From ab9a29bd2cc33ca22badc7cc4b0465cf30bf7865 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 24 Sep 2019 16:14:39 +0100 Subject: [PATCH 01/11] ssl-opt.sh: Reuse query config test program for requires_config_xxx This commit reimplements the helper functions - requires_config_enabled - requires_config_disabled in ssl-opt.sh in terms of the programs/test/query_config programs which allows to query the configuration in which Mbed TLS was built. This removes the dependency of ssl-opt.sh from the config that was used to build the library. --- tests/ssl-opt.sh | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 49d2d1fc4f..38b1b69fd1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -71,8 +71,6 @@ TESTS=0 FAILS=0 SKIPS=0 -CONFIG_H='../include/mbedtls/config.h' - MEMCHECK=0 FILTER='.*' EXCLUDE='^$' @@ -154,20 +152,6 @@ skip_next_test() { SKIP_NEXT="YES" } -# skip next test if the flag is not enabled in config.h -requires_config_enabled() { - if grep "^#define $1" $CONFIG_H > /dev/null; then :; else - SKIP_NEXT="YES" - fi -} - -# skip next test if the flag is enabled in config.h -requires_config_disabled() { - if grep "^#define $1" $CONFIG_H > /dev/null; then - SKIP_NEXT="YES" - fi -} - requires_ciphersuite_enabled() { if [ -z "$($P_CLI --help | grep "$1")" ]; then SKIP_NEXT="YES" @@ -185,6 +169,19 @@ get_config_value_or_default() { ${P_SRV} "query_config=${1}" } +# skip next test if the flag is enabled in config.h +requires_config_disabled() { + if get_config_value_or_default $1; then + SKIP_NEXT="YES" + fi +} + +requires_config_enabled() { + if ! get_config_value_or_default $1; then + SKIP_NEXT="YES" + fi +} + requires_config_value_at_least() { VAL="$( get_config_value_or_default "$1" )" if [ -z "$VAL" ]; then @@ -2990,7 +2987,7 @@ run_test "Session resume using cache, DTLS: openssl server" \ # Tests for Max Fragment Length extension if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then - printf "${CONFIG_H} defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n" + printf "The configuration defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n" exit 1 fi @@ -3954,7 +3951,7 @@ MAX_IM_CA='8' MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA) if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then - printf "The ${CONFIG_H} file contains a value for the configuration of\n" + printf "The configuration file contains a value for the configuration of\n" printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script’s\n" printf "test value of ${MAX_IM_CA}. \n" printf "\n" From 8307802824e844097d9bde638c8f2fd2fb8c3ba2 Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Wed, 25 Sep 2019 16:10:04 +0300 Subject: [PATCH 02/11] Enable tests in Mbed OS environment Update Makefiles and config.pl to adapt to directory structure used in Mbed OS. --- Makefile | 54 +++++++++++++++++++++++++++++------------------ library/Makefile | 15 ++++++++++++- programs/Makefile | 43 +++++++++++++++++++++++++------------ scripts/config.pl | 25 ++++++++++++++++++++-- tests/Makefile | 25 +++++++++++++++++----- 5 files changed, 119 insertions(+), 43 deletions(-) diff --git a/Makefile b/Makefile index 1ae6bd9917..9457971819 100644 --- a/Makefile +++ b/Makefile @@ -2,6 +2,18 @@ DESTDIR=/usr/local PREFIX=mbedtls_ +PROGRAMS_DIR=./programs +TESTS_DIR=./tests + +DIR_FOR_MBED_TLS_ENV=./library +ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" "" + LIBRARY_DIR=./library + INCLUDE_DIR=./include +else + LIBRARY_DIR=./src + INCLUDE_DIR=./inc +endif + .SILENT: .PHONY: all no_test programs lib tests install uninstall clean test check covtest lcov apidoc apidoc_clean @@ -12,26 +24,26 @@ all: programs tests no_test: programs programs: lib - $(MAKE) -C programs + $(MAKE) -C $(PROGRAMS_DIR) lib: - $(MAKE) -C library + $(MAKE) -C $(LIBRARY_DIR) tests: lib - $(MAKE) -C tests + $(MAKE) -C $(TESTS_DIR) ifndef WINDOWS install: no_test - mkdir -p $(DESTDIR)/include/mbedtls - cp -rp include/mbedtls $(DESTDIR)/include + mkdir -p $(DESTDIR)/$(INCLUDE_DIR)/mbedtls + cp -rp $(INCLUDE_DIR)/mbedtls $(DESTDIR)/$(INCLUDE_DIR) mkdir -p $(DESTDIR)/lib - cp -RP library/libmbedtls.* $(DESTDIR)/lib - cp -RP library/libmbedx509.* $(DESTDIR)/lib - cp -RP library/libmbedcrypto.* $(DESTDIR)/lib + cp -RP $(LIBRARY_DIR)/libmbedtls.* $(DESTDIR)/lib + cp -RP $(LIBRARY_DIR)/libmbedx509.* $(DESTDIR)/lib + cp -RP $(LIBRARY_DIR)/libmbedcrypto.* $(DESTDIR)/lib mkdir -p $(DESTDIR)/bin - for p in programs/*/* ; do \ + for p in $(PROGRAMS_DIR)/*/* ; do \ if [ -x $$p ] && [ ! -d $$p ] ; \ then \ f=$(PREFIX)`basename $$p` ; \ @@ -40,12 +52,12 @@ install: no_test done uninstall: - rm -rf $(DESTDIR)/include/mbedtls + rm -rf $(DESTDIR)/$(INCLUDE_DIR)/mbedtls rm -f $(DESTDIR)/lib/libmbedtls.* rm -f $(DESTDIR)/lib/libmbedx509.* rm -f $(DESTDIR)/lib/libmbedcrypto.* - for p in programs/*/* ; do \ + for p in $(PROGRAMS_DIR)/*/* ; do \ if [ -x $$p ] && [ ! -d $$p ] ; \ then \ f=$(PREFIX)`basename $$p` ; \ @@ -82,15 +94,15 @@ ifndef WINDOWS endif clean: - $(MAKE) -C library clean - $(MAKE) -C programs clean - $(MAKE) -C tests clean + $(MAKE) -C $(LIBRARY_DIR) clean + $(MAKE) -C $(PROGRAMS_DIR) clean + $(MAKE) -C $(TESTS_DIR) clean ifndef WINDOWS find . \( -name \*.gcno -o -name \*.gcda -o -name \*.info \) -exec rm {} + endif check: lib tests - $(MAKE) -C tests check + $(MAKE) -C $(TESTS_DIR) check test: check @@ -99,14 +111,14 @@ ifndef WINDOWS # make CFLAGS='--coverage -g3 -O0' covtest: $(MAKE) check - programs/test/selftest - tests/compat.sh - tests/ssl-opt.sh + $(PROGRAMS_DIR)/test/selftest + $(TESTS_DIR)/compat.sh + $(TESTS_DIR)/ssl-opt.sh lcov: rm -rf Coverage - lcov --capture --initial --directory library -o files.info - lcov --capture --directory library -o tests.info + lcov --capture --initial --directory $(LIBRARY_DIR) -o files.info + lcov --capture --directory $(LIBRARY_DIR) -o tests.info lcov --add-tracefile files.info --add-tracefile tests.info -o all.info lcov --remove all.info -o final.info '*.h' gendesc tests/Descriptions.txt -o descriptions @@ -122,7 +134,7 @@ apidoc_clean: endif ## Editor navigation files -C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function) +C_SOURCE_FILES = $(wildcard $(INCLUDE_DIR)/*/*.h $(LIBRARY_DIR)/*.[hc] $(PROGRAMS_DIR)/*/*.[hc] $(TESTS_DIR)/suites/*.function) tags: $(C_SOURCE_FILES) ctags -o $@ $(C_SOURCE_FILES) TAGS: $(C_SOURCE_FILES) diff --git a/library/Makefile b/library/Makefile index 341888afb9..ce9c1eb99d 100644 --- a/library/Makefile +++ b/library/Makefile @@ -5,7 +5,20 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement LDFLAGS ?= -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64 +DIR_FOR_MBED_TLS_ENV=../library +ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" "" + # Set include dirs for Mbed TLS test environment + INCLUDE_DIRS=-I../include +else + # Set include dirs for Mbed OS test environment + INCLUDE_DIRS=-I.. -I../inc +endif + +LOCAL_CFLAGS = $(WARNING_CFLAGS) $(INCLUDE_DIRS) -D_FILE_OFFSET_BITS=64 +ifdef MBEDTLS_CONFIG_FILE +LOCAL_CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"${MBEDTLS_CONFIG_FILE}\"" +endif + LOCAL_LDFLAGS = ifdef DEBUG diff --git a/programs/Makefile b/programs/Makefile index 9b01e45cdb..7ceca2eae2 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -7,17 +7,32 @@ WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement WARNING_CXXFLAGS ?= -Wall -W LDFLAGS ?= -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64 -LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -D_FILE_OFFSET_BITS=64 -LOCAL_LDFLAGS = -L../library \ +# Check test environment. If ../library is available then Mbed TLS is used. +# Otherwise Mbed OS environment is used. +DIR_FOR_MBED_TLS_ENV=../library +ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" "" + LIBRARY_DIR=../library + INCLUDE_DIR=-I../include +else + LIBRARY_DIR=../src + INCLUDE_DIR=-I.. -I../inc +endif + +LOCAL_CFLAGS = $(WARNING_CFLAGS) $(INCLUDE_DIR) -D_FILE_OFFSET_BITS=64 +ifdef MBEDTLS_CONFIG_FILE +LOCAL_CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"${MBEDTLS_CONFIG_FILE}\"" +endif + +LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) $(INCLUDE_DIR) -D_FILE_OFFSET_BITS=64 +LOCAL_LDFLAGS = -L$(LIBRARY_DIR) \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ -lmbedcrypto$(SHARED_SUFFIX) ifndef SHARED -DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a +DEP=$(LIBRARY_DIR)/libmbedcrypto.a $(LIBRARY_DIR)/libmbedx509.a $(LIBRARY_DIR)/libmbedtls.a else -DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) +DEP=$(LIBRARY_DIR)/libmbedcrypto.$(DLEXT) $(LIBRARY_DIR)/libmbedx509.$(DLEXT) $(LIBRARY_DIR)/libmbedtls.$(DLEXT) endif ifdef DEBUG @@ -47,12 +62,12 @@ ifdef ZLIB LOCAL_LDFLAGS += -lz endif -APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \ - hash/hello$(EXEXT) hash/generic_sum$(EXEXT) \ - pkey/dh_client$(EXEXT) \ +APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \ + hash/hello$(EXEXT) hash/generic_sum$(EXEXT) \ + pkey/dh_client$(EXEXT) \ pkey/dh_genprime$(EXEXT) pkey/dh_server$(EXEXT) \ - pkey/ecdh_curve25519$(EXEXT) \ - pkey/ecdsa$(EXEXT) pkey/gen_key$(EXEXT) \ + pkey/ecdh_curve25519$(EXEXT) \ + pkey/ecdsa$(EXEXT) pkey/gen_key$(EXEXT) \ pkey/key_app$(EXEXT) pkey/key_app_writer$(EXEXT) \ pkey/mpi_demo$(EXEXT) pkey/pk_decrypt$(EXEXT) \ pkey/pk_encrypt$(EXEXT) pkey/pk_sign$(EXEXT) \ @@ -65,12 +80,12 @@ APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \ ssl/ssl_server$(EXEXT) ssl/ssl_server2$(EXEXT) \ ssl/ssl_fork_server$(EXEXT) ssl/mini_client$(EXEXT) \ ssl/ssl_mail_client$(EXEXT) random/gen_entropy$(EXEXT) \ - random/gen_random_havege$(EXEXT) \ - random/gen_random_ctr_drbg$(EXEXT) \ + random/gen_random_havege$(EXEXT) \ + random/gen_random_ctr_drbg$(EXEXT) \ test/benchmark$(EXEXT) \ test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \ - test/zeroize$(EXEXT) \ - test/query_compile_time_config$(EXEXT) \ + test/zeroize$(EXEXT) \ + test/query_compile_time_config$(EXEXT) \ util/pem2der$(EXEXT) util/strerror$(EXEXT) \ x509/cert_app$(EXEXT) x509/crl_app$(EXEXT) \ x509/cert_req$(EXEXT) x509/cert_write$(EXEXT) \ diff --git a/scripts/config.pl b/scripts/config.pl index 287f1f18bc..edd4200d58 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -53,7 +53,28 @@ use warnings; use strict; -my $config_file = "include/mbedtls/config.h"; +my $config_file; +my $include_dir; +my $library_dir; +my $mbedtls_config_file = $ENV{"MBEDTLS_CONFIG_FILE"}; + +if ( ( -d "../library") || ( -d "./library") ) { + # library directory is present, we are using Mbed TLS namespace + $config_file = "include/mbedtls/config.h"; + $include_dir = "include"; + $library_dir = "library"; +} else { + # library directory is not present, we are using Mbed OS namespace + $config_file = "inc/mbedtls/config.h"; + $include_dir = "inc"; + $library_dir = "src"; +} + +if ( length $mbedtls_config_file ) { + $mbedtls_config_file = substr $mbedtls_config_file, 1, -1; + $config_file = $include_dir . "/" . $mbedtls_config_file; +} + my $usage = < | --file ] [-o | --force] [set | unset | get | @@ -205,7 +226,7 @@ if (! -f $config_file) { chdir '..' or die; # Confirm this is the project root directory and try again - if ( !(-d 'scripts' && -d 'include' && -d 'library' && -f $config_file) ) { + if ( !(-d 'scripts' && -d $include_dir && -d $library_dir && -f $config_file) ) { die "If no file specified, must be run from the project root or scripts directory.\n"; } } diff --git a/tests/Makefile b/tests/Makefile index 20a3fe4b76..bc3aba55ec 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -6,8 +6,23 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wunused LDFLAGS ?= -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64 -LOCAL_LDFLAGS = -L../library \ +# Check test environment. If ../library is available then Mbed TLS is used. +# Otherwise Mbed OS environment is used. +DIR_FOR_MBED_TLS_ENV=../library +ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" "" + LIBRARY_DIR=../library + INCLUDE_DIR=-I../include +else + LIBRARY_DIR=../src + INCLUDE_DIR=-I.. -I../inc +endif + +LOCAL_CFLAGS = $(WARNING_CFLAGS) $(INCLUDE_DIR) -D_FILE_OFFSET_BITS=64 +ifdef MBEDTLS_CONFIG_FILE +LOCAL_CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"${MBEDTLS_CONFIG_FILE}\"" +endif + +LOCAL_LDFLAGS = -L$(LIBRARY_DIR) \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ -lmbedcrypto$(SHARED_SUFFIX) @@ -18,9 +33,9 @@ LOCAL_LDFLAGS = -L../library \ LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L ifndef SHARED -DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a +DEP=$(LIBRARY_DIR)/libmbedcrypto.a $(LIBRARY_DIR)/libmbedx509.a $(LIBRARY_DIR)/libmbedtls.a else -DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) +DEP=$(LIBRARY_DIR)/libmbedcrypto.$(DLEXT) $(LIBRARY_DIR)/libmbedx509.$(DLEXT) $(LIBRARY_DIR)/libmbedtls.$(DLEXT) endif ifdef DEBUG @@ -77,7 +92,7 @@ BINARIES := $(addsuffix $(EXEXT),$(APPS)) all: $(BINARIES) $(DEP): - $(MAKE) -C ../library + $(MAKE) -C $(LIBRARY_DIR) $(INCLUDE_DIR) C_FILES := $(addsuffix .c,$(APPS)) From 5e639ed026a3ece72a7e7446a5e3c85bbc47f4e6 Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Wed, 25 Sep 2019 17:08:39 +0300 Subject: [PATCH 03/11] Add comments to Makefiles Add missing comment to Makefiles about purpose of the change. --- Makefile | 2 ++ library/Makefile | 2 ++ 2 files changed, 4 insertions(+) diff --git a/Makefile b/Makefile index 9457971819..fef643e4ff 100644 --- a/Makefile +++ b/Makefile @@ -5,6 +5,8 @@ PREFIX=mbedtls_ PROGRAMS_DIR=./programs TESTS_DIR=./tests +# Check test environment. If ../library is available then Mbed TLS is used. +# Otherwise Mbed OS environment is used. DIR_FOR_MBED_TLS_ENV=./library ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" "" LIBRARY_DIR=./library diff --git a/library/Makefile b/library/Makefile index ce9c1eb99d..e0141bfbe7 100644 --- a/library/Makefile +++ b/library/Makefile @@ -5,6 +5,8 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement LDFLAGS ?= +# Check test environment. If ../library is available then Mbed TLS is used. +# Otherwise Mbed OS environment is used. DIR_FOR_MBED_TLS_ENV=../library ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" "" # Set include dirs for Mbed TLS test environment From c0d2fa7f0b0d3902ae8cf46df0e62698301319e0 Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Thu, 26 Sep 2019 10:33:56 +0300 Subject: [PATCH 04/11] Update Makefiles and revert changes to config.pl -Add comments to Makefiles about test env auto-detection -Fix indentation -Remove parent folder from include dirs -Do not use environment variable for defining config file because env variable usage is not fully implemented -Revert changes to config.pl --- Makefile | 6 ++++-- library/Makefile | 10 ++++------ programs/Makefile | 6 ++---- scripts/config.pl | 25 ++----------------------- tests/Makefile | 6 ++---- tests/ssl-opt.sh | 18 +++++++++++++++--- 6 files changed, 29 insertions(+), 42 deletions(-) diff --git a/Makefile b/Makefile index fef643e4ff..1e285a6787 100644 --- a/Makefile +++ b/Makefile @@ -11,9 +11,11 @@ DIR_FOR_MBED_TLS_ENV=./library ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" "" LIBRARY_DIR=./library INCLUDE_DIR=./include + CONFIG_FILE=./include/mbedtls/config.h else LIBRARY_DIR=./src INCLUDE_DIR=./inc + CONFIG_FILE=./inc/mbedtls/test_config.h endif .SILENT: @@ -87,11 +89,11 @@ post_build: ifndef WINDOWS # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning - -scripts/config.pl get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \ + -scripts/config.pl -f $(CONFIG_FILE) get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \ echo '$(CTR_DRBG_128_BIT_KEY_WARNING)' # If NULL Entropy is configured, display an appropriate warning - -scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \ + -scripts/config.pl -f $(CONFIG_FILE) get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \ echo '$(NULL_ENTROPY_WARNING)' endif diff --git a/library/Makefile b/library/Makefile index e0141bfbe7..5ea40635b0 100644 --- a/library/Makefile +++ b/library/Makefile @@ -9,17 +9,15 @@ LDFLAGS ?= # Otherwise Mbed OS environment is used. DIR_FOR_MBED_TLS_ENV=../library ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" "" - # Set include dirs for Mbed TLS test environment + # Set include dirs for Mbed TLS test environment INCLUDE_DIRS=-I../include else - # Set include dirs for Mbed OS test environment - INCLUDE_DIRS=-I.. -I../inc + # Set include dirs for Mbed OS test environment + INCLUDE_DIRS=-I../inc + CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"mbedtls/test_config.h\"" endif LOCAL_CFLAGS = $(WARNING_CFLAGS) $(INCLUDE_DIRS) -D_FILE_OFFSET_BITS=64 -ifdef MBEDTLS_CONFIG_FILE -LOCAL_CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"${MBEDTLS_CONFIG_FILE}\"" -endif LOCAL_LDFLAGS = diff --git a/programs/Makefile b/programs/Makefile index 7ceca2eae2..c7dcacb8d8 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -15,13 +15,11 @@ ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" "" INCLUDE_DIR=-I../include else LIBRARY_DIR=../src - INCLUDE_DIR=-I.. -I../inc + INCLUDE_DIR=-I../inc + CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"mbedtls/test_config.h\"" endif LOCAL_CFLAGS = $(WARNING_CFLAGS) $(INCLUDE_DIR) -D_FILE_OFFSET_BITS=64 -ifdef MBEDTLS_CONFIG_FILE -LOCAL_CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"${MBEDTLS_CONFIG_FILE}\"" -endif LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) $(INCLUDE_DIR) -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = -L$(LIBRARY_DIR) \ diff --git a/scripts/config.pl b/scripts/config.pl index edd4200d58..287f1f18bc 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -53,28 +53,7 @@ use warnings; use strict; -my $config_file; -my $include_dir; -my $library_dir; -my $mbedtls_config_file = $ENV{"MBEDTLS_CONFIG_FILE"}; - -if ( ( -d "../library") || ( -d "./library") ) { - # library directory is present, we are using Mbed TLS namespace - $config_file = "include/mbedtls/config.h"; - $include_dir = "include"; - $library_dir = "library"; -} else { - # library directory is not present, we are using Mbed OS namespace - $config_file = "inc/mbedtls/config.h"; - $include_dir = "inc"; - $library_dir = "src"; -} - -if ( length $mbedtls_config_file ) { - $mbedtls_config_file = substr $mbedtls_config_file, 1, -1; - $config_file = $include_dir . "/" . $mbedtls_config_file; -} - +my $config_file = "include/mbedtls/config.h"; my $usage = < | --file ] [-o | --force] [set | unset | get | @@ -226,7 +205,7 @@ if (! -f $config_file) { chdir '..' or die; # Confirm this is the project root directory and try again - if ( !(-d 'scripts' && -d $include_dir && -d $library_dir && -f $config_file) ) { + if ( !(-d 'scripts' && -d 'include' && -d 'library' && -f $config_file) ) { die "If no file specified, must be run from the project root or scripts directory.\n"; } } diff --git a/tests/Makefile b/tests/Makefile index bc3aba55ec..dee011f91a 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -14,13 +14,11 @@ ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" "" INCLUDE_DIR=-I../include else LIBRARY_DIR=../src - INCLUDE_DIR=-I.. -I../inc + INCLUDE_DIR=-I../inc + CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"mbedtls/test_config.h\"" endif LOCAL_CFLAGS = $(WARNING_CFLAGS) $(INCLUDE_DIR) -D_FILE_OFFSET_BITS=64 -ifdef MBEDTLS_CONFIG_FILE -LOCAL_CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"${MBEDTLS_CONFIG_FILE}\"" -endif LOCAL_LDFLAGS = -L$(LIBRARY_DIR) \ -lmbedtls$(SHARED_SUFFIX) \ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 38b1b69fd1..efd1fb34cc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -21,6 +21,18 @@ set -u +# Detect used test environment: Mbed TLS or Mbed OS +if [ -f "../include/mbedtls/config.h" ] +then + CONFIG_FILE=../include/mbedtls/config.h +elif [ -f "../inc/mbedtls/test_config.h" ] +then + CONFIG_FILE=../inc/mbedtls/test_config.h +else + echo "Can't locate config file, must be run from mbed TLS root" >&2 + exit 1 +fi + # Limit the size of each log to 10 GiB, in case of failures with this script # where it may output seemingly unlimited length error logs. ulimit -f 20971520 @@ -297,9 +309,9 @@ requires_not_i686() { } # Calculate the input & output maximum content lengths set in the config -MAX_CONTENT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384") -MAX_IN_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN") -MAX_OUT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_OUT_CONTENT_LEN || echo "$MAX_CONTENT_LEN") +MAX_CONTENT_LEN=$( ../scripts/config.pl -f $CONFIG_FILE get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384") +MAX_IN_LEN=$( ../scripts/config.pl -f $CONFIG_FILE get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN") +MAX_OUT_LEN=$( ../scripts/config.pl -f $CONFIG_FILE get MBEDTLS_SSL_OUT_CONTENT_LEN || echo "$MAX_CONTENT_LEN") if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then MAX_CONTENT_LEN="$MAX_IN_LEN" From 7821352483c88642294d53edbef817f4aebdb5e9 Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Thu, 26 Sep 2019 11:06:39 +0300 Subject: [PATCH 05/11] ssl-opt.sh: use query_config to read flag value To avoid dependency to "config.pl" use query_config test program to read Mbed TLS flag values. --- tests/ssl-opt.sh | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index efd1fb34cc..745f9b742a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -21,18 +21,6 @@ set -u -# Detect used test environment: Mbed TLS or Mbed OS -if [ -f "../include/mbedtls/config.h" ] -then - CONFIG_FILE=../include/mbedtls/config.h -elif [ -f "../inc/mbedtls/test_config.h" ] -then - CONFIG_FILE=../inc/mbedtls/test_config.h -else - echo "Can't locate config file, must be run from mbed TLS root" >&2 - exit 1 -fi - # Limit the size of each log to 10 GiB, in case of failures with this script # where it may output seemingly unlimited length error logs. ulimit -f 20971520 @@ -309,9 +297,20 @@ requires_not_i686() { } # Calculate the input & output maximum content lengths set in the config -MAX_CONTENT_LEN=$( ../scripts/config.pl -f $CONFIG_FILE get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384") -MAX_IN_LEN=$( ../scripts/config.pl -f $CONFIG_FILE get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN") -MAX_OUT_LEN=$( ../scripts/config.pl -f $CONFIG_FILE get MBEDTLS_SSL_OUT_CONTENT_LEN || echo "$MAX_CONTENT_LEN") +MAX_CONTENT_LEN="$( get_config_value_or_default MBEDTLS_SSL_MAX_CONTENT_LEN )" +if [ -z "$MAX_CONTENT_LEN" ]; then + MAX_CONTENT_LEN=16384 +fi + +MAX_IN_LEN="$( get_config_value_or_default MBEDTLS_SSL_IN_CONTENT_LEN )" +if [ -z "$MAX_IN_LEN" ]; then + MAX_IN_LEN=$MAX_CONTENT_LEN +fi + +MAX_OUT_LEN="$( get_config_value_or_default MBEDTLS_SSL_OUT_CONTENT_LEN )" +if [ -z "$MAX_OUT_LEN" ]; then + MAX_OUT_LEN=$MAX_CONTENT_LEN +fi if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then MAX_CONTENT_LEN="$MAX_IN_LEN" @@ -3960,7 +3959,7 @@ run_test "Authentication: client no cert, ssl3" \ # default value (8) MAX_IM_CA='8' -MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA) +MAX_IM_CA_CONFIG="$( get_config_value_or_default MBEDTLS_X509_MAX_INTERMEDIATE_CA )" if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then printf "The configuration file contains a value for the configuration of\n" From aef8678c7f68e024bff1c635ccaa6edafe26be75 Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Thu, 26 Sep 2019 14:54:11 +0300 Subject: [PATCH 06/11] Revert spacing in programs/makefile APPS Do not modify spacing in programs/Makefile APPS. --- programs/Makefile | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index c7dcacb8d8..ea75c1bf88 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -60,12 +60,12 @@ ifdef ZLIB LOCAL_LDFLAGS += -lz endif -APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \ - hash/hello$(EXEXT) hash/generic_sum$(EXEXT) \ - pkey/dh_client$(EXEXT) \ +APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \ + hash/hello$(EXEXT) hash/generic_sum$(EXEXT) \ + pkey/dh_client$(EXEXT) \ pkey/dh_genprime$(EXEXT) pkey/dh_server$(EXEXT) \ - pkey/ecdh_curve25519$(EXEXT) \ - pkey/ecdsa$(EXEXT) pkey/gen_key$(EXEXT) \ + pkey/ecdh_curve25519$(EXEXT) \ + pkey/ecdsa$(EXEXT) pkey/gen_key$(EXEXT) \ pkey/key_app$(EXEXT) pkey/key_app_writer$(EXEXT) \ pkey/mpi_demo$(EXEXT) pkey/pk_decrypt$(EXEXT) \ pkey/pk_encrypt$(EXEXT) pkey/pk_sign$(EXEXT) \ @@ -78,12 +78,12 @@ APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \ ssl/ssl_server$(EXEXT) ssl/ssl_server2$(EXEXT) \ ssl/ssl_fork_server$(EXEXT) ssl/mini_client$(EXEXT) \ ssl/ssl_mail_client$(EXEXT) random/gen_entropy$(EXEXT) \ - random/gen_random_havege$(EXEXT) \ - random/gen_random_ctr_drbg$(EXEXT) \ + random/gen_random_havege$(EXEXT) \ + random/gen_random_ctr_drbg$(EXEXT) \ test/benchmark$(EXEXT) \ test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \ - test/zeroize$(EXEXT) \ - test/query_compile_time_config$(EXEXT) \ + test/zeroize$(EXEXT) \ + test/query_compile_time_config$(EXEXT) \ util/pem2der$(EXEXT) util/strerror$(EXEXT) \ x509/cert_app$(EXEXT) x509/crl_app$(EXEXT) \ x509/cert_req$(EXEXT) x509/cert_write$(EXEXT) \ From 3f1190d15b2e2d25734902a0799ca95cc60c361a Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Thu, 26 Sep 2019 17:18:57 +0300 Subject: [PATCH 07/11] sslopt.sh: Modify test sets based on config value query_opt is used to read Mbed TLS configuration values instead of config.pl script. Now MBEDTLS_SSL_MAX_CONTENT_LEN value is correctly read and some tests needs to be removed from the test set when value of MBEDTLS_SSL_MAX_CONTENT_LEN is too small for the test. --- tests/ssl-opt.sh | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 745f9b742a..6f12d44517 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2997,16 +2997,12 @@ run_test "Session resume using cache, DTLS: openssl server" \ # Tests for Max Fragment Length extension -if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then - printf "The configuration defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n" - exit 1 -fi - if [ $MAX_CONTENT_LEN -ne 16384 ]; then printf "Using non-default maximum content length $MAX_CONTENT_LEN\n" fi requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Max fragment length: enabled, default" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ @@ -3019,6 +3015,7 @@ run_test "Max fragment length: enabled, default" \ -C "found max_fragment_length extension" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Max fragment length: enabled, default, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ @@ -3034,6 +3031,7 @@ run_test "Max fragment length: enabled, default, larger message" \ -s "1 bytes read" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Max fragment length, DTLS: enabled, default, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ @@ -3051,6 +3049,7 @@ run_test "Max fragment length, DTLS: enabled, default, larger message" \ # content length configuration.) requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Max fragment length: disabled, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ @@ -3062,6 +3061,7 @@ run_test "Max fragment length: disabled, larger message" \ -s "1 bytes read" requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Max fragment length DTLS: disabled, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ @@ -3071,6 +3071,7 @@ run_test "Max fragment length DTLS: disabled, larger message" \ -c "fragment larger than.*maximum " requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Max fragment length: used by client" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=4096" \ @@ -3083,6 +3084,7 @@ run_test "Max fragment length: used by client" \ -c "found max_fragment_length extension" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Max fragment length: used by server" \ "$P_SRV debug_level=3 max_frag_len=4096" \ "$P_CLI debug_level=3" \ @@ -3095,6 +3097,7 @@ run_test "Max fragment length: used by server" \ -C "found max_fragment_length extension" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 requires_gnutls run_test "Max fragment length: gnutls server" \ "$G_SRV" \ @@ -3105,6 +3108,7 @@ run_test "Max fragment length: gnutls server" \ -c "found max_fragment_length extension" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Max fragment length: client, message just fits" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \ @@ -3119,6 +3123,7 @@ run_test "Max fragment length: client, message just fits" \ -s "2048 bytes read" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Max fragment length: client, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \ @@ -3134,6 +3139,7 @@ run_test "Max fragment length: client, larger message" \ -s "297 bytes read" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Max fragment length: DTLS client, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \ @@ -3974,6 +3980,7 @@ if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then fi requires_full_size_output_buffer +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Authentication: server max_int chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ key_file=data_files/dir-maxpath/09.key" \ @@ -3982,6 +3989,7 @@ run_test "Authentication: server max_int chain, client default" \ -C "X509 - A fatal error occurred" requires_full_size_output_buffer +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Authentication: server max_int+1 chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -3990,6 +3998,7 @@ run_test "Authentication: server max_int+1 chain, client default" \ -c "X509 - A fatal error occurred" requires_full_size_output_buffer +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Authentication: server max_int+1 chain, client optional" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -3999,6 +4008,7 @@ run_test "Authentication: server max_int+1 chain, client optional" \ -c "X509 - A fatal error occurred" requires_full_size_output_buffer +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Authentication: server max_int+1 chain, client none" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ From a1e980695b33961bb0462a58c85aec150d26a509 Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Thu, 26 Sep 2019 19:35:16 +0300 Subject: [PATCH 08/11] ssl-opt.sh: Modify test sets based on config value 2 Adjust tests set configuration based on review comments. --- tests/ssl-opt.sh | 32 +++++++++----------------------- 1 file changed, 9 insertions(+), 23 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6f12d44517..c423a4e2c6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3002,7 +3002,6 @@ if [ $MAX_CONTENT_LEN -ne 16384 ]; then fi requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Max fragment length: enabled, default" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ @@ -3015,7 +3014,6 @@ run_test "Max fragment length: enabled, default" \ -C "found max_fragment_length extension" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Max fragment length: enabled, default, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ @@ -3049,7 +3047,7 @@ run_test "Max fragment length, DTLS: enabled, default, larger message" \ # content length configuration.) requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 16384 run_test "Max fragment length: disabled, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ @@ -3061,7 +3059,7 @@ run_test "Max fragment length: disabled, larger message" \ -s "1 bytes read" requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 16384 run_test "Max fragment length DTLS: disabled, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ @@ -3108,7 +3106,7 @@ run_test "Max fragment length: gnutls server" \ -c "found max_fragment_length extension" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 2048 run_test "Max fragment length: client, message just fits" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \ @@ -3123,7 +3121,7 @@ run_test "Max fragment length: client, message just fits" \ -s "2048 bytes read" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 2048 run_test "Max fragment length: client, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \ @@ -3139,7 +3137,7 @@ run_test "Max fragment length: client, larger message" \ -s "297 bytes read" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 2048 run_test "Max fragment length: DTLS client, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \ @@ -3967,20 +3965,8 @@ run_test "Authentication: client no cert, ssl3" \ MAX_IM_CA='8' MAX_IM_CA_CONFIG="$( get_config_value_or_default MBEDTLS_X509_MAX_INTERMEDIATE_CA )" -if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then - printf "The configuration file contains a value for the configuration of\n" - printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script’s\n" - printf "test value of ${MAX_IM_CA}. \n" - printf "\n" - printf "The tests assume this value and if it changes, the tests in this\n" - printf "script should also be adjusted.\n" - printf "\n" - - exit 1 -fi - requires_full_size_output_buffer -requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 +requires_config_value_at_least "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8 run_test "Authentication: server max_int chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ key_file=data_files/dir-maxpath/09.key" \ @@ -3989,7 +3975,7 @@ run_test "Authentication: server max_int chain, client default" \ -C "X509 - A fatal error occurred" requires_full_size_output_buffer -requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 +requires_config_value_at_least "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8 run_test "Authentication: server max_int+1 chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -3998,7 +3984,7 @@ run_test "Authentication: server max_int+1 chain, client default" \ -c "X509 - A fatal error occurred" requires_full_size_output_buffer -requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 +requires_config_value_at_least "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8 run_test "Authentication: server max_int+1 chain, client optional" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -4008,7 +3994,7 @@ run_test "Authentication: server max_int+1 chain, client optional" \ -c "X509 - A fatal error occurred" requires_full_size_output_buffer -requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 +requires_config_value_at_least "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8 run_test "Authentication: server max_int+1 chain, client none" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ From c457ab1c2b79860034305f524e743eda5b8a7d9a Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Fri, 27 Sep 2019 12:00:51 +0300 Subject: [PATCH 09/11] ssl-opt.sh: Adjust authentication test flags Require MBEDTLS_X509_MAX_INTERMEDIATE_CA to be exactly 8 in one authentication test. --- tests/ssl-opt.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c423a4e2c6..8136326fde 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -204,6 +204,17 @@ requires_config_value_at_most() { fi } +requires_config_value_exactly() { + VAL=$( get_config_value_or_default "$1" ) + if [ -z "$VAL" ]; then + # Should never happen + echo "Mbed TLS configuration $1 is not defined" + exit 1 + elif [ "$VAL" -eq "$2" ]; then + SKIP_NEXT="YES" + fi +} + # skip next test if OpenSSL doesn't support FALLBACK_SCSV requires_openssl_with_fallback_scsv() { if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then @@ -3966,7 +3977,7 @@ MAX_IM_CA='8' MAX_IM_CA_CONFIG="$( get_config_value_or_default MBEDTLS_X509_MAX_INTERMEDIATE_CA )" requires_full_size_output_buffer -requires_config_value_at_least "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8 +requires_config_value_exactly "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8 run_test "Authentication: server max_int chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ key_file=data_files/dir-maxpath/09.key" \ From 13db25fbe92e06b45368374e03cc26bfa82ec9fb Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Fri, 27 Sep 2019 13:06:25 +0300 Subject: [PATCH 10/11] ssl-opt.sh: Fix requires_config_value_exactly Fix comparison bug in requires_config_value_exactly. --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8136326fde..a39ca3ecd1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -210,7 +210,7 @@ requires_config_value_exactly() { # Should never happen echo "Mbed TLS configuration $1 is not defined" exit 1 - elif [ "$VAL" -eq "$2" ]; then + elif [ "$VAL" -ne "$2" ]; then SKIP_NEXT="YES" fi } From cfbeb76dd2818aff79023ddc855a89aa0465902d Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Fri, 27 Sep 2019 13:43:05 +0300 Subject: [PATCH 11/11] ssl-opt.sh: Adjust authentication test flags 2 Require MBEDTLS_X509_MAX_INTERMEDIATE_CA to be exactly 8 in authentication tests. --- tests/ssl-opt.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a39ca3ecd1..ecb9a6ff13 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3986,7 +3986,7 @@ run_test "Authentication: server max_int chain, client default" \ -C "X509 - A fatal error occurred" requires_full_size_output_buffer -requires_config_value_at_least "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8 +requires_config_value_exactly "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8 run_test "Authentication: server max_int+1 chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -3995,7 +3995,7 @@ run_test "Authentication: server max_int+1 chain, client default" \ -c "X509 - A fatal error occurred" requires_full_size_output_buffer -requires_config_value_at_least "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8 +requires_config_value_exactly "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8 run_test "Authentication: server max_int+1 chain, client optional" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -4005,7 +4005,7 @@ run_test "Authentication: server max_int+1 chain, client optional" \ -c "X509 - A fatal error occurred" requires_full_size_output_buffer -requires_config_value_at_least "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8 +requires_config_value_exactly "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8 run_test "Authentication: server max_int+1 chain, client none" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \