From 68a98516f61b2e48ad91cbd74210d9503419d19b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 14:19:09 +0200 Subject: [PATCH 01/22] basic-in-docker: call all.sh for sanity checks Call all.sh for sanity checks, rather than maintain an explicit list. This was done in .travis.yml in 3c7ffd7a4091916db501d41c8e9ce6bc7e2f0586 Travis has diverged from basic-in-docker. This commit updates the description of basic-in-docker to no longer refer to Travis. Alignment with Travis may be desirable but that is beyond the scope of this commit. Signed-off-by: Gilles Peskine --- tests/scripts/basic-in-docker.sh | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/tests/scripts/basic-in-docker.sh b/tests/scripts/basic-in-docker.sh index 37ed5ea50b..83d665598e 100755 --- a/tests/scripts/basic-in-docker.sh +++ b/tests/scripts/basic-in-docker.sh @@ -4,8 +4,10 @@ # # Purpose # ------- -# This runs a rough equivalent of the travis.yml in a Docker container. -# The tests are run for both clang and gcc. +# This runs sanity checks and library tests in a Docker container. The tests +# are run for both clang and gcc. The testing includes a full test run +# in the default configuration, partial test runs in the reference +# configurations, and some dependency tests. # # Notes for users # --------------- @@ -30,12 +32,7 @@ source tests/scripts/docker_env.sh -run_in_docker tests/scripts/recursion.pl library/*.c -run_in_docker tests/scripts/check-generated-files.sh -run_in_docker tests/scripts/check-doxy-blocks.pl -run_in_docker tests/scripts/check-names.sh -run_in_docker tests/scripts/check-files.py -run_in_docker tests/scripts/doxygen.sh +run_in_docker tests/scripts/all.sh 'check_*' for compiler in clang gcc; do run_in_docker -e CC=${compiler} cmake -D CMAKE_BUILD_TYPE:String="Check" . From fb4f933f8e47c86bad133a3a5bb6c492f89267e1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 14:18:34 +0200 Subject: [PATCH 02/22] Rename Python scripts to use '_' and not '-' You can't import a Python script whose name includes '-'. Signed-off-by: Gilles Peskine --- docs/architecture/testing/test-framework.md | 4 ++-- tests/scripts/all.sh | 4 ++-- tests/scripts/{check-files.py => check_files.py} | 0 tests/scripts/{check-test-cases.py => check_test_cases.py} | 0 4 files changed, 4 insertions(+), 4 deletions(-) rename tests/scripts/{check-files.py => check_files.py} (100%) rename tests/scripts/{check-test-cases.py => check_test_cases.py} (100%) diff --git a/docs/architecture/testing/test-framework.md b/docs/architecture/testing/test-framework.md index e0e960f87c..c4178fa170 100644 --- a/docs/architecture/testing/test-framework.md +++ b/docs/architecture/testing/test-framework.md @@ -22,7 +22,7 @@ Each test case has a description which succinctly describes for a human audience * Make the description descriptive. “foo: x=2, y=4” is more descriptive than “foo #2”. “foo: 0 Date: Thu, 25 Jun 2020 16:16:25 +0200 Subject: [PATCH 03/22] check_test_cases: parametrize iteration functions by the action Parametrize the code that iterates over test case descriptions by the function to apply on each description. No behavior change. Signed-off-by: Gilles Peskine --- tests/scripts/check_test_cases.py | 50 ++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 18 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 35a9987497..f25b602c7d 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -76,10 +76,13 @@ def check_description(results, seen, file_name, line_number, description): len(description)) seen[description] = line_number -def check_test_suite(results, data_file_name): - """Check the test cases in the given unit test data file.""" +def walk_test_suite(function, results, descriptions, data_file_name): + """Iterate over the test cases in the given unit test data file. + +Call function(results, descriptions, data_file_name, line_number, description) +on each description. +""" in_paragraph = False - descriptions = {} with open(data_file_name, 'rb') as data_file: for line_number, line in enumerate(data_file, 1): line = line.rstrip(b'\r\n') @@ -90,13 +93,16 @@ def check_test_suite(results, data_file_name): continue if not in_paragraph: # This is a test case description line. - check_description(results, descriptions, - data_file_name, line_number, line) + function(results, descriptions, + data_file_name, line_number, line) in_paragraph = True -def check_ssl_opt_sh(results, file_name): - """Check the test cases in ssl-opt.sh or a file with a similar format.""" - descriptions = {} +def walk_ssl_opt_sh(function, results, descriptions, file_name): + """Iterate over the test cases in ssl-opt.sh or a file with a similar format. + +Call function(results, descriptions, file_name, line_number, description) +on each description. +""" with open(file_name, 'rb') as file_contents: for line_number, line in enumerate(file_contents, 1): # Assume that all run_test calls have the same simple form @@ -106,8 +112,23 @@ def check_ssl_opt_sh(results, file_name): if not m: continue description = m.group(1) - check_description(results, descriptions, - file_name, line_number, description) + function(results, descriptions, + file_name, line_number, description) + +def walk_all(function, results): + """Iterate over all named test cases. + +Call function(results, {}, file_name, line_number, description) +on each description. +""" + test_directories = collect_test_directories() + for directory in test_directories: + for data_file_name in glob.glob(os.path.join(directory, 'suites', + '*.data')): + walk_test_suite(function, results, {}, data_file_name) + ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh') + if os.path.exists(ssl_opt_sh): + walk_ssl_opt_sh(function, results, {}, ssl_opt_sh) def main(): parser = argparse.ArgumentParser(description=__doc__) @@ -118,15 +139,8 @@ def main(): action='store_false', dest='quiet', help='Show warnings (default: on; undoes --quiet)') options = parser.parse_args() - test_directories = collect_test_directories() results = Results(options) - for directory in test_directories: - for data_file_name in glob.glob(os.path.join(directory, 'suites', - '*.data')): - check_test_suite(results, data_file_name) - ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh') - if os.path.exists(ssl_opt_sh): - check_ssl_opt_sh(results, ssl_opt_sh) + walk_all(check_description, results) if (results.warnings or results.errors) and not options.quiet: sys.stderr.write('{}: {} errors, {} warnings\n' .format(sys.argv[0], results.errors, results.warnings)) From 78c45dbb0f74f7cba5e19de9e2f98dcd6ca91d68 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 16:34:11 +0200 Subject: [PATCH 04/22] check_test_cases: move "walk" functions into a class Make the structure more Pythonic: use classes for abstraction and refinement, rather than higher-order functions. Convert walk(function, state, data) into instance.walk(data) where instance has a method that implements function and state is a field of instance. No behavior change. Signed-off-by: Gilles Peskine --- tests/scripts/check_test_cases.py | 132 +++++++++++++++++++----------- 1 file changed, 86 insertions(+), 46 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index f25b602c7d..04ade631a0 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -76,59 +76,98 @@ def check_description(results, seen, file_name, line_number, description): len(description)) seen[description] = line_number -def walk_test_suite(function, results, descriptions, data_file_name): - """Iterate over the test cases in the given unit test data file. +class TestDescriptionExplorer: + """An iterator over test cases with descriptions. -Call function(results, descriptions, data_file_name, line_number, description) -on each description. +The test cases that have descriptions are: +* Individual unit tests (entries in a .data file) in test suites. +* Individual test cases in ssl-opt.sh. + +This is an abstract class. To use it, derive a class that implements +the process_test_case method, and call walk_all(). """ - in_paragraph = False - with open(data_file_name, 'rb') as data_file: - for line_number, line in enumerate(data_file, 1): - line = line.rstrip(b'\r\n') - if not line: - in_paragraph = False - continue - if line.startswith(b'#'): - continue - if not in_paragraph: - # This is a test case description line. - function(results, descriptions, - data_file_name, line_number, line) - in_paragraph = True -def walk_ssl_opt_sh(function, results, descriptions, file_name): - """Iterate over the test cases in ssl-opt.sh or a file with a similar format. + def process_test_case(self, per_file_state, + file_name, line_number, description): + """Process a test case. -Call function(results, descriptions, file_name, line_number, description) -on each description. +per_file_state: a new object returned by per_file_state() for each file. +file_name: a relative path to the file containing the test case. +line_number: the line number in the given file. +description: the test case description as a byte string. """ - with open(file_name, 'rb') as file_contents: - for line_number, line in enumerate(file_contents, 1): - # Assume that all run_test calls have the same simple form - # with the test description entirely on the same line as the - # function name. - m = re.match(br'\s*run_test\s+"((?:[^\\"]|\\.)*)"', line) - if not m: - continue - description = m.group(1) - function(results, descriptions, - file_name, line_number, description) + raise NotImplementedError -def walk_all(function, results): - """Iterate over all named test cases. + def per_file_state(self): + """Return a new per-file state object. -Call function(results, {}, file_name, line_number, description) -on each description. +The default per-file state object is None. Child classes that require per-file +state may override this method. """ - test_directories = collect_test_directories() - for directory in test_directories: - for data_file_name in glob.glob(os.path.join(directory, 'suites', - '*.data')): - walk_test_suite(function, results, {}, data_file_name) - ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh') - if os.path.exists(ssl_opt_sh): - walk_ssl_opt_sh(function, results, {}, ssl_opt_sh) + #pylint: disable=no-self-use + return None + + def walk_test_suite(self, data_file_name): + """Iterate over the test cases in the given unit test data file.""" + in_paragraph = False + descriptions = self.per_file_state() # pylint: disable=assignment-from-none + with open(data_file_name, 'rb') as data_file: + for line_number, line in enumerate(data_file, 1): + line = line.rstrip(b'\r\n') + if not line: + in_paragraph = False + continue + if line.startswith(b'#'): + continue + if not in_paragraph: + # This is a test case description line. + self.process_test_case(descriptions, + data_file_name, line_number, line) + in_paragraph = True + + def walk_ssl_opt_sh(self, file_name): + """Iterate over the test cases in ssl-opt.sh or a file with a similar format.""" + descriptions = self.per_file_state() # pylint: disable=assignment-from-none + with open(file_name, 'rb') as file_contents: + for line_number, line in enumerate(file_contents, 1): + # Assume that all run_test calls have the same simple form + # with the test description entirely on the same line as the + # function name. + m = re.match(br'\s*run_test\s+"((?:[^\\"]|\\.)*)"', line) + if not m: + continue + description = m.group(1) + self.process_test_case(descriptions, + file_name, line_number, description) + + def walk_all(self): + """Iterate over all named test cases.""" + test_directories = collect_test_directories() + for directory in test_directories: + for data_file_name in glob.glob(os.path.join(directory, 'suites', + '*.data')): + self.walk_test_suite(data_file_name) + ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh') + if os.path.exists(ssl_opt_sh): + self.walk_ssl_opt_sh(ssl_opt_sh) + +class DescriptionChecker(TestDescriptionExplorer): + """Check all test case descriptions. + +* Check that each description is valid (length, allowed character set, etc.). +* Check that there is no duplicated description inside of one test suite. +""" + + def __init__(self, results): + self.results = results + + def per_file_state(self): + return {} + + def process_test_case(self, per_file_state, + file_name, line_number, description): + check_description(self.results, per_file_state, + file_name, line_number, description) def main(): parser = argparse.ArgumentParser(description=__doc__) @@ -140,7 +179,8 @@ def main(): help='Show warnings (default: on; undoes --quiet)') options = parser.parse_args() results = Results(options) - walk_all(check_description, results) + checker = DescriptionChecker(results) + checker.walk_all() if (results.warnings or results.errors) and not options.quiet: sys.stderr.write('{}: {} errors, {} warnings\n' .format(sys.argv[0], results.errors, results.warnings)) From 6f6ff3346d971a049def9730c32ee4d7cf93f935 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 16:40:10 +0200 Subject: [PATCH 05/22] check_test_cases: move some functions into the logical class With previous refactorings, some functions are now solely meant to be called from other functions in a particular class. Move them into this class. No behavior change. Signed-off-by: Gilles Peskine --- tests/scripts/check_test_cases.py | 68 +++++++++++++++---------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 04ade631a0..2df4c7a68d 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -45,37 +45,6 @@ class Results: .format(file_name, line_number, *args)) self.warnings += 1 -def collect_test_directories(): - """Get the relative path for the TLS and Crypto test directories.""" - if os.path.isdir('tests'): - tests_dir = 'tests' - elif os.path.isdir('suites'): - tests_dir = '.' - elif os.path.isdir('../suites'): - tests_dir = '..' - directories = [tests_dir] - return directories - -def check_description(results, seen, file_name, line_number, description): - """Check test case descriptions for errors.""" - if description in seen: - results.error(file_name, line_number, - 'Duplicate description (also line {})', - seen[description]) - return - if re.search(br'[\t;]', description): - results.error(file_name, line_number, - 'Forbidden character \'{}\' in description', - re.search(br'[\t;]', description).group(0).decode('ascii')) - if re.search(br'[^ -~]', description): - results.error(file_name, line_number, - 'Non-ASCII character in description') - if len(description) > 66: - results.warning(file_name, line_number, - 'Test description too long ({} > 66)', - len(description)) - seen[description] = line_number - class TestDescriptionExplorer: """An iterator over test cases with descriptions. @@ -140,9 +109,21 @@ state may override this method. self.process_test_case(descriptions, file_name, line_number, description) + @staticmethod + def collect_test_directories(): + """Get the relative path for the TLS and Crypto test directories.""" + if os.path.isdir('tests'): + tests_dir = 'tests' + elif os.path.isdir('suites'): + tests_dir = '.' + elif os.path.isdir('../suites'): + tests_dir = '..' + directories = [tests_dir] + return directories + def walk_all(self): """Iterate over all named test cases.""" - test_directories = collect_test_directories() + test_directories = self.collect_test_directories() for directory in test_directories: for data_file_name in glob.glob(os.path.join(directory, 'suites', '*.data')): @@ -162,12 +143,31 @@ class DescriptionChecker(TestDescriptionExplorer): self.results = results def per_file_state(self): + """Dictionary mapping descriptions to their line number.""" return {} def process_test_case(self, per_file_state, file_name, line_number, description): - check_description(self.results, per_file_state, - file_name, line_number, description) + """Check test case descriptions for errors.""" + results = self.results + seen = per_file_state + if description in seen: + results.error(file_name, line_number, + 'Duplicate description (also line {})', + seen[description]) + return + if re.search(br'[\t;]', description): + results.error(file_name, line_number, + 'Forbidden character \'{}\' in description', + re.search(br'[\t;]', description).group(0).decode('ascii')) + if re.search(br'[^ -~]', description): + results.error(file_name, line_number, + 'Non-ASCII character in description') + if len(description) > 66: + results.warning(file_name, line_number, + 'Test description too long ({} > 66)', + len(description)) + seen[description] = line_number def main(): parser = argparse.ArgumentParser(description=__doc__) From 15c2cbfed51f8d24b1c18a0eff4fa52415374a2f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 18:36:28 +0200 Subject: [PATCH 06/22] New script for test outcome analysis This is a new script designed to analyze test outcomes collected during a whole CI run. This commit introduces the script, the code to read the outcome file, and a very simple framework to report errors. It does not perform any actual analysis yet. Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 93 +++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100755 tests/scripts/analyze_outcomes.py diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py new file mode 100755 index 0000000000..9d011db55c --- /dev/null +++ b/tests/scripts/analyze_outcomes.py @@ -0,0 +1,93 @@ +#!