yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-02 07:51:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'public/pr/2867' into baremetal

Browse source
This commit is contained in:
Simon Butcher 2019-10-08 18:57:31 +01:00
parent f7881ad2b7 cfbeb76dd2
commit f0963f7141
5 changed files with 141 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

62
Makefile
View file

@ -2,6 +2,22 @@
DESTDIR=/usr/local
PREFIX=mbedtls_
PROGRAMS_DIR=./programs
TESTS_DIR=./tests
# Check test environment. If ../library is available then Mbed TLS is used.
# Otherwise Mbed OS environment is used.
DIR_FOR_MBED_TLS_ENV=./library
ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" ""
LIBRARY_DIR=./library
INCLUDE_DIR=./include
CONFIG_FILE=./include/mbedtls/config.h
else
LIBRARY_DIR=./src
INCLUDE_DIR=./inc
CONFIG_FILE=./inc/mbedtls/test_config.h
endif
.SILENT:
.PHONY: all no_test programs lib tests install uninstall clean test check covtest lcov apidoc apidoc_clean
@ -12,26 +28,26 @@ all: programs tests
no_test: programs
programs: lib
$(MAKE) -C programs
$(MAKE) -C $(PROGRAMS_DIR)
lib:
$(MAKE) -C library
$(MAKE) -C $(LIBRARY_DIR)
tests: lib
$(MAKE) -C tests
$(MAKE) -C $(TESTS_DIR)
ifndef WINDOWS
install: no_test
mkdir -p $(DESTDIR)/include/mbedtls
cp -rp include/mbedtls $(DESTDIR)/include
mkdir -p $(DESTDIR)/$(INCLUDE_DIR)/mbedtls
cp -rp $(INCLUDE_DIR)/mbedtls $(DESTDIR)/$(INCLUDE_DIR)
mkdir -p $(DESTDIR)/lib
cp -RP library/libmbedtls.* $(DESTDIR)/lib
cp -RP library/libmbedx509.* $(DESTDIR)/lib
cp -RP library/libmbedcrypto.* $(DESTDIR)/lib
cp -RP $(LIBRARY_DIR)/libmbedtls.* $(DESTDIR)/lib
cp -RP $(LIBRARY_DIR)/libmbedx509.* $(DESTDIR)/lib
cp -RP $(LIBRARY_DIR)/libmbedcrypto.* $(DESTDIR)/lib
mkdir -p $(DESTDIR)/bin
for p in programs/*/* ; do \
for p in $(PROGRAMS_DIR)/*/* ; do \
if [ -x $$p ] && [ ! -d $$p ] ; \
then \
f=$(PREFIX)`basename $$p` ; \
@ -40,12 +56,12 @@ install: no_test
done
uninstall:
rm -rf $(DESTDIR)/include/mbedtls
rm -rf $(DESTDIR)/$(INCLUDE_DIR)/mbedtls
rm -f $(DESTDIR)/lib/libmbedtls.*
rm -f $(DESTDIR)/lib/libmbedx509.*
rm -f $(DESTDIR)/lib/libmbedcrypto.*
for p in programs/*/* ; do \
for p in $(PROGRAMS_DIR)/*/* ; do \
if [ -x $$p ] && [ ! -d $$p ] ; \
then \
f=$(PREFIX)`basename $$p` ; \
@ -73,24 +89,24 @@ post_build:
ifndef WINDOWS
# If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
-scripts/config.pl get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \
-scripts/config.pl -f $(CONFIG_FILE) get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \
echo '$(CTR_DRBG_128_BIT_KEY_WARNING)'
# If NULL Entropy is configured, display an appropriate warning
-scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \
-scripts/config.pl -f $(CONFIG_FILE) get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \
echo '$(NULL_ENTROPY_WARNING)'
endif
clean:
$(MAKE) -C library clean
$(MAKE) -C programs clean
$(MAKE) -C tests clean
$(MAKE) -C $(LIBRARY_DIR) clean
$(MAKE) -C $(PROGRAMS_DIR) clean
$(MAKE) -C $(TESTS_DIR) clean
ifndef WINDOWS
find . \( -name \*.gcno -o -name \*.gcda -o -name \*.info \) -exec rm {} +
endif
check: lib tests
$(MAKE) -C tests check
$(MAKE) -C $(TESTS_DIR) check
test: check
@ -99,14 +115,14 @@ ifndef WINDOWS
# make CFLAGS='--coverage -g3 -O0'
covtest:
$(MAKE) check
programs/test/selftest
tests/compat.sh
tests/ssl-opt.sh
$(PROGRAMS_DIR)/test/selftest
$(TESTS_DIR)/compat.sh
$(TESTS_DIR)/ssl-opt.sh
lcov:
rm -rf Coverage
lcov --capture --initial --directory library -o files.info
lcov --capture --directory library -o tests.info
lcov --capture --initial --directory $(LIBRARY_DIR) -o files.info
lcov --capture --directory $(LIBRARY_DIR) -o tests.info
lcov --add-tracefile files.info --add-tracefile tests.info -o all.info
lcov --remove all.info -o final.info '*.h'
gendesc tests/Descriptions.txt -o descriptions
@ -122,7 +138,7 @@ apidoc_clean:
endif
## Editor navigation files
C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function)
C_SOURCE_FILES = $(wildcard $(INCLUDE_DIR)/*/*.h $(LIBRARY_DIR)/*.[hc] $(PROGRAMS_DIR)/*/*.[hc] $(TESTS_DIR)/suites/*.function)
tags: $(C_SOURCE_FILES)
ctags -o $@ $(C_SOURCE_FILES)
TAGS: $(C_SOURCE_FILES)

