diff --git a/.gitignore b/.gitignore index 789f57ee0..0f95b4c79 100644 --- a/.gitignore +++ b/.gitignore @@ -31,6 +31,17 @@ massif-* # Python build artifacts: *.pyc +# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those: +*.dir/ + +# Visual Studio artifacts +/visualc/VS2010/.localhistory/ +/visualc/VS2010/.vs/ +/visualc/VS2010/Debug/ +/visualc/VS2010/Release/ +/visualc/VS2010/*.vcxproj.filters +/visualc/VS2010/*.vcxproj.user + # Generated documentation: /apidoc diff --git a/CMakeLists.txt b/CMakeLists.txt index c512ad628..6115f0588 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -124,7 +124,10 @@ if(CMAKE_COMPILER_IS_GNU) # note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion OUTPUT_VARIABLE GCC_VERSION) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings") + if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla") + endif() if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op") endif() @@ -141,7 +144,7 @@ if(CMAKE_COMPILER_IS_GNU) endif(CMAKE_COMPILER_IS_GNU) if(CMAKE_COMPILER_IS_CLANG) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla") set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") @@ -219,13 +222,13 @@ if(ENABLE_TESTING) COMMAND mv DartConfiguration.tcl.bak DartConfiguration.tcl ) endif(UNIX) -endif() -# Make scripts needed for testing available in an out-of-source build. -if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) - link_to_source(scripts) - # Copy (don't link) DartConfiguration.tcl, needed for memcheck, to - # keep things simple with the sed commands in the memcheck target. - configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl - ${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY) + # Make scripts needed for testing available in an out-of-source build. + if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) + link_to_source(scripts) + # Copy (don't link) DartConfiguration.tcl, needed for memcheck, to + # keep things simple with the sed commands in the memcheck target. + configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl + ${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY) + endif() endif() diff --git a/Makefile b/Makefile index 64321cbfb..c9eb681ce 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,3 @@ - DESTDIR=/usr/local PREFIX=mbedtls_ diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt index dac97f44e..02f924df4 100644 --- a/include/CMakeLists.txt +++ b/include/CMakeLists.txt @@ -16,7 +16,7 @@ if(INSTALL_MBEDTLS_HEADERS) endif(INSTALL_MBEDTLS_HEADERS) # Make config.h available in an out-of-source build. -if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) +if (ENABLE_TESTING AND NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) link_to_source(mbedtls) link_to_source(psa) endif() diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index e795bb830..9476bd1de 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -277,28 +277,52 @@ * For example, when a function accepts as input a pointer to a buffer that may * contain untrusted data, and its documentation mentions that this pointer * must not be NULL: - * - the pointer is checked to be non-NULL only if this option is enabled - * - the content of the buffer is always validated + * - The pointer is checked to be non-NULL only if this option is enabled. + * - The content of the buffer is always validated. * * When this flag is defined, if a library function receives a parameter that - * is invalid, it will: - * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a - * call to the function mbedtls_param_failed() - * - immediately return (with a specific error code unless the function - * returns void and can't communicate an error). + * is invalid: + * 1. The function will invoke the macro MBEDTLS_PARAM_FAILED(). + * 2. If MBEDTLS_PARAM_FAILED() did not terminate the program, the function + * will immediately return. If the function returns an Mbed TLS error code, + * the error code in this case is MBEDTLS_ERR_xxx_BAD_INPUT_DATA. * - * When defining this flag, you also need to: - * - either provide a definition of the function mbedtls_param_failed() in - * your application (see platform_util.h for its prototype) as the library - * calls that function, but does not provide a default definition for it, - * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED() - * below if the above mechanism is not flexible enough to suit your needs. - * See the documentation of this macro later in this file. + * When defining this flag, you also need to arrange a definition for + * MBEDTLS_PARAM_FAILED(). You can do this by any of the following methods: + * - By default, the library defines MBEDTLS_PARAM_FAILED() to call a + * function mbedtls_param_failed(), but the library does not define this + * function. If you do not make any other arrangements, you must provide + * the function mbedtls_param_failed() in your application. + * See `platform_util.h` for its prototype. + * - If you enable the macro #MBEDTLS_CHECK_PARAMS_ASSERT, then the + * library defines MBEDTLS_PARAM_FAILED(\c cond) to be `assert(cond)`. + * You can still supply an alternative definition of + * MBEDTLS_PARAM_FAILED(), which may call `assert`. + * - If you define a macro MBEDTLS_PARAM_FAILED() before including `config.h` + * or you uncomment the definition of MBEDTLS_PARAM_FAILED() in `config.h`, + * the library will call the macro that you defined and will not supply + * its own version. Note that if MBEDTLS_PARAM_FAILED() calls `assert`, + * you need to enable #MBEDTLS_CHECK_PARAMS_ASSERT so that library source + * files include ``. * * Uncomment to enable validation of application-controlled parameters. */ //#define MBEDTLS_CHECK_PARAMS +/** + * \def MBEDTLS_CHECK_PARAMS_ASSERT + * + * Allow MBEDTLS_PARAM_FAILED() to call `assert`, and make it default to + * `assert`. This macro is only used if #MBEDTLS_CHECK_PARAMS is defined. + * + * If this macro is not defined, then MBEDTLS_PARAM_FAILED() defaults to + * calling a function mbedtls_param_failed(). See the documentation of + * #MBEDTLS_CHECK_PARAMS for details. + * + * Uncomment to allow MBEDTLS_PARAM_FAILED() to call `assert`. + */ +//#define MBEDTLS_CHECK_PARAMS_ASSERT + /* \} name SECTION: System support */ /** @@ -1007,18 +1031,27 @@ /** * \def MBEDTLS_USE_PSA_CRYPTO * - * Make the X.509 and TLS library use PSA for cryptographic operations, see - * #MBEDTLS_PSA_CRYPTO_C. + * Make the X.509 and TLS library use PSA for cryptographic operations, and + * enable new APIs for using keys handled by PSA Crypto. * - * Note: this option is still in progress, the full X.509 and TLS modules are - * not covered yet, but parts that are not ported to PSA yet will still work - * as usual, so enabling this option should not break backwards compatibility. + * \note Development of this option is currently in progress, and parts of Mbed + * TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts + * will still continue to work as usual, so enabling this option should not + * break backwards compatibility. * - * \warning Support for PSA is still an experimental feature. - * Any public API that depends on this option may change - * at any time until this warning is removed. + * \warning Support for PSA is still an experimental feature. + * Any public API that depends on this option may change + * at any time until this warning is removed. + * + * \warning This option enables new Mbed TLS APIs that are dependent on the + * PSA Crypto API, so can't come with the same stability guarantees as the + * rest of the Mbed TLS APIs. You're welcome to experiment with them, but for + * now, access to these APIs is opt-in (via enabling the present option), in + * order to clearly differentiate them from the stable Mbed TLS APIs. * * Requires: MBEDTLS_PSA_CRYPTO_C. + * + * Uncomment this to enable internal use of PSA Crypto and new associated APIs. */ //#define MBEDTLS_USE_PSA_CRYPTO @@ -1702,6 +1735,10 @@ * * Enable the Platform Security Architecture cryptography API. * + * \warning The PSA Crypto API is still beta status. While you're welcome to + * experiment using it, incompatible API changes are still possible, and some + * parts may not have reached the same quality as the rest of Mbed TLS yet. + * * Module: library/psa_crypto.c * * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C @@ -1950,6 +1987,42 @@ //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ +/** + * \brief This macro is invoked by the library when an invalid parameter + * is detected that is only checked with #MBEDTLS_CHECK_PARAMS + * (see the documentation of that option for context). + * + * When you leave this undefined here, the library provides + * a default definition. If the macro #MBEDTLS_CHECK_PARAMS_ASSERT + * is defined, the default definition is `assert(cond)`, + * otherwise the default definition calls a function + * mbedtls_param_failed(). This function is declared in + * `platform_util.h` for the benefit of the library, but + * you need to define in your application. + * + * When you define this here, this replaces the default + * definition in platform_util.h (which no longer declares the + * function mbedtls_param_failed()) and it is your responsibility + * to make sure this macro expands to something suitable (in + * particular, that all the necessary declarations are visible + * from within the library - you can ensure that by providing + * them in this file next to the macro definition). + * If you define this macro to call `assert`, also define + * #MBEDTLS_CHECK_PARAMS_ASSERT so that library source files + * include ``. + * + * Note that you may define this macro to expand to nothing, in + * which case you don't have to worry about declarations or + * definitions. However, you will then be notified about invalid + * parameters only in non-void functions, and void function will + * just silently return early on invalid parameters, which + * partially negates the benefits of enabling + * #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged. + * + * \param cond The expression that should evaluate to true, but doesn't. + */ +//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) + /** * Uncomment the macro to let mbed TLS use your alternate implementation of * mbedtls_platform_zeroize(). This replaces the default implementation in diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 9edafea14..20a245a06 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -100,8 +100,8 @@ * ECP 4 10 (Started from top) * MD 5 5 * HKDF 5 1 (Started from top) - * CIPHER 6 8 - * SSL 6 23 (Started from top) + * CIPHER 6 8 (Started from 0x6080) + * SSL 6 24 (Started from top, plus 0x6000) * SSL 7 32 * * Module dependent error code (5 bits 0x.00.-0x.F8.) diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h index 02a94af5b..f7bf1a667 100644 --- a/include/mbedtls/pem.h +++ b/include/mbedtls/pem.h @@ -112,17 +112,27 @@ void mbedtls_pem_free( mbedtls_pem_context *ctx ); * \brief Write a buffer of PEM information from a DER encoded * buffer. * - * \param header header string to write - * \param footer footer string to write - * \param der_data DER data to write - * \param der_len length of the DER data - * \param buf buffer to write to - * \param buf_len length of output buffer - * \param olen total length written / required (if buf_len is not enough) + * \param header The header string to write. + * \param footer The footer string to write. + * \param der_data The DER data to encode. + * \param der_len The length of the DER data \p der_data in Bytes. + * \param buf The buffer to write to. + * \param buf_len The length of the output buffer \p buf in Bytes. + * \param olen The address at which to store the total length written + * or required (if \p buf_len is not enough). * - * \return 0 on success, or a specific PEM or BASE64 error code. On - * MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL olen is the required - * size. + * \note You may pass \c NULL for \p buf and \c 0 for \p buf_len + * to request the length of the resulting PEM buffer in + * `*olen`. + * + * \note This function may be called with overlapping \p der_data + * and \p buf buffers. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large + * enough to hold the PEM buffer. In this case, `*olen` holds + * the required minimum size of \p buf. + * \return Another PEM or BASE64 error code on other kinds of failure. */ int mbedtls_pem_write_buffer( const char *header, const char *footer, const unsigned char *der_data, size_t der_len, diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index bc0c17dfa..b402f8f97 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -256,6 +256,7 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, * the destination buffer is too short. */ #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF) +#include /* For Older Windows (inc. MSYS2), we provide our own fixed implementation */ int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg ); #endif diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index b0e72ad14..cf0130a84 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -43,6 +43,12 @@ extern "C" { #if defined(MBEDTLS_CHECK_PARAMS) +#if defined(MBEDTLS_CHECK_PARAMS_ASSERT) +/* Allow the user to define MBEDTLS_PARAM_FAILED to something like assert + * (which is what our config.h suggests). */ +#include +#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */ + #if defined(MBEDTLS_PARAM_FAILED) /** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h. * @@ -50,6 +56,11 @@ extern "C" { * MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed(). */ #define MBEDTLS_PARAM_FAILED_ALT + +#elif defined(MBEDTLS_CHECK_PARAMS_ASSERT) +#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) +#define MBEDTLS_PARAM_FAILED_ALT + #else /* MBEDTLS_PARAM_FAILED */ #define MBEDTLS_PARAM_FAILED( cond ) \ mbedtls_param_failed( #cond, __FILE__, __LINE__ ) diff --git a/library/Makefile b/library/Makefile index 921b68ec7..ad8187b01 100644 --- a/library/Makefile +++ b/library/Makefile @@ -2,7 +2,7 @@ # Also see "include/mbedtls/config.h" CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement +WARNING_CFLAGS ?= -Wall -Wextra LDFLAGS ?= CRYPTO_INCLUDES ?= -I../include diff --git a/library/timing.c b/library/timing.c index 413d133fb..009516a6e 100644 --- a/library/timing.c +++ b/library/timing.c @@ -51,7 +51,6 @@ #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #include -#include #include struct _hr_time diff --git a/library/version_features.c b/library/version_features.c index 4f1da6aea..e26d2a3fb 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -31,7 +31,7 @@ #include -static const char *features[] = { +static const char * const features[] = { #if defined(MBEDTLS_VERSION_FEATURES) #if defined(MBEDTLS_HAVE_ASM) "MBEDTLS_HAVE_ASM", @@ -90,6 +90,9 @@ static const char *features[] = { #if defined(MBEDTLS_CHECK_PARAMS) "MBEDTLS_CHECK_PARAMS", #endif /* MBEDTLS_CHECK_PARAMS */ +#if defined(MBEDTLS_CHECK_PARAMS_ASSERT) + "MBEDTLS_CHECK_PARAMS_ASSERT", +#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */ #if defined(MBEDTLS_TIMING_ALT) "MBEDTLS_TIMING_ALT", #endif /* MBEDTLS_TIMING_ALT */ @@ -594,7 +597,7 @@ static const char *features[] = { int mbedtls_version_check_feature( const char *feature ) { - const char **idx = features; + const char * const *idx = features; if( *idx == NULL ) return( -2 ); diff --git a/programs/Makefile b/programs/Makefile index c7cc9953e..1a69b7469 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -2,8 +2,8 @@ # To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -WARNING_CXXFLAGS ?= -Wall -W +WARNING_CFLAGS ?= -Wall -Wextra +WARNING_CXXFLAGS ?= -Wall -Wextra LDFLAGS ?= LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64 @@ -244,6 +244,7 @@ psa/crypto_examples$(EXEXT): psa/crypto_examples.c $(DEP) clean: ifndef WINDOWS rm -f $(APPS) $(EXTRA_GENERATED) + -rm -f test/cpp_dummy_build$(EXEXT) else if exist *.o del /S /Q /F *.o if exist *.exe del /S /Q /F *.exe diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index bdeac3afc..8242ea7c9 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -80,17 +80,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index f58e6166d..a5acf5b8b 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -82,17 +82,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index 4b7fe37be..709a149e0 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -52,17 +52,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum ) { diff --git a/programs/hash/hello.c b/programs/hash/hello.c index 6046f868c..55a0c7e74 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -48,17 +48,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( void ) { diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index cca43ca59..bf5482ed0 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -69,17 +69,6 @@ int main( void ) */ #define GENERATOR "4" -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char **argv ) { diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index 9267c7ef5..9f849dd29 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -53,17 +53,6 @@ int main( void ) #include "mbedtls/ctr_drbg.h" #include "mbedtls/ecdh.h" -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index 4471a201e..b851c3173 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -100,17 +100,6 @@ static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key ) #define dump_pubkey( a, b ) #endif -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 35fc1498f..23e4e145c 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -137,17 +137,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index b4860fe04..19dcdfe49 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -64,7 +64,6 @@ " password_file=%%s default: \"\"\n" \ "\n" - #if !defined(MBEDTLS_BIGNUM_C) || \ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) int main( void ) @@ -75,17 +74,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index b81530ceb..60964292b 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -98,17 +98,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c index 80573c0ed..ecdcd329a 100644 --- a/programs/pkey/mpi_demo.c +++ b/programs/pkey/mpi_demo.c @@ -50,17 +50,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( void ) { diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 978f39ef1..bf425079e 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -48,7 +48,6 @@ #include #endif - #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_CTR_DRBG_C) @@ -61,17 +60,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 806c59aae..a32b14761 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -61,17 +61,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 7354082f1..47a098a1a 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -60,17 +60,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 9fcf029b8..a6bfe3f29 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -56,17 +56,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { @@ -112,7 +101,6 @@ int main( int argc, char *argv[] ) goto exit; } - i = fread( buf, 1, sizeof(buf), f ); fclose( f ); diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index dc8a9200d..ff71bd055 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -59,17 +59,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index e9effe806..4a71c15dd 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -59,17 +59,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index c66f4e7bd..f2b7b5078 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -63,17 +63,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( void ) { diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index f01487202..9bcd7a627 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -56,17 +56,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index cb69fa6ed..5019f28f5 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -60,17 +60,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index 5d1c0851e..94f0ef9ce 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -55,17 +55,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index d745274bf..de28337c8 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -59,17 +59,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { @@ -124,7 +113,6 @@ int main( int argc, char *argv[] ) goto exit; } - i = fread( buf, 1, MBEDTLS_MPI_MAX_SIZE, f ); fclose( f ); diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c index 3b350ede2..6ae63b725 100644 --- a/programs/random/gen_entropy.c +++ b/programs/random/gen_entropy.c @@ -51,17 +51,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index a50402f19..59df34b66 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -54,17 +54,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c index ef888ff61..5ea52aec9 100644 --- a/programs/random/gen_random_havege.c +++ b/programs/random/gen_random_havege.c @@ -52,17 +52,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index e31faafeb..2b8656692 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -258,17 +258,6 @@ typedef struct { rsa, dhm, ecdsa, ecdh; } todo_list; -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/test/query_config.c b/programs/test/query_config.c index e90847a9d..9474b208f 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -268,6 +268,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_CHECK_PARAMS */ +#if defined(MBEDTLS_CHECK_PARAMS_ASSERT) + if( strcmp( "MBEDTLS_CHECK_PARAMS_ASSERT", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_CHECK_PARAMS_ASSERT ); + return( 0 ); + } +#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */ + #if defined(MBEDTLS_TIMING_ALT) if( strcmp( "MBEDTLS_TIMING_ALT", config ) == 0 ) { diff --git a/programs/test/selftest.c b/programs/test/selftest.c index fac7e9204..638ef7038 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -76,17 +76,6 @@ #include "mbedtls/memory_buffer_alloc.h" #endif -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret ) { diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index 0cc9d0664..f18493926 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -65,17 +65,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#define mbedtls_exit exit -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/scripts/abi_check.py b/scripts/abi_check.py index 30c3fe517..533aaea3d 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -59,9 +59,7 @@ class AbiChecker(object): @staticmethod def check_repo_path(): - current_dir = os.path.realpath('.') - root_dir = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) - if current_dir != root_dir: + if not all(os.path.isdir(d) for d in ["include", "library", "tests"]): raise Exception("Must be run from Mbed TLS root") def _setup_logger(self): @@ -108,6 +106,12 @@ class AbiChecker(object): stderr=subprocess.STDOUT ) self.log.debug(worktree_output.decode("utf-8")) + version.commit = subprocess.check_output( + [self.git_command, "rev-parse", worktree_rev], + cwd=git_worktree_path, + stderr=subprocess.STDOUT + ).decode("ascii").rstrip() + self.log.debug("Commit is {}".format(version.commit)) return git_worktree_path def _update_git_submodules(self, git_worktree_path, version): @@ -163,6 +167,13 @@ class AbiChecker(object): os.path.join(root, file) ) + @staticmethod + def _pretty_revision(version): + if version.revision == version.commit: + return version.revision + else: + return "{} ({})".format(version.revision, version.commit) + def _get_abi_dumps_from_shared_libraries(self, version): """Generate the ABI dumps for the specified git revision. The shared libraries must have been built and the module paths @@ -177,7 +188,7 @@ class AbiChecker(object): "abi-dumper", module_path, "-o", output_path, - "-lver", version.revision + "-lver", self._pretty_revision(version), ] abi_dump_output = subprocess.check_output( abi_dump_command, @@ -214,7 +225,7 @@ class AbiChecker(object): def _remove_extra_detail_from_report(self, report_root): for tag in ['test_info', 'test_results', 'problem_summary', - 'added_symbols', 'removed_symbols', 'affected']: + 'added_symbols', 'affected']: self._remove_children_with_tag(report_root, tag) for report in report_root: @@ -222,69 +233,84 @@ class AbiChecker(object): if not problems.getchildren(): report.remove(problems) + def _abi_compliance_command(self, mbed_module, output_path): + """Build the command to run to analyze the library mbed_module. + The report will be placed in output_path.""" + abi_compliance_command = [ + "abi-compliance-checker", + "-l", mbed_module, + "-old", self.old_version.abi_dumps[mbed_module], + "-new", self.new_version.abi_dumps[mbed_module], + "-strict", + "-report-path", output_path, + ] + if self.skip_file: + abi_compliance_command += ["-skip-symbols", self.skip_file, + "-skip-types", self.skip_file] + if self.brief: + abi_compliance_command += ["-report-format", "xml", + "-stdout"] + return abi_compliance_command + + def _is_library_compatible(self, mbed_module, compatibility_report): + """Test if the library mbed_module has remained compatible. + Append a message regarding compatibility to compatibility_report.""" + output_path = os.path.join( + self.report_dir, "{}-{}-{}.html".format( + mbed_module, self.old_version.revision, + self.new_version.revision + ) + ) + try: + subprocess.check_output( + self._abi_compliance_command(mbed_module, output_path), + stderr=subprocess.STDOUT + ) + except subprocess.CalledProcessError as err: + if err.returncode != 1: + raise err + if self.brief: + self.log.info( + "Compatibility issues found for {}".format(mbed_module) + ) + report_root = ET.fromstring(err.output.decode("utf-8")) + self._remove_extra_detail_from_report(report_root) + self.log.info(ET.tostring(report_root).decode("utf-8")) + else: + self.can_remove_report_dir = False + compatibility_report.append( + "Compatibility issues found for {}, " + "for details see {}".format(mbed_module, output_path) + ) + return False + compatibility_report.append( + "No compatibility issues for {}".format(mbed_module) + ) + if not (self.keep_all_reports or self.brief): + os.remove(output_path) + return True + def get_abi_compatibility_report(self): """Generate a report of the differences between the reference ABI and the new ABI. ABI dumps from self.old_version and self.new_version must be available.""" - compatibility_report = "" + compatibility_report = ["Checking evolution from {} to {}".format( + self._pretty_revision(self.old_version), + self._pretty_revision(self.new_version) + )] compliance_return_code = 0 shared_modules = list(set(self.old_version.modules.keys()) & set(self.new_version.modules.keys())) for mbed_module in shared_modules: - output_path = os.path.join( - self.report_dir, "{}-{}-{}.html".format( - mbed_module, self.old_version.revision, - self.new_version.revision - ) - ) - abi_compliance_command = [ - "abi-compliance-checker", - "-l", mbed_module, - "-old", self.old_version.abi_dumps[mbed_module], - "-new", self.new_version.abi_dumps[mbed_module], - "-strict", - "-report-path", output_path, - ] - if self.skip_file: - abi_compliance_command += ["-skip-symbols", self.skip_file, - "-skip-types", self.skip_file] - if self.brief: - abi_compliance_command += ["-report-format", "xml", - "-stdout"] - try: - subprocess.check_output( - abi_compliance_command, - stderr=subprocess.STDOUT - ) - except subprocess.CalledProcessError as err: - if err.returncode == 1: - compliance_return_code = 1 - if self.brief: - self.log.info( - "Compatibility issues found for {}".format(mbed_module) - ) - report_root = ET.fromstring(err.output.decode("utf-8")) - self._remove_extra_detail_from_report(report_root) - self.log.info(ET.tostring(report_root).decode("utf-8")) - else: - self.can_remove_report_dir = False - compatibility_report += ( - "Compatibility issues found for {}, " - "for details see {}\n".format(mbed_module, output_path) - ) - else: - raise err - else: - compatibility_report += ( - "No compatibility issues for {}\n".format(mbed_module) - ) - if not (self.keep_all_reports or self.brief): - os.remove(output_path) - os.remove(self.old_version.abi_dumps[mbed_module]) - os.remove(self.new_version.abi_dumps[mbed_module]) + if not self._is_library_compatible(mbed_module, + compatibility_report): + compliance_return_code = 1 + for version in [self.old_version, self.new_version]: + for mbed_module, mbed_module_dump in version.abi_dumps.items(): + os.remove(mbed_module_dump) if self.can_remove_report_dir: os.rmdir(self.report_dir) - self.log.info(compatibility_report) + self.log.info("\n".join(compatibility_report)) return compliance_return_code def check_for_abi_changes(self): @@ -356,7 +382,9 @@ def run_main(): ) parser.add_argument( "-s", "--skip-file", type=str, - help="path to file containing symbols and types to skip" + help=("path to file containing symbols and types to skip " + "(typically \"-s identifiers\" after running " + "\"tests/scripts/list-identifiers.sh --internal\")") ) parser.add_argument( "-b", "--brief", action="store_true", @@ -370,6 +398,7 @@ def run_main(): version="old", repository=abi_args.old_repo, revision=abi_args.old_rev, + commit=None, crypto_repository=abi_args.old_crypto_repo, crypto_revision=abi_args.old_crypto_rev, abi_dumps={}, @@ -379,6 +408,7 @@ def run_main(): version="new", repository=abi_args.new_repo, revision=abi_args.new_rev, + commit=None, crypto_repository=abi_args.new_crypto_repo, crypto_revision=abi_args.new_crypto_rev, abi_dumps={}, diff --git a/scripts/config.pl b/scripts/config.pl index b66790514..02b7e6e2d 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -29,8 +29,9 @@ # MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES # MBEDTLS_NO_PLATFORM_ENTROPY # MBEDTLS_RSA_NO_CRT -# MBEDTLS_USE_PSA_CRYPTO -# - experimental, and more an alternative implementation than a feature +# MBEDTLS_PSA_CRYPTO_SPM +# MBEDTLS_PSA_INJECT_ENTROPY +# MBEDTLS_ECP_RESTARTABLE # and any symbol beginning _ALT # @@ -88,7 +89,7 @@ MBEDTLS_NO_64BIT_MULTIPLICATION MBEDTLS_PSA_CRYPTO_SPM MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER MBEDTLS_PSA_INJECT_ENTROPY -MBEDTLS_USE_PSA_CRYPTO +MBEDTLS_ECP_RESTARTABLE _ALT\s*$ ); @@ -107,9 +108,8 @@ MBEDTLS_MEMORY_BACKTRACE MBEDTLS_MEMORY_BUFFER_ALLOC_C MBEDTLS_PLATFORM_TIME_ALT MBEDTLS_PLATFORM_FPRINTF_ALT -MBEDTLS_PSA_CRYPTO_STORAGE_C -MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C MBEDTLS_PSA_ITS_FILE_C +MBEDTLS_PSA_CRYPTO_STORAGE_C ); # Things that should be enabled in "full" even if they match @excluded diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt index 767eda1c7..63ae94cb6 100644 --- a/scripts/data_files/version_features.fmt +++ b/scripts/data_files/version_features.fmt @@ -31,7 +31,7 @@ #include -static const char *features[] = { +static const char * const features[] = { #if defined(MBEDTLS_VERSION_FEATURES) FEATURE_DEFINES #endif /* MBEDTLS_VERSION_FEATURES */ @@ -40,7 +40,7 @@ FEATURE_DEFINES int mbedtls_version_check_feature( const char *feature ) { - const char **idx = features; + const char * const *idx = features; if( *idx == NULL ) return( -2 ); diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2010-app-template.vcxproj index fac9812e6..1db7ee42a 100644 --- a/scripts/data_files/vs2010-app-template.vcxproj +++ b/scripts/data_files/vs2010-app-template.vcxproj @@ -53,7 +53,6 @@ false true Unicode - Windows7.1SDK diff --git a/tests/Makefile b/tests/Makefile index aba002bf1..137579d43 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -2,7 +2,7 @@ # To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wno-unused-function -Wno-unused-value +WARNING_CFLAGS ?= -Wall -Wextra LDFLAGS ?= CRYPTO_INCLUDES ?= -I../include diff --git a/tests/docker/bionic/Dockerfile b/tests/docker/bionic/Dockerfile new file mode 100644 index 000000000..1b2d40f28 --- /dev/null +++ b/tests/docker/bionic/Dockerfile @@ -0,0 +1,168 @@ +# Dockerfile +# +# Purpose +# ------- +# Defines a Docker container suitable to build and run all tests (all.sh), +# except for those that use a proprietary toolchain. + +# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) +ARG MAKEFLAGS_PARALLEL="" +ARG MY_REGISTRY= + +FROM ${MY_REGISTRY}ubuntu:bionic + + +ENV DEBIAN_FRONTEND noninteractive + +RUN apt-get update \ + && apt-get -y install software-properties-common \ + && rm -rf /var/lib/apt/lists + +RUN add-apt-repository -y ppa:team-gcc-arm-embedded/ppa + +RUN apt-get update \ + && apt-get -y install \ + # mbedtls build/test dependencies + build-essential \ + clang \ + cmake \ + doxygen \ + gcc-arm-none-eabi \ + gcc-mingw-w64-i686 \ + gcc-multilib \ + g++-multilib \ + gdb \ + git \ + graphviz \ + lsof \ + python \ + python3-pip \ + python3 \ + pylint3 \ + valgrind \ + wget \ + # libnettle build dependencies + libgmp-dev \ + m4 \ + pkg-config \ + && rm -rf /var/lib/apt/lists/* + +# Build a static, legacy openssl from sources with sslv3 enabled +# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh) +# Note: openssl-1.0.2 and earlier has known build issues with parallel make. +RUN cd /tmp \ + && wget https://www.openssl.org/source/old/1.0.1/openssl-1.0.1j.tar.gz -qO- | tar xz \ + && cd openssl-1.0.1j \ + && ./config --openssldir=/usr/local/openssl-1.0.1j no-shared \ + && (make ${MAKEFLAGS_PARALLEL} || make -j 1) \ + && make install_sw \ + && rm -rf /tmp/openssl* +ENV OPENSSL_LEGACY=/usr/local/openssl-1.0.1j/bin/openssl + +# Build OPENSSL as 1.0.2g +RUN cd /tmp \ + && wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2g.tar.gz -qO- | tar xz \ + && cd openssl-1.0.2g \ + && ./config --openssldir=/usr/local/openssl-1.0.2g no-shared \ + && (make ${MAKEFLAGS_PARALLEL} || make -j 1) \ + && make install_sw \ + && rm -rf /tmp/openssl* +ENV OPENSSL=/usr/local/openssl-1.0.2g/bin/openssl + +# Build a new openssl binary for ARIA/CHACHA20 support +# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh) +RUN cd /tmp \ + && wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz -qO- | tar xz \ + && cd openssl-1.1.1a \ + && ./config --prefix=/usr/local/openssl-1.1.1a -Wl,--enable-new-dtags,-rpath,'${LIBRPATH}' no-shared \ + && make ${MAKEFLAGS_PARALLEL} \ + && make install_sw \ + && rm -rf /tmp/openssl* +ENV OPENSSL_NEXT=/usr/local/openssl-1.1.1a/bin/openssl + +# Build libnettle 2.7.1 (needed by legacy gnutls) +RUN cd /tmp \ + && wget https://ftp.gnu.org/gnu/nettle/nettle-2.7.1.tar.gz -qO- | tar xz \ + && cd nettle-2.7.1 \ + && ./configure --disable-documentation \ + && make ${MAKEFLAGS_PARALLEL} \ + && make install \ + && /sbin/ldconfig \ + && rm -rf /tmp/nettle* + +# Build legacy gnutls (3.3.8) +RUN cd /tmp \ + && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.3/gnutls-3.3.8.tar.xz -qO- | tar xJ \ + && cd gnutls-3.3.8 \ + && ./configure --prefix=/usr/local/gnutls-3.3.8 --exec_prefix=/usr/local/gnutls-3.3.8 --disable-shared --disable-guile --disable-doc \ + && make ${MAKEFLAGS_PARALLEL} \ + && make install \ + && rm -rf /tmp/gnutls* +ENV GNUTLS_LEGACY_CLI=/usr/local/gnutls-3.3.8/bin/gnutls-cli +ENV GNUTLS_LEGACY_SERV=/usr/local/gnutls-3.3.8/bin/gnutls-serv + +# Build libnettle 3.1 (needed by gnutls) +RUN cd /tmp \ + && wget https://ftp.gnu.org/gnu/nettle/nettle-3.1.tar.gz -qO- | tar xz \ + && cd nettle-3.1 \ + && ./configure --disable-documentation \ + && make ${MAKEFLAGS_PARALLEL} \ + && make install \ + && /sbin/ldconfig \ + && rm -rf /tmp/nettle* + +# Build gnutls (3.4.10) +RUN cd /tmp \ + && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.4/gnutls-3.4.10.tar.xz -qO- | tar xJ \ + && cd gnutls-3.4.10 \ + && ./configure --prefix=/usr/local/gnutls-3.4.10 --exec_prefix=/usr/local/gnutls-3.4.10 \ + --with-included-libtasn1 --without-p11-kit \ + --disable-shared --disable-guile --disable-doc \ + && make ${MAKEFLAGS_PARALLEL} \ + && make install \ + && rm -rf /tmp/gnutls* +ENV GNUTLS_CLI=/usr/local/gnutls-3.4.10/bin/gnutls-cli +ENV GNUTLS_SERV=/usr/local/gnutls-3.4.10/bin/gnutls-serv + +# Build libnettle 3.4 (needed by gnutls next) +RUN cd /tmp \ + && wget https://ftp.gnu.org/gnu/nettle/nettle-3.4.1.tar.gz -qO- | tar xz \ + && cd nettle-3.4.1 \ + && ./configure --disable-documentation \ + && make ${MAKEFLAGS_PARALLEL} \ + && make install \ + && /sbin/ldconfig \ + && rm -rf /tmp/nettle* + +# Build gnutls next (3.6.5) +RUN cd /tmp \ + && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.5.tar.xz -qO- | tar xJ \ + && cd gnutls-3.6.5 \ + && ./configure --prefix=/usr/local/gnutls-3.6.5 --exec_prefix=/usr/local/gnutls-3.6.5 \ + --with-included-libtasn1 --with-included-unistring --without-p11-kit \ + --disable-shared --disable-guile --disable-doc \ + && make ${MAKEFLAGS_PARALLEL} \ + && make install \ + && rm -rf /tmp/gnutls* + +ENV GNUTLS_NEXT_CLI=/usr/local/gnutls-3.6.5/bin/gnutls-cli +ENV GNUTLS_NEXT_SERV=/usr/local/gnutls-3.6.5/bin/gnutls-serv + +RUN pip3 install --no-cache-dir \ + mbed-host-tests \ + mock diff --git a/tests/make-in-docker.sh b/tests/make-in-docker.sh new file mode 100755 index 000000000..4fbfe1ccb --- /dev/null +++ b/tests/make-in-docker.sh @@ -0,0 +1,31 @@ +#!/bin/bash -eu + +# make-in-docker.sh +# +# Purpose +# ------- +# This runs make in a Docker container. +# +# See also: +# - scripts/docker_env.sh for general Docker prerequisites and other information. + +# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) + +source tests/scripts/docker_env.sh + +run_in_docker make $@ diff --git a/tests/scripts/all-in-docker.sh b/tests/scripts/all-in-docker.sh new file mode 100755 index 000000000..ee9a09290 --- /dev/null +++ b/tests/scripts/all-in-docker.sh @@ -0,0 +1,37 @@ +#!/bin/bash -eu + +# all-in-docker.sh +# +# Purpose +# ------- +# This runs all.sh (except for armcc) in a Docker container. +# +# Notes for users +# --------------- +# See docker_env.sh for prerequisites and other information. +# +# See also all.sh for notes about invocation of that script. + +# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) + +source tests/scripts/docker_env.sh + +# Run tests that are possible with openly available compilers +run_in_docker tests/scripts/all.sh \ + --no-armcc \ + $@ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 3e3fab45c..5121e1746 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -223,6 +223,11 @@ cleanup() rm -f programs/test/cmake_subproject/Makefile rm -f programs/test/cmake_subproject/cmake_subproject + # Remove any artifacts from the component_test_cmake_as_subdirectory test. + rm -rf programs/test/cmake_subproject/build + rm -f programs/test/cmake_subproject/Makefile + rm -f programs/test/cmake_subproject/cmake_subproject + if [ -f "$CONFIG_BAK" ]; then mv "$CONFIG_BAK" "$CONFIG_H" fi @@ -541,7 +546,7 @@ component_check_files () { component_check_names () { msg "test/build: declared and exported names" # < 3s - record_status tests/scripts/check-names.sh + record_status tests/scripts/check-names.sh -v } component_check_doxygen_warnings () { @@ -580,6 +585,19 @@ component_test_ref_configs () { record_status tests/scripts/test-ref-configs.pl } +component_test_no_pem_no_fs () { + msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)" + scripts/config.pl unset MBEDTLS_PEM_PARSE_C + scripts/config.pl unset MBEDTLS_FS_IO + scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem + scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s + make test +} + component_test_rsa_no_crt () { msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min scripts/config.pl set MBEDTLS_RSA_NO_CRT @@ -642,7 +660,6 @@ component_build_deprecated () { make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests } - component_test_depends_curves () { msg "test/build: curves.pl (gcc)" # ~ 4 min record_status tests/scripts/curves.pl @@ -669,24 +686,38 @@ component_build_default_make_gcc_and_cxx () { make TEST_CPP=1 } -component_test_use_psa_crypto_full_cmake_asan() { - # MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh +component_test_no_use_psa_crypto_full_cmake_asan() { + # full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh msg "build: cmake, full config + MBEDTLS_USE_PSA_CRYPTO, ASan" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests - scripts/config.pl unset MBEDTLS_ECP_RESTARTABLE # restartable ECC not supported through PSA + scripts/config.pl set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC scripts/config.pl set MBEDTLS_PSA_CRYPTO_C - scripts/config.pl set MBEDTLS_USE_PSA_CRYPTO + scripts/config.pl unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C + scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: main suites (MBEDTLS_USE_PSA_CRYPTO)" + msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)" make test } +component_test_check_params_functionality () { + msg "build+test: MBEDTLS_CHECK_PARAMS functionality" + scripts/config.pl full # includes CHECK_PARAMS + # Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed(). + scripts/config.pl unset MBEDTLS_CHECK_PARAMS_ASSERT + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + # Only build and run tests. Do not build sample programs, because + # they don't have a mbedtls_param_failed() function. + make CC=gcc CFLAGS='-Werror -O1' lib test +} + component_test_check_params_without_platform () { msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C" scripts/config.pl full # includes CHECK_PARAMS + # Keep MBEDTLS_PARAM_FAILED as assert. scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT @@ -704,6 +735,7 @@ component_test_check_params_silent () { msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()" scripts/config.pl full # includes CHECK_PARAMS scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + # Set MBEDTLS_PARAM_FAILED to nothing. sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H" make CC=gcc CFLAGS='-Werror -O1' all test } @@ -726,7 +758,6 @@ component_test_no_platform () { scripts/config.pl unset MBEDTLS_FS_IO scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C - scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, # to re-enable platform integration features otherwise disabled in C99 builds make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs @@ -799,14 +830,14 @@ component_test_aes_fewer_tables_and_rom_tables () { component_test_make_shared () { msg "build/test: make shared" # ~ 40s - make SHARED=1 all check + make SHARED=1 all check -j1 } component_test_m32_o0 () { # Build once with -O0, to compile out the i386 specific inline assembly msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s scripts/config.pl full - make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' + make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address' msg "test: i386, make, gcc -O0 (ASan build)" make test @@ -825,7 +856,7 @@ component_test_m32_o1 () { scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.pl unset MBEDTLS_MEMORY_DEBUG - make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' + make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address' msg "test: i386, make, gcc -O1 (ASan build)" make test @@ -837,7 +868,7 @@ support_test_m32_o1 () { component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s scripts/config.pl full - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' + make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' msg "test: 64-bit ILP32, make, gcc" make test @@ -905,39 +936,13 @@ component_test_no_64bit_multiplication () { component_build_arm_none_eabi_gcc () { msg "build: arm-none-eabi-gcc, make" # ~ 10s - scripts/config.pl full - scripts/config.pl unset MBEDTLS_TIMING_C - scripts/config.pl unset MBEDTLS_FS_IO - scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C - scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C - scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C - scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY - # following things are not in the default config - scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c - scripts/config.pl unset MBEDTLS_THREADING_PTHREAD - scripts/config.pl unset MBEDTLS_THREADING_C - scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h - scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + scripts/config.pl baremetal make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib } component_build_arm_none_eabi_gcc_no_udbl_division () { msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s - scripts/config.pl full - scripts/config.pl unset MBEDTLS_TIMING_C - scripts/config.pl unset MBEDTLS_FS_IO - scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C - scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C - scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C - scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY - # following things are not in the default config - scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c - scripts/config.pl unset MBEDTLS_THREADING_PTHREAD - scripts/config.pl unset MBEDTLS_THREADING_C - scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h - scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + scripts/config.pl baremetal scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib echo "Checking that software 64-bit division is not required" @@ -946,20 +951,7 @@ component_build_arm_none_eabi_gcc_no_udbl_division () { component_build_arm_none_eabi_gcc_no_64bit_multiplication () { msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s - scripts/config.pl full - scripts/config.pl unset MBEDTLS_TIMING_C - scripts/config.pl unset MBEDTLS_FS_IO - scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C - scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C - scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C - scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY - # following things are not in the default config - scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c - scripts/config.pl unset MBEDTLS_THREADING_PTHREAD - scripts/config.pl unset MBEDTLS_THREADING_C - scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h - scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + scripts/config.pl baremetal scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib echo "Checking that software 64-bit multiplication is not required" @@ -968,24 +960,7 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () { component_build_armcc () { msg "build: ARM Compiler 5, make" - scripts/config.pl full - scripts/config.pl unset MBEDTLS_TIMING_C - scripts/config.pl unset MBEDTLS_FS_IO - scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C - scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C - scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C - scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.pl unset MBEDTLS_HAVE_TIME - scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE - scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY - # following things are not in the default config - scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING - scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c - scripts/config.pl unset MBEDTLS_THREADING_PTHREAD - scripts/config.pl unset MBEDTLS_THREADING_C - scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h - scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit - scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME + scripts/config.pl baremetal make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib make clean @@ -1008,15 +983,15 @@ component_build_armcc () { component_build_mingw () { msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs + make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs -j1 # note Make tests only builds the tests, but doesn't run them - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests + make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests -j1 make WINDOWS_BUILD=1 clean msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests + make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs -j1 + make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests -j1 make WINDOWS_BUILD=1 clean } support_build_mingw() { diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index a653001e7..54ca93413 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -43,6 +43,7 @@ echo # Step 1 - Make and instrumented build for code coverage export CFLAGS=' --coverage -g3 -O0 ' +export LDFLAGS=' --coverage' make clean cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full @@ -53,6 +54,9 @@ make -j # Step 2 - Execute the tests TEST_OUTPUT=out_${PPID} cd tests +if [ ! -f "seedfile" ]; then + dd if=/dev/urandom of="seedfile" bs=32 count=1 +fi # Step 2a - Unit Tests perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT diff --git a/tests/scripts/basic-in-docker.sh b/tests/scripts/basic-in-docker.sh new file mode 100755 index 000000000..096f8edd8 --- /dev/null +++ b/tests/scripts/basic-in-docker.sh @@ -0,0 +1,47 @@ +#!/bin/bash -eu + +# basic-in-docker.sh +# +# Purpose +# ------- +# This runs a rough equivalent of the travis.yml in a Docker container. +# The tests are run for both clang and gcc. +# +# Notes for users +# --------------- +# See docker_env.sh for prerequisites and other information. + +# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) + +source tests/scripts/docker_env.sh + +run_in_docker tests/scripts/recursion.pl library/*.c +run_in_docker tests/scripts/check-generated-files.sh +run_in_docker tests/scripts/check-doxy-blocks.pl +run_in_docker tests/scripts/check-names.sh +run_in_docker tests/scripts/check-files.py +run_in_docker tests/scripts/doxygen.sh + +for compiler in clang gcc; do + run_in_docker -e CC=${compiler} cmake -D CMAKE_BUILD_TYPE:String="Check" . + run_in_docker -e CC=${compiler} make + run_in_docker -e CC=${compiler} make test + run_in_docker programs/test/selftest + run_in_docker tests/scripts/test-ref-configs.pl + run_in_docker tests/scripts/curves.pl +done diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 00fd0edfb..255bed8b9 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -1,14 +1,12 @@ #!/usr/bin/env python3 + +# This file is part of Mbed TLS (https://tls.mbed.org) +# Copyright (c) 2018, Arm Limited, All Rights Reserved + """ -This file is part of Mbed TLS (https://tls.mbed.org) - -Copyright (c) 2018, Arm Limited, All Rights Reserved - -Purpose - This script checks the current state of the source code for minor issues, including incorrect file permissions, presence of tabs, non-Unix line endings, -trailing whitespace, presence of UTF-8 BOM, and TODO comments. +trailing whitespace, and presence of UTF-8 BOM. Note: requires python 3, must be run from Mbed TLS root. """ @@ -170,19 +168,6 @@ class MergeArtifactIssueTracker(LineIssueTracker): return True return False -class TodoIssueTracker(LineIssueTracker): - """Track lines containing ``TODO``.""" - - heading = "TODO present:" - files_exemptions = frozenset([ - os.path.basename(__file__), - "benchmark.c", - "pull_request_template.md", - ]) - - def issue_with_line(self, line, _filepath): - return b"todo" in line.lower() - class IntegrityChecker(object): """Sanity-check files under the current directory.""" @@ -211,7 +196,6 @@ class IntegrityChecker(object): TrailingWhitespaceIssueTracker(), TabIssueTracker(), MergeArtifactIssueTracker(), - TodoIssueTracker(), ] @staticmethod @@ -257,15 +241,7 @@ class IntegrityChecker(object): def run_main(): - parser = argparse.ArgumentParser( - description=( - "This script checks the current state of the source code for " - "minor issues, including incorrect file permissions, " - "presence of tabs, non-Unix line endings, trailing whitespace, " - "presence of UTF-8 BOM, and TODO comments. " - "Note: requires python 3, must be run from Mbed TLS root." - ) - ) + parser = argparse.ArgumentParser(description=__doc__) parser.add_argument( "-l", "--log_file", type=str, help="path to optional output log", ) diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index 925037c33..7d2302cb2 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -2,26 +2,42 @@ # # This file is part of mbed TLS (https://tls.mbed.org) # -# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved -# -# Purpose -# -# This script confirms that the naming of all symbols and identifiers in mbed -# TLS are consistent with the house style and are also self-consistent. -# +# Copyright (c) 2015-2019, ARM Limited, All Rights Reserved + set -eu +if [ $# -ne 0 ] && [ "$1" = "--help" ]; then + cat </dev/null; then :; else echo "This script requires GNU grep.">&2 exit 1 fi +trace= +if [ $# -ne 0 ] && [ "$1" = "-v" ]; then + shift + trace='-x' + exec 2>check-names.err + trap 'echo "FAILED UNEXPECTEDLY, status=$?"; + cat check-names.err' EXIT + set -x +fi + printf "Analysing source code...\n" -tests/scripts/list-macros.sh +sh $trace tests/scripts/list-macros.sh tests/scripts/list-enum-consts.pl -tests/scripts/list-identifiers.sh -tests/scripts/list-symbols.sh +sh $trace tests/scripts/list-identifiers.sh +sh $trace tests/scripts/list-symbols.sh FAIL=0 @@ -82,6 +98,12 @@ else FAIL=1 fi +if [ -n "$trace" ]; then + set +x + trap - EXIT + rm check-names.err +fi + printf "\nOverall: " if [ "$FAIL" -eq 0 ]; then rm macros actual-macros enum-consts identifiers exported-symbols diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl index ddc90c580..4791d5521 100755 --- a/tests/scripts/curves.pl +++ b/tests/scripts/curves.pl @@ -57,7 +57,7 @@ for my $curve (@curves) { system( "CFLAGS='-Werror -Wall -Wextra' make lib" ) and abort "Failed to build lib: $curve\n"; - system( "cd tests && make" ) and abort "Failed to build tests: $curve\n"; + system( "make" ) and abort "Failed to build tests: $curve\n"; system( "make test" ) and abort "Failed test suite: $curve\n"; } diff --git a/tests/scripts/docker_env.sh b/tests/scripts/docker_env.sh new file mode 100755 index 000000000..8bdc42579 --- /dev/null +++ b/tests/scripts/docker_env.sh @@ -0,0 +1,93 @@ +#!/bin/bash -eu + +# docker_env.sh +# +# Purpose +# ------- +# +# This is a helper script to enable running tests under a Docker container, +# thus making it easier to get set up as well as isolating test dependencies +# (which include legacy/insecure configurations of openssl and gnutls). +# +# Notes for users +# --------------- +# This script expects a Linux x86_64 system with a recent version of Docker +# installed and available for use, as well as http/https access. If a proxy +# server must be used, invoke this script with the usual environment variables +# (http_proxy and https_proxy) set appropriately. If an alternate Docker +# registry is needed, specify MBEDTLS_DOCKER_REGISTRY to point at the +# host name. +# +# +# Running this script directly will check for Docker availability and set up +# the Docker image. + +# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) + + +# default values, can be overridden by the environment +: ${MBEDTLS_DOCKER_GUEST:=bionic} + + +DOCKER_IMAGE_TAG="armmbed/mbedtls-test:${MBEDTLS_DOCKER_GUEST}" + +# Make sure docker is available +if ! which docker > /dev/null; then + echo "Docker is required but doesn't seem to be installed. See https://www.docker.com/ to get started" + exit 1 +fi + +# Figure out if we need to 'sudo docker' +if groups | grep docker > /dev/null; then + DOCKER="docker" +else + echo "Using sudo to invoke docker since you're not a member of the docker group..." + DOCKER="sudo docker" +fi + +# Build the Docker image +echo "Getting docker image up to date (this may take a few minutes)..." +${DOCKER} image build \ + -t ${DOCKER_IMAGE_TAG} \ + --cache-from=${DOCKER_IMAGE_TAG} \ + --build-arg MAKEFLAGS_PARALLEL="-j $(nproc)" \ + --network host \ + ${http_proxy+--build-arg http_proxy=${http_proxy}} \ + ${https_proxy+--build-arg https_proxy=${https_proxy}} \ + ${MBEDTLS_DOCKER_REGISTRY+--build-arg MY_REGISTRY="${MBEDTLS_DOCKER_REGISTRY}/"} \ + tests/docker/${MBEDTLS_DOCKER_GUEST} + +run_in_docker() +{ + ENV_ARGS="" + while [ "$1" == "-e" ]; do + ENV_ARGS="${ENV_ARGS} $1 $2" + shift 2 + done + + ${DOCKER} container run -it --rm \ + --cap-add SYS_PTRACE \ + --user "$(id -u):$(id -g)" \ + --volume $PWD:$PWD \ + --workdir $PWD \ + -e MAKEFLAGS \ + -e PYLINTHOME=/tmp/.pylintd \ + ${ENV_ARGS} \ + ${DOCKER_IMAGE_TAG} \ + $@ +} diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh index c25871942..930722c1b 100755 --- a/tests/scripts/list-symbols.sh +++ b/tests/scripts/list-symbols.sh @@ -14,8 +14,21 @@ fi cp include/mbedtls/config.h include/mbedtls/config.h.bak scripts/config.pl full -CFLAGS=-fno-asynchronous-unwind-tables make clean lib >/dev/null 2>&1 +make clean +make_ret= +CFLAGS=-fno-asynchronous-unwind-tables make lib \ + >list-symbols.make.log 2>&1 || + { + make_ret=$? + echo "Build failure: CFLAGS=-fno-asynchronous-unwind-tables make lib" + cat list-symbols.make.log >&2 + } +rm list-symbols.make.log mv include/mbedtls/config.h.bak include/mbedtls/config.h +if [ -n "$make_ret" ]; then + exit "$make_ret" +fi + if uname | grep -F Darwin >/dev/null; then nm -gUj library/libmbed*.a 2>/dev/null | sed -n -e 's/^_//p' elif uname | grep -F Linux >/dev/null; then diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py index ac2912d4c..6ac68a4fb 100755 --- a/tests/scripts/mbedtls_test.py +++ b/tests/scripts/mbedtls_test.py @@ -79,7 +79,7 @@ class TestDataParser(object): split_colon_fn = lambda x: re.sub(r'\\' + split_char, split_char, x) if len(split_char) > 1: raise ValueError('Expected split character. Found string!') - out = map(split_colon_fn, re.split(r'(?false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/benchmark.vcxproj b/visualc/VS2010/benchmark.vcxproj index 934c84438..ffbd1ad4d 100644 --- a/visualc/VS2010/benchmark.vcxproj +++ b/visualc/VS2010/benchmark.