yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-03 17:01:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3295 from gilles-peskine-arm/config-full-clarify-2.7

Browse source 
Backport 2.7: Clarify that the full config enables everything that can be tested together
This commit is contained in:
danh-arm 2020-05-04 10:28:50 +01:00 committed by GitHub
parent b8da88d398 adaaddbe3b
commit af71b953df
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 96 additions and 76 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
programs/aes/crypt_and_hash.c
View file

@ -82,7 +82,8 @@ static void mbedtls_zeroize( void *v, size_t n ) {
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
int ret = 1, i, n; int ret = 1, i;
unsigned n;
int exit_code = MBEDTLS_EXIT_FAILURE; int exit_code = MBEDTLS_EXIT_FAILURE;
int mode; int mode;
size_t keylen, ilen, olen; size_t keylen, ilen, olen;

3
programs/pkey/pk_decrypt.c
View file

@ -62,7 +62,8 @@ int main( void )
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
FILE *f; FILE *f;
int ret = 1, c; int ret = 1;
unsigned c;
int exit_code = MBEDTLS_EXIT_FAILURE; int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i, olen = 0; size_t i, olen = 0;
mbedtls_pk_context pk; mbedtls_pk_context pk;

2
programs/pkey/rsa_decrypt.c
View file

@ -63,7 +63,7 @@ int main( int argc, char *argv[] )
FILE *f; FILE *f;
int ret = 1; int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE; int exit_code = MBEDTLS_EXIT_FAILURE;
int c; unsigned c;
size_t i; size_t i;
mbedtls_rsa_context rsa; mbedtls_rsa_context rsa;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;

3
programs/pkey/rsa_verify.c
View file

@ -57,7 +57,8 @@ int main( void )
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
FILE *f; FILE *f;
int ret = 1, c; int ret = 1;
unsigned c;
int exit_code = MBEDTLS_EXIT_FAILURE; int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i; size_t i;
mbedtls_rsa_context rsa; mbedtls_rsa_context rsa;

22
programs/ssl/ssl_client2.c
View file

@ -239,7 +239,9 @@ int main( void )
#define USAGE_ECJPAKE "" #define USAGE_ECJPAKE ""
#endif #endif
#define USAGE \ /* USAGE is arbitrarily split to stay under the portable string literal
* length limit: 4095 bytes in C99. */
#define USAGE1 \
"\n usage: ssl_client2 param=<>...\n" \ "\n usage: ssl_client2 param=<>...\n" \
"\n acceptable parameters:\n" \ "\n acceptable parameters:\n" \
" server_name=%%s default: localhost\n" \ " server_name=%%s default: localhost\n" \
@ -260,15 +262,17 @@ int main( void )
" skip_close_notify=%%d default: 0 (send close_notify)\n" \ " skip_close_notify=%%d default: 0 (send close_notify)\n" \
"\n" \ "\n" \
USAGE_DTLS \ USAGE_DTLS \
"\n" \ "\n"
" auth_mode=%%s default: (library default: none)\n" \ #define USAGE2 \
" auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \ " options: none, optional, required\n" \
USAGE_IO \ USAGE_IO \
"\n" \ "\n" \
USAGE_PSK \ USAGE_PSK \
USAGE_ECJPAKE \ USAGE_ECJPAKE \
"\n" \ "\n"
" allow_legacy=%%d default: (library default: no)\n" \ #define USAGE3 \
" allow_legacy=%%d default: (library default: no)\n" \
USAGE_RENEGO \ USAGE_RENEGO \
" exchanges=%%d default: 1\n" \ " exchanges=%%d default: 1\n" \
" reconnect=%%d default: 0 (disabled)\n" \ " reconnect=%%d default: 0 (disabled)\n" \
@ -284,7 +288,8 @@ int main( void )
USAGE_CURVES \ USAGE_CURVES \
USAGE_RECSPLIT \ USAGE_RECSPLIT \
USAGE_DHMLEN \ USAGE_DHMLEN \
"\n" \ "\n"
#define USAGE4 \
" arc4=%%d default: (library default: 0)\n" \ " arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \ " allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \ " min_version=%%s default: (library default: tls1)\n" \
@ -507,7 +512,10 @@ int main( int argc, char *argv[] )
if( ret == 0 ) if( ret == 0 )
ret = 1; ret = 1;
mbedtls_printf( USAGE ); mbedtls_printf( USAGE1 );
mbedtls_printf( USAGE2 );
mbedtls_printf( USAGE3 );
mbedtls_printf( USAGE4 );
list = mbedtls_ssl_list_ciphersuites(); list = mbedtls_ssl_list_ciphersuites();
while( *list ) while( *list )

18
programs/ssl/ssl_server2.c
View file

@ -338,7 +338,9 @@ int main( void )
#define USAGE_CURVES "" #define USAGE_CURVES ""
#endif #endif
#define USAGE \ /* USAGE is arbitrarily split to stay under the portable string literal
* length limit: 4095 bytes in C99. */
#define USAGE1 \
"\n usage: ssl_server2 param=<>...\n" \ "\n usage: ssl_server2 param=<>...\n" \
"\n acceptable parameters:\n" \ "\n acceptable parameters:\n" \
" server_addr=%%s default: (all interfaces)\n" \ " server_addr=%%s default: (all interfaces)\n" \
@ -357,7 +359,8 @@ int main( void )
USAGE_COOKIES \ USAGE_COOKIES \
USAGE_ANTI_REPLAY \ USAGE_ANTI_REPLAY \
USAGE_BADMAC_LIMIT \ USAGE_BADMAC_LIMIT \
"\n" \ "\n"
#define USAGE2 \
" auth_mode=%%s default: (library default: none)\n" \ " auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \ " options: none, optional, required\n" \
" cert_req_ca_list=%%d default: 1 (send ca list)\n" \ " cert_req_ca_list=%%d default: 1 (send ca list)\n" \
@ -367,7 +370,8 @@ int main( void )
"\n" \ "\n" \
USAGE_PSK \ USAGE_PSK \
USAGE_ECJPAKE \ USAGE_ECJPAKE \
"\n" \ "\n"
#define USAGE3 \
" allow_legacy=%%d default: (library default: no)\n" \ " allow_legacy=%%d default: (library default: no)\n" \
USAGE_RENEGO \ USAGE_RENEGO \
" exchanges=%%d default: 1\n" \ " exchanges=%%d default: 1\n" \
@ -380,7 +384,8 @@ int main( void )
USAGE_EMS \ USAGE_EMS \
USAGE_ETM \ USAGE_ETM \
USAGE_CURVES \ USAGE_CURVES \
"\n" \ "\n"
#define USAGE4 \
" arc4=%%d default: (library default: 0)\n" \ " arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \ " allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \ " min_version=%%s default: (library default: tls1)\n" \
@ -979,7 +984,10 @@ int main( int argc, char *argv[] )
if( ret == 0 ) if( ret == 0 )
ret = 1; ret = 1;
mbedtls_printf( USAGE ); mbedtls_printf( USAGE1 );
mbedtls_printf( USAGE2 );
mbedtls_printf( USAGE3 );
mbedtls_printf( USAGE4 );
list = mbedtls_ssl_list_ciphersuites(); list = mbedtls_ssl_list_ciphersuites();
while( *list ) while( *list )