15
library/Makefile
View file

@ -5,7 +5,20 @@ CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement
LDFLAGS ?=
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
# Check test environment. If ../library is available then Mbed TLS is used.
# Otherwise Mbed OS environment is used.
DIR_FOR_MBED_TLS_ENV=../library
ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" ""
# Set include dirs for Mbed TLS test environment
INCLUDE_DIRS=-I../include
else
# Set include dirs for Mbed OS test environment
INCLUDE_DIRS=-I../inc
CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"mbedtls/test_config.h\""
endif
LOCAL_CFLAGS = $(WARNING_CFLAGS) $(INCLUDE_DIRS) -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS =
ifdef DEBUG

23
programs/Makefile
View file

@ -7,17 +7,30 @@ WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement
WARNING_CXXFLAGS ?= -Wall -W
LDFLAGS ?=
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS = -L../library \
# Check test environment. If ../library is available then Mbed TLS is used.
# Otherwise Mbed OS environment is used.
DIR_FOR_MBED_TLS_ENV=../library
ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" ""
LIBRARY_DIR=../library
INCLUDE_DIR=-I../include
else
LIBRARY_DIR=../src
INCLUDE_DIR=-I../inc
CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"mbedtls/test_config.h\""
endif
LOCAL_CFLAGS = $(WARNING_CFLAGS) $(INCLUDE_DIR) -D_FILE_OFFSET_BITS=64
LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) $(INCLUDE_DIR) -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS = -L$(LIBRARY_DIR) \
-lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX)
ifndef SHARED
DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
DEP=$(LIBRARY_DIR)/libmbedcrypto.a $(LIBRARY_DIR)/libmbedx509.a $(LIBRARY_DIR)/libmbedtls.a
else
DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT)
DEP=$(LIBRARY_DIR)/libmbedcrypto.$(DLEXT) $(LIBRARY_DIR)/libmbedx509.$(DLEXT) $(LIBRARY_DIR)/libmbedtls.$(DLEXT)
endif
ifdef DEBUG

23
tests/Makefile
View file

@ -6,8 +6,21 @@ CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wunused
LDFLAGS ?=
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS = -L../library \
# Check test environment. If ../library is available then Mbed TLS is used.
# Otherwise Mbed OS environment is used.
DIR_FOR_MBED_TLS_ENV=../library
ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" ""
LIBRARY_DIR=../library
INCLUDE_DIR=-I../include
else
LIBRARY_DIR=../src
INCLUDE_DIR=-I../inc
CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"mbedtls/test_config.h\""
endif
LOCAL_CFLAGS = $(WARNING_CFLAGS) $(INCLUDE_DIR) -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS = -L$(LIBRARY_DIR) \
-lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX)
@ -18,9 +31,9 @@ LOCAL_LDFLAGS = -L../library \
LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L
ifndef SHARED
DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
DEP=$(LIBRARY_DIR)/libmbedcrypto.a $(LIBRARY_DIR)/libmbedx509.a $(LIBRARY_DIR)/libmbedtls.a
else
DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT)
DEP=$(LIBRARY_DIR)/libmbedcrypto.$(DLEXT) $(LIBRARY_DIR)/libmbedx509.$(DLEXT) $(LIBRARY_DIR)/libmbedtls.$(DLEXT)
endif
ifdef DEBUG
@ -77,7 +90,7 @@ BINARIES := $(addsuffix $(EXEXT),$(APPS))
all: $(BINARIES)
$(DEP):
$(MAKE) -C ../library
$(MAKE) -C $(LIBRARY_DIR) $(INCLUDE_DIR)
C_FILES := $(addsuffix .c,$(APPS))

89
tests/ssl-opt.sh
View file

@ -71,8 +71,6 @@ TESTS=0
FAILS=0
SKIPS=0
CONFIG_H='../include/mbedtls/config.h'
MEMCHECK=0
FILTER='.*'
EXCLUDE='^$'
@ -154,20 +152,6 @@ skip_next_test() {
SKIP_NEXT="YES"
}
# skip next test if the flag is not enabled in config.h
requires_config_enabled() {
if grep "^#define $1" $CONFIG_H > /dev/null; then :; else
SKIP_NEXT="YES"
fi
}
# skip next test if the flag is enabled in config.h
requires_config_disabled() {
if grep "^#define $1" $CONFIG_H > /dev/null; then
SKIP_NEXT="YES"
fi
}
requires_ciphersuite_enabled() {
if [ -z "$($P_CLI --help | grep "$1")" ]; then
SKIP_NEXT="YES"
@ -185,6 +169,19 @@ get_config_value_or_default() {
${P_SRV} "query_config=${1}"
}
# skip next test if the flag is enabled in config.h
requires_config_disabled() {
if get_config_value_or_default $1; then
SKIP_NEXT="YES"
fi
}
requires_config_enabled() {
if ! get_config_value_or_default $1; then
SKIP_NEXT="YES"
fi
}
requires_config_value_at_least() {
VAL="$( get_config_value_or_default "$1" )"
if [ -z "$VAL" ]; then
@ -207,6 +204,17 @@ requires_config_value_at_most() {
fi
}
requires_config_value_exactly() {
VAL=$( get_config_value_or_default "$1" )
if [ -z "$VAL" ]; then
# Should never happen
echo "Mbed TLS configuration $1 is not defined"
exit 1
elif [ "$VAL" -ne "$2" ]; then
SKIP_NEXT="YES"
fi
}
# skip next test if OpenSSL doesn't support FALLBACK_SCSV
requires_openssl_with_fallback_scsv() {
if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
@ -300,9 +308,20 @@ requires_not_i686() {
}
# Calculate the input & output maximum content lengths set in the config
MAX_CONTENT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384")
MAX_IN_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
MAX_OUT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_OUT_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
MAX_CONTENT_LEN="$( get_config_value_or_default MBEDTLS_SSL_MAX_CONTENT_LEN )"
if [ -z "$MAX_CONTENT_LEN" ]; then
MAX_CONTENT_LEN=16384
fi
MAX_IN_LEN="$( get_config_value_or_default MBEDTLS_SSL_IN_CONTENT_LEN )"
if [ -z "$MAX_IN_LEN" ]; then
MAX_IN_LEN=$MAX_CONTENT_LEN
fi
MAX_OUT_LEN="$( get_config_value_or_default MBEDTLS_SSL_OUT_CONTENT_LEN )"
if [ -z "$MAX_OUT_LEN" ]; then
MAX_OUT_LEN=$MAX_CONTENT_LEN
fi
if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
MAX_CONTENT_LEN="$MAX_IN_LEN"
@ -2989,11 +3008,6 @@ run_test "Session resume using cache, DTLS: openssl server" \
# Tests for Max Fragment Length extension
if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then
printf "${CONFIG_H} defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n"
exit 1
fi
if [ $MAX_CONTENT_LEN -ne 16384 ]; then
printf "Using non-default maximum content length $MAX_CONTENT_LEN\n"
fi
@ -3026,6 +3040,7 @@ run_test "Max fragment length: enabled, default, larger message" \
-s "1 bytes read"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096
run_test "Max fragment length, DTLS: enabled, default, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
@ -3043,6 +3058,7 @@ run_test "Max fragment length, DTLS: enabled, default, larger message" \
# content length configuration.)
requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 16384
run_test "Max fragment length: disabled, larger message" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
@ -3054,6 +3070,7 @@ run_test "Max fragment length: disabled, larger message" \
-s "1 bytes read"
requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 16384
run_test "Max fragment length DTLS: disabled, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
@ -3063,6 +3080,7 @@ run_test "Max fragment length DTLS: disabled, larger message" \
-c "fragment larger than.*maximum "
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096
run_test "Max fragment length: used by client" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=4096" \
@ -3075,6 +3093,7 @@ run_test "Max fragment length: used by client" \
-c "found max_fragment_length extension"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096
run_test "Max fragment length: used by server" \
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3" \
@ -3087,6 +3106,7 @@ run_test "Max fragment length: used by server" \
-C "found max_fragment_length extension"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096
requires_gnutls
run_test "Max fragment length: gnutls server" \
"$G_SRV" \
@ -3097,6 +3117,7 @@ run_test "Max fragment length: gnutls server" \
-c "found max_fragment_length extension"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 2048
run_test "Max fragment length: client, message just fits" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
@ -3111,6 +3132,7 @@ run_test "Max fragment length: client, message just fits" \
-s "2048 bytes read"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 2048
run_test "Max fragment length: client, larger message" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
@ -3126,6 +3148,7 @@ run_test "Max fragment length: client, larger message" \
-s "297 bytes read"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 2048
run_test "Max fragment length: DTLS client, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
@ -3951,21 +3974,10 @@ run_test "Authentication: client no cert, ssl3" \
# default value (8)
MAX_IM_CA='8'
MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA)
if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then
printf "The ${CONFIG_H} file contains a value for the configuration of\n"
printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the scripts\n"
printf "test value of ${MAX_IM_CA}. \n"
printf "\n"
printf "The tests assume this value and if it changes, the tests in this\n"
printf "script should also be adjusted.\n"
printf "\n"
exit 1
fi
MAX_IM_CA_CONFIG="$( get_config_value_or_default MBEDTLS_X509_MAX_INTERMEDIATE_CA )"
requires_full_size_output_buffer
requires_config_value_exactly "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8
run_test "Authentication: server max_int chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \
@ -3974,6 +3986,7 @@ run_test "Authentication: server max_int chain, client default" \
-C "X509 - A fatal error occurred"
requires_full_size_output_buffer
requires_config_value_exactly "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8
run_test "Authentication: server max_int+1 chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@ -3982,6 +3995,7 @@ run_test "Authentication: server max_int+1 chain, client default" \
-c "X509 - A fatal error occurred"
requires_full_size_output_buffer
requires_config_value_exactly "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8
run_test "Authentication: server max_int+1 chain, client optional" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@ -3991,6 +4005,7 @@ run_test "Authentication: server max_int+1 chain, client optional" \
-c "X509 - A fatal error occurred"
requires_full_size_output_buffer
requires_config_value_exactly "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8
run_test "Authentication: server max_int+1 chain, client none" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \