From abf9b4dee8f2a321cca3f7256f9d4faede368fc8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jul 2019 20:42:16 +0200 Subject: [PATCH 1/4] Add a test of MBEDTLS_CONFIG_FILE configs/README.txt documents that you can use an alternative configuration file by defining the preprocessor symbol MBEDTLS_CONFIG_FILE. Test this. --- tests/scripts/all.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 22c81296c..89e0c7e08 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1032,6 +1032,17 @@ component_test_make_shared () { make SHARED=1 all check -j1 } +component_build_mbedtls_config_file () { + msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s + # Use the full config so as to catch a maximum of places where + # the check of MBEDTLS_CONFIG_FILE might be missing. + scripts/config.pl full + sed 's!"check_config.h"!"mbedtls/check_config.h"!' <"$CONFIG_H" >full_config.h + echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H" + make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" + rm -f full_config.h +} + component_test_m32_o0 () { # Build once with -O0, to compile out the i386 specific inline assembly msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s From cf74050fead788c04895f434185be993a80347d7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jul 2019 20:43:05 +0200 Subject: [PATCH 2/4] Test that the shared library build with CMake works --- tests/scripts/all.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 89e0c7e08..cff1f00e2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1032,6 +1032,13 @@ component_test_make_shared () { make SHARED=1 all check -j1 } +component_test_cmake_shared () { + msg "build/test: cmake shared" # ~ 2min + cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On . + make + make test +} + component_build_mbedtls_config_file () { msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s # Use the full config so as to catch a maximum of places where From 56c0161b6823ad316590b8d19fcf1815a05d8403 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jul 2019 20:43:32 +0200 Subject: [PATCH 3/4] Test that a shared library build produces a dynamically linked executable --- tests/scripts/all.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index cff1f00e2..6a1d194f0 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1030,12 +1030,14 @@ component_test_platform_calloc_macro () { component_test_make_shared () { msg "build/test: make shared" # ~ 40s make SHARED=1 all check -j1 + ldd programs/util/strerror | grep libmbedcrypto } component_test_cmake_shared () { msg "build/test: cmake shared" # ~ 2min cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On . make + ldd programs/util/strerror | grep libmbedcrypto make test } From 26f3e2800d53f1030782d768657ccb9b42f8b640 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 13 Aug 2019 18:00:02 +0200 Subject: [PATCH 4/4] Honor MBEDTLS_CONFIG_FILE in fuzz tests --- programs/fuzz/onefile.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c index 9e3986d6b..c84514963 100644 --- a/programs/fuzz/onefile.c +++ b/programs/fuzz/onefile.c @@ -1,8 +1,15 @@ #include #include #include -// Get platform-specific definition + +/* This file doesn't use any Mbed TLS function, but grab config.h anyway + * in case it contains platform-specific #defines related to malloc or + * stdio functions. */ +#if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);