L../crypto/library
CRYPTO := ../crypto/library/
else
CRYPTO := ../library/
endif
# Enable definition of various functions used throughout the testsuite # Enable definition of various functions used throughout the testsuite
# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless # (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless
# on non-POSIX platforms. # on non-POSIX platforms.
LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L
ifndef SHARED ifndef SHARED
DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a DEP=$(CRYPTO)libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
else else
DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) DEP=$(CRYPTO)libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT)
endif endif
ifdef DEBUG ifdef DEBUG

75
tests/scripts/all.sh
View file

@ -88,6 +88,11 @@ elif [ -d library -a -d include -a -d tests ]; then :; else
exit 1 exit 1
fi fi
if ! [ -f crypto/Makefile ]; then
echo "Please initialize the crypto submodule" >&2
exit 1
fi
CONFIG_H='include/mbedtls/config.h' CONFIG_H='include/mbedtls/config.h'
CONFIG_BAK="$CONFIG_H.bak" CONFIG_BAK="$CONFIG_H.bak"
@ -154,9 +159,12 @@ cleanup()
fi fi
command make clean command make clean
cd crypto
command make clean
cd ..
# Remove CMake artefacts # Remove CMake artefacts
find . -name .git -prune \ find . -name .git -prune -o \
-iname CMakeFiles -exec rm -rf {} \+ -o \ -iname CMakeFiles -exec rm -rf {} \+ -o \
\( -iname cmake_install.cmake -o \ \( -iname cmake_install.cmake -o \
-iname CTestTestfile.cmake -o \ -iname CTestTestfile.cmake -o \
@ -165,6 +173,11 @@ cleanup()
rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile
git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile
git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile
cd crypto
rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile
git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile
git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile
cd ..
if [ -f "$CONFIG_BAK" ]; then if [ -f "$CONFIG_BAK" ]; then
mv "$CONFIG_BAK" "$CONFIG_H" mv "$CONFIG_BAK" "$CONFIG_H"
@ -574,6 +587,66 @@ if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_
msg "test: compat.sh ARIA + ChachaPoly" msg "test: compat.sh ARIA + ChachaPoly"
if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
# USE_CRYPTO_SUBMODULE: check that the build works with CMake
msg "build: cmake, full config + USE_CRYPTO_SUBMODULE, gcc+debug"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full # enables md4 and submodule doesn't enable md4
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
CC=gcc cmake -D USE_CRYPTO_SUBMODULE=1 -D CMAKE_BUILD_TYPE=Debug .
make
msg "test: top-level libmbedcrypto wasn't built (USE_CRYPTO_SUBMODULE, cmake)"
if_build_succeeded not test -f library/libmbedcrypto.a
msg "test: libmbedcrypto symbols are from crypto files (USE_CRYPTO_SUBMODULE, cmake)"
if_build_succeeded objdump -g crypto/library/libmbedcrypto.a | grep -E 'crypto/library$' > /dev/null
msg "test: libmbedcrypto uses top-level config (USE_CRYPTO_SUBMODULE, cmake)"
if_build_succeeded objdump -g crypto/library/libmbedcrypto.a | grep 'md4.c' > /dev/null
msg "test: main suites (USE_CRYPTO_SUBMODULE, cmake)"
make test
msg "test: ssl-opt.sh (USE_CRYPTO_SUBMODULE, cmake)"
if_build_succeeded tests/ssl-opt.sh
# USE_CRYPTO_SUBMODULE: check that the build works with make
msg "build: make, full config + USE_CRYPTO_SUBMODULE, gcc+debug"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full # enables md4 and submodule doesn't enable md4
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
make CC=gcc CFLAGS='-g' USE_CRYPTO_SUBMODULE=1
msg "test: top-level libmbedcrypto wasn't built (USE_CRYPTO_SUBMODULE, make)"
if_build_succeeded not test -f library/libmbedcrypto.a
msg "test: libmbedcrypto symbols are from crypto files (USE_CRYPTO_SUBMODULE, make)"
if_build_succeeded objdump -g crypto/library/libmbedcrypto.a | grep -E 'crypto/library$' > /dev/null
msg "test: libmbedcrypto uses top-level config (USE_CRYPTO_SUBMODULE, make)"
if_build_succeeded objdump -g crypto/library/libmbedcrypto.a | grep 'md4.c' > /dev/null
msg "test: main suites (USE_CRYPTO_SUBMODULE, make)"
make CC=gcc USE_CRYPTO_SUBMODULE=1 test
msg "test: ssl-opt.sh (USE_CRYPTO_SUBMODULE, make)"
if_build_succeeded tests/ssl-opt.sh
# Don't USE_CRYPTO_SUBMODULE: check that the submodule is not used with make
msg "build: make, full config - USE_CRYPTO_SUBMODULE, gcc+debug"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
make CC=gcc CFLAGS='-g'
msg "test: submodule libmbedcrypto wasn't built (USE_CRYPTO_SUBMODULE, make)"
if_build_succeeded not test -f crypto/library/libmbedcrypto.a
msg "test: libmbedcrypto symbols are from library files (USE_CRYPTO_SUBMODULE, make)"
if_build_succeeded objdump -g library/libmbedcrypto.a | grep -E 'library$' | not grep 'crypto' > /dev/null
# Don't USE_CRYPTO_SUBMODULE: check that the submodule is not used with CMake
msg "build: cmake, full config - USE_CRYPTO_SUBMODULE, gcc+debug"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
CC=gcc cmake -D CMAKE_BUILD_TYPE=Debug .
make
msg "test: submodule libmbedcrypto wasn't built (USE_CRYPTO_SUBMODULE, cmake)"
if_build_succeeded not test -f crypto/library/libmbedcrypto.a
msg "test: libmbedcrypto symbols are from library files (USE_CRYPTO_SUBMODULE, cmake)"
if_build_succeeded objdump -g library/libmbedcrypto.a | grep -E 'library$' | not grep 'crypto' > /dev/null
msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
cleanup cleanup
cp "$CONFIG_H" "$CONFIG_BAK" cp "$CONFIG_H" "$CONFIG_BAK"

4
tests/scripts/run-test-suites.pl
View file

@ -41,8 +41,8 @@ my @suites = grep { -x $_ || /\.exe$/ } glob 'test_suite_*';
die "$0: no test suite found\n" unless @suites; die "$0: no test suite found\n" unless @suites;
# in case test suites are linked dynamically # in case test suites are linked dynamically
$ENV{'LD_LIBRARY_PATH'} = '../library'; $ENV{'LD_LIBRARY_PATH'} = '../library:../crypto/library';
$ENV{'DYLD_LIBRARY_PATH'} = '../library'; $ENV{'DYLD_LIBRARY_PATH'} = '../library:../crypto/library';
my $prefix = $^O eq "MSWin32" ? '' : './'; my $prefix = $^O eq "MSWin32" ? '' : './';