Merge branch 'mbedtls-1.3'

This commit is contained in:
Simon Butcher 2016-10-17 16:05:55 +01:00
commit 91fa80430d
2 changed files with 219 additions and 70 deletions

View file

@ -83,6 +83,7 @@ static unsigned int mfl_code_to_length[SSL_MAX_FRAG_LEN_INVALID] =
}; };
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */ #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
#if defined(POLARSSL_SSL_CLI_C)
static int ssl_session_copy( ssl_session *dst, const ssl_session *src ) static int ssl_session_copy( ssl_session *dst, const ssl_session *src )
{ {
ssl_session_free( dst ); ssl_session_free( dst );
@ -122,6 +123,7 @@ static int ssl_session_copy( ssl_session *dst, const ssl_session *src )
return( 0 ); return( 0 );
} }
#endif /* POLARSSL_SSL_CLI_C */
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL) #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
int (*ssl_hw_record_init)( ssl_context *ssl, int (*ssl_hw_record_init)( ssl_context *ssl,
@ -2637,7 +2639,7 @@ int ssl_write_certificate( ssl_context *ssl )
ssl->out_msgtype = SSL_MSG_HANDSHAKE; ssl->out_msgtype = SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = SSL_HS_CERTIFICATE; ssl->out_msg[0] = SSL_HS_CERTIFICATE;
#if defined(POLARSSL_SSL_PROTO_SSL3) #if defined(POLARSSL_SSL_PROTO_SSL3) && defined(POLARSSL_SSL_CLI_C)
write_msg: write_msg:
#endif #endif

View file

@ -1,19 +1,29 @@
#!/bin/sh #!/bin/sh
# Run all available tests (mostly). # all.sh
# #
# Warning: includes various build modes, so it will mess with the current # This file is part of mbed TLS (https://tls.mbed.org)
# CMake configuration. After this script is run, the CMake cache is lost and
# CMake is not initialised any more!
# #
# Assumes gcc and clang (recent enough for using ASan with gcc and MemSan with # Copyright (c) 2014-2016, ARM Limited, All Rights Reserved
# clang, or valgrind) are available, as well as cmake and a "good" find. #
# Purpose
#
# To run all tests possible or available on the platform.
#
# Warning: the test is destructive. It includes various build modes and
# configurations, and can and will arbitrarily change the current CMake
# configuration. After this script has been run, the CMake cache will be lost
# and CMake will no longer be initialised.
#
# The script assumes the presence of gcc and clang (recent enough for using
# ASan with gcc and MemSan with clang, or valgrind) are available, as well as
# cmake and a "good" find.
# Abort on errors (and uninitiliased variables) # Abort on errors (and uninitialised variables)
set -eu set -eu
if [ -d library -a -d include -a -d tests ]; then :; else if [ -d library -a -d include -a -d tests ]; then :; else
echo "Must be run from mbed TLS root" >&2 err_msg "Must be run from mbed TLS root"
exit 1 exit 1
fi fi
@ -21,20 +31,34 @@ CONFIG_H='include/polarssl/config.h'
CONFIG_BAK="$CONFIG_H.bak" CONFIG_BAK="$CONFIG_H.bak"
MEMORY=0 MEMORY=0
FORCE=0
RELEASE=0
while [ $# -gt 0 ]; do # Default commands, can be overriden by the environment
case "$1" in : ${OPENSSL:="openssl"}
-m*) : ${OPENSSL_LEGACY:="$OPENSSL"}
MEMORY=${1#-m} : ${GNUTLS_CLI:="gnutls-cli"}
;; : ${GNUTLS_SERV:="gnutls-serv"}
*) : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
echo "Unknown argument: '$1'" >&2 : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
echo "Use the source, Luke!" >&2 : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
exit 1
;; usage()
esac {
shift printf "Usage: $0\n"
done printf " -h|--help\t\tPrint this help.\n"
printf " -m|--memory\t\tAdditional optional memory tests.\n"
printf " -f|--force\t\tForce the tests to overwrite any modified files.\n"
printf " -s|--seed\t\tInteger seed value to use for this test run.\n"
printf " -r|--release-test\t\tRun this script in release mode. This fixes the seed value to 1.\n"
printf " --out-of-source-dir=<path>\t\tDirectory used for CMake out-of-source build tests."
printf " --openssl=<OpenSSL_path>\t\tPath to OpenSSL executable to use for most tests.\n"
printf " --openssl-legacy=<OpenSSL_path>\t\tPath to OpenSSL executable to use for legacy tests e.g. SSLv3.\n"
printf " --gnutls-cli=<GnuTLS_cli_path>\t\tPath to GnuTLS client executable to use for most tests.\n"
printf " --gnutls-serv=<GnuTLS_serv_path>\t\tPath to GnuTLS server executable to use for most tests.\n"
printf " --gnutls-legacy-cli=<GnuTLS_cli_path>\t\tPath to GnuTLS client executable to use for legacy tests.\n"
printf " --gnutls-legacy-serv=<GnuTLS_serv_path>\t\tPath to GnuTLS server executable to use for legacy tests.\n"
}
# remove built files as well as the cmake cache/config # remove built files as well as the cmake cache/config
cleanup() cleanup()
@ -62,6 +86,126 @@ msg()
echo "******************************************************************" echo "******************************************************************"
} }
err_msg()
{
echo "$1" >&2
}
check_tools()
{
for TOOL in "$@"; do
if ! `hash "$TOOL" >/dev/null 2>&1`; then
err_msg "$TOOL not found!"
exit 1
fi
done
}
while [ $# -gt 0 ]; do
case "$1" in
--memory|-m*)
MEMORY=${1#-m}
;;
--force|-f)
FORCE=1
;;
--seed|-s)
shift
SEED="$1"
;;
--release-test|-r)
RELEASE=1
;;
--out-of-source-dir)
shift
OUT_OF_SOURCE_DIR="$1"
;;
--openssl)
shift
OPENSSL="$1"
;;
--openssl-legacy)
shift
OPENSSL_LEGACY="$1"
;;
--gnutls-cli)
shift
GNUTLS_CLI="$1"
;;
--gnutls-serv)
shift
GNUTLS_SERV="$1"
;;
--gnutls-legacy-cli)
shift
GNUTLS_LEGACY_CLI="$1"
;;
--gnutls-legacy-serv)
shift
GNUTLS_LEGACY_SERV="$1"
;;
--help|-h|*)
usage
exit 1
;;
esac
shift
done
if [ $FORCE -eq 1 ]; then
git checkout-index -f -q $CONFIG_H
cleanup
else
if [ -d "$OUT_OF_SOURCE_DIR" ]; then
echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2
echo "You can either delete this directory manually, or force the test by rerunning"
echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR"
exit 1
fi
if ! git diff-files --quiet include/polarssl/config.h; then
echo $?
err_msg "Warning - the configuration file 'include/polarssl/config.h' has been edited. "
echo "You can either delete or preserve your work, or force the test by rerunning the"
echo "script as: $0 --force"
exit 1
fi
fi
if [ $RELEASE -eq 1 ]; then
# Fix the seed value to 1 to ensure that the tests are deterministic.
SEED=1
fi
msg "info: $0 configuration"
echo "MEMORY: $MEMORY"
echo "FORCE: $FORCE"
echo "SEED: ${SEED-"UNSET"}"
echo "OPENSSL: $OPENSSL"
echo "OPENSSL_LEGACY: $OPENSSL_LEGACY"
echo "GNUTLS_CLI: $GNUTLS_CLI"
echo "GNUTLS_SERV: $GNUTLS_SERV"
echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI"
echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV"
# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh
# we just export the variables they require
export OPENSSL_CMD="$OPENSSL"
export GNUTLS_CLI="$GNUTLS_CLI"
export GNUTLS_SERV="$GNUTLS_SERV"
# Avoid passing --seed flag in every call to ssl-opt.sh
[ ! -z ${SEED+set} ] && export SEED
# Make sure the tools we need are available.
check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \
"$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \
"arm-none-eabi-gcc" "armcc"
#
# Test Suites to be executed
#
# The test ordering tries to optimize for the following criteria: # The test ordering tries to optimize for the following criteria:
# 1. Catch possible problems early, by running first tests that run quickly # 1. Catch possible problems early, by running first tests that run quickly
# and/or are more likely to fail than others (eg I use Clang most of the # and/or are more likely to fail than others (eg I use Clang most of the
@ -81,27 +225,21 @@ cleanup
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make make
msg "test: main suites and selftest (ASan build)" # ~ 50s msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
make test make test
programs/test/selftest programs/test/selftest
msg "test: ssl-opt.sh (ASan build)" # ~ 1 min msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
cd tests tests/ssl-opt.sh
./ssl-opt.sh
cd ..
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
tests/scripts/test-ref-configs.pl tests/scripts/test-ref-configs.pl
# Most frequent issues are likely to be caught at this point
msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min
make make
msg "test: compat.sh (ASan build)" # ~ 6 min msg "test: compat.sh (ASan build)" # ~ 6 min
cd tests tests/compat.sh
./compat.sh
cd ..
msg "build: Default + SSLv3 (ASan build)" # ~ 6 min msg "build: Default + SSLv3 (ASan build)" # ~ 6 min
cleanup cleanup
@ -110,19 +248,16 @@ scripts/config.pl set POLARSSL_SSL_PROTO_SSL3
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make make
msg "test: SSLv3 - main suites and selftest (ASan build)" # ~ 50s msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s
make test make test
programs/test/selftest programs/test/selftest
msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min
cd tests tests/compat.sh -m 'tls1 tls1_1 tls1_2'
./compat.sh -m 'ssl3 tls1 tls1_1 tls1_2' OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
cd ..
msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
cd tests tests/ssl-opt.sh
./ssl-opt.sh
cd ..
msg "build: cmake, full config, clang" # ~ 50s msg "build: cmake, full config, clang" # ~ 50s
cleanup cleanup
@ -138,16 +273,13 @@ msg "test: main suites (full config)" # ~ 5s
make test make test
msg "test: ssl-opt.sh default (full config)" # ~ 1s msg "test: ssl-opt.sh default (full config)" # ~ 1s
cd tests tests/ssl-opt.sh -f Default
./ssl-opt.sh -f Default
cd ..
msg "test: compat.sh DES & NULL (full config)" # ~ 2 min msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min
cd tests OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|3DES-EDE-CBC\|DES-CBC3'
./compat.sh -e '^$' -f 'NULL\|3DES-EDE-CBC\|DES-CBC3'
cd ..
msg "test/build: curves.pl (gcc)" # ~ 5 min (?)
msg "test/build: curves.pl (gcc)" # ~ 4 min
cleanup cleanup
cmake -D CMAKE_BUILD_TYPE:String=Debug . cmake -D CMAKE_BUILD_TYPE:String=Debug .
tests/scripts/curves.pl tests/scripts/curves.pl
@ -185,6 +317,24 @@ scripts/config.pl unset POLARSSL_ERROR_STRERROR_BC # deprecated
scripts/config.pl unset POLARSSL_PBKDF2_C # deprecated scripts/config.pl unset POLARSSL_PBKDF2_C # deprecated
CC=gcc CFLAGS='-Werror -O0' make CC=gcc CFLAGS='-Werror -O0' make
msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset POLARSSL_ERROR_STRERROR_BC # deprecated
scripts/config.pl unset POLARSSL_PBKDF2_C # deprecated
scripts/config.pl unset POLARSSL_SSL_SRV_C
CC=gcc CFLAGS='-Werror -O0' make
msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset POLARSSL_SSL_CLI_C
scripts/config.pl unset POLARSSL_ERROR_STRERROR_BC # deprecated
scripts/config.pl unset POLARSSL_PBKDF2_C # deprecated
CC=gcc CFLAGS='-Werror -O0' make
if uname -a | grep -F Linux >/dev/null; then if uname -a | grep -F Linux >/dev/null; then
msg "build/test: make shared" # ~ 40s msg "build/test: make shared" # ~ 40s
cleanup cleanup
@ -197,7 +347,6 @@ cleanup
CC=gcc CFLAGS='-Werror -m32' make CC=gcc CFLAGS='-Werror -m32' make
fi # x86_64 fi # x86_64
if which arm-none-eabi-gcc >/dev/null; then
msg "build: arm-none-eabi-gcc, make" # ~ 10s msg "build: arm-none-eabi-gcc, make" # ~ 10s
cleanup cleanup
cp "$CONFIG_H" "$CONFIG_BAK" cp "$CONFIG_H" "$CONFIG_BAK"
@ -207,16 +356,15 @@ scripts/config.pl unset POLARSSL_TIMING_C
scripts/config.pl unset POLARSSL_FS_IO scripts/config.pl unset POLARSSL_FS_IO
scripts/config.pl unset POLARSSL_ERROR_STRERROR_BC # deprecated scripts/config.pl unset POLARSSL_ERROR_STRERROR_BC # deprecated
scripts/config.pl unset POLARSSL_PBKDF2_C # deprecated scripts/config.pl unset POLARSSL_PBKDF2_C # deprecated
scripts/config.pl set POLARSSL_NO_PLATFORM_ENTROPY
# following things are not in the default config # following things are not in the default config
scripts/config.pl unset POLARSSL_HAVEGE_C # depends on timing.c scripts/config.pl unset POLARSSL_HAVEGE_C # depends on timing.c
scripts/config.pl unset POLARSSL_THREADING_PTHREAD scripts/config.pl unset POLARSSL_THREADING_PTHREAD
scripts/config.pl unset POLARSSL_THREADING_C scripts/config.pl unset POLARSSL_THREADING_C
scripts/config.pl unset POLARSSL_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset POLARSSL_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset POLARSSL_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl unset POLARSSL_MEMORY_BUFFER_ALLOC_C # calls exit
CC=arm-none-eabi-gcc CFLAGS=-Werror make lib CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS=-Werror make lib
fi # arm-gcc
if which armcc >/dev/null; then
msg "build: armcc, make" msg "build: armcc, make"
cleanup cleanup
cp "$CONFIG_H" "$CONFIG_BAK" cp "$CONFIG_H" "$CONFIG_BAK"
@ -227,6 +375,7 @@ scripts/config.pl unset POLARSSL_FS_IO
scripts/config.pl unset POLARSSL_HAVE_TIME scripts/config.pl unset POLARSSL_HAVE_TIME
scripts/config.pl unset POLARSSL_ERROR_STRERROR_BC # deprecated scripts/config.pl unset POLARSSL_ERROR_STRERROR_BC # deprecated
scripts/config.pl unset POLARSSL_PBKDF2_C # deprecated scripts/config.pl unset POLARSSL_PBKDF2_C # deprecated
scripts/config.pl set POLARSSL_NO_PLATFORM_ENTROPY
# following things are not in the default config # following things are not in the default config
scripts/config.pl unset POLARSSL_DEPRECATED_WARNING scripts/config.pl unset POLARSSL_DEPRECATED_WARNING
scripts/config.pl unset POLARSSL_HAVEGE_C # depends on timing.c scripts/config.pl unset POLARSSL_HAVEGE_C # depends on timing.c
@ -234,14 +383,7 @@ scripts/config.pl unset POLARSSL_THREADING_PTHREAD
scripts/config.pl unset POLARSSL_THREADING_C scripts/config.pl unset POLARSSL_THREADING_C
scripts/config.pl unset POLARSSL_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset POLARSSL_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset POLARSSL_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl unset POLARSSL_MEMORY_BUFFER_ALLOC_C # calls exit
CC=armcc AR=armar WARNING_CFLAGS= CC=armcc AR=armar WARNING_CFLAGS= make lib
make lib 2> armcc.stderr
if [ -s armcc.stderr ]; then
cat armcc.stderr
exit 1;
fi
rm armcc.stderr
fi # armcc
if which i686-w64-mingw32-gcc >/dev/null; then if which i686-w64-mingw32-gcc >/dev/null; then
msg "build: cross-mingw64, make" # ~ 30s msg "build: cross-mingw64, make" # ~ 30s
@ -267,17 +409,13 @@ msg "test: main suites (MSan)" # ~ 10s
make test make test
msg "test: ssl-opt.sh (MSan)" # ~ 1 min msg "test: ssl-opt.sh (MSan)" # ~ 1 min
cd tests tests/ssl-opt.sh
./ssl-opt.sh
cd ..
# Optional part(s) # Optional part(s)
if [ "$MEMORY" -gt 0 ]; then if [ "$MEMORY" -gt 0 ]; then
msg "test: compat.sh (MSan)" # ~ 6 min 20s msg "test: compat.sh (MSan)" # ~ 6 min 20s
cd tests tests/compat.sh
./compat.sh
cd ..
fi fi
else # no MemSan else # no MemSan
@ -296,20 +434,29 @@ make test
if [ "$MEMORY" -gt 0 ]; then if [ "$MEMORY" -gt 0 ]; then
msg "test: ssl-opt.sh --memcheck (Release)" msg "test: ssl-opt.sh --memcheck (Release)"
cd tests tests/ssl-opt.sh --memcheck
./ssl-opt.sh --memcheck
cd ..
fi fi
if [ "$MEMORY" -gt 1 ]; then if [ "$MEMORY" -gt 1 ]; then
msg "test: compat.sh --memcheck (Release)" msg "test: compat.sh --memcheck (Release)"
cd tests tests/compat.sh --memcheck
./compat.sh --memcheck
cd ..
fi fi
fi # MemSan fi # MemSan
msg "build: cmake 'out-of-source' build"
cleanup
MBEDTLS_ROOT_DIR="$PWD"
mkdir "$OUT_OF_SOURCE_DIR"
cd "$OUT_OF_SOURCE_DIR"
cmake "$MBEDTLS_ROOT_DIR"
make
msg "test: cmake 'out-of-source' build"
make test
cd "$MBEDTLS_ROOT_DIR"
rm -rf "$OUT_OF_SOURCE_DIR"
msg "Done, cleaning up" msg "Done, cleaning up"
cleanup cleanup