From 68a98516f61b2e48ad91cbd74210d9503419d19b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 14:19:09 +0200 Subject: [PATCH 01/22] basic-in-docker: call all.sh for sanity checks Call all.sh for sanity checks, rather than maintain an explicit list. This was done in .travis.yml in 3c7ffd7a4091916db501d41c8e9ce6bc7e2f0586 Travis has diverged from basic-in-docker. This commit updates the description of basic-in-docker to no longer refer to Travis. Alignment with Travis may be desirable but that is beyond the scope of this commit. Signed-off-by: Gilles Peskine --- tests/scripts/basic-in-docker.sh | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/tests/scripts/basic-in-docker.sh b/tests/scripts/basic-in-docker.sh index 37ed5ea50..83d665598 100755 --- a/tests/scripts/basic-in-docker.sh +++ b/tests/scripts/basic-in-docker.sh @@ -4,8 +4,10 @@ # # Purpose # ------- -# This runs a rough equivalent of the travis.yml in a Docker container. -# The tests are run for both clang and gcc. +# This runs sanity checks and library tests in a Docker container. The tests +# are run for both clang and gcc. The testing includes a full test run +# in the default configuration, partial test runs in the reference +# configurations, and some dependency tests. # # Notes for users # --------------- @@ -30,12 +32,7 @@ source tests/scripts/docker_env.sh -run_in_docker tests/scripts/recursion.pl library/*.c -run_in_docker tests/scripts/check-generated-files.sh -run_in_docker tests/scripts/check-doxy-blocks.pl -run_in_docker tests/scripts/check-names.sh -run_in_docker tests/scripts/check-files.py -run_in_docker tests/scripts/doxygen.sh +run_in_docker tests/scripts/all.sh 'check_*' for compiler in clang gcc; do run_in_docker -e CC=${compiler} cmake -D CMAKE_BUILD_TYPE:String="Check" . From fb4f933f8e47c86bad133a3a5bb6c492f89267e1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 14:18:34 +0200 Subject: [PATCH 02/22] Rename Python scripts to use '_' and not '-' You can't import a Python script whose name includes '-'. Signed-off-by: Gilles Peskine --- docs/architecture/testing/test-framework.md | 4 ++-- tests/scripts/all.sh | 4 ++-- tests/scripts/{check-files.py => check_files.py} | 0 tests/scripts/{check-test-cases.py => check_test_cases.py} | 0 4 files changed, 4 insertions(+), 4 deletions(-) rename tests/scripts/{check-files.py => check_files.py} (100%) rename tests/scripts/{check-test-cases.py => check_test_cases.py} (100%) diff --git a/docs/architecture/testing/test-framework.md b/docs/architecture/testing/test-framework.md index e0e960f87..c4178fa17 100644 --- a/docs/architecture/testing/test-framework.md +++ b/docs/architecture/testing/test-framework.md @@ -22,7 +22,7 @@ Each test case has a description which succinctly describes for a human audience * Make the description descriptive. “foo: x=2, y=4” is more descriptive than “foo #2”. “foo: 0 Date: Thu, 25 Jun 2020 16:16:25 +0200 Subject: [PATCH 03/22] check_test_cases: parametrize iteration functions by the action Parametrize the code that iterates over test case descriptions by the function to apply on each description. No behavior change. Signed-off-by: Gilles Peskine --- tests/scripts/check_test_cases.py | 50 ++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 18 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 35a998749..f25b602c7 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -76,10 +76,13 @@ def check_description(results, seen, file_name, line_number, description): len(description)) seen[description] = line_number -def check_test_suite(results, data_file_name): - """Check the test cases in the given unit test data file.""" +def walk_test_suite(function, results, descriptions, data_file_name): + """Iterate over the test cases in the given unit test data file. + +Call function(results, descriptions, data_file_name, line_number, description) +on each description. +""" in_paragraph = False - descriptions = {} with open(data_file_name, 'rb') as data_file: for line_number, line in enumerate(data_file, 1): line = line.rstrip(b'\r\n') @@ -90,13 +93,16 @@ def check_test_suite(results, data_file_name): continue if not in_paragraph: # This is a test case description line. - check_description(results, descriptions, - data_file_name, line_number, line) + function(results, descriptions, + data_file_name, line_number, line) in_paragraph = True -def check_ssl_opt_sh(results, file_name): - """Check the test cases in ssl-opt.sh or a file with a similar format.""" - descriptions = {} +def walk_ssl_opt_sh(function, results, descriptions, file_name): + """Iterate over the test cases in ssl-opt.sh or a file with a similar format. + +Call function(results, descriptions, file_name, line_number, description) +on each description. +""" with open(file_name, 'rb') as file_contents: for line_number, line in enumerate(file_contents, 1): # Assume that all run_test calls have the same simple form @@ -106,8 +112,23 @@ def check_ssl_opt_sh(results, file_name): if not m: continue description = m.group(1) - check_description(results, descriptions, - file_name, line_number, description) + function(results, descriptions, + file_name, line_number, description) + +def walk_all(function, results): + """Iterate over all named test cases. + +Call function(results, {}, file_name, line_number, description) +on each description. +""" + test_directories = collect_test_directories() + for directory in test_directories: + for data_file_name in glob.glob(os.path.join(directory, 'suites', + '*.data')): + walk_test_suite(function, results, {}, data_file_name) + ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh') + if os.path.exists(ssl_opt_sh): + walk_ssl_opt_sh(function, results, {}, ssl_opt_sh) def main(): parser = argparse.ArgumentParser(description=__doc__) @@ -118,15 +139,8 @@ def main(): action='store_false', dest='quiet', help='Show warnings (default: on; undoes --quiet)') options = parser.parse_args() - test_directories = collect_test_directories() results = Results(options) - for directory in test_directories: - for data_file_name in glob.glob(os.path.join(directory, 'suites', - '*.data')): - check_test_suite(results, data_file_name) - ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh') - if os.path.exists(ssl_opt_sh): - check_ssl_opt_sh(results, ssl_opt_sh) + walk_all(check_description, results) if (results.warnings or results.errors) and not options.quiet: sys.stderr.write('{}: {} errors, {} warnings\n' .format(sys.argv[0], results.errors, results.warnings)) From 78c45dbb0f74f7cba5e19de9e2f98dcd6ca91d68 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 16:34:11 +0200 Subject: [PATCH 04/22] check_test_cases: move "walk" functions into a class Make the structure more Pythonic: use classes for abstraction and refinement, rather than higher-order functions. Convert walk(function, state, data) into instance.walk(data) where instance has a method that implements function and state is a field of instance. No behavior change. Signed-off-by: Gilles Peskine --- tests/scripts/check_test_cases.py | 132 +++++++++++++++++++----------- 1 file changed, 86 insertions(+), 46 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index f25b602c7..04ade631a 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -76,59 +76,98 @@ def check_description(results, seen, file_name, line_number, description): len(description)) seen[description] = line_number -def walk_test_suite(function, results, descriptions, data_file_name): - """Iterate over the test cases in the given unit test data file. +class TestDescriptionExplorer: + """An iterator over test cases with descriptions. -Call function(results, descriptions, data_file_name, line_number, description) -on each description. +The test cases that have descriptions are: +* Individual unit tests (entries in a .data file) in test suites. +* Individual test cases in ssl-opt.sh. + +This is an abstract class. To use it, derive a class that implements +the process_test_case method, and call walk_all(). """ - in_paragraph = False - with open(data_file_name, 'rb') as data_file: - for line_number, line in enumerate(data_file, 1): - line = line.rstrip(b'\r\n') - if not line: - in_paragraph = False - continue - if line.startswith(b'#'): - continue - if not in_paragraph: - # This is a test case description line. - function(results, descriptions, - data_file_name, line_number, line) - in_paragraph = True -def walk_ssl_opt_sh(function, results, descriptions, file_name): - """Iterate over the test cases in ssl-opt.sh or a file with a similar format. + def process_test_case(self, per_file_state, + file_name, line_number, description): + """Process a test case. -Call function(results, descriptions, file_name, line_number, description) -on each description. +per_file_state: a new object returned by per_file_state() for each file. +file_name: a relative path to the file containing the test case. +line_number: the line number in the given file. +description: the test case description as a byte string. """ - with open(file_name, 'rb') as file_contents: - for line_number, line in enumerate(file_contents, 1): - # Assume that all run_test calls have the same simple form - # with the test description entirely on the same line as the - # function name. - m = re.match(br'\s*run_test\s+"((?:[^\\"]|\\.)*)"', line) - if not m: - continue - description = m.group(1) - function(results, descriptions, - file_name, line_number, description) + raise NotImplementedError -def walk_all(function, results): - """Iterate over all named test cases. + def per_file_state(self): + """Return a new per-file state object. -Call function(results, {}, file_name, line_number, description) -on each description. +The default per-file state object is None. Child classes that require per-file +state may override this method. """ - test_directories = collect_test_directories() - for directory in test_directories: - for data_file_name in glob.glob(os.path.join(directory, 'suites', - '*.data')): - walk_test_suite(function, results, {}, data_file_name) - ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh') - if os.path.exists(ssl_opt_sh): - walk_ssl_opt_sh(function, results, {}, ssl_opt_sh) + #pylint: disable=no-self-use + return None + + def walk_test_suite(self, data_file_name): + """Iterate over the test cases in the given unit test data file.""" + in_paragraph = False + descriptions = self.per_file_state() # pylint: disable=assignment-from-none + with open(data_file_name, 'rb') as data_file: + for line_number, line in enumerate(data_file, 1): + line = line.rstrip(b'\r\n') + if not line: + in_paragraph = False + continue + if line.startswith(b'#'): + continue + if not in_paragraph: + # This is a test case description line. + self.process_test_case(descriptions, + data_file_name, line_number, line) + in_paragraph = True + + def walk_ssl_opt_sh(self, file_name): + """Iterate over the test cases in ssl-opt.sh or a file with a similar format.""" + descriptions = self.per_file_state() # pylint: disable=assignment-from-none + with open(file_name, 'rb') as file_contents: + for line_number, line in enumerate(file_contents, 1): + # Assume that all run_test calls have the same simple form + # with the test description entirely on the same line as the + # function name. + m = re.match(br'\s*run_test\s+"((?:[^\\"]|\\.)*)"', line) + if not m: + continue + description = m.group(1) + self.process_test_case(descriptions, + file_name, line_number, description) + + def walk_all(self): + """Iterate over all named test cases.""" + test_directories = collect_test_directories() + for directory in test_directories: + for data_file_name in glob.glob(os.path.join(directory, 'suites', + '*.data')): + self.walk_test_suite(data_file_name) + ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh') + if os.path.exists(ssl_opt_sh): + self.walk_ssl_opt_sh(ssl_opt_sh) + +class DescriptionChecker(TestDescriptionExplorer): + """Check all test case descriptions. + +* Check that each description is valid (length, allowed character set, etc.). +* Check that there is no duplicated description inside of one test suite. +""" + + def __init__(self, results): + self.results = results + + def per_file_state(self): + return {} + + def process_test_case(self, per_file_state, + file_name, line_number, description): + check_description(self.results, per_file_state, + file_name, line_number, description) def main(): parser = argparse.ArgumentParser(description=__doc__) @@ -140,7 +179,8 @@ def main(): help='Show warnings (default: on; undoes --quiet)') options = parser.parse_args() results = Results(options) - walk_all(check_description, results) + checker = DescriptionChecker(results) + checker.walk_all() if (results.warnings or results.errors) and not options.quiet: sys.stderr.write('{}: {} errors, {} warnings\n' .format(sys.argv[0], results.errors, results.warnings)) From 6f6ff3346d971a049def9730c32ee4d7cf93f935 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 16:40:10 +0200 Subject: [PATCH 05/22] check_test_cases: move some functions into the logical class With previous refactorings, some functions are now solely meant to be called from other functions in a particular class. Move them into this class. No behavior change. Signed-off-by: Gilles Peskine --- tests/scripts/check_test_cases.py | 68 +++++++++++++++---------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 04ade631a..2df4c7a68 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -45,37 +45,6 @@ class Results: .format(file_name, line_number, *args)) self.warnings += 1 -def collect_test_directories(): - """Get the relative path for the TLS and Crypto test directories.""" - if os.path.isdir('tests'): - tests_dir = 'tests' - elif os.path.isdir('suites'): - tests_dir = '.' - elif os.path.isdir('../suites'): - tests_dir = '..' - directories = [tests_dir] - return directories - -def check_description(results, seen, file_name, line_number, description): - """Check test case descriptions for errors.""" - if description in seen: - results.error(file_name, line_number, - 'Duplicate description (also line {})', - seen[description]) - return - if re.search(br'[\t;]', description): - results.error(file_name, line_number, - 'Forbidden character \'{}\' in description', - re.search(br'[\t;]', description).group(0).decode('ascii')) - if re.search(br'[^ -~]', description): - results.error(file_name, line_number, - 'Non-ASCII character in description') - if len(description) > 66: - results.warning(file_name, line_number, - 'Test description too long ({} > 66)', - len(description)) - seen[description] = line_number - class TestDescriptionExplorer: """An iterator over test cases with descriptions. @@ -140,9 +109,21 @@ state may override this method. self.process_test_case(descriptions, file_name, line_number, description) + @staticmethod + def collect_test_directories(): + """Get the relative path for the TLS and Crypto test directories.""" + if os.path.isdir('tests'): + tests_dir = 'tests' + elif os.path.isdir('suites'): + tests_dir = '.' + elif os.path.isdir('../suites'): + tests_dir = '..' + directories = [tests_dir] + return directories + def walk_all(self): """Iterate over all named test cases.""" - test_directories = collect_test_directories() + test_directories = self.collect_test_directories() for directory in test_directories: for data_file_name in glob.glob(os.path.join(directory, 'suites', '*.data')): @@ -162,12 +143,31 @@ class DescriptionChecker(TestDescriptionExplorer): self.results = results def per_file_state(self): + """Dictionary mapping descriptions to their line number.""" return {} def process_test_case(self, per_file_state, file_name, line_number, description): - check_description(self.results, per_file_state, - file_name, line_number, description) + """Check test case descriptions for errors.""" + results = self.results + seen = per_file_state + if description in seen: + results.error(file_name, line_number, + 'Duplicate description (also line {})', + seen[description]) + return + if re.search(br'[\t;]', description): + results.error(file_name, line_number, + 'Forbidden character \'{}\' in description', + re.search(br'[\t;]', description).group(0).decode('ascii')) + if re.search(br'[^ -~]', description): + results.error(file_name, line_number, + 'Non-ASCII character in description') + if len(description) > 66: + results.warning(file_name, line_number, + 'Test description too long ({} > 66)', + len(description)) + seen[description] = line_number def main(): parser = argparse.ArgumentParser(description=__doc__) From 15c2cbfed51f8d24b1c18a0eff4fa52415374a2f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 18:36:28 +0200 Subject: [PATCH 06/22] New script for test outcome analysis This is a new script designed to analyze test outcomes collected during a whole CI run. This commit introduces the script, the code to read the outcome file, and a very simple framework to report errors. It does not perform any actual analysis yet. Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 93 +++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100755 tests/scripts/analyze_outcomes.py diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py new file mode 100755 index 000000000..9d011db55 --- /dev/null +++ b/tests/scripts/analyze_outcomes.py @@ -0,0 +1,93 @@ +#!/usr/bin/env python3 + +"""Analyze the test outcomes from a full CI run. + +This script can also run on outcomes from a partial run, but the results are +less likely to be useful. +""" + +import argparse +import sys +import traceback + +class Results: + """Process analysis results.""" + + def __init__(self): + self.error_count = 0 + self.warning_count = 0 + + @staticmethod + def log(fmt, *args, **kwargs): + sys.stderr.write((fmt + '\n').format(*args, **kwargs)) + + def error(self, fmt, *args, **kwargs): + self.log('Error: ' + fmt, *args, **kwargs) + self.error_count += 1 + + def warning(self, fmt, *args, **kwargs): + self.log('Warning: ' + fmt, *args, **kwargs) + self.warning_count += 1 + +class TestCaseOutcomes: + """The outcomes of one test case across many configurations.""" + # pylint: disable=too-few-public-methods + + def __init__(self): + self.successes = [] + self.failures = [] + + def hits(self): + """Return the number of times a test case has been run. + + This includes passes and failures, but not skips. + """ + return len(self.successes) + len(self.failures) + +def analyze_outcomes(outcomes): + """Run all analyses on the given outcome collection.""" + results = Results() + return results + +def read_outcome_file(outcome_file): + """Parse an outcome file and return an outcome collection. + +An outcome collection is a dictionary mapping keys to TestCaseOutcomes objects. +The keys are the test suite name and the test case description, separated +by a semicolon. +""" + outcomes = {} + with open(outcome_file, 'r', encoding='utf-8') as input_file: + for line in input_file: + (platform, config, suite, case, result, _cause) = line.split(';') + key = ';'.join([suite, case]) + setup = ';'.join([platform, config]) + if key not in outcomes: + outcomes[key] = TestCaseOutcomes() + if result == 'PASS': + outcomes[key].successes.append(setup) + elif result == 'FAIL': + outcomes[key].failures.append(setup) + return outcomes + +def analyze_outcome_file(outcome_file): + """Analyze the given outcome file.""" + outcomes = read_outcome_file(outcome_file) + return analyze_outcomes(outcomes) + +def main(): + try: + parser = argparse.ArgumentParser(description=__doc__) + parser.add_argument('outcomes', metavar='OUTCOMES.CSV', + help='Outcome file to analyze') + options = parser.parse_args() + results = analyze_outcome_file(options.outcomes) + if results.error_count > 0: + sys.exit(1) + except Exception: # pylint: disable=broad-except + # Print the backtrace and exit explicitly with our chosen status. + traceback.print_exc() + sys.exit(120) + +if __name__ == '__main__': + main() From 8d3c70a279917c87d46845fb909032ce5351874d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 18:37:43 +0200 Subject: [PATCH 07/22] Check test case coverage Check that every available test case in the test suites and ssl-opt.sh has been executed at least once. For the time being, only report a warning, because our coverage is incomplete. Once we've updated all.sh to have full coverage, this warning should become an error. Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 34 +++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 9d011db55..96599bd53 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -7,9 +7,12 @@ less likely to be useful. """ import argparse +import re import sys import traceback +import check_test_cases + class Results: """Process analysis results.""" @@ -44,9 +47,40 @@ class TestCaseOutcomes: """ return len(self.successes) + len(self.failures) +class TestDescriptions(check_test_cases.TestDescriptionExplorer): + """Collect the available test cases.""" + + def __init__(self): + super().__init__() + self.descriptions = set() + + def process_test_case(self, _per_file_state, + file_name, _line_number, description): + """Record an available test case.""" + base_name = re.sub(r'\.[^.]*$', '', re.sub(r'.*/', '', file_name)) + key = ';'.join([base_name, description.decode('utf-8')]) + self.descriptions.add(key) + +def collect_available_test_cases(): + """Collect the available test cases.""" + explorer = TestDescriptions() + explorer.walk_all() + return sorted(explorer.descriptions) + +def analyze_coverage(results, outcomes): + """Check that all available test cases are executed at least once.""" + available = collect_available_test_cases() + for key in available: + hits = outcomes[key].hits() if key in outcomes else 0 + if hits == 0: + # Make this a warning, not an error, as long as we haven't + # fixed this branch to have full coverage of test cases. + results.warning('Test case not executed: {}', key) + def analyze_outcomes(outcomes): """Run all analyses on the given outcome collection.""" results = Results() + analyze_coverage(results, outcomes) return results def read_outcome_file(outcome_file): From 3d863f263136525d62d7617f34038139bc87b153 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 13:02:30 +0200 Subject: [PATCH 08/22] Document the fields of TestCasesOutcomes Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 96599bd53..73f16bdb2 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -37,6 +37,10 @@ class TestCaseOutcomes: # pylint: disable=too-few-public-methods def __init__(self): + # Collect a list of witnesses of the test case succeeding or failing. + # Currently we don't do anything with witnesses except count them. + # The format of a witness is determined by the read_outcome_file + # function; it's the platform and configuration joined by ';'. self.successes = [] self.failures = [] From a911b32e2f190ab6842664430f503bf5c20308c4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 22:40:58 +0200 Subject: [PATCH 09/22] Fix dependency in AES GCM test case The test case was never executed. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_cipher.gcm.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_cipher.gcm.data b/tests/suites/test_suite_cipher.gcm.data index 8d728bd06..a4cebd241 100644 --- a/tests/suites/test_suite_cipher.gcm.data +++ b/tests/suites/test_suite_cipher.gcm.data @@ -3,7 +3,7 @@ depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_128_GCM:0:0 AES GCM Decrypt empty buffer -depends_on:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_GCM_C +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C dec_empty_buf:MBEDTLS_CIPHER_AES_128_GCM:0:0 Aria GCM Decrypt empty buffer From af9dbc9213265477a89bd2c6d44c7bf0423ab9bc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 22:41:40 +0200 Subject: [PATCH 10/22] Fix dependency in PSA test cases The test cases were never executed. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.data | 2 +- tests/suites/test_suite_psa_crypto_metadata.data | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 48bdbed94..2a0573d8b 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -574,7 +574,7 @@ depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBE raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) PSA key policy algorithm2: CTR, CBC -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC_NOPAD +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC key_policy_alg2:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING PSA key policy algorithm2: ECDH, ECDSA diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index b771e5823..606fb58d2 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -155,7 +155,7 @@ depends_on:MBEDTLS_ARC4_C cipher_algorithm:PSA_ALG_ARC4:ALG_IS_STREAM_CIPHER Cipher: ChaCha20 -depends_on:MBEDTLS_CHACHA_C +depends_on:MBEDTLS_CHACHA20_C cipher_algorithm:PSA_ALG_CHACHA20:ALG_IS_STREAM_CIPHER Cipher: CTR From b20b873bffbbf8aa3ee75a3b79479295252e1a35 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 22:48:06 +0200 Subject: [PATCH 11/22] Remove metadata tests for features that are not implemented The metadata tests depend on the corresponding feature because there is no guarantee that the metadata is correct if the feature is disabled. There are metadata test cases for some algorithms and key types that are declared but not supported. These test cases are present but can never run. It is debatable whether having these test cases is a good thing in case they become runnable in the future, or a bad thing because they're dead code. We're working on detecting test cases that are never executed for accidental reasons (e.g. typo in a dependency or missing configuration on the CI), and having test cases that are deliberately never executed messes this up. So remove these test cases. If we do implement the corresponding feature, it'll be easy to add the corresponding metadata test cases. The features that had metadata tests but no implementations were: * SHA-512/256 and SHA-512/224 (hypothetical dependency: MBEDTLS_SHA512_256) * DSA (hypothetical dependency: MBEDTLS_DSA_C) * SHA-3 and HMAC-SHA-3 (hypothetical dependency: MBEDTLS_SHA3_C) Signed-off-by: Gilles Peskine --- .../test_suite_psa_crypto_metadata.data | 72 ------------------- 1 file changed, 72 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 606fb58d2..96ce3a685 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -34,30 +34,6 @@ Hash: SHA-2 SHA-512 depends_on:MBEDTLS_SHA512_C hash_algorithm:PSA_ALG_SHA_512:64 -Hash: SHA-2 SHA-512/224 -depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 -hash_algorithm:PSA_ALG_SHA_512_224:28 - -Hash: SHA-2 SHA-512/256 -depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 -hash_algorithm:PSA_ALG_SHA_512_256:32 - -Hash: SHA-3 SHA3-224 -depends_on:MBEDTLS_SHA3_C -hash_algorithm:PSA_ALG_SHA3_224:28 - -Hash: SHA-3 SHA3-256 -depends_on:MBEDTLS_SHA3_C -hash_algorithm:PSA_ALG_SHA3_256:32 - -Hash: SHA-3 SHA3-384 -depends_on:MBEDTLS_SHA3_C -hash_algorithm:PSA_ALG_SHA3_384:48 - -Hash: SHA-3 SHA3-512 -depends_on:MBEDTLS_SHA3_C -hash_algorithm:PSA_ALG_SHA3_512:64 - MAC: HMAC-MD2 depends_on:MBEDTLS_MD2_C hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD2 ):16:64 @@ -94,30 +70,6 @@ MAC: HMAC-SHA-512 depends_on:MBEDTLS_SHA512_C hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512 ):64:128 -MAC: HMAC-SHA-512/224 -depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_224 ):28:128 - -MAC: HMAC-SHA-512/256 -depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_256 ):32:128 - -MAC: HMAC-SHA3-224 -depends_on:MBEDTLS_SHA3_C -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_224 ):28:144 - -MAC: HMAC-SHA3-256 -depends_on:MBEDTLS_SHA3_C -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_256 ):32:136 - -MAC: HMAC-SHA3-384 -depends_on:MBEDTLS_SHA3_C -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_384 ):48:104 - -MAC: HMAC-SHA3-512 -depends_on:MBEDTLS_SHA3_C -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_512 ):64:72 - MAC: CBC_MAC-AES-128 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_C mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128 @@ -206,14 +158,6 @@ Asymmetric signature: RSA PSS SHA-256 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_HASH_AND_SIGN -Asymmetric signature: SHA-256 + randomized DSA SHA-256 using SHA-256 -depends_on:MBEDTLS_DSA_C:MBEDTLS_SHA256_C -asymmetric_signature_algorithm:PSA_ALG_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_RANDOMIZED_DSA | ALG_IS_HASH_AND_SIGN - -Asymmetric signature: SHA-256 + deterministic DSA using SHA-256 [#1] -depends_on:MBEDTLS_DSA_C:MBEDTLS_SHA256_C:MBEDTLS_DSA_DETERMINISTIC -asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_DETERMINISTIC_DSA | ALG_DSA_IS_DETERMINISTIC | ALG_IS_HASH_AND_SIGN - Asymmetric signature: randomized ECDSA (no hashing) depends_on:MBEDTLS_ECDSA_C asymmetric_signature_algorithm:PSA_ALG_ECDSA_ANY:ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN @@ -234,14 +178,6 @@ Asymmetric signature: RSA PSS with wildcard hash depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 asymmetric_signature_wildcard:PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ):ALG_IS_RSA_PSS -Asymmetric signature: randomized DSA with wildcard hash -depends_on:MBEDTLS_DSA_C -asymmetric_signature_wildcard:PSA_ALG_DSA( PSA_ALG_ANY_HASH ):ALG_IS_DSA | ALG_IS_RANDOMIZED_DSA - -Asymmetric signature: deterministic DSA with wildcard hash [#1] -depends_on:MBEDTLS_DSA_C:MBEDTLS_DSA_DETERMINISTIC -asymmetric_signature_wildcard:PSA_ALG_DETERMINISTIC_DSA( PSA_ALG_ANY_HASH ):ALG_IS_DSA | ALG_IS_DETERMINISTIC_DSA | ALG_DSA_IS_DETERMINISTIC - Asymmetric signature: randomized ECDSA with wildcard hash depends_on:MBEDTLS_ECDSA_C asymmetric_signature_wildcard:PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA @@ -343,14 +279,6 @@ Key type: RSA key pair depends_on:MBEDTLS_RSA_C key_type:PSA_KEY_TYPE_RSA_KEY_PAIR:KEY_TYPE_IS_KEY_PAIR | KEY_TYPE_IS_RSA -Key type: DSA public key -depends_on:MBEDTLS_DSA_C -key_type:PSA_KEY_TYPE_DSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_DSA - -Key type: DSA key pair -depends_on:MBEDTLS_DSA_C -key_type:PSA_KEY_TYPE_DSA_KEY_PAIR:KEY_TYPE_IS_KEY_PAIR | KEY_TYPE_IS_DSA - ECC key family: SECP K1 ecc_key_family:PSA_ECC_CURVE_SECP_K1 From 7eefa22fb16f4048c60cb22e556c7567609d8cbf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 22:54:47 +0200 Subject: [PATCH 12/22] Fix copypasta in test case descriptions Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto_metadata.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 96ce3a685..f8889833b 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -166,7 +166,7 @@ Asymmetric signature: SHA-256 + randomized ECDSA depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C asymmetric_signature_algorithm:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN -Asymmetric signature: SHA-256 + deterministic DSA using SHA-256 [#2] +Asymmetric signature: SHA-256 + deterministic ECDSA using SHA-256 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC | ALG_IS_HASH_AND_SIGN @@ -182,7 +182,7 @@ Asymmetric signature: randomized ECDSA with wildcard hash depends_on:MBEDTLS_ECDSA_C asymmetric_signature_wildcard:PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA -Asymmetric signature: deterministic DSA with wildcard hash [#2] +Asymmetric signature: deterministic ECDSA with wildcard hash depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC asymmetric_signature_wildcard:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC From 66c3dc44f20a395456ad3f93de55e00873717688 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jun 2020 02:25:17 +0200 Subject: [PATCH 13/22] Include the library directory for the sake of 3rdparty When compiling library files under `3rdparty/`, the directory containing the `.c` file that is being compiled is not the current directory, so headers from the `library/` directory are not found. Fix this by adding `.` to the include path. This was not detected until now because as of this commit, no 3rdparty source file requires a header under `library/`. Signed-off-by: Gilles Peskine --- library/Makefile | 2 +- scripts/generate_visualc_files.pl | 11 ++++++++++- visualc/VS2010/mbedTLS.vcxproj | 8 ++++---- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/library/Makefile b/library/Makefile index dbdd3b679..801304bbe 100644 --- a/library/Makefile +++ b/library/Makefile @@ -5,7 +5,7 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra LDFLAGS ?= -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64 +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = ifdef DEBUG diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 8bf8de99e..a3a2925da 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -64,6 +64,15 @@ my @include_directories = qw( ); my $include_directories = join(';', map {"../../$_"} @include_directories); +# Directories to add to the include path when building the library, but not +# when building tests or applications. +my @library_include_directories = qw( + library +); +my $library_include_directories = + join(';', map {"../../$_"} (@library_include_directories, + @include_directories)); + my @excluded_files = qw( 3rdparty/everest/library/Hacl_Curve25519.c ); @@ -202,7 +211,7 @@ sub gen_main_file { my $out = slurp_file( $main_tpl ); $out =~ s/SOURCE_ENTRIES\r\n/$source_entries/m; $out =~ s/HEADER_ENTRIES\r\n/$header_entries/m; - $out =~ s/INCLUDE_DIRECTORIES\r\n/$include_directories/g; + $out =~ s/INCLUDE_DIRECTORIES\r\n/$library_include_directories/g; content_to_file( $out, $main_out ); } diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 98b99138f..4422b7a2d 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -84,7 +84,7 @@ Disabled _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include +../../library;../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include CompileAsC @@ -98,7 +98,7 @@ Disabled _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include +../../library;../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include CompileAsC @@ -114,7 +114,7 @@ true NDEBUG;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include +../../library;../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Windows @@ -131,7 +131,7 @@ true WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include +../../library;../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Windows From db09ef6d22f3043536910833c43faf425a7e0401 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jun 2020 01:43:33 +0200 Subject: [PATCH 14/22] Include common.h instead of config.h in library source files In library source files, include "common.h", which takes care of including "mbedtls/config.h" (or the alternative MBEDTLS_CONFIG_FILE) and other things that are used throughout the library. FROM=$'#if !defined(MBEDTLS_CONFIG_FILE)\n#include "mbedtls/config.h"\n#else\n#include MBEDTLS_CONFIG_FILE\n#endif' perl -i -0777 -pe 's~\Q$ENV{FROM}~#include "common.h"~' library/*.c 3rdparty/*/library/*.c scripts/data_files/error.fmt scripts/data_files/version_features.fmt Signed-off-by: Gilles Peskine --- 3rdparty/everest/library/Hacl_Curve25519_joined.c | 6 +----- 3rdparty/everest/library/everest.c | 6 +----- 3rdparty/everest/library/x25519.c | 6 +----- library/aes.c | 6 +----- library/aesni.c | 6 +----- library/arc4.c | 6 +----- library/aria.c | 6 +----- library/asn1parse.c | 6 +----- library/asn1write.c | 6 +----- library/base64.c | 6 +----- library/bignum.c | 6 +----- library/blowfish.c | 6 +----- library/camellia.c | 6 +----- library/ccm.c | 6 +----- library/certs.c | 6 +----- library/chacha20.c | 6 +----- library/chachapoly.c | 6 +----- library/cipher.c | 6 +----- library/cipher_wrap.c | 6 +----- library/cmac.c | 6 +----- library/ctr_drbg.c | 6 +----- library/debug.c | 6 +----- library/des.c | 6 +----- library/dhm.c | 6 +----- library/ecdh.c | 6 +----- library/ecdsa.c | 6 +----- library/ecjpake.c | 6 +----- library/ecp.c | 6 +----- library/ecp_curves.c | 6 +----- library/entropy.c | 6 +----- library/entropy_poll.c | 6 +----- library/error.c | 6 +----- library/gcm.c | 6 +----- library/havege.c | 6 +----- library/hkdf.c | 6 +----- library/hmac_drbg.c | 6 +----- library/md.c | 6 +----- library/md2.c | 6 +----- library/md4.c | 6 +----- library/md5.c | 6 +----- library/memory_buffer_alloc.c | 6 +----- library/net_sockets.c | 6 +----- library/nist_kw.c | 6 +----- library/oid.c | 6 +----- library/padlock.c | 6 +----- library/pem.c | 6 +----- library/pk.c | 6 +----- library/pk_wrap.c | 6 +----- library/pkcs12.c | 6 +----- library/pkcs5.c | 6 +----- library/pkparse.c | 6 +----- library/pkwrite.c | 6 +----- library/platform.c | 6 +----- library/platform_util.c | 6 +----- library/poly1305.c | 6 +----- library/psa_crypto.c | 6 +----- library/psa_crypto_se.c | 6 +----- library/psa_crypto_slot_management.c | 6 +----- library/ripemd160.c | 6 +----- library/rsa.c | 6 +----- library/rsa_internal.c | 6 +----- library/sha1.c | 6 +----- library/sha256.c | 6 +----- library/sha512.c | 6 +----- library/ssl_cache.c | 6 +----- library/ssl_ciphersuites.c | 6 +----- library/ssl_cli.c | 6 +----- library/ssl_cookie.c | 6 +----- library/ssl_msg.c | 6 +----- library/ssl_srv.c | 6 +----- library/ssl_ticket.c | 6 +----- library/ssl_tls.c | 6 +----- library/threading.c | 6 +----- library/timing.c | 6 +----- library/version.c | 6 +----- library/version_features.c | 6 +----- library/x509.c | 6 +----- library/x509_create.c | 6 +----- library/x509_crl.c | 6 +----- library/x509_crt.c | 6 +----- library/x509_csr.c | 6 +----- library/x509write_crt.c | 6 +----- library/x509write_csr.c | 6 +----- library/xtea.c | 6 +----- scripts/data_files/error.fmt | 6 +----- scripts/data_files/version_features.fmt | 6 +----- 86 files changed, 86 insertions(+), 430 deletions(-) diff --git a/3rdparty/everest/library/Hacl_Curve25519_joined.c b/3rdparty/everest/library/Hacl_Curve25519_joined.c index 18b32d200..ee62be1ce 100644 --- a/3rdparty/everest/library/Hacl_Curve25519_joined.c +++ b/3rdparty/everest/library/Hacl_Curve25519_joined.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) diff --git a/3rdparty/everest/library/everest.c b/3rdparty/everest/library/everest.c index 2e2422f3e..82c4e03ad 100644 --- a/3rdparty/everest/library/everest.c +++ b/3rdparty/everest/library/everest.c @@ -19,11 +19,7 @@ * This file is part of Mbed TLS (https://tls.mbed.org). */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #include diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c index 990bb4d6d..9faa9ab7d 100644 --- a/3rdparty/everest/library/x25519.c +++ b/3rdparty/everest/library/x25519.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) diff --git a/library/aes.c b/library/aes.c index 962b0b92a..80e8134ba 100644 --- a/library/aes.c +++ b/library/aes.c @@ -25,11 +25,7 @@ * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_AES_C) diff --git a/library/aesni.c b/library/aesni.c index 062708b04..e0d8a69ec 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -24,11 +24,7 @@ * [CLMUL-WP] http://software.intel.com/en-us/articles/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode/ */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_AESNI_C) diff --git a/library/arc4.c b/library/arc4.c index b8998ac6c..2109bb2c0 100644 --- a/library/arc4.c +++ b/library/arc4.c @@ -24,11 +24,7 @@ * http://groups.google.com/group/sci.crypt/msg/10a300c9d21afca0 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ARC4_C) diff --git a/library/aria.c b/library/aria.c index aff66d667..107be27cf 100644 --- a/library/aria.c +++ b/library/aria.c @@ -25,11 +25,7 @@ * [2] https://tools.ietf.org/html/rfc5794 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ARIA_C) diff --git a/library/asn1parse.c b/library/asn1parse.c index 34c660775..fe62bc683 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ASN1_PARSE_C) diff --git a/library/asn1write.c b/library/asn1write.c index 503db930b..3c411802e 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ASN1_WRITE_C) diff --git a/library/base64.c b/library/base64.c index f06b57b31..3921c4611 100644 --- a/library/base64.c +++ b/library/base64.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_BASE64_C) diff --git a/library/bignum.c b/library/bignum.c index d9ab6f68b..2ab71ca4e 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -35,11 +35,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_BIGNUM_C) diff --git a/library/blowfish.c b/library/blowfish.c index cbf923824..7c9b1a65a 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -25,11 +25,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_BLOWFISH_C) diff --git a/library/camellia.c b/library/camellia.c index 22262b89a..764e4f8a8 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -25,11 +25,7 @@ * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CAMELLIA_C) diff --git a/library/ccm.c b/library/ccm.c index eaef106a1..25a627b0a 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -28,11 +28,7 @@ * RFC 5116 "An Interface and Algorithms for Authenticated Encryption" */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CCM_C) diff --git a/library/certs.c b/library/certs.c index f152c283a..fa11d5c95 100644 --- a/library/certs.c +++ b/library/certs.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #include "mbedtls/certs.h" diff --git a/library/chacha20.c b/library/chacha20.c index 343b2167c..bda39b2ae 100644 --- a/library/chacha20.c +++ b/library/chacha20.c @@ -23,11 +23,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CHACHA20_C) diff --git a/library/chachapoly.c b/library/chachapoly.c index f0af5ded2..d51227a55 100644 --- a/library/chachapoly.c +++ b/library/chachapoly.c @@ -20,11 +20,7 @@ * * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CHACHAPOLY_C) diff --git a/library/cipher.c b/library/cipher.c index 409c3fe67..acbda26b7 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -23,11 +23,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CIPHER_C) diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index a813426be..e5ee7ff63 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -23,11 +23,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CIPHER_C) diff --git a/library/cmac.c b/library/cmac.c index 2d23be5ff..3a48a6204 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -40,11 +40,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CMAC_C) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 8a2920a32..7872e9b2d 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -24,11 +24,7 @@ * http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CTR_DRBG_C) diff --git a/library/debug.c b/library/debug.c index 2b25e997c..6fb766b5f 100644 --- a/library/debug.c +++ b/library/debug.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_DEBUG_C) diff --git a/library/des.c b/library/des.c index 24e517ed9..e13521996 100644 --- a/library/des.c +++ b/library/des.c @@ -25,11 +25,7 @@ * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_DES_C) diff --git a/library/dhm.c b/library/dhm.c index 392ed0c15..387f5beda 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -27,11 +27,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_DHM_C) diff --git a/library/ecdh.c b/library/ecdh.c index 3cf533371..987a6ceb3 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -26,11 +26,7 @@ * RFC 4492 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECDH_C) diff --git a/library/ecdsa.c b/library/ecdsa.c index 5acd2d00e..3183a902e 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -25,11 +25,7 @@ * SEC1 http://www.secg.org/index.php?action=secg,docs_secg */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECDSA_C) diff --git a/library/ecjpake.c b/library/ecjpake.c index 79ea3cbec..a60785168 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -24,11 +24,7 @@ * available to members of the Thread Group http://threadgroup.org/ */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECJPAKE_C) diff --git a/library/ecp.c b/library/ecp.c index 9522edf77..b00816a2f 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -41,11 +41,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" /** * \brief Function level alternative implementation. diff --git a/library/ecp_curves.c b/library/ecp_curves.c index a24a50c03..92bbb896a 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECP_C) diff --git a/library/entropy.c b/library/entropy.c index 102f9f1c4..4d4d6cebf 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ENTROPY_C) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index dc621836e..62fb4afbf 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -24,11 +24,7 @@ #define _GNU_SOURCE #endif -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #include diff --git a/library/error.c b/library/error.c index 57171b311..68e1f171b 100644 --- a/library/error.c +++ b/library/error.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ERROR_STRERROR_DUMMY) #include diff --git a/library/gcm.c b/library/gcm.c index e34f1dae4..eae9eed77 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -29,11 +29,7 @@ * [MGV] 4.1, pp. 12-13, to enhance speed without using too much memory. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_GCM_C) diff --git a/library/havege.c b/library/havege.c index ca7dd17fb..75e0e84f7 100644 --- a/library/havege.c +++ b/library/havege.c @@ -26,11 +26,7 @@ * Contact: seznec(at)irisa_dot_fr - orocheco(at)irisa_dot_fr */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_HAVEGE_C) diff --git a/library/hkdf.c b/library/hkdf.c index 82df597a4..0e9da59a9 100644 --- a/library/hkdf.c +++ b/library/hkdf.c @@ -18,11 +18,7 @@ * * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_HKDF_C) diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index f811885c9..b25b6838f 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -25,11 +25,7 @@ * References below are based on rev. 1 (January 2012). */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_HMAC_DRBG_C) diff --git a/library/md.c b/library/md.c index 30a580b02..3eb0fe389 100644 --- a/library/md.c +++ b/library/md.c @@ -23,11 +23,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_MD_C) diff --git a/library/md2.c b/library/md2.c index 82aed8e73..afc6539e0 100644 --- a/library/md2.c +++ b/library/md2.c @@ -25,11 +25,7 @@ * http://www.ietf.org/rfc/rfc1319.txt */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_MD2_C) diff --git a/library/md4.c b/library/md4.c index 6a658e31d..beb42c954 100644 --- a/library/md4.c +++ b/library/md4.c @@ -25,11 +25,7 @@ * http://www.ietf.org/rfc/rfc1320.txt */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_MD4_C) diff --git a/library/md5.c b/library/md5.c index 2306855f4..c7b85d124 100644 --- a/library/md5.c +++ b/library/md5.c @@ -24,11 +24,7 @@ * http://www.ietf.org/rfc/rfc1321.txt */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_MD5_C) diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 51ea7c41d..07bcce0db 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #include "mbedtls/memory_buffer_alloc.h" diff --git a/library/net_sockets.c b/library/net_sockets.c index b26e85818..3c6d29351 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -25,11 +25,7 @@ #define _POSIX_C_SOURCE 200112L #define _XOPEN_SOURCE 600 /* sockaddr_storage */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_NET_C) diff --git a/library/nist_kw.c b/library/nist_kw.c index 03e807202..f6ee486e7 100644 --- a/library/nist_kw.c +++ b/library/nist_kw.c @@ -29,11 +29,7 @@ * the wrapping and unwrapping operation than the definition in NIST SP 800-38F. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_NIST_KW_C) diff --git a/library/oid.c b/library/oid.c index e0c074369..29ced43d3 100644 --- a/library/oid.c +++ b/library/oid.c @@ -21,11 +21,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_OID_C) diff --git a/library/padlock.c b/library/padlock.c index b85ff9cd2..887a386e8 100644 --- a/library/padlock.c +++ b/library/padlock.c @@ -25,11 +25,7 @@ * programming_guide.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PADLOCK_C) diff --git a/library/pem.c b/library/pem.c index 31f4a9a25..544f7c41b 100644 --- a/library/pem.c +++ b/library/pem.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C) diff --git a/library/pk.c b/library/pk.c index b83ba8e71..5858a4e82 100644 --- a/library/pk.c +++ b/library/pk.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PK_C) #include "mbedtls/pk.h" diff --git a/library/pk_wrap.c b/library/pk_wrap.c index f73643149..46fd02c76 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PK_C) #include "mbedtls/pk_internal.h" diff --git a/library/pkcs12.c b/library/pkcs12.c index 96c64ad63..b26f5669f 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -25,11 +25,7 @@ * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1-1.asn */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PKCS12_C) diff --git a/library/pkcs5.c b/library/pkcs5.c index 883232225..fc5224883 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -29,11 +29,7 @@ * http://tools.ietf.org/html/rfc6070 (Test vectors) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PKCS5_C) diff --git a/library/pkparse.c b/library/pkparse.c index 1cbb8cc33..03d597293 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PK_PARSE_C) diff --git a/library/pkwrite.c b/library/pkwrite.c index b1b5f4685..7ec84f3e8 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PK_WRITE_C) diff --git a/library/platform.c b/library/platform.c index 420d09ea1..cd0e85bbe 100644 --- a/library/platform.c +++ b/library/platform.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PLATFORM_C) diff --git a/library/platform_util.c b/library/platform_util.c index b1f745097..f6882e2c0 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -28,11 +28,7 @@ #define _POSIX_C_SOURCE 200112L #endif -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #include "mbedtls/platform_util.h" #include "mbedtls/platform.h" diff --git a/library/poly1305.c b/library/poly1305.c index bc1e8a649..069b82d95 100644 --- a/library/poly1305.c +++ b/library/poly1305.c @@ -20,11 +20,7 @@ * * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_POLY1305_C) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8cd80790a..4c3966ca7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -20,11 +20,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PSA_CRYPTO_C) diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index 53a260007..61e6c98d2 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c @@ -20,11 +20,7 @@ * This file is part of Mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PSA_CRYPTO_SE_C) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 801caf0a2..5ceac846a 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -20,11 +20,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PSA_CRYPTO_C) diff --git a/library/ripemd160.c b/library/ripemd160.c index a62f4b824..a2ad32c2f 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -25,11 +25,7 @@ * http://ehash.iaik.tugraz.at/wiki/RIPEMD-160 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_RIPEMD160_C) diff --git a/library/rsa.c b/library/rsa.c index 6c457468e..83ed3c937 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -37,11 +37,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_RSA_C) diff --git a/library/rsa_internal.c b/library/rsa_internal.c index 9a42d47ce..b4098f494 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -20,11 +20,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_RSA_C) diff --git a/library/sha1.c b/library/sha1.c index 923394341..79bac6b24 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -24,11 +24,7 @@ * http://www.itl.nist.gov/fipspubs/fip180-1.htm */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SHA1_C) diff --git a/library/sha256.c b/library/sha256.c index 087a8e349..d8ddda5be 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -24,11 +24,7 @@ * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SHA256_C) diff --git a/library/sha512.c b/library/sha512.c index 30dd71954..37fc96d05 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -24,11 +24,7 @@ * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SHA512_C) diff --git a/library/ssl_cache.c b/library/ssl_cache.c index 62a0a2987..3a2df0cc5 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -23,11 +23,7 @@ * to store and retrieve the session information. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_CACHE_C) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 5da129412..726912e4b 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -21,11 +21,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_TLS_C) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 48ef30de2..361e6e6d2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_CLI_C) diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 323784c26..151f0c50e 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -23,11 +23,7 @@ * to store and retrieve the session information. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_COOKIE_C) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index ae8d07653..fdffc4def 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -28,11 +28,7 @@ * http://www.ietf.org/rfc/rfc4346.txt */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_TLS_C) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 9bfda164a..91bd83aa2 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_SRV_C) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 6b50b55ec..bfa254607 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_TICKET_C) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 250ef9835..834c632a1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -27,11 +27,7 @@ * http://www.ietf.org/rfc/rfc4346.txt */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_TLS_C) diff --git a/library/threading.c b/library/threading.c index 7c90c7c59..cb9026d1f 100644 --- a/library/threading.c +++ b/library/threading.c @@ -27,11 +27,7 @@ #define _POSIX_C_SOURCE 200112L #endif -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_THREADING_C) diff --git a/library/timing.c b/library/timing.c index 4a654222a..90cfe88ed 100644 --- a/library/timing.c +++ b/library/timing.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" diff --git a/library/version.c b/library/version.c index fd9675088..1e17482e0 100644 --- a/library/version.c +++ b/library/version.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_VERSION_C) diff --git a/library/version_features.c b/library/version_features.c index adc61a1fe..bc4077837 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_VERSION_C) diff --git a/library/x509.c b/library/x509.c index e969b8da6..55afbab83 100644 --- a/library/x509.c +++ b/library/x509.c @@ -29,11 +29,7 @@ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_USE_C) diff --git a/library/x509_create.c b/library/x509_create.c index 7df2f0ed5..8d5877535 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CREATE_C) diff --git a/library/x509_crl.c b/library/x509_crl.c index 371c446be..d89faccad 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -29,11 +29,7 @@ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CRL_PARSE_C) diff --git a/library/x509_crt.c b/library/x509_crt.c index 04822e8ab..8fd8b865d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -31,11 +31,7 @@ * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/library/x509_csr.c b/library/x509_csr.c index 7e2cfba2a..8385e50c4 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -29,11 +29,7 @@ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CSR_PARSE_C) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 5947e439d..2baff35e1 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -25,11 +25,7 @@ * - attributes: PKCS#9 v2.0 aka RFC 2985 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CRT_WRITE_C) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 7c5179862..7dd3d45c7 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -24,11 +24,7 @@ * - attributes: PKCS#9 v2.0 aka RFC 2985 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CSR_WRITE_C) diff --git a/library/xtea.c b/library/xtea.c index a33707bc1..dab6cd3ee 100644 --- a/library/xtea.c +++ b/library/xtea.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_XTEA_C) diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index f65881bc8..ddd1be7a6 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ERROR_STRERROR_DUMMY) #include diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt index 63ae94cb6..79d220ebc 100644 --- a/scripts/data_files/version_features.fmt +++ b/scripts/data_files/version_features.fmt @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_VERSION_C) From 0d7216511fe90abaf1c1293f829a45a8c6e0ab72 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 23:35:53 +0200 Subject: [PATCH 15/22] Fix erroneous skip of test cases for disabled ciphersuites Test cases that force a specific ciphersuites are only executed if this ciphersuite is enabled. But there are test cases (for RC4) whose goal is to check that the ciphersuite is not used. These test cases must run even if (or only if) the ciphersuite is disable, so add an exception for these test cases. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 41 ++++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 11 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8d28b63c3..5864a87a7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -241,6 +241,33 @@ requires_ciphersuite_enabled() { fi } +# maybe_requires_ciphersuite_enabled CMD [RUN_TEST_OPTION...] +# If CMD (call to a TLS client or server program) requires a specific +# ciphersuite, arrange to only run the test case if this ciphersuite is +# enabled. As an exception, do run the test case if it expects a ciphersuite +# mismatch. +maybe_requires_ciphersuite_enabled() { + case "$1" in + *\ force_ciphersuite=*) :;; + *) return;; # No specific required ciphersuite + esac + ciphersuite="${1##*\ force_ciphersuite=}" + ciphersuite="${ciphersuite%%[!-0-9A-Z_a-z]*}" + shift + + case "$*" in + *"-s SSL - The server has no ciphersuites in common"*) + # This test case expects a ciphersuite mismatch, so it doesn't + # require the ciphersuite to be enabled. + ;; + *) + requires_ciphersuite_enabled "$ciphersuite" + ;; + esac + + unset ciphersuite +} + # skip next test if OpenSSL doesn't support FALLBACK_SCSV requires_openssl_with_fallback_scsv() { if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then @@ -658,17 +685,9 @@ run_test() { requires_config_enabled MBEDTLS_FS_IO fi - # Check if server forces ciphersuite - FORCE_CIPHERSUITE=$(echo "$SRV_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p') - if [ ! -z "$FORCE_CIPHERSUITE" ]; then - requires_ciphersuite_enabled $FORCE_CIPHERSUITE - fi - - # Check if client forces ciphersuite - FORCE_CIPHERSUITE=$(echo "$CLI_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p') - if [ ! -z "$FORCE_CIPHERSUITE" ]; then - requires_ciphersuite_enabled $FORCE_CIPHERSUITE - fi + # If the client or serve requires a ciphersuite, check that it's enabled. + maybe_requires_ciphersuite_enabled "$SRV_CMD" "$@" + maybe_requires_ciphersuite_enabled "$CLI_CMD" "$@" # should we skip? if [ "X$SKIP_NEXT" = "XYES" ]; then From 3ca8a9285ee2664ff3a9c9aeffac0e313e362357 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Jul 2020 13:07:37 +0200 Subject: [PATCH 16/22] Factor common library properties All libraries (should) rely on the same directory structure. Instead of repeating the same clauses 6 times (3 libraries times 2 build modes), set the include paths, compile definitions and install instructions with a single piece of code. Include the 3rdparty directory for all libraries, not just crypto. It's currently only needed for crypto, but that's just happenstance. Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 42 +++++++++++++++--------------------------- 1 file changed, 15 insertions(+), 27 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 0a8b87cc7..75dccdf86 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -148,10 +148,15 @@ if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY) message(FATAL_ERROR "Need to choose static or shared mbedtls build!") endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY) +set(target_libraries "mbedcrypto" "mbedx509" "mbedtls") + if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) set(mbedtls_static_target "mbedtls_static") set(mbedx509_static_target "mbedx509_static") set(mbedcrypto_static_target "mbedcrypto_static") + set(target_libraries "mbedcrypto" "mbedx509" "mbedtls") + list(APPEND target_libraries + "mbedcrypto_static" "mbedx509_static" "mbedtls_static") elseif(USE_STATIC_MBEDTLS_LIBRARY) set(mbedtls_static_target "mbedtls") set(mbedx509_static_target "mbedx509") @@ -162,58 +167,41 @@ if(USE_STATIC_MBEDTLS_LIBRARY) add_library(${mbedcrypto_static_target} STATIC ${src_crypto}) set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto) target_link_libraries(${mbedcrypto_static_target} ${libs}) - target_include_directories(${mbedcrypto_static_target} - PUBLIC ${MBEDTLS_DIR}/include/ - PUBLIC ${thirdparty_inc_public} - PRIVATE ${thirdparty_inc}) - target_compile_definitions(${mbedcrypto_static_target} - PRIVATE ${thirdparty_def}) add_library(${mbedx509_static_target} STATIC ${src_x509}) set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509) target_link_libraries(${mbedx509_static_target} ${libs} ${mbedcrypto_static_target}) - target_include_directories(${mbedx509_static_target} - PUBLIC ${MBEDTLS_DIR}/include/) add_library(${mbedtls_static_target} STATIC ${src_tls}) set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls) target_link_libraries(${mbedtls_static_target} ${libs} ${mbedx509_static_target}) - target_include_directories(${mbedtls_static_target} - PUBLIC ${MBEDTLS_DIR}/include/) - - install(TARGETS ${mbedtls_static_target} ${mbedx509_static_target} ${mbedcrypto_static_target} - DESTINATION ${LIB_INSTALL_DIR} - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) - add_library(mbedcrypto SHARED ${src_crypto}) set_target_properties(mbedcrypto PROPERTIES VERSION 2.22.0 SOVERSION 4) target_link_libraries(mbedcrypto ${libs}) - target_include_directories(mbedcrypto - PUBLIC ${MBEDTLS_DIR}/include/ - PUBLIC ${thirdparty_inc_public} - PRIVATE ${thirdparty_inc}) - target_compile_definitions(mbedcrypto - PRIVATE ${thirdparty_def}) add_library(mbedx509 SHARED ${src_x509}) set_target_properties(mbedx509 PROPERTIES VERSION 2.22.0 SOVERSION 1) target_link_libraries(mbedx509 ${libs} mbedcrypto) - target_include_directories(mbedx509 - PUBLIC ${MBEDTLS_DIR}/include/) add_library(mbedtls SHARED ${src_tls}) set_target_properties(mbedtls PROPERTIES VERSION 2.22.0 SOVERSION 13) target_link_libraries(mbedtls ${libs} mbedx509) - target_include_directories(mbedtls - PUBLIC ${MBEDTLS_DIR}/include/) +endif(USE_SHARED_MBEDTLS_LIBRARY) - install(TARGETS mbedtls mbedx509 mbedcrypto +foreach(target IN LISTS target_libraries) + target_include_directories(${target} + PUBLIC ${MBEDTLS_DIR}/include/ + PUBLIC ${thirdparty_inc_public} + PRIVATE ${thirdparty_inc}) + target_compile_definitions(${target} + PRIVATE ${thirdparty_def}) + install(TARGETS ${target} DESTINATION ${LIB_INSTALL_DIR} PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) -endif(USE_SHARED_MBEDTLS_LIBRARY) +endforeach(target) add_custom_target(lib DEPENDS mbedcrypto mbedx509 mbedtls) if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) From dedff7a57dc5e34412b6d50f2040c095705ab2b9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Jul 2020 13:13:27 +0200 Subject: [PATCH 17/22] CMake: Include the library directory for the sake of 3rdparty "Include the library directory for the sake of 3rdparty" did the job for Make and Visual Studio. This commit does the job for CMake. Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 75dccdf86..dc15ad6e0 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -195,6 +195,7 @@ foreach(target IN LISTS target_libraries) target_include_directories(${target} PUBLIC ${MBEDTLS_DIR}/include/ PUBLIC ${thirdparty_inc_public} + PRIVATE ${MBEDTLS_DIR}/library/ PRIVATE ${thirdparty_inc}) target_compile_definitions(${target} PRIVATE ${thirdparty_def}) From 280165c9b39091c7c7ffe031430c7cf93ebc4dec Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Jul 2020 13:19:17 +0200 Subject: [PATCH 18/22] Library files aren't supposed to be executable Signed-off-by: Gilles Peskine --- ChangeLog.d/cmake-install.txt | 3 +++ library/CMakeLists.txt | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/cmake-install.txt diff --git a/ChangeLog.d/cmake-install.txt b/ChangeLog.d/cmake-install.txt new file mode 100644 index 000000000..1bcec4aa9 --- /dev/null +++ b/ChangeLog.d/cmake-install.txt @@ -0,0 +1,3 @@ +Bugfix + * Library files installed after a CMake build no longer have execute + permission. diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index dc15ad6e0..c551ee557 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -201,7 +201,7 @@ foreach(target IN LISTS target_libraries) PRIVATE ${thirdparty_def}) install(TARGETS ${target} DESTINATION ${LIB_INSTALL_DIR} - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) endforeach(target) add_custom_target(lib DEPENDS mbedcrypto mbedx509 mbedtls) From 76dd3aa5bb51c11e46003521961a2499a0d7976e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Jul 2020 15:58:37 +0200 Subject: [PATCH 19/22] Add comments explaining include paths Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 5 +++++ library/Makefile | 4 ++++ tests/CMakeLists.txt | 4 ++++ tests/Makefile | 3 +++ 4 files changed, 16 insertions(+) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index c551ee557..8fd959c1a 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -192,6 +192,11 @@ if(USE_SHARED_MBEDTLS_LIBRARY) endif(USE_SHARED_MBEDTLS_LIBRARY) foreach(target IN LISTS target_libraries) + # Include public header files from /include and other directories + # declared by /3rdparty/**/CMakeLists.txt. Include private header files + # from /library and others declared by /3rdparty/**/CMakeLists.txt. + # /library needs to be listed explicitly when building .c files outside + # of /library (which currently means: under /3rdparty). target_include_directories(${target} PUBLIC ${MBEDTLS_DIR}/include/ PUBLIC ${thirdparty_inc_public} diff --git a/library/Makefile b/library/Makefile index 801304bbe..20a598481 100644 --- a/library/Makefile +++ b/library/Makefile @@ -5,6 +5,10 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra LDFLAGS ?= +# Include ../include for public headers and . for private headers. +# Note that . needs to be included explicitly for the sake of library +# files that are not in the /library directory (which currently means +# under /3rdparty). LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 8a74c6bfb..cc6866309 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -48,6 +48,10 @@ function(add_test_suite suite_name) add_executable(test_suite_${data_name} test_suite_${data_name}.c $) target_link_libraries(test_suite_${data_name} ${libs}) + # Include test-specific header files from ./include and private header + # files (used by some invasive tests) from ../library. Public header + # files are automatically included because the library targets declare + # them as PUBLIC. target_include_directories(test_suite_${data_name} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library) diff --git a/tests/Makefile b/tests/Makefile index 80c84fa19..ffa4812bd 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -6,6 +6,9 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra LDFLAGS ?= +# Include public header files from ../include, test-specific header files +# from ./include, and private header files (used by some invasive tests) +# from ../library. LOCAL_CFLAGS = $(WARNING_CFLAGS) -I./include -I../include -I../library -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = -L../library \ -lmbedtls$(SHARED_SUFFIX) \ From e1c43629666f40218562ed819ac4ebf850481fd2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Jul 2020 17:50:20 +0200 Subject: [PATCH 20/22] Remove redundant assignment Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 8fd959c1a..3e0a5f258 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -154,7 +154,6 @@ if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) set(mbedtls_static_target "mbedtls_static") set(mbedx509_static_target "mbedx509_static") set(mbedcrypto_static_target "mbedcrypto_static") - set(target_libraries "mbedcrypto" "mbedx509" "mbedtls") list(APPEND target_libraries "mbedcrypto_static" "mbedx509_static" "mbedtls_static") elseif(USE_STATIC_MBEDTLS_LIBRARY) From bbb36649578ff4a5c020db44b0127dd8ca093149 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Jul 2020 00:30:12 +0200 Subject: [PATCH 21/22] Documentation improvements Signed-off-by: Gilles Peskine --- tests/scripts/check_test_cases.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 2df4c7a68..3360d2817 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -1,6 +1,9 @@ #!/usr/bin/env python3 """Sanity checks for test data. + +This program contains a class for traversing test cases that can be used +independently of the checks. """ # Copyright (C) 2019, Arm Limited, All Rights Reserved @@ -60,14 +63,15 @@ the process_test_case method, and call walk_all(). file_name, line_number, description): """Process a test case. -per_file_state: a new object returned by per_file_state() for each file. +per_file_state: an object created by new_per_file_state() at the beginning + of each file. file_name: a relative path to the file containing the test case. line_number: the line number in the given file. description: the test case description as a byte string. """ raise NotImplementedError - def per_file_state(self): + def new_per_file_state(self): """Return a new per-file state object. The default per-file state object is None. Child classes that require per-file @@ -79,7 +83,7 @@ state may override this method. def walk_test_suite(self, data_file_name): """Iterate over the test cases in the given unit test data file.""" in_paragraph = False - descriptions = self.per_file_state() # pylint: disable=assignment-from-none + descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none with open(data_file_name, 'rb') as data_file: for line_number, line in enumerate(data_file, 1): line = line.rstrip(b'\r\n') @@ -96,7 +100,7 @@ state may override this method. def walk_ssl_opt_sh(self, file_name): """Iterate over the test cases in ssl-opt.sh or a file with a similar format.""" - descriptions = self.per_file_state() # pylint: disable=assignment-from-none + descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none with open(file_name, 'rb') as file_contents: for line_number, line in enumerate(file_contents, 1): # Assume that all run_test calls have the same simple form @@ -142,7 +146,7 @@ class DescriptionChecker(TestDescriptionExplorer): def __init__(self, results): self.results = results - def per_file_state(self): + def new_per_file_state(self): """Dictionary mapping descriptions to their line number.""" return {} From 0cd8e0f6a70fd17a3565ce41620355244a8f7344 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?okhowang=28=E7=8E=8B=E6=B2=9B=E6=96=87=29?= Date: Fri, 3 Jul 2020 11:41:38 +0800 Subject: [PATCH 22/22] Only pass -Wformat-signedness to versions of GCC that support it. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #3478 Signed-off-by: okhowang(王沛文) --- CMakeLists.txt | 5 ++++- ChangeLog.d/format-signedness.txt | 3 +++ 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/format-signedness.txt diff --git a/CMakeLists.txt b/CMakeLists.txt index f7e2ed08b..f8df14007 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -165,7 +165,10 @@ if(CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op") endif() if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow -Wformat-signedness") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow") + endif() + if (GCC_VERSION VERSION_GREATER 5.0) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness") endif() set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") diff --git a/ChangeLog.d/format-signedness.txt b/ChangeLog.d/format-signedness.txt new file mode 100644 index 000000000..ee1ee4bb3 --- /dev/null +++ b/ChangeLog.d/format-signedness.txt @@ -0,0 +1,3 @@ +Changes + * Only pass -Wformat-signedness to versions of GCC that support it. Reported + in #3478 and fix contributed in #3479 by okhowang.