/usr/bin/env python3 + +"""Analyze the test outcomes from a full CI run. + +This script can also run on outcomes from a partial run, but the results are +less likely to be useful. +""" + +import argparse +import sys +import traceback + +class Results: + """Process analysis results.""" + + def __init__(self): + self.error_count = 0 + self.warning_count = 0 + + @staticmethod + def log(fmt, *args, **kwargs): + sys.stderr.write((fmt + '\n').format(*args, **kwargs)) + + def error(self, fmt, *args, **kwargs): + self.log('Error: ' + fmt, *args, **kwargs) + self.error_count += 1 + + def warning(self, fmt, *args, **kwargs): + self.log('Warning: ' + fmt, *args, **kwargs) + self.warning_count += 1 + +class TestCaseOutcomes: + """The outcomes of one test case across many configurations.""" + # pylint: disable=too-few-public-methods + + def __init__(self): + self.successes = [] + self.failures = [] + + def hits(self): + """Return the number of times a test case has been run. + + This includes passes and failures, but not skips. + """ + return len(self.successes) + len(self.failures) + +def analyze_outcomes(outcomes): + """Run all analyses on the given outcome collection.""" + results = Results() + return results + +def read_outcome_file(outcome_file): + """Parse an outcome file and return an outcome collection. + +An outcome collection is a dictionary mapping keys to TestCaseOutcomes objects. +The keys are the test suite name and the test case description, separated +by a semicolon. +""" + outcomes = {} + with open(outcome_file, 'r', encoding='utf-8') as input_file: + for line in input_file: + (platform, config, suite, case, result, _cause) = line.split(';') + key = ';'.join([suite, case]) + setup = ';'.join([platform, config]) + if key not in outcomes: + outcomes[key] = TestCaseOutcomes() + if result == 'PASS': + outcomes[key].successes.append(setup) + elif result == 'FAIL': + outcomes[key].failures.append(setup) + return outcomes + +def analyze_outcome_file(outcome_file): + """Analyze the given outcome file.""" + outcomes = read_outcome_file(outcome_file) + return analyze_outcomes(outcomes) + +def main(): + try: + parser = argparse.ArgumentParser(description=__doc__) + parser.add_argument('outcomes', metavar='OUTCOMES.CSV', + help='Outcome file to analyze') + options = parser.parse_args() + results = analyze_outcome_file(options.outcomes) + if results.error_count > 0: + sys.exit(1) + except Exception: # pylint: disable=broad-except + # Print the backtrace and exit explicitly with our chosen status. + traceback.print_exc() + sys.exit(120) + +if __name__ == '__main__': + main() From 8d3c70a279917c87d46845fb909032ce5351874d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 18:37:43 +0200 Subject: [PATCH 07/22] Check test case coverage Check that every available test case in the test suites and ssl-opt.sh has been executed at least once. For the time being, only report a warning, because our coverage is incomplete. Once we've updated all.sh to have full coverage, this warning should become an error. Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 34 +++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 9d011db55c..96599bd530 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -7,9 +7,12 @@ less likely to be useful. """ import argparse +import re import sys import traceback +import check_test_cases + class Results: """Process analysis results.""" @@ -44,9 +47,40 @@ class TestCaseOutcomes: """ return len(self.successes) + len(self.failures) +class TestDescriptions(check_test_cases.TestDescriptionExplorer): + """Collect the available test cases.""" + + def __init__(self): + super().__init__() + self.descriptions = set() + + def process_test_case(self, _per_file_state, + file_name, _line_number, description): + """Record an available test case.""" + base_name = re.sub(r'\.[^.]*$', '', re.sub(r'.*/', '', file_name)) + key = ';'.join([base_name, description.decode('utf-8')]) + self.descriptions.add(key) + +def collect_available_test_cases(): + """Collect the available test cases.""" + explorer = TestDescriptions() + explorer.walk_all() + return sorted(explorer.descriptions) + +def analyze_coverage(results, outcomes): + """Check that all available test cases are executed at least once.""" + available = collect_available_test_cases() + for key in available: + hits = outcomes[key].hits() if key in outcomes else 0 + if hits == 0: + # Make this a warning, not an error, as long as we haven't + # fixed this branch to have full coverage of test cases. + results.warning('Test case not executed: {}', key) + def analyze_outcomes(outcomes): """Run all analyses on the given outcome collection.""" results = Results() + analyze_coverage(results, outcomes) return results def read_outcome_file(outcome_file): From 3d863f263136525d62d7617f34038139bc87b153 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 13:02:30 +0200 Subject: [PATCH 08/22] Document the fields of TestCasesOutcomes Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 96599bd530..73f16bdb25 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -37,6 +37,10 @@ class TestCaseOutcomes: # pylint: disable=too-few-public-methods def __init__(self): + # Collect a list of witnesses of the test case succeeding or failing. + # Currently we don't do anything with witnesses except count them. + # The format of a witness is determined by the read_outcome_file + # function; it's the platform and configuration joined by ';'. self.successes = [] self.failures = [] From a911b32e2f190ab6842664430f503bf5c20308c4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 22:40:58 +0200 Subject: [PATCH 09/22] Fix dependency in AES GCM test case The test case was never executed. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_cipher.gcm.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_cipher.gcm.data b/tests/suites/test_suite_cipher.gcm.data index 8d728bd067..a4cebd2412 100644 --- a/tests/suites/test_suite_cipher.gcm.data +++ b/tests/suites/test_suite_cipher.gcm.data @@ -3,7 +3,7 @@ depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_128_GCM:0:0 AES GCM Decrypt empty buffer -depends_on:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_GCM_C +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C dec_empty_buf:MBEDTLS_CIPHER_AES_128_GCM:0:0 Aria GCM Decrypt empty buffer From af9dbc9213265477a89bd2c6d44c7bf0423ab9bc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 22:41:40 +0200 Subject: [PATCH 10/22] Fix dependency in PSA test cases The test cases were never executed. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.data | 2 +- tests/suites/test_suite_psa_crypto_metadata.data | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 48bdbed942..2a0573d8bc 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -574,7 +574,7 @@ depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBE raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) PSA key policy algorithm2: CTR, CBC -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC_NOPAD +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC key_policy_alg2:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING PSA key policy algorithm2: ECDH, ECDSA diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index b771e58233..606fb58d28 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -155,7 +155,7 @@ depends_on:MBEDTLS_ARC4_C cipher_algorithm:PSA_ALG_ARC4:ALG_IS_STREAM_CIPHER Cipher: ChaCha20 -depends_on:MBEDTLS_CHACHA_C +depends_on:MBEDTLS_CHACHA20_C cipher_algorithm:PSA_ALG_CHACHA20:ALG_IS_STREAM_CIPHER Cipher: CTR From b20b873bffbbf8aa3ee75a3b79479295252e1a35 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 22:48:06 +0200 Subject: [PATCH 11/22] Remove metadata tests for features that are not implemented The metadata tests depend on the corresponding feature because there is no guarantee that the metadata is correct if the feature is disabled. There are metadata test cases for some algorithms and key types that are declared but not supported. These test cases are present but can never run. It is debatable whether having these test cases is a good thing in case they become runnable in the future, or a bad thing because they're dead code. We're working on detecting test cases that are never executed for accidental reasons (e.g. typo in a dependency or missing configuration on the CI), and having test cases that are deliberately never executed messes this up. So remove these test cases. If we do implement the corresponding feature, it'll be easy to add the corresponding metadata test cases. The features that had metadata tests but no implementations were: * SHA-512/256 and SHA-512/224 (hypothetical dependency: MBEDTLS_SHA512_256) * DSA (hypothetical dependency: MBEDTLS_DSA_C) * SHA-3 and HMAC-SHA-3 (hypothetical dependency: MBEDTLS_SHA3_C) Signed-off-by: Gilles Peskine --- .../test_suite_psa_crypto_metadata.data | 72 ------------------- 1 file changed, 72 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 606fb58d28..96ce3a685c 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -34,30 +34,6 @@ Hash: SHA-2 SHA-512 depends_on:MBEDTLS_SHA512_C hash_algorithm:PSA_ALG_SHA_512:64 -Hash: SHA-2 SHA-512/224 -depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 -hash_algorithm:PSA_ALG_SHA_512_224:28 - -Hash: SHA-2 SHA-512/256 -depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 -hash_algorithm:PSA_ALG_SHA_512_256:32 - -Hash: SHA-3 SHA3-224 -depends_on:MBEDTLS_SHA3_C -hash_algorithm:PSA_ALG_SHA3_224:28 - -Hash: SHA-3 SHA3-256 -depends_on:MBEDTLS_SHA3_C -hash_algorithm:PSA_ALG_SHA3_256:32 - -Hash: SHA-3 SHA3-384 -depends_on:MBEDTLS_SHA3_C -hash_algorithm:PSA_ALG_SHA3_384:48 - -Hash: SHA-3 SHA3-512 -depends_on:MBEDTLS_SHA3_C -hash_algorithm:PSA_ALG_SHA3_512:64 - MAC: HMAC-MD2 depends_on:MBEDTLS_MD2_C hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD2 ):16:64 @@ -94,30 +70,6 @@ MAC: HMAC-SHA-512 depends_on:MBEDTLS_SHA512_C hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512 ):64:128 -MAC: HMAC-SHA-512/224 -depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_224 ):28:128 - -MAC: HMAC-SHA-512/256 -depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_256 ):32:128 - -MAC: HMAC-SHA3-224 -depends_on:MBEDTLS_SHA3_C -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_224 ):28:144 - -MAC: HMAC-SHA3-256 -depends_on:MBEDTLS_SHA3_C -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_256 ):32:136 - -MAC: HMAC-SHA3-384 -depends_on:MBEDTLS_SHA3_C -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_384 ):48:104 - -MAC: HMAC-SHA3-512 -depends_on:MBEDTLS_SHA3_C -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_512 ):64:72 - MAC: CBC_MAC-AES-128 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_C mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128 @@ -206,14 +158,6 @@ Asymmetric signature: RSA PSS SHA-256 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_HASH_AND_SIGN -Asymmetric signature: SHA-256 + randomized DSA SHA-256 using SHA-256 -depends_on:MBEDTLS_DSA_C:MBEDTLS_SHA256_C -asymmetric_signature_algorithm:PSA_ALG_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_RANDOMIZED_DSA | ALG_IS_HASH_AND_SIGN - -Asymmetric signature: SHA-256 + deterministic DSA using SHA-256 [#1] -depends_on:MBEDTLS_DSA_C:MBEDTLS_SHA256_C:MBEDTLS_DSA_DETERMINISTIC -asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_DETERMINISTIC_DSA | ALG_DSA_IS_DETERMINISTIC | ALG_IS_HASH_AND_SIGN - Asymmetric signature: randomized ECDSA (no hashing) depends_on:MBEDTLS_ECDSA_C asymmetric_signature_algorithm:PSA_ALG_ECDSA_ANY:ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN @@ -234,14 +178,6 @@ Asymmetric signature: RSA PSS with wildcard hash depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 asymmetric_signature_wildcard:PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ):ALG_IS_RSA_PSS -Asymmetric signature: randomized DSA with wildcard hash -depends_on:MBEDTLS_DSA_C -asymmetric_signature_wildcard:PSA_ALG_DSA( PSA_ALG_ANY_HASH ):ALG_IS_DSA | ALG_IS_RANDOMIZED_DSA - -Asymmetric signature: deterministic DSA with wildcard hash [#1] -depends_on:MBEDTLS_DSA_C:MBEDTLS_DSA_DETERMINISTIC -asymmetric_signature_wildcard:PSA_ALG_DETERMINISTIC_DSA( PSA_ALG_ANY_HASH ):ALG_IS_DSA | ALG_IS_DETERMINISTIC_DSA | ALG_DSA_IS_DETERMINISTIC - Asymmetric signature: randomized ECDSA with wildcard hash depends_on:MBEDTLS_ECDSA_C asymmetric_signature_wildcard:PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA @@ -343,14 +279,6 @@ Key type: RSA key pair depends_on:MBEDTLS_RSA_C key_type:PSA_KEY_TYPE_RSA_KEY_PAIR:KEY_TYPE_IS_KEY_PAIR | KEY_TYPE_IS_RSA -Key type: DSA public key -depends_on:MBEDTLS_DSA_C -key_type:PSA_KEY_TYPE_DSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_DSA - -Key type: DSA key pair -depends_on:MBEDTLS_DSA_C -key_type:PSA_KEY_TYPE_DSA_KEY_PAIR:KEY_TYPE_IS_KEY_PAIR | KEY_TYPE_IS_DSA - ECC key family: SECP K1 ecc_key_family:PSA_ECC_CURVE_SECP_K1 From 7eefa22fb16f4048c60cb22e556c7567609d8cbf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 22:54:47 +0200 Subject: [PATCH 12/22] Fix copypasta in test case descriptions Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto_metadata.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 96ce3a685c..f8889833b1 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -166,7 +166,7 @@ Asymmetric signature: SHA-256 + randomized ECDSA depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C asymmetric_signature_algorithm:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN -Asymmetric signature: SHA-256 + deterministic DSA using SHA-256 [#2] +Asymmetric signature: SHA-256 + deterministic ECDSA using SHA-256 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC | ALG_IS_HASH_AND_SIGN @@ -182,7 +182,7 @@ Asymmetric signature: randomized ECDSA with wildcard hash depends_on:MBEDTLS_ECDSA_C asymmetric_signature_wildcard:PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA -Asymmetric signature: deterministic DSA with wildcard hash [#2] +Asymmetric signature: deterministic ECDSA with wildcard hash depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC asymmetric_signature_wildcard:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC From 66c3dc44f20a395456ad3f93de55e00873717688 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jun 2020 02:25:17 +0200 Subject: [PATCH 13/22] Include the library directory for the sake of 3rdparty When compiling library files under `3rdparty/`, the directory containing the `.c` file that is being compiled is not the current directory, so headers from the `library/` directory are not found. Fix this by adding `.` to the include path. This was not detected until now because as of this commit, no 3rdparty source file requires a header under `library/`. Signed-off-by: Gilles Peskine --- library/Makefile | 2 +- scripts/generate_visualc_files.pl | 11 ++++++++++- visualc/VS2010/mbedTLS.vcxproj | 8 ++++---- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/library/Makefile b/library/Makefile index dbdd3b679a..801304bbe5 100644 --- a/library/Makefile +++ b/library/Makefile @@ -5,7 +5,7 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra LDFLAGS ?= -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64 +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = ifdef DEBUG diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 8bf8de99e9..a3a2925da0 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -64,6 +64,15 @@ my @include_directories = qw( ); my $include_directories = join(';', map {"../../$_"} @include_directories); +# Directories to add to the include path when building the library, but not +# when building tests or applications. +my @library_include_directories = qw( + library +); +my $library_include_directories = + join(';', map {"../../$_"} (@library_include_directories, + @include_directories)); + my @excluded_files = qw( 3rdparty/everest/library/Hacl_Curve25519.c ); @@ -202,7 +211,7 @@ sub gen_main_file { my $out = slurp_file( $main_tpl ); $out =~ s/SOURCE_ENTRIES\r\n/$source_entries/m; $out =~ s/HEADER_ENTRIES\r\n/$header_entries/m; - $out =~ s/INCLUDE_DIRECTORIES\r\n/$include_directories/g; + $out =~ s/INCLUDE_DIRECTORIES\r\n/$library_include_directories/g; content_to_file( $out, $main_out ); } diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 98b99138f8..4422b7a2dc 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -84,7 +84,7 @@ Disabled _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include +../../library;../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include CompileAsC @@ -98,7 +98,7 @@ Disabled _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include +../../library;../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include CompileAsC @@ -114,7 +114,7 @@ true NDEBUG;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include +../../library;../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Windows @@ -131,7 +131,7 @@ true WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include +../../library;../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Windows From db09ef6d22f3043536910833c43faf425a7e0401 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jun 2020 01:43:33 +0200 Subject: [PATCH 14/22] Include common.h instead of config.h in library source files In library source files, include "common.h", which takes care of including "mbedtls/config.h" (or the alternative MBEDTLS_CONFIG_FILE) and other things that are used throughout the library. FROM=$'#if !defined(MBEDTLS_CONFIG_FILE)\n#include "mbedtls/config.h"\n#else\n#include MBEDTLS_CONFIG_FILE\n#endif' perl -i -0777 -pe 's~\Q$ENV{FROM}~#include "common.h"~' library/*.c 3rdparty/*/library/*.c scripts/data_files/error.fmt scripts/data_files/version_features.fmt Signed-off-by: Gilles Peskine --- 3rdparty/everest/library/Hacl_Curve25519_joined.c | 6 +----- 3rdparty/everest/library/everest.c | 6 +----- 3rdparty/everest/library/x25519.c | 6 +----- library/aes.c | 6 +----- library/aesni.c | 6 +----- library/arc4.c | 6 +----- library/aria.c | 6 +----- library/asn1parse.c | 6 +----- library/asn1write.c | 6 +----- library/base64.c | 6 +----- library/bignum.c | 6 +----- library/blowfish.c | 6 +----- library/camellia.c | 6 +----- library/ccm.c | 6 +----- library/certs.c | 6 +----- library/chacha20.c | 6 +----- library/chachapoly.c | 6 +----- library/cipher.c | 6 +----- library/cipher_wrap.c | 6 +----- library/cmac.c | 6 +----- library/ctr_drbg.c | 6 +----- library/debug.c | 6 +----- library/des.c | 6 +----- library/dhm.c | 6 +----- library/ecdh.c | 6 +----- library/ecdsa.c | 6 +----- library/ecjpake.c | 6 +----- library/ecp.c | 6 +----- library/ecp_curves.c | 6 +----- library/entropy.c | 6 +----- library/entropy_poll.c | 6 +----- library/error.c | 6 +----- library/gcm.c | 6 +----- library/havege.c | 6 +----- library/hkdf.c | 6 +----- library/hmac_drbg.c | 6 +----- library/md.c | 6 +----- library/md2.c | 6 +----- library/md4.c | 6 +----- library/md5.c | 6 +----- library/memory_buffer_alloc.c | 6 +----- library/net_sockets.c | 6 +----- library/nist_kw.c | 6 +----- library/oid.c | 6 +----- library/padlock.c | 6 +----- library/pem.c | 6 +----- library/pk.c | 6 +----- library/pk_wrap.c | 6 +----- library/pkcs12.c | 6 +----- library/pkcs5.c | 6 +----- library/pkparse.c | 6 +----- library/pkwrite.c | 6 +----- library/platform.c | 6 +----- library/platform_util.c | 6 +----- library/poly1305.c | 6 +----- library/psa_crypto.c | 6 +----- library/psa_crypto_se.c | 6 +----- library/psa_crypto_slot_management.c | 6 +----- library/ripemd160.c | 6 +----- library/rsa.c | 6 +----- library/rsa_internal.c | 6 +----- library/sha1.c | 6 +----- library/sha256.c | 6 +----- library/sha512.c | 6 +----- library/ssl_cache.c | 6 +----- library/ssl_ciphersuites.c | 6 +----- library/ssl_cli.c | 6 +----- library/ssl_cookie.c | 6 +----- library/ssl_msg.c | 6 +----- library/ssl_srv.c | 6 +----- library/ssl_ticket.c | 6 +----- library/ssl_tls.c | 6 +----- library/threading.c | 6 +----- library/timing.c | 6 +----- library/version.c | 6 +----- library/version_features.c | 6 +----- library/x509.c | 6 +----- library/x509_create.c | 6 +----- library/x509_crl.c | 6 +----- library/x509_crt.c | 6 +----- library/x509_csr.c | 6 +----- library/x509write_crt.c | 6 +----- library/x509write_csr.c | 6 +----- library/xtea.c | 6 +----- scripts/data_files/error.fmt | 6 +----- scripts/data_files/version_features.fmt | 6 +----- 86 files changed, 86 insertions(+), 430 deletions(-) diff --git a/3rdparty/everest/library/Hacl_Curve25519_joined.c b/3rdparty/everest/library/Hacl_Curve25519_joined.c index 18b32d2008..ee62be1ceb 100644 --- a/3rdparty/everest/library/Hacl_Curve25519_joined.c +++ b/3rdparty/everest/library/Hacl_Curve25519_joined.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) diff --git a/3rdparty/everest/library/everest.c b/3rdparty/everest/library/everest.c index 2e2422f3e6..82c4e03adb 100644 --- a/3rdparty/everest/library/everest.c +++ b/3rdparty/everest/library/everest.c @@ -19,11 +19,7 @@ * This file is part of Mbed TLS (https://tls.mbed.org). */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #include diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c index 990bb4d6d9..9faa9ab7d8 100644 --- a/3rdparty/everest/library/x25519.c +++ b/3rdparty/everest/library/x25519.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) diff --git a/library/aes.c b/library/aes.c index 962b0b92a0..80e8134baf 100644 --- a/library/aes.c +++ b/library/aes.c @@ -25,11 +25,7 @@ * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_AES_C) diff --git a/library/aesni.c b/library/aesni.c index 062708b047..e0d8a69ecb 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -24,11 +24,7 @@ * [CLMUL-WP] http://software.intel.com/en-us/articles/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode/ */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_AESNI_C) diff --git a/library/arc4.c b/library/arc4.c index b8998ac6cd..2109bb2c07 100644 --- a/library/arc4.c +++ b/library/arc4.c @@ -24,11 +24,7 @@ * http://groups.google.com/group/sci.crypt/msg/10a300c9d21afca0 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ARC4_C) diff --git a/library/aria.c b/library/aria.c index aff66d667f..107be27cf3 100644 --- a/library/aria.c +++ b/library/aria.c @@ -25,11 +25,7 @@ * [2] https://tools.ietf.org/html/rfc5794 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ARIA_C) diff --git a/library/asn1parse.c b/library/asn1parse.c index 34c660775d..fe62bc683e 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ASN1_PARSE_C) diff --git a/library/asn1write.c b/library/asn1write.c index 503db930b5..3c411802e6 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ASN1_WRITE_C) diff --git a/library/base64.c b/library/base64.c index f06b57b31f..3921c4611a 100644 --- a/library/base64.c +++ b/library/base64.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_BASE64_C) diff --git a/library/bignum.c b/library/bignum.c index d9ab6f68bb..2ab71ca4e0 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -35,11 +35,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_BIGNUM_C) diff --git a/library/blowfish.c b/library/blowfish.c index cbf9238246..7c9b1a65a5 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -25,11 +25,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_BLOWFISH_C) diff --git a/library/camellia.c b/library/camellia.c index 22262b89a8..764e4f8a8c 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -25,11 +25,7 @@ * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CAMELLIA_C) diff --git a/library/ccm.c b/library/ccm.c index eaef106a11..25a627b0ae 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -28,11 +28,7 @@ * RFC 5116 "An Interface and Algorithms for Authenticated Encryption" */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CCM_C) diff --git a/library/certs.c b/library/certs.c index f152c283a7..fa11d5c953 100644 --- a/library/certs.c +++ b/library/certs.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #include "mbedtls/certs.h" diff --git a/library/chacha20.c b/library/chacha20.c index 343b2167cd..bda39b2ae1 100644 --- a/library/chacha20.c +++ b/library/chacha20.c @@ -23,11 +23,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CHACHA20_C) diff --git a/library/chachapoly.c b/library/chachapoly.c index f0af5ded26..d51227a557 100644 --- a/library/chachapoly.c +++ b/library/chachapoly.c @@ -20,11 +20,7 @@ * * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CHACHAPOLY_C) diff --git a/library/cipher.c b/library/cipher.c index 409c3fe674..acbda26b76 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -23,11 +23,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CIPHER_C) diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index a813426be2..e5ee7ff633 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -23,11 +23,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CIPHER_C) diff --git a/library/cmac.c b/library/cmac.c index 2d23be5ffe..3a48a62043 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -40,11 +40,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CMAC_C) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 8a2920a328..7872e9b2d5 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -24,11 +24,7 @@ * http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CTR_DRBG_C) diff --git a/library/debug.c b/library/debug.c index 2b25e997c5..6fb766b5ff 100644 --- a/library/debug.c +++ b/library/debug.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_DEBUG_C) diff --git a/library/des.c b/library/des.c index 24e517ed91..e135219967 100644 --- a/library/des.c +++ b/library/des.c @@ -25,11 +25,7 @@ * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_DES_C) diff --git a/library/dhm.c b/library/dhm.c index 392ed0c150..387f5beda6 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -27,11 +27,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_DHM_C) diff --git a/library/ecdh.c b/library/ecdh.c index 3cf5333712..987a6ceb3b 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -26,11 +26,7 @@ * RFC 4492 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECDH_C) diff --git a/library/ecdsa.c b/library/ecdsa.c index 5acd2d00e8..3183a902ec 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -25,11 +25,7 @@ * SEC1 http://www.secg.org/index.php?action=secg,docs_secg */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECDSA_C) diff --git a/library/ecjpake.c b/library/ecjpake.c index 79ea3cbec4..a607851686 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -24,11 +24,7 @@ * available to members of the Thread Group http://threadgroup.org/ */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECJPAKE_C) diff --git a/library/ecp.c b/library/ecp.c index 9522edf776..b00816a2f0 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -41,11 +41,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" /** * \brief Function level alternative implementation. diff --git a/library/ecp_curves.c b/library/ecp_curves.c index a24a50c031..92bbb896a5 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECP_C) diff --git a/library/entropy.c b/library/entropy.c index 102f9f1c40..4d4d6cebf5 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ENTROPY_C) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index dc621836e5..62fb4afbf5 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -24,11 +24,7 @@ #define _GNU_SOURCE #endif -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #include diff --git a/library/error.c b/library/error.c index 57171b3115..68e1f171bc 100644 --- a/library/error.c +++ b/library/error.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ERROR_STRERROR_DUMMY) #include diff --git a/library/gcm.c b/library/gcm.c index e34f1dae40..eae9eed773 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -29,11 +29,7 @@ * [MGV] 4.1, pp. 12-13, to enhance speed without using too much memory. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_GCM_C) diff --git a/library/havege.c b/library/havege.c index ca7dd17fbb..75e0e84f7a 100644 --- a/library/havege.c +++ b/library/havege.c @@ -26,11 +26,7 @@ * Contact: seznec(at)irisa_dot_fr - orocheco(at)irisa_dot_fr */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_HAVEGE_C) diff --git a/library/hkdf.c b/library/hkdf.c index 82df597a4c..0e9da59a9a 100644 --- a/library/hkdf.c +++ b/library/hkdf.c @@ -18,11 +18,7 @@ * * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_HKDF_C) diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index f811885c9f..b25b6838fc 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -25,11 +25,7 @@ * References below are based on rev. 1 (January 2012). */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_HMAC_DRBG_C) diff --git a/library/md.c b/library/md.c index 30a580b021..3eb0fe3894 100644 --- a/library/md.c +++ b/library/md.c @@ -23,11 +23,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_MD_C) diff --git a/library/md2.c b/library/md2.c index 82aed8e73c..afc6539e00 100644 --- a/library/md2.c +++ b/library/md2.c @@ -25,11 +25,7 @@ * http://www.ietf.org/rfc/rfc1319.txt */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_MD2_C) diff --git a/library/md4.c b/library/md4.c index 6a658e31d4..beb42c9541 100644 --- a/library/md4.c +++ b/library/md4.c @@ -25,11 +25,7 @@ * http://www.ietf.org/rfc/rfc1320.txt */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_MD4_C) diff --git a/library/md5.c b/library/md5.c index 2306855f46..c7b85d124f 100644 --- a/library/md5.c +++ b/library/md5.c @@ -24,11 +24,7 @@ * http://www.ietf.org/rfc/rfc1321.txt */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_MD5_C) diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 51ea7c41d7..07bcce0dbe 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #include "mbedtls/memory_buffer_alloc.h" diff --git a/library/net_sockets.c b/library/net_sockets.c index b26e858185..3c6d293515 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -25,11 +25,7 @@ #define _POSIX_C_SOURCE 200112L #define _XOPEN_SOURCE 600 /* sockaddr_storage */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_NET_C) diff --git a/library/nist_kw.c b/library/nist_kw.c index 03e807202d..f6ee486e7c 100644 --- a/library/nist_kw.c +++ b/library/nist_kw.c @@ -29,11 +29,7 @@ * the wrapping and unwrapping operation than the definition in NIST SP 800-38F. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_NIST_KW_C) diff --git a/library/oid.c b/library/oid.c index e0c0743696..29ced43d3f 100644 --- a/library/oid.c +++ b/library/oid.c @@ -21,11 +21,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_OID_C) diff --git a/library/padlock.c b/library/padlock.c index b85ff9cd2c..887a386e8c 100644 --- a/library/padlock.c +++ b/library/padlock.c @@ -25,11 +25,7 @@ * programming_guide.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PADLOCK_C) diff --git a/library/pem.c b/library/pem.c index 31f4a9a25e..544f7c41ba 100644 --- a/library/pem.c +++ b/library/pem.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C) diff --git a/library/pk.c b/library/pk.c index b83ba8e71d..5858a4e824 100644 --- a/library/pk.c +++ b/library/pk.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PK_C) #include "mbedtls/pk.h" diff --git a/library/pk_wrap.c b/library/pk_wrap.c index f736431495..46fd02c768 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PK_C) #include "mbedtls/pk_internal.h" diff --git a/library/pkcs12.c b/library/pkcs12.c index 96c64ad63c..b26f5669fc 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -25,11 +25,7 @@ * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1-1.asn */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PKCS12_C) diff --git a/library/pkcs5.c b/library/pkcs5.c index 8832322257..fc52248834 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -29,11 +29,7 @@ * http://tools.ietf.org/html/rfc6070 (Test vectors) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PKCS5_C) diff --git a/library/pkparse.c b/library/pkparse.c index 1cbb8cc339..03d597293c 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PK_PARSE_C) diff --git a/library/pkwrite.c b/library/pkwrite.c index b1b5f4685a..7ec84f3e8d 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PK_WRITE_C) diff --git a/library/platform.c b/library/platform.c index 420d09ea1e..cd0e85bbec 100644 --- a/library/platform.c +++ b/library/platform.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PLATFORM_C) diff --git a/library/platform_util.c b/library/platform_util.c index b1f745097c..f6882e2c02 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -28,11 +28,7 @@ #define _POSIX_C_SOURCE 200112L #endif -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #include "mbedtls/platform_util.h" #include "mbedtls/platform.h" diff --git a/library/poly1305.c b/library/poly1305.c index bc1e8a6496..069b82d95c 100644 --- a/library/poly1305.c +++ b/library/poly1305.c @@ -20,11 +20,7 @@ * * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_POLY1305_C) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8cd80790a4..4c3966ca7a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -20,11 +20,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PSA_CRYPTO_C) diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index 53a2600073..61e6c98d20 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c @@ -20,11 +20,7 @@ * This file is part of Mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PSA_CRYPTO_SE_C) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 801caf0a2f..5ceac846a0 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -20,11 +20,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PSA_CRYPTO_C) diff --git a/library/ripemd160.c b/library/ripemd160.c index a62f4b824e..a2ad32c2f6 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -25,11 +25,7 @@ * http://ehash.iaik.tugraz.at/wiki/RIPEMD-160 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_RIPEMD160_C) diff --git a/library/rsa.c b/library/rsa.c index 6c457468ea..83ed3c9376 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -37,11 +37,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_RSA_C) diff --git a/library/rsa_internal.c b/library/rsa_internal.c index 9a42d47ceb..b4098f4949 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -20,11 +20,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_RSA_C) diff --git a/library/sha1.c b/library/sha1.c index 9233943415..79bac6b244 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -24,11 +24,7 @@ * http://www.itl.nist.gov/fipspubs/fip180-1.htm */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SHA1_C) diff --git a/library/sha256.c b/library/sha256.c index 087a8e349c..d8ddda5be0 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -24,11 +24,7 @@ * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SHA256_C) diff --git a/library/sha512.c b/library/sha512.c index 30dd719540..37fc96d05b 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -24,11 +24,7 @@ * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SHA512_C) diff --git a/library/ssl_cache.c b/library/ssl_cache.c index 62a0a29879..3a2df0cc5b 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -23,11 +23,7 @@ * to store and retrieve the session information. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_CACHE_C) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 5da1294124..726912e4bd 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -21,11 +21,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_TLS_C) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 48ef30de2b..361e6e6d2c 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_CLI_C) diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 323784c264..151f0c50e4 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -23,11 +23,7 @@ * to store and retrieve the session information. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_COOKIE_C) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index ae8d076533..fdffc4defb 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -28,11 +28,7 @@ * http://www.ietf.org/rfc/rfc4346.txt */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_TLS_C) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 9bfda164af..91bd83aa2e 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_SRV_C) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 6b50b55ec3..bfa254607f 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_TICKET_C) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 250ef98355..834c632a1d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -27,11 +27,7 @@ * http://www.ietf.org/rfc/rfc4346.txt */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_TLS_C) diff --git a/library/threading.c b/library/threading.c index 7c90c7c595..cb9026d1f9 100644 --- a/library/threading.c +++ b/library/threading.c @@ -27,11 +27,7 @@ #define _POSIX_C_SOURCE 200112L #endif -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_THREADING_C) diff --git a/library/timing.c b/library/timing.c index 4a654222a3..90cfe88ed8 100644 --- a/library/timing.c +++ b/library/timing.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" diff --git a/library/version.c b/library/version.c index fd96750885..1e17482e0b 100644 --- a/library/version.c +++ b/library/version.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_VERSION_C) diff --git a/library/version_features.c b/library/version_features.c index adc61a1fe0..bc40778378 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_VERSION_C) diff --git a/library/x509.c b/library/x509.c index e969b8da6c..55afbab836 100644 --- a/library/x509.c +++ b/library/x509.c @@ -29,11 +29,7 @@ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_USE_C) diff --git a/library/x509_create.c b/library/x509_create.c index 7df2f0ed56..8d58775358 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CREATE_C) diff --git a/library/x509_crl.c b/library/x509_crl.c index 371c446be5..d89faccad7 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -29,11 +29,7 @@ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CRL_PARSE_C) diff --git a/library/x509_crt.c b/library/x509_crt.c index 04822e8abd..8fd8b865d5 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -31,11 +31,7 @@ * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/library/x509_csr.c b/library/x509_csr.c index 7e2cfba2ae..8385e50c4d 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -29,11 +29,7 @@ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CSR_PARSE_C) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 5947e439de..2baff35e13 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -25,11 +25,7 @@ * - attributes: PKCS#9 v2.0 aka RFC 2985 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CRT_WRITE_C) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 7c5179862c..7dd3d45c79 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -24,11 +24,7 @@ * - attributes: PKCS#9 v2.0 aka RFC 2985 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CSR_WRITE_C) diff --git a/library/xtea.c b/library/xtea.c index a33707bc17..dab6cd3ee6 100644 --- a/library/xtea.c +++ b/library/xtea.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_XTEA_C) diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index f65881bc83..ddd1be7a69 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ERROR_STRERROR_DUMMY) #include diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt index 63ae94cb69..79d220ebc8 100644 --- a/scripts/data_files/version_features.fmt +++ b/scripts/data_files/version_features.fmt @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_VERSION_C) From 0d7216511fe90abaf1c1293f829a45a8c6e0ab72 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 23:35:53 +0200 Subject: [PATCH 15/22] Fix erroneous skip of test cases for disabled ciphersuites Test cases that force a specific ciphersuites are only executed if this ciphersuite is enabled. But there are test cases (for RC4) whose goal is to check that the ciphersuite is not used. These test cases must run even if (or only if) the ciphersuite is disable, so add an exception for these test cases. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 41 ++++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 11 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8d28b63c35..5864a87a78 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -241,6 +241,33 @@ requires_ciphersuite_enabled() { fi } +# maybe_requires_ciphersuite_enabled CMD [RUN_TEST_OPTION...] +# If CMD (call to a TLS client or server program) requires a specific +# ciphersuite, arrange to only run the test case if this ciphersuite is +# enabled. As an exception, do run the test case if it expects a ciphersuite +# mismatch. +maybe_requires_ciphersuite_enabled() { + case "$1" in + *\ force_ciphersuite=*) :;; + *) return;; # No specific required ciphersuite + esac + ciphersuite="${1##*\ force_ciphersuite=}" + ciphersuite="${ciphersuite%%[!-0-9A-Z_a-z]*}" + shift + + case "$*" in + *"-s SSL - The server has no ciphersuites in common"*) + # This test case expects a ciphersuite mismatch, so it doesn't + # require the ciphersuite to be enabled. + ;; + *) + requires_ciphersuite_enabled "$ciphersuite" + ;; + esac + + unset ciphersuite +} + # skip next test if OpenSSL doesn't support FALLBACK_SCSV requires_openssl_with_fallback_scsv() { if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then @@ -658,17 +685,9 @@ run_test() { requires_config_enabled MBEDTLS_FS_IO fi - # Check if server forces ciphersuite - FORCE_CIPHERSUITE=$(echo "$SRV_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p') - if [ ! -z "$FORCE_CIPHERSUITE" ]; then - requires_ciphersuite_enabled $FORCE_CIPHERSUITE - fi - - # Check if client forces ciphersuite - FORCE_CIPHERSUITE=$(echo "$CLI_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p') - if [ ! -z "$FORCE_CIPHERSUITE" ]; then - requires_ciphersuite_enabled $FORCE_CIPHERSUITE - fi + # If the client or serve requires a ciphersuite, check that it's enabled. + maybe_requires_ciphersuite_enabled "$SRV_CMD" "$@" + maybe_requires_ciphersuite_enabled "$CLI_CMD" "$@" # should we skip? if [ "X$SKIP_NEXT" = "XYES" ]; then From 3ca8a9285ee2664ff3a9c9aeffac0e313e362357 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Jul 2020 13:07:37 +0200 Subject: [PATCH 16/22] Factor common library properties All libraries (should) rely on the same directory structure. Instead of repeating the same clauses 6 times (3 libraries times 2 build modes), set the include paths, compile definitions and install instructions with a single piece of code. Include the 3rdparty directory for all libraries, not just crypto. It's currently only needed for crypto, but that's just happenstance. Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 42 +++++++++++++++--------------------------- 1 file changed, 15 insertions(+), 27 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 0a8b87cc7f..75dccdf86f 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -148,10 +148,15 @@ if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY) message(FATAL_ERROR "Need to choose static or shared mbedtls build!") endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY) +set(target_libraries "mbedcrypto" "mbedx509" "mbedtls") + if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) set(mbedtls_static_target "mbedtls_static") set(mbedx509_static_target "mbedx509_static") set(mbedcrypto_static_target "mbedcrypto_static") + set(target_libraries "mbedcrypto" "mbedx509" "mbedtls") + list(APPEND target_libraries + "mbedcrypto_static" "mbedx509_static" "mbedtls_static") elseif(USE_STATIC_MBEDTLS_LIBRARY) set(mbedtls_static_target "mbedtls") set(mbedx509_static_target "mbedx509") @@ -162,58 +167,41 @@ if(USE_STATIC_MBEDTLS_LIBRARY) add_library(${mbedcrypto_static_target} STATIC ${src_crypto}) set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto) target_link_libraries(${mbedcrypto_static_target} ${libs}) - target_include_directories(${mbedcrypto_static_target} - PUBLIC ${MBEDTLS_DIR}/include/ - PUBLIC ${thirdparty_inc_public} - PRIVATE ${thirdparty_inc}) - target_compile_definitions(${mbedcrypto_static_target} - PRIVATE ${thirdparty_def}) add_library(${mbedx509_static_target} STATIC ${src_x509}) set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509) target_link_libraries(${mbedx509_static_target} ${libs} ${mbedcrypto_static_target}) - target_include_directories(${mbedx509_static_target} - PUBLIC ${MBEDTLS_DIR}/include/) add_library(${mbedtls_static_target} STATIC ${src_tls}) set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls) target_link_libraries(${mbedtls_static_target} ${libs} ${mbedx509_static_target}) - target_include_directories(${mbedtls_static_target} - PUBLIC ${MBEDTLS_DIR}/include/) - - install(TARGETS ${mbedtls_static_target} ${mbedx509_static_target} ${mbedcrypto_static_target} - DESTINATION ${LIB_INSTALL_DIR} - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) - add_library(mbedcrypto SHARED ${src_crypto}) set_target_properties(mbedcrypto PROPERTIES VERSION 2.22.0 SOVERSION 4) target_link_libraries(mbedcrypto ${libs}) - target_include_directories(mbedcrypto - PUBLIC ${MBEDTLS_DIR}/include/ - PUBLIC ${thirdparty_inc_public} - PRIVATE ${thirdparty_inc}) - target_compile_definitions(mbedcrypto - PRIVATE ${thirdparty_def}) add_library(mbedx509 SHARED ${src_x509}) set_target_properties(mbedx509 PROPERTIES VERSION 2.22.0 SOVERSION 1) target_link_libraries(mbedx509 ${libs} mbedcrypto) - target_include_directories(mbedx509 - PUBLIC ${MBEDTLS_DIR}/include/) add_library(mbedtls SHARED ${src_tls}) set_target_properties(mbedtls PROPERTIES VERSION 2.22.0 SOVERSION 13) target_link_libraries(mbedtls ${libs} mbedx509) - target_include_directories(mbedtls - PUBLIC ${MBEDTLS_DIR}/include/) +endif(USE_SHARED_MBEDTLS_LIBRARY) - install(TARGETS mbedtls mbedx509 mbedcrypto +foreach(target IN LISTS target_libraries) + target_include_directories(${target} + PUBLIC ${MBEDTLS_DIR}/include/ + PUBLIC ${thirdparty_inc_public} + PRIVATE ${thirdparty_inc}) + target_compile_definitions(${target} + PRIVATE ${thirdparty_def}) + install(TARGETS ${target} DESTINATION ${LIB_INSTALL_DIR} PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) -endif(USE_SHARED_MBEDTLS_LIBRARY) +endforeach(target) add_custom_target(lib DEPENDS mbedcrypto mbedx509 mbedtls) if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) From dedff7a57dc5e34412b6d50f2040c095705ab2b9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Jul 2020 13:13:27 +0200 Subject: [PATCH 17/22] CMake: Include the library directory for the sake of 3rdparty "Include the library directory for the sake of 3rdparty" did the job for Make and Visual Studio. This commit does the job for CMake. Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 75dccdf86f..dc15ad6e07 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -195,6 +195,7 @@ foreach(target IN LISTS target_libraries) target_include_directories(${target} PUBLIC ${MBEDTLS_DIR}/include/ PUBLIC ${thirdparty_inc_public} + PRIVATE ${MBEDTLS_DIR}/library/ PRIVATE ${thirdparty_inc}) target_compile_definitions(${target} PRIVATE ${thirdparty_def}) From 280165c9b39091c7c7ffe031430c7cf93ebc4dec Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Jul 2020 13:19:17 +0200 Subject: [PATCH 18/22] Library files aren't supposed to be executable Signed-off-by: Gilles Peskine --- ChangeLog.d/cmake-install.txt | 3 +++ library/CMakeLists.txt | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/cmake-install.txt diff --git a/ChangeLog.d/cmake-install.txt b/ChangeLog.d/cmake-install.txt new file mode 100644 index 0000000000..1bcec4aa9f --- /dev/null +++ b/ChangeLog.d/cmake-install.txt @@ -0,0 +1,3 @@ +Bugfix + * Library files installed after a CMake build no longer have execute + permission. diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index dc15ad6e07..c551ee5578 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -201,7 +201,7 @@ foreach(target IN LISTS target_libraries) PRIVATE ${thirdparty_def}) install(TARGETS ${target} DESTINATION ${LIB_INSTALL_DIR} - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) endforeach(target) add_custom_target(lib DEPENDS mbedcrypto mbedx509 mbedtls) From 76dd3aa5bb51c11e46003521961a2499a0d7976e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Jul 2020 15:58:37 +0200 Subject: [PATCH 19/22] Add comments explaining include paths Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 5 +++++ library/Makefile | 4 ++++ tests/CMakeLists.txt | 4 ++++ tests/Makefile | 3 +++ 4 files changed, 16 insertions(+) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index c551ee5578..8fd959c1a9 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -192,6 +192,11 @@ if(USE_SHARED_MBEDTLS_LIBRARY) endif(USE_SHARED_MBEDTLS_LIBRARY) foreach(target IN LISTS target_libraries) + # Include public header files from /include and other directories + # declared by /3rdparty/**/CMakeLists.txt. Include private header files + # from /library and others declared by /3rdparty/**/CMakeLists.txt. + # /library needs to be listed explicitly when building .c files outside + # of /library (which currently means: under /3rdparty). target_include_directories(${target} PUBLIC ${MBEDTLS_DIR}/include/ PUBLIC ${thirdparty_inc_public} diff --git a/library/Makefile b/library/Makefile index 801304bbe5..20a5984818 100644 --- a/library/Makefile +++ b/library/Makefile @@ -5,6 +5,10 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra LDFLAGS ?= +# Include ../include for public headers and . for private headers. +# Note that . needs to be included explicitly for the sake of library +# files that are not in the /library directory (which currently means +# under /3rdparty). LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 8a74c6bfbb..cc6866309f 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -48,6 +48,10 @@ function(add_test_suite suite_name) add_executable(test_suite_${data_name} test_suite_${data_name}.c $) target_link_libraries(test_suite_${data_name} ${libs}) + # Include test-specific header files from ./include and private header + # files (used by some invasive tests) from ../library. Public header + # files are automatically included because the library targets declare + # them as PUBLIC. target_include_directories(test_suite_${data_name} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library) diff --git a/tests/Makefile b/tests/Makefile index 80c84fa195..ffa4812bdc 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -6,6 +6,9 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra LDFLAGS ?= +# Include public header files from ../include, test-specific header files +# from ./include, and private header files (used by some invasive tests) +# from ../library. LOCAL_CFLAGS = $(WARNING_CFLAGS) -I./include -I../include -I../library -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = -L../library \ -lmbedtls$(SHARED_SUFFIX) \ From e1c43629666f40218562ed819ac4ebf850481fd2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Jul 2020 17:50:20 +0200 Subject: [PATCH 20/22] Remove redundant assignment Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 8fd959c1a9..3e0a5f258f 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -154,7 +154,6 @@ if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) set(mbedtls_static_target "mbedtls_static") set(mbedx509_static_target "mbedx509_static") set(mbedcrypto_static_target "mbedcrypto_static") - set(target_libraries "mbedcrypto" "mbedx509" "mbedtls") list(APPEND target_libraries "mbedcrypto_static" "mbedx509_static" "mbedtls_static") elseif(USE_STATIC_MBEDTLS_LIBRARY) From bbb36649578ff4a5c020db44b0127dd8ca093149 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Jul 2020 00:30:12 +0200 Subject: [PATCH 21/22] Documentation improvements Signed-off-by: Gilles Peskine --- tests/scripts/check_test_cases.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 2df4c7a68d..3360d2817e 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -1,6 +1,9 @@ #!/usr/bin/env python3 """Sanity checks for test data. + +This program contains a class for traversing test cases that can be used +independently of the checks. """ # Copyright (C) 2019, Arm Limited, All Rights Reserved @@ -60,14 +63,15 @@ the process_test_case method, and call walk_all(). file_name, line_number, description): """Process a test case. -per_file_state: a new object returned by per_file_state() for each file. +per_file_state: an object created by new_per_file_state() at the beginning + of each file. file_name: a relative path to the file containing the test case. line_number: the line number in the given file. description: the test case description as a byte string. """ raise NotImplementedError - def per_file_state(self): + def new_per_file_state(self): """Return a new per-file state object. The default per-file state object is None. Child classes that require per-file @@ -79,7 +83,7 @@ state may override this method. def walk_test_suite(self, data_file_name): """Iterate over the test cases in the given unit test data file.""" in_paragraph = False - descriptions = self.per_file_state() # pylint: disable=assignment-from-none + descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none with open(data_file_name, 'rb') as data_file: for line_number, line in enumerate(data_file, 1): line = line.rstrip(b'\r\n') @@ -96,7 +100,7 @@ state may override this method. def walk_ssl_opt_sh(self, file_name): """Iterate over the test cases in ssl-opt.sh or a file with a similar format.""" - descriptions = self.per_file_state() # pylint: disable=assignment-from-none + descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none with open(file_name, 'rb') as file_contents: for line_number, line in enumerate(file_contents, 1): # Assume that all run_test calls have the same simple form @@ -142,7 +146,7 @@ class DescriptionChecker(TestDescriptionExplorer): def __init__(self, results): self.results = results - def per_file_state(self): + def new_per_file_state(self): """Dictionary mapping descriptions to their line number.""" return {} From 0cd8e0f6a70fd17a3565ce41620355244a8f7344 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?okhowang=28=E7=8E=8B=E6=B2=9B=E6=96=87=29?= Date: Fri, 3 Jul 2020 11:41:38 +0800 Subject: [PATCH 22/22] Only pass -Wformat-signedness to versions of GCC that support it. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #3478 Signed-off-by: okhowang(王沛文) --- CMakeLists.txt | 5 ++++- ChangeLog.d/format-signedness.txt | 3 +++ 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/format-signedness.txt diff --git a/CMakeLists.txt b/CMakeLists.txt index f7e2ed08bf..f8df14007a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -165,7 +165,10 @@ if(CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op") endif() if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow -Wformat-signedness") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow") + endif() + if (GCC_VERSION VERSION_GREATER 5.0) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness") endif() set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") diff --git a/ChangeLog.d/format-signedness.txt b/ChangeLog.d/format-signedness.txt new file mode 100644 index 0000000000..ee1ee4bb32 --- /dev/null +++ b/ChangeLog.d/format-signedness.txt @@ -0,0 +1,3 @@ +Changes + * Only pass -Wformat-signedness to versions of GCC that support it. Reported + in #3478 and fix contributed in #3479 by okhowang.