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/crypt_and_hash.vcxproj b/visualc/VS2010/crypt_and_hash.vcxproj index 99199d965..fb7ef77d1 100644 --- a/visualc/VS2010/crypt_and_hash.vcxproj +++ b/visualc/VS2010/crypt_and_hash.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/crypto_examples.vcxproj b/visualc/VS2010/crypto_examples.vcxproj index 9ca6b6485..2fa23a7f9 100644 --- a/visualc/VS2010/crypto_examples.vcxproj +++ b/visualc/VS2010/crypto_examples.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/dh_genprime.vcxproj b/visualc/VS2010/dh_genprime.vcxproj index d9c19009a..fdd6c6fdf 100644 --- a/visualc/VS2010/dh_genprime.vcxproj +++ b/visualc/VS2010/dh_genprime.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/ecdh_curve25519.vcxproj b/visualc/VS2010/ecdh_curve25519.vcxproj index 1120111f1..748b6d121 100644 --- a/visualc/VS2010/ecdh_curve25519.vcxproj +++ b/visualc/VS2010/ecdh_curve25519.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/ecdsa.vcxproj b/visualc/VS2010/ecdsa.vcxproj index 3718c9f27..03418d082 100644 --- a/visualc/VS2010/ecdsa.vcxproj +++ b/visualc/VS2010/ecdsa.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/gen_entropy.vcxproj b/visualc/VS2010/gen_entropy.vcxproj index 4c57655b2..89b41c081 100644 --- a/visualc/VS2010/gen_entropy.vcxproj +++ b/visualc/VS2010/gen_entropy.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/gen_key.vcxproj b/visualc/VS2010/gen_key.vcxproj index a07e1aacc..c8ea11f42 100644 --- a/visualc/VS2010/gen_key.vcxproj +++ b/visualc/VS2010/gen_key.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/gen_random_ctr_drbg.vcxproj b/visualc/VS2010/gen_random_ctr_drbg.vcxproj index 11740c448..64200afbe 100644 --- a/visualc/VS2010/gen_random_ctr_drbg.vcxproj +++ b/visualc/VS2010/gen_random_ctr_drbg.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/gen_random_havege.vcxproj b/visualc/VS2010/gen_random_havege.vcxproj index 01253ceef..70c8138a0 100644 --- a/visualc/VS2010/gen_random_havege.vcxproj +++ b/visualc/VS2010/gen_random_havege.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/generic_sum.vcxproj b/visualc/VS2010/generic_sum.vcxproj index 0f2ecb43c..21bd90f62 100644 --- a/visualc/VS2010/generic_sum.vcxproj +++ b/visualc/VS2010/generic_sum.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/hello.vcxproj b/visualc/VS2010/hello.vcxproj index c986b07be..b5f6eb005 100644 --- a/visualc/VS2010/hello.vcxproj +++ b/visualc/VS2010/hello.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/key_app.vcxproj b/visualc/VS2010/key_app.vcxproj index f96a0b052..0fc246a8f 100644 --- a/visualc/VS2010/key_app.vcxproj +++ b/visualc/VS2010/key_app.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/key_app_writer.vcxproj b/visualc/VS2010/key_app_writer.vcxproj index 0e4af3a58..e4ef62b04 100644 --- a/visualc/VS2010/key_app_writer.vcxproj +++ b/visualc/VS2010/key_app_writer.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/key_ladder_demo.vcxproj b/visualc/VS2010/key_ladder_demo.vcxproj index 80914ffbe..b8fe6a09b 100644 --- a/visualc/VS2010/key_ladder_demo.vcxproj +++ b/visualc/VS2010/key_ladder_demo.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/mpi_demo.vcxproj b/visualc/VS2010/mpi_demo.vcxproj index d68bc75b3..d770d35af 100644 --- a/visualc/VS2010/mpi_demo.vcxproj +++ b/visualc/VS2010/mpi_demo.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/pem2der.vcxproj b/visualc/VS2010/pem2der.vcxproj index 507c79a4d..2f1248c5d 100644 --- a/visualc/VS2010/pem2der.vcxproj +++ b/visualc/VS2010/pem2der.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/pk_decrypt.vcxproj b/visualc/VS2010/pk_decrypt.vcxproj index 5ccaf4f1e..168adf34b 100644 --- a/visualc/VS2010/pk_decrypt.vcxproj +++ b/visualc/VS2010/pk_decrypt.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/pk_encrypt.vcxproj b/visualc/VS2010/pk_encrypt.vcxproj index d5ef208d8..bb09f06aa 100644 --- a/visualc/VS2010/pk_encrypt.vcxproj +++ b/visualc/VS2010/pk_encrypt.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/pk_sign.vcxproj b/visualc/VS2010/pk_sign.vcxproj index d21f17a41..98941f4be 100644 --- a/visualc/VS2010/pk_sign.vcxproj +++ b/visualc/VS2010/pk_sign.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/pk_verify.vcxproj b/visualc/VS2010/pk_verify.vcxproj index 637ddd6f5..6d3006e61 100644 --- a/visualc/VS2010/pk_verify.vcxproj +++ b/visualc/VS2010/pk_verify.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/psa_constant_names.vcxproj b/visualc/VS2010/psa_constant_names.vcxproj index 2618c7c0a..41cb85b6d 100644 --- a/visualc/VS2010/psa_constant_names.vcxproj +++ b/visualc/VS2010/psa_constant_names.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/query_compile_time_config.vcxproj b/visualc/VS2010/query_compile_time_config.vcxproj index dcb6f32c7..8e7f07bd0 100644 --- a/visualc/VS2010/query_compile_time_config.vcxproj +++ b/visualc/VS2010/query_compile_time_config.vcxproj @@ -55,7 +55,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/rsa_decrypt.vcxproj b/visualc/VS2010/rsa_decrypt.vcxproj index 9e1d0a20e..ffba32a6a 100644 --- a/visualc/VS2010/rsa_decrypt.vcxproj +++ b/visualc/VS2010/rsa_decrypt.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/rsa_encrypt.vcxproj b/visualc/VS2010/rsa_encrypt.vcxproj index c3b03716c..9f5f32784 100644 --- a/visualc/VS2010/rsa_encrypt.vcxproj +++ b/visualc/VS2010/rsa_encrypt.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/rsa_genkey.vcxproj b/visualc/VS2010/rsa_genkey.vcxproj index e6b506000..824e3043c 100644 --- a/visualc/VS2010/rsa_genkey.vcxproj +++ b/visualc/VS2010/rsa_genkey.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/rsa_sign.vcxproj b/visualc/VS2010/rsa_sign.vcxproj index c1147c3c2..dda4756cd 100644 --- a/visualc/VS2010/rsa_sign.vcxproj +++ b/visualc/VS2010/rsa_sign.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/rsa_sign_pss.vcxproj b/visualc/VS2010/rsa_sign_pss.vcxproj index adfee6d9c..31da8cade 100644 --- a/visualc/VS2010/rsa_sign_pss.vcxproj +++ b/visualc/VS2010/rsa_sign_pss.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/rsa_verify.vcxproj b/visualc/VS2010/rsa_verify.vcxproj index bb44b4f9d..b78dfc338 100644 --- a/visualc/VS2010/rsa_verify.vcxproj +++ b/visualc/VS2010/rsa_verify.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/rsa_verify_pss.vcxproj b/visualc/VS2010/rsa_verify_pss.vcxproj index 7781aa51a..220ad2d42 100644 --- a/visualc/VS2010/rsa_verify_pss.vcxproj +++ b/visualc/VS2010/rsa_verify_pss.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/selftest.vcxproj b/visualc/VS2010/selftest.vcxproj index 12ff76d70..1f5e10918 100644 --- a/visualc/VS2010/selftest.vcxproj +++ b/visualc/VS2010/selftest.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/strerror.vcxproj b/visualc/VS2010/strerror.vcxproj index d7ec570d6..c3ec8fa74 100644 --- a/visualc/VS2010/strerror.vcxproj +++ b/visualc/VS2010/strerror.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/zeroize.vcxproj b/visualc/VS2010/zeroize.vcxproj index 9d311c721..dff71d30e 100644 --- a/visualc/VS2010/zeroize.vcxproj +++ b/visualc/VS2010/zeroize.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK