diff --git a/Makefile b/Makefile index 1ae6bd991..1e285a678 100644 --- a/Makefile +++ b/Makefile @@ -2,6 +2,22 @@ DESTDIR=/usr/local PREFIX=mbedtls_ +PROGRAMS_DIR=./programs +TESTS_DIR=./tests + +# Check test environment. If ../library is available then Mbed TLS is used. +# Otherwise Mbed OS environment is used. +DIR_FOR_MBED_TLS_ENV=./library +ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" "" + LIBRARY_DIR=./library + INCLUDE_DIR=./include + CONFIG_FILE=./include/mbedtls/config.h +else + LIBRARY_DIR=./src + INCLUDE_DIR=./inc + CONFIG_FILE=./inc/mbedtls/test_config.h +endif + .SILENT: .PHONY: all no_test programs lib tests install uninstall clean test check covtest lcov apidoc apidoc_clean @@ -12,26 +28,26 @@ all: programs tests no_test: programs programs: lib - $(MAKE) -C programs + $(MAKE) -C $(PROGRAMS_DIR) lib: - $(MAKE) -C library + $(MAKE) -C $(LIBRARY_DIR) tests: lib - $(MAKE) -C tests + $(MAKE) -C $(TESTS_DIR) ifndef WINDOWS install: no_test - mkdir -p $(DESTDIR)/include/mbedtls - cp -rp include/mbedtls $(DESTDIR)/include + mkdir -p $(DESTDIR)/$(INCLUDE_DIR)/mbedtls + cp -rp $(INCLUDE_DIR)/mbedtls $(DESTDIR)/$(INCLUDE_DIR) mkdir -p $(DESTDIR)/lib - cp -RP library/libmbedtls.* $(DESTDIR)/lib - cp -RP library/libmbedx509.* $(DESTDIR)/lib - cp -RP library/libmbedcrypto.* $(DESTDIR)/lib + cp -RP $(LIBRARY_DIR)/libmbedtls.* $(DESTDIR)/lib + cp -RP $(LIBRARY_DIR)/libmbedx509.* $(DESTDIR)/lib + cp -RP $(LIBRARY_DIR)/libmbedcrypto.* $(DESTDIR)/lib mkdir -p $(DESTDIR)/bin - for p in programs/*/* ; do \ + for p in $(PROGRAMS_DIR)/*/* ; do \ if [ -x $$p ] && [ ! -d $$p ] ; \ then \ f=$(PREFIX)`basename $$p` ; \ @@ -40,12 +56,12 @@ install: no_test done uninstall: - rm -rf $(DESTDIR)/include/mbedtls + rm -rf $(DESTDIR)/$(INCLUDE_DIR)/mbedtls rm -f $(DESTDIR)/lib/libmbedtls.* rm -f $(DESTDIR)/lib/libmbedx509.* rm -f $(DESTDIR)/lib/libmbedcrypto.* - for p in programs/*/* ; do \ + for p in $(PROGRAMS_DIR)/*/* ; do \ if [ -x $$p ] && [ ! -d $$p ] ; \ then \ f=$(PREFIX)`basename $$p` ; \ @@ -73,24 +89,24 @@ post_build: ifndef WINDOWS # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning - -scripts/config.pl get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \ + -scripts/config.pl -f $(CONFIG_FILE) get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \ echo '$(CTR_DRBG_128_BIT_KEY_WARNING)' # If NULL Entropy is configured, display an appropriate warning - -scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \ + -scripts/config.pl -f $(CONFIG_FILE) get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \ echo '$(NULL_ENTROPY_WARNING)' endif clean: - $(MAKE) -C library clean - $(MAKE) -C programs clean - $(MAKE) -C tests clean + $(MAKE) -C $(LIBRARY_DIR) clean + $(MAKE) -C $(PROGRAMS_DIR) clean + $(MAKE) -C $(TESTS_DIR) clean ifndef WINDOWS find . \( -name \*.gcno -o -name \*.gcda -o -name \*.info \) -exec rm {} + endif check: lib tests - $(MAKE) -C tests check + $(MAKE) -C $(TESTS_DIR) check test: check @@ -99,14 +115,14 @@ ifndef WINDOWS # make CFLAGS='--coverage -g3 -O0' covtest: $(MAKE) check - programs/test/selftest - tests/compat.sh - tests/ssl-opt.sh + $(PROGRAMS_DIR)/test/selftest + $(TESTS_DIR)/compat.sh + $(TESTS_DIR)/ssl-opt.sh lcov: rm -rf Coverage - lcov --capture --initial --directory library -o files.info - lcov --capture --directory library -o tests.info + lcov --capture --initial --directory $(LIBRARY_DIR) -o files.info + lcov --capture --directory $(LIBRARY_DIR) -o tests.info lcov --add-tracefile files.info --add-tracefile tests.info -o all.info lcov --remove all.info -o final.info '*.h' gendesc tests/Descriptions.txt -o descriptions @@ -122,7 +138,7 @@ apidoc_clean: endif ## Editor navigation files -C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function) +C_SOURCE_FILES = $(wildcard $(INCLUDE_DIR)/*/*.h $(LIBRARY_DIR)/*.