From 6663e9c18f07bca74208b958846ee1b17b0fb6bd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Jan 2018 14:04:05 +0100 Subject: [PATCH 01/11] Generate tags for Vi, for Emacs and with Global --- .gitignore | 8 ++++++++ .globalrc | 3 +++ Makefile | 9 +++++++++ 3 files changed, 20 insertions(+) create mode 100644 .globalrc diff --git a/.gitignore b/.gitignore index f40064d5b..a662dedcd 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,11 @@ massif-* # CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those: *.dir/ + +# Editor navigation files: +/GPATH +/GRTAGS +/GSYMS +/GTAGS +/TAGS +/tags diff --git a/.globalrc b/.globalrc new file mode 100644 index 000000000..01b2ea5a3 --- /dev/null +++ b/.globalrc @@ -0,0 +1,3 @@ +default:\ + :langmap=c\:.c.h.function:\ + diff --git a/Makefile b/Makefile index f4c0a0021..1ae6bd991 100644 --- a/Makefile +++ b/Makefile @@ -120,3 +120,12 @@ apidoc: apidoc_clean: rm -rf apidoc endif + +## Editor navigation files +C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function) +tags: $(C_SOURCE_FILES) + ctags -o $@ $(C_SOURCE_FILES) +TAGS: $(C_SOURCE_FILES) + etags -o $@ $(C_SOURCE_FILES) +GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES) + ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc From f91c5a8535d7431275df03010fb6aac10296a201 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 25 Feb 2019 22:49:09 +0100 Subject: [PATCH 02/11] Improve .gitignore grouping and documentation --- .gitignore | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index a662dedcd..e13514319 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,17 @@ +# CMake build artifacts: CMakeCache.txt CMakeFiles CTestTestfile.cmake cmake_install.cmake Testing +# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those: +*.dir/ +# MSVC files generated by CMake: +/*.sln +/*.vcxproj +/*.filters + +# Test coverage build artifacts: Coverage *.gcno *.gcda @@ -10,11 +19,6 @@ Coverage # generated by scripts/memory.sh massif-* -# MSVC files generated by CMake: -/*.sln -/*.vcxproj -/*.filters - # MSVC build artifacts: *.exe *.pdb @@ -24,8 +28,6 @@ massif-* # Python build artifacts: *.pyc -# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those: -*.dir/ # Editor navigation files: /GPATH From d2d7b5cf118f5fc588922e74980ca2ab0304a4dd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 25 Feb 2019 22:49:33 +0100 Subject: [PATCH 03/11] Ignore more generated files: seedfile, apidoc --- .gitignore | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.gitignore b/.gitignore index e13514319..789f57ee0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ +# Random seed file created by test scripts and sample programs +seedfile + # CMake build artifacts: CMakeCache.txt CMakeFiles @@ -28,6 +31,8 @@ massif-* # Python build artifacts: *.pyc +# Generated documentation: +/apidoc # Editor navigation files: /GPATH From d707783cf34fc2a430c69bc3df5d1a7723f5768b Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Mon, 29 Apr 2019 11:15:43 +0200 Subject: [PATCH 04/11] Reword ssl_conf_max_frag_len documentation for clarity --- include/mbedtls/ssl.h | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8106bb4ab..d31f6cdd5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2532,22 +2532,28 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) /** - * \brief Set the maximum fragment length to emit and/or negotiate - * (Default: the smaller of MBEDTLS_SSL_IN_CONTENT_LEN and - * MBEDTLS_SSL_OUT_CONTENT_LEN, usually 2^14 bytes) + * \brief Set the maximum fragment length to emit and/or negotiate. + * (Typical: the smaller of #MBEDTLS_SSL_IN_CONTENT_LEN and + * #MBEDTLS_SSL_OUT_CONTENT_LEN, usually `2^14` bytes) * (Server: set maximum fragment length to emit, - * usually negotiated by the client during handshake + * usually negotiated by the client during handshake) * (Client: set maximum fragment length to emit *and* * negotiate with the server during handshake) + * (Default: #MBEDTLS_SSL_MAX_FRAG_LEN_NONE) * - * \note With TLS, this currently only affects ApplicationData (sent - * with \c mbedtls_ssl_read()), not handshake messages. - * With DTLS, this affects both ApplicationData and handshake. + * \note On the client side, the maximum fragment length extension + * *will not* be used, unless the maximum fragment length has + * been set via this function to a value different than + * #MBEDTLS_SSL_MAX_FRAG_LEN_NONE. * * \note This sets the maximum length for a record's payload, * excluding record overhead that will be added to it, see * \c mbedtls_ssl_get_record_expansion(). * + * \note With TLS, this currently only affects ApplicationData (sent + * with \c mbedtls_ssl_read()), not handshake messages. + * With DTLS, this affects both ApplicationData and handshake. + * * \note For DTLS, it is also possible to set a limit for the total * size of daragrams passed to the transport layer, including * record overhead, see \c mbedtls_ssl_set_mtu(). From b5f9a198da3ba885b1adac6854233f241fb62e8b Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Mon, 29 Apr 2019 13:00:05 +0200 Subject: [PATCH 05/11] Update change log --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 978b8b5cd..405985817 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,8 @@ Changes Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309. * Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh. Contributed by Peter Kolbus (Garmin). + * Change wording in the `mbedtls_ssl_conf_max_frag_len()`'s documentation to + improve clarity. Fixes #2258. = mbed TLS 2.16.1 branch released 2019-03-19 From fbf3c8ac23ef8b23d88775e226cb5b7030b5df53 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Thu, 9 May 2019 13:03:05 +0100 Subject: [PATCH 06/11] Only use submodule if present Enabling the USE_CRYPTO_SUBMODULE option causes problems if the crypto submodule isn't present. For example, when building mbed-crypto as a submodule, it should use error.c from the parent project if USE_CRYPTO_SUBMODULE is set. However if the parent project isn't present, then the build will fail. Only enable it if the submodule actually exists. --- scripts/abi_check.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index f837f7a79..30c3fe517 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -148,7 +148,8 @@ class AbiChecker(object): my_environment = os.environ.copy() my_environment["CFLAGS"] = "-g -Og" my_environment["SHARED"] = "1" - my_environment["USE_CRYPTO_SUBMODULE"] = "1" + if os.path.exists(os.path.join(git_worktree_path, "crypto")): + my_environment["USE_CRYPTO_SUBMODULE"] = "1" make_output = subprocess.check_output( [self.make_command, "lib"], env=my_environment, From 5e525fb6e55d330c87327467f0a8092e7af1ec76 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 15 May 2019 17:29:15 +0200 Subject: [PATCH 07/11] Print a command trace if the check-names.sh exits unexpectedly We've observed that sometimes check-names.sh exits unexpectedly with status 2 and no error message. The failure is not reproducible. This commits makes the script print a trace if it exits unexpectedly. --- tests/scripts/check-names.sh | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index f18a162cc..82ec54a29 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -16,12 +16,22 @@ if grep --version|head -n1|grep GNU >/dev/null; then :; else exit 1 fi +trace= +if [ $# -ne 0 ] && [ "$1" = "-v" ]; then + shift + trace='-x' + exec 2>check-names.err + trap 'echo "FAILED UNEXPECTEDLY, status=$?"; + cat check-names.err' EXIT + set -x +fi + printf "Analysing source code...\n" -tests/scripts/list-macros.sh +sh $trace tests/scripts/list-macros.sh tests/scripts/list-enum-consts.pl -tests/scripts/list-identifiers.sh -tests/scripts/list-symbols.sh +sh $trace tests/scripts/list-identifiers.sh +sh $trace tests/scripts/list-symbols.sh FAIL=0 @@ -82,6 +92,12 @@ else FAIL=1 fi +if [ -n "$trace" ]; then + set +x + trap - EXIT + rm check-names.err +fi + printf "\nOverall: " if [ "$FAIL" -eq 0 ]; then rm macros actual-macros enum-consts identifiers exported-symbols From 473f2d4ec28c17d8887fb7d16502e099a1b76bae Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 15 May 2019 17:52:22 +0200 Subject: [PATCH 08/11] all.sh: invoke check-names.sh in print-trace-on-exit mode --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 44df16249..936c665a1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -576,7 +576,7 @@ component_check_files () { component_check_names () { msg "test/build: declared and exported names" # < 3s - record_status tests/scripts/check-names.sh + record_status tests/scripts/check-names.sh -v } component_check_doxygen_warnings () { From 902a1f3f7f626fdc3af1a498364931538ff0da83 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 May 2019 18:22:45 +0200 Subject: [PATCH 09/11] Document "check-names.sh -v" --- tests/scripts/check-names.sh | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index 82ec54a29..90ecfd272 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -2,15 +2,21 @@ # # This file is part of mbed TLS (https://tls.mbed.org) # -# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved -# -# Purpose -# -# This script confirms that the naming of all symbols and identifiers in mbed -# TLS are consistent with the house style and are also self-consistent. -# +# Copyright (c) 2015-2019, ARM Limited, All Rights Reserved + set -eu +if [ $# -ne 0 ] && [ "$1" = "--help" ]; then + cat </dev/null; then :; else echo "This script requires GNU grep.">&2 exit 1 From 39d7c58db5542e532d8b699b0093f41b6d7cf82d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 May 2019 18:22:58 +0200 Subject: [PATCH 10/11] list-symbols.sh: if the build fails, print the build transcript If "make clean lib" fails in list-symbols.sh, print the transcript from running make. --- tests/scripts/list-symbols.sh | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh index c25871942..ffdce8f35 100755 --- a/tests/scripts/list-symbols.sh +++ b/tests/scripts/list-symbols.sh @@ -14,8 +14,20 @@ fi cp include/mbedtls/config.h include/mbedtls/config.h.bak scripts/config.pl full -CFLAGS=-fno-asynchronous-unwind-tables make clean lib >/dev/null 2>&1 +make_ret= +CFLAGS=-fno-asynchronous-unwind-tables make clean lib \ + >list-symbols.make.log 2>&1 || + { + make_ret=$? + echo "Build failure: CFLAGS=-fno-asynchronous-unwind-tables make clean lib" + cat list-symbols.make.log >&2 + } +rm list-symbols.make.log mv include/mbedtls/config.h.bak include/mbedtls/config.h +if [ -n "$make_ret" ]; then + exit "$make_ret" +fi + if uname | grep -F Darwin >/dev/null; then nm -gUj library/libmbed*.a 2>/dev/null | sed -n -e 's/^_//p' elif uname | grep -F Linux >/dev/null; then From ada38317dd52e729ede27e1231b12f5119701bbd Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 31 May 2019 12:26:42 +0100 Subject: [PATCH 11/11] test: Always use `make clean` by itself When running make with parallelization, running both "clean" and "lib" with a single make invocation can lead to each target building in parallel. It's bad if lib is partially done building something, and then clean deletes what was built. This can lead to errors later on in the lib target. $ make -j9 clean lib CC aes.c CC aesni.c CC arc4.c CC aria.c CC asn1parse.c CC ./library/error.c CC ./library/version.c CC ./library/version_features.c AR libmbedcrypto.a ar: aes.o: No such file or directory Makefile:120: recipe for target 'libmbedcrypto.a' failed make[2]: *** [libmbedcrypto.a] Error 1 Makefile:152: recipe for target 'libmbedcrypto.a' failed make[1]: *** [libmbedcrypto.a] Error 2 Makefile:19: recipe for target 'lib' failed make: *** [lib] Error 2 make: *** Waiting for unfinished jobs.... To avoid this sort of trouble, always invoke clean by itself without other targets throughout the library. Don't run clean in parallel with other rules. The only place where clean was run in parallel with other targets was in list-symbols.sh. --- tests/scripts/list-symbols.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh index ffdce8f35..930722c1b 100755 --- a/tests/scripts/list-symbols.sh +++ b/tests/scripts/list-symbols.sh @@ -14,12 +14,13 @@ fi cp include/mbedtls/config.h include/mbedtls/config.h.bak scripts/config.pl full +make clean make_ret= -CFLAGS=-fno-asynchronous-unwind-tables make clean lib \ +CFLAGS=-fno-asynchronous-unwind-tables make lib \ >list-symbols.make.log 2>&1 || { make_ret=$? - echo "Build failure: CFLAGS=-fno-asynchronous-unwind-tables make clean lib" + echo "Build failure: CFLAGS=-fno-asynchronous-unwind-tables make lib" cat list-symbols.make.log >&2 } rm list-symbols.make.log