76
scripts/config.pl
View file

@ -19,30 +19,17 @@
# #
# The following options are disabled instead of enabled with "full". # The following options are disabled instead of enabled with "full".
# #
# MBEDTLS_TEST_NULL_ENTROPY # * Options that require additional build dependencies or unusual hardware.
# MBEDTLS_DEPRECATED_REMOVED # * Options that make testing less effective.
# MBEDTLS_HAVE_SSE2 # * Options that are incompatible with other options, or more generally that
# MBEDTLS_PLATFORM_NO_STD_FUNCTIONS # interact with other parts of the code in such a way that a bulk enabling
# MBEDTLS_ECP_DP_M221_ENABLED # is not a good way to test them.
# MBEDTLS_ECP_DP_M383_ENABLED # * Options that remove features.
# MBEDTLS_ECP_DP_M511_ENABLED
# MBEDTLS_MEMORY_BACKTRACE
# MBEDTLS_MEMORY_BUFFER_ALLOC_C
# MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
# MBEDTLS_NO_PLATFORM_ENTROPY
# MBEDTLS_REMOVE_ARC4_CIPHERSUITES
# MBEDTLS_REMOVE_3DES_CIPHERSUITES
# MBEDTLS_SSL_HW_RECORD_ACCEL
# MBEDTLS_RSA_NO_CRT
# MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
# MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
# - this could be enabled if the respective tests were adapted
# MBEDTLS_ZLIB_SUPPORT
# MBEDTLS_PKCS11_C
# MBEDTLS_NO_UDBL_DIVISION
# MBEDTLS_NO_64BIT_MULTIPLICATION
# and any symbol beginning _ALT
# #
# The baremetal configuration excludes options that require a library or
# operating system feature that is typically not present on bare metal
# systems. Features that are excluded from "full" won't be in "baremetal"
# either.
use warnings; use warnings;
use strict; use strict;
@ -83,51 +70,52 @@ Options
EOU EOU
my @excluded = qw( my @excluded = qw(
MBEDTLS_TEST_NULL_ENTROPY
MBEDTLS_DEPRECATED_REMOVED MBEDTLS_DEPRECATED_REMOVED
MBEDTLS_DEPRECATED_WARNING
MBEDTLS_HAVE_SSE2 MBEDTLS_HAVE_SSE2
MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
MBEDTLS_ECP_DP_M221_ENABLED
MBEDTLS_ECP_DP_M383_ENABLED
MBEDTLS_ECP_DP_M511_ENABLED
MBEDTLS_MEMORY_DEBUG
MBEDTLS_MEMORY_BACKTRACE MBEDTLS_MEMORY_BACKTRACE
MBEDTLS_MEMORY_BUFFER_ALLOC_C MBEDTLS_MEMORY_BUFFER_ALLOC_C
MBEDTLS_MEMORY_DEBUG
MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
MBEDTLS_NO_PLATFORM_ENTROPY MBEDTLS_NO_PLATFORM_ENTROPY
MBEDTLS_RSA_NO_CRT MBEDTLS_NO_UDBL_DIVISION
MBEDTLS_REMOVE_ARC4_CIPHERSUITES MBEDTLS_PKCS11_C
MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
MBEDTLS_REMOVE_3DES_CIPHERSUITES MBEDTLS_REMOVE_3DES_CIPHERSUITES
MBEDTLS_REMOVE_ARC4_CIPHERSUITES
MBEDTLS_RSA_NO_CRT
MBEDTLS_SSL_HW_RECORD_ACCEL MBEDTLS_SSL_HW_RECORD_ACCEL
MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 MBEDTLS_TEST_NULL_ENTROPY
MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
MBEDTLS_ZLIB_SUPPORT MBEDTLS_ZLIB_SUPPORT
MBEDTLS_PKCS11_C
MBEDTLS_NO_UDBL_DIVISION
_ALT\s*$ _ALT\s*$
); );
# Things that should be disabled in "baremetal" # Things that should be disabled in "baremetal"
my @excluded_baremetal = qw( my @excluded_baremetal = qw(
MBEDTLS_NET_C
MBEDTLS_TIMING_C
MBEDTLS_FS_IO
MBEDTLS_ENTROPY_NV_SEED MBEDTLS_ENTROPY_NV_SEED
MBEDTLS_FS_IO
MBEDTLS_HAVEGE_C
MBEDTLS_HAVE_TIME MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME_DATE MBEDTLS_HAVE_TIME_DATE
MBEDTLS_DEPRECATED_WARNING
MBEDTLS_HAVEGE_C
MBEDTLS_THREADING_C
MBEDTLS_THREADING_PTHREAD
MBEDTLS_MEMORY_BACKTRACE MBEDTLS_MEMORY_BACKTRACE
MBEDTLS_MEMORY_BUFFER_ALLOC_C MBEDTLS_MEMORY_BUFFER_ALLOC_C
MBEDTLS_PLATFORM_TIME_ALT MBEDTLS_NET_C
MBEDTLS_PLATFORM_FPRINTF_ALT MBEDTLS_PLATFORM_FPRINTF_ALT
MBEDTLS_PLATFORM_NV_SEED_ALT
MBEDTLS_PLATFORM_TIME_ALT
MBEDTLS_THREADING_C
MBEDTLS_THREADING_PTHREAD
MBEDTLS_TIMING_C
); );
# Things that should be enabled in "full" even if they match @excluded # Things that should be enabled in "full" even if they match @excluded.
# Platform ALTs enable global variables that allow configuring the behavior
# but default to the default behavior, except for PLATFORM_SETUP_TEARDOWN_ALT
# which requires the application to provide relevant functions like
# non-platform ALTs.
my @non_excluded = qw( my @non_excluded = qw(
PLATFORM_[A-Z0-9]+_ALT PLATFORM_(?!SETUP_TEARDOWN_)[A-Z_0-9]+_ALT
); );
# Things that should be enabled in "baremetal" # Things that should be enabled in "baremetal"

42
tests/scripts/all.sh
View file

@ -770,22 +770,31 @@ component_test_full_cmake_clang () {
if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR'
} }
component_build_deprecated () { component_test_default_no_deprecated () {
msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s # Test that removing the deprecated features from the default
scripts/config.pl full # configuration leaves something consistent.
scripts/config.pl set MBEDTLS_DEPRECATED_WARNING msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s
# Build with -O -Wextra to catch a maximum of issues.
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s
# No cleanup, just tweak the configuration and rebuild
make clean
scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING
scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED
# Build with -O -Wextra to catch a maximum of issues. make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs
make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s
make test
}
component_test_full_deprecated_warning () {
# Test that there is nothing deprecated in the full configuraration.
# A deprecated feature would trigger a warning (made fatal) from
# MBEDTLS_DEPRECATED_WARNING.
msg "build: make, full + MBEDTLS_DEPRECATED_WARNING" # ~ 30s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_DEPRECATED_REMOVED
scripts/config.pl set MBEDTLS_DEPRECATED_WARNING
# There are currently no tests for any deprecated feature.
# If some are added, 'make test' would trigger warnings here.
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
msg "test: make, full + MBEDTLS_DEPRECATED_WARNING" # ~ 5s
make test
} }
component_test_depends_curves () { component_test_depends_curves () {
@ -827,6 +836,7 @@ component_test_no_platform () {
scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_FS_IO scripts/config.pl unset MBEDTLS_FS_IO
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
@ -841,6 +851,7 @@ component_build_no_std_function () {
scripts/config.pl full scripts/config.pl full
scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
} }
@ -912,6 +923,7 @@ component_test_null_entropy () {
scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
scripts/config.pl set MBEDTLS_ENTROPY_C scripts/config.pl set MBEDTLS_ENTROPY_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT
scripts/config.pl unset MBEDTLS_HAVEGE_C scripts/config.pl unset MBEDTLS_HAVEGE_C
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON . CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON .

3
tests/suites/test_suite_entropy.function
View file

@ -1,6 +1,7 @@
/* BEGIN_HEADER */ /* BEGIN_HEADER */
#include "mbedtls/entropy.h" #include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h" #include "mbedtls/entropy_poll.h"
#include "mbedtls/md.h"
/* /*
* Number of calls made to entropy_dummy_source() * Number of calls made to entropy_dummy_source()
@ -346,7 +347,7 @@ void entropy_nv_seed( char *read_seed_str )
// Set the initial NV seed to read. // Set the initial NV seed to read.
// Get exactly MBEDTLS_ENTROPY_BLOCK_SIZE bytes from read_str. // Get exactly MBEDTLS_ENTROPY_BLOCK_SIZE bytes from read_str.
TEST_ASSERT( strlen( read_seed ) / 2 >= MBEDTLS_ENTROPY_BLOCK_SIZE ); TEST_ASSERT( strlen( read_seed_str ) / 2 >= MBEDTLS_ENTROPY_BLOCK_SIZE );
read_seed_str[MBEDTLS_ENTROPY_BLOCK_SIZE * 2] = '\0'; read_seed_str[MBEDTLS_ENTROPY_BLOCK_SIZE * 2] = '\0';
unhexify( read_seed, read_seed_str ); unhexify( read_seed, read_seed_str );
memcpy( buffer_seed, read_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ); memcpy( buffer_seed, read_seed, MBEDTLS_ENTROPY_BLOCK_SIZE );