[hc] $(PROGRAMS_DIR)/*/*.[hc] $(TESTS_DIR)/suites/*.function) tags: $(C_SOURCE_FILES) ctags -o $@ $(C_SOURCE_FILES) TAGS: $(C_SOURCE_FILES) diff --git a/library/Makefile b/library/Makefile index fc6732992..4154c6add 100644 --- a/library/Makefile +++ b/library/Makefile @@ -5,7 +5,20 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement LDFLAGS ?= -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64 +# Check test environment. If ../library is available then Mbed TLS is used. +# Otherwise Mbed OS environment is used. +DIR_FOR_MBED_TLS_ENV=../library +ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" "" + # Set include dirs for Mbed TLS test environment + INCLUDE_DIRS=-I../include +else + # Set include dirs for Mbed OS test environment + INCLUDE_DIRS=-I../inc + CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"mbedtls/test_config.h\"" +endif + +LOCAL_CFLAGS = $(WARNING_CFLAGS) $(INCLUDE_DIRS) -D_FILE_OFFSET_BITS=64 + LOCAL_LDFLAGS = ifdef DEBUG diff --git a/programs/Makefile b/programs/Makefile index 9b01e45cd..ea75c1bf8 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -7,17 +7,30 @@ WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement WARNING_CXXFLAGS ?= -Wall -W LDFLAGS ?= -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64 -LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -D_FILE_OFFSET_BITS=64 -LOCAL_LDFLAGS = -L../library \ +# Check test environment. If ../library is available then Mbed TLS is used. +# Otherwise Mbed OS environment is used. +DIR_FOR_MBED_TLS_ENV=../library +ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" "" + LIBRARY_DIR=../library + INCLUDE_DIR=-I../include +else + LIBRARY_DIR=../src + INCLUDE_DIR=-I../inc + CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"mbedtls/test_config.h\"" +endif + +LOCAL_CFLAGS = $(WARNING_CFLAGS) $(INCLUDE_DIR) -D_FILE_OFFSET_BITS=64 + +LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) $(INCLUDE_DIR) -D_FILE_OFFSET_BITS=64 +LOCAL_LDFLAGS = -L$(LIBRARY_DIR) \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ -lmbedcrypto$(SHARED_SUFFIX) ifndef SHARED -DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a +DEP=$(LIBRARY_DIR)/libmbedcrypto.a $(LIBRARY_DIR)/libmbedx509.a $(LIBRARY_DIR)/libmbedtls.a else -DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) +DEP=$(LIBRARY_DIR)/libmbedcrypto.$(DLEXT) $(LIBRARY_DIR)/libmbedx509.$(DLEXT) $(LIBRARY_DIR)/libmbedtls.$(DLEXT) endif ifdef DEBUG diff --git a/tests/Makefile b/tests/Makefile index 20a3fe4b7..dee011f91 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -6,8 +6,21 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wunused LDFLAGS ?= -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64 -LOCAL_LDFLAGS = -L../library \ +# Check test environment. If ../library is available then Mbed TLS is used. +# Otherwise Mbed OS environment is used. +DIR_FOR_MBED_TLS_ENV=../library +ifneq "$(wildcard $(DIR_FOR_MBED_TLS_ENV) )" "" + LIBRARY_DIR=../library + INCLUDE_DIR=-I../include +else + LIBRARY_DIR=../src + INCLUDE_DIR=-I../inc + CFLAGS += "-DMBEDTLS_CONFIG_FILE=\"mbedtls/test_config.h\"" +endif + +LOCAL_CFLAGS = $(WARNING_CFLAGS) $(INCLUDE_DIR) -D_FILE_OFFSET_BITS=64 + +LOCAL_LDFLAGS = -L$(LIBRARY_DIR) \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ -lmbedcrypto$(SHARED_SUFFIX) @@ -18,9 +31,9 @@ LOCAL_LDFLAGS = -L../library \ LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L ifndef SHARED -DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a +DEP=$(LIBRARY_DIR)/libmbedcrypto.a $(LIBRARY_DIR)/libmbedx509.a $(LIBRARY_DIR)/libmbedtls.a else -DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) +DEP=$(LIBRARY_DIR)/libmbedcrypto.$(DLEXT) $(LIBRARY_DIR)/libmbedx509.$(DLEXT) $(LIBRARY_DIR)/libmbedtls.$(DLEXT) endif ifdef DEBUG @@ -77,7 +90,7 @@ BINARIES := $(addsuffix $(EXEXT),$(APPS)) all: $(BINARIES) $(DEP): - $(MAKE) -C ../library + $(MAKE) -C $(LIBRARY_DIR) $(INCLUDE_DIR) C_FILES := $(addsuffix .c,$(APPS)) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 49d2d1fc4..ecb9a6ff1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -71,8 +71,6 @@ TESTS=0 FAILS=0 SKIPS=0 -CONFIG_H='../include/mbedtls/config.h' - MEMCHECK=0 FILTER='.*' EXCLUDE='^$' @@ -154,20 +152,6 @@ skip_next_test() { SKIP_NEXT="YES" } -# skip next test if the flag is not enabled in config.h -requires_config_enabled() { - if grep "^#define $1" $CONFIG_H > /dev/null; then :; else - SKIP_NEXT="YES" - fi -} - -# skip next test if the flag is enabled in config.h -requires_config_disabled() { - if grep "^#define $1" $CONFIG_H > /dev/null; then - SKIP_NEXT="YES" - fi -} - requires_ciphersuite_enabled() { if [ -z "$($P_CLI --help | grep "$1")" ]; then SKIP_NEXT="YES" @@ -185,6 +169,19 @@ get_config_value_or_default() { ${P_SRV} "query_config=${1}" } +# skip next test if the flag is enabled in config.h +requires_config_disabled() { + if get_config_value_or_default $1; then + SKIP_NEXT="YES" + fi +} + +requires_config_enabled() { + if ! get_config_value_or_default $1; then + SKIP_NEXT="YES" + fi +} + requires_config_value_at_least() { VAL="$( get_config_value_or_default "$1" )" if [ -z "$VAL" ]; then @@ -207,6 +204,17 @@ requires_config_value_at_most() { fi } +requires_config_value_exactly() { + VAL=$( get_config_value_or_default "$1" ) + if [ -z "$VAL" ]; then + # Should never happen + echo "Mbed TLS configuration $1 is not defined" + exit 1 + elif [ "$VAL" -ne "$2" ]; then + SKIP_NEXT="YES" + fi +} + # skip next test if OpenSSL doesn't support FALLBACK_SCSV requires_openssl_with_fallback_scsv() { if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then @@ -300,9 +308,20 @@ requires_not_i686() { } # Calculate the input & output maximum content lengths set in the config -MAX_CONTENT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384") -MAX_IN_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN") -MAX_OUT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_OUT_CONTENT_LEN || echo "$MAX_CONTENT_LEN") +MAX_CONTENT_LEN="$( get_config_value_or_default MBEDTLS_SSL_MAX_CONTENT_LEN )" +if [ -z "$MAX_CONTENT_LEN" ]; then + MAX_CONTENT_LEN=16384 +fi + +MAX_IN_LEN="$( get_config_value_or_default MBEDTLS_SSL_IN_CONTENT_LEN )" +if [ -z "$MAX_IN_LEN" ]; then + MAX_IN_LEN=$MAX_CONTENT_LEN +fi + +MAX_OUT_LEN="$( get_config_value_or_default MBEDTLS_SSL_OUT_CONTENT_LEN )" +if [ -z "$MAX_OUT_LEN" ]; then + MAX_OUT_LEN=$MAX_CONTENT_LEN +fi if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then MAX_CONTENT_LEN="$MAX_IN_LEN" @@ -2989,11 +3008,6 @@ run_test "Session resume using cache, DTLS: openssl server" \ # Tests for Max Fragment Length extension -if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then - printf "${CONFIG_H} defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n" - exit 1 -fi - if [ $MAX_CONTENT_LEN -ne 16384 ]; then printf "Using non-default maximum content length $MAX_CONTENT_LEN\n" fi @@ -3026,6 +3040,7 @@ run_test "Max fragment length: enabled, default, larger message" \ -s "1 bytes read" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Max fragment length, DTLS: enabled, default, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ @@ -3043,6 +3058,7 @@ run_test "Max fragment length, DTLS: enabled, default, larger message" \ # content length configuration.) requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 16384 run_test "Max fragment length: disabled, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ @@ -3054,6 +3070,7 @@ run_test "Max fragment length: disabled, larger message" \ -s "1 bytes read" requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 16384 run_test "Max fragment length DTLS: disabled, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ @@ -3063,6 +3080,7 @@ run_test "Max fragment length DTLS: disabled, larger message" \ -c "fragment larger than.*maximum " requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Max fragment length: used by client" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=4096" \ @@ -3075,6 +3093,7 @@ run_test "Max fragment length: used by client" \ -c "found max_fragment_length extension" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 run_test "Max fragment length: used by server" \ "$P_SRV debug_level=3 max_frag_len=4096" \ "$P_CLI debug_level=3" \ @@ -3087,6 +3106,7 @@ run_test "Max fragment length: used by server" \ -C "found max_fragment_length extension" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096 requires_gnutls run_test "Max fragment length: gnutls server" \ "$G_SRV" \ @@ -3097,6 +3117,7 @@ run_test "Max fragment length: gnutls server" \ -c "found max_fragment_length extension" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 2048 run_test "Max fragment length: client, message just fits" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \ @@ -3111,6 +3132,7 @@ run_test "Max fragment length: client, message just fits" \ -s "2048 bytes read" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 2048 run_test "Max fragment length: client, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \ @@ -3126,6 +3148,7 @@ run_test "Max fragment length: client, larger message" \ -s "297 bytes read" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 2048 run_test "Max fragment length: DTLS client, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \ @@ -3951,21 +3974,10 @@ run_test "Authentication: client no cert, ssl3" \ # default value (8) MAX_IM_CA='8' -MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA) - -if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then - printf "The ${CONFIG_H} file contains a value for the configuration of\n" - printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script’s\n" - printf "test value of ${MAX_IM_CA}. \n" - printf "\n" - printf "The tests assume this value and if it changes, the tests in this\n" - printf "script should also be adjusted.\n" - printf "\n" - - exit 1 -fi +MAX_IM_CA_CONFIG="$( get_config_value_or_default MBEDTLS_X509_MAX_INTERMEDIATE_CA )" requires_full_size_output_buffer +requires_config_value_exactly "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8 run_test "Authentication: server max_int chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ key_file=data_files/dir-maxpath/09.key" \ @@ -3974,6 +3986,7 @@ run_test "Authentication: server max_int chain, client default" \ -C "X509 - A fatal error occurred" requires_full_size_output_buffer +requires_config_value_exactly "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8 run_test "Authentication: server max_int+1 chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -3982,6 +3995,7 @@ run_test "Authentication: server max_int+1 chain, client default" \ -c "X509 - A fatal error occurred" requires_full_size_output_buffer +requires_config_value_exactly "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8 run_test "Authentication: server max_int+1 chain, client optional" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -3991,6 +4005,7 @@ run_test "Authentication: server max_int+1 chain, client optional" \ -c "X509 - A fatal error occurred" requires_full_size_output_buffer +requires_config_value_exactly "MBEDTLS_X509_MAX_INTERMEDIATE_CA" 8 run_test "Authentication: server max_int+1 chain, client none" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \