Merge remote-tracking branch 'public/pr/1222' into mbedtls-1.3
* public/pr/1222:
all.sh: add some documentation
all.sh: new option --no-armcc
all.sh: --keep-going mode
all.sh: cleaned up usage output
all.sh: indent
diff --git a/ChangeLog b/ChangeLog
index 7903fc7..b3bab77 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -43,6 +43,8 @@
* Fix word size check in in pk.c to not depend on MBEDTLS_HAVE_INT64.
* Fix crash when calling mbedtls_ssl_cache_free() twice. Found by
MilenkoMitrovic, #1104
+ * Fix mbedtls_timing_alarm(0) on Unix.
+ * Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1.
Changes
* Extend cert_write example program by options to set the CRT version
diff --git a/library/timing.c b/library/timing.c
index 50410df..1489383 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -234,21 +234,23 @@
unsigned long get_timer( struct hr_time *val, int reset )
{
- unsigned long delta;
- LARGE_INTEGER offset, hfreq;
struct _hr_time *t = (struct _hr_time *) val;
- QueryPerformanceCounter( &offset );
- QueryPerformanceFrequency( &hfreq );
-
- delta = (unsigned long)( ( 1000 *
- ( offset.QuadPart - t->start.QuadPart ) ) /
- hfreq.QuadPart );
-
if( reset )
+ {
QueryPerformanceCounter( &t->start );
-
- return( delta );
+ return( 0 );
+ }
+ else
+ {
+ unsigned long delta;
+ LARGE_INTEGER now, hfreq;
+ QueryPerformanceCounter( &now );
+ QueryPerformanceFrequency( &hfreq );
+ delta = (unsigned long)( ( now.QuadPart - t->start.QuadPart ) * 1000ul
+ / hfreq.QuadPart );
+ return( delta );
+ }
}
/* It's OK to use a global because alarm() is supposed to be global anyway */
@@ -280,23 +282,22 @@
unsigned long get_timer( struct hr_time *val, int reset )
{
- unsigned long delta;
- struct timeval offset;
struct _hr_time *t = (struct _hr_time *) val;
- gettimeofday( &offset, NULL );
-
if( reset )
{
- t->start.tv_sec = offset.tv_sec;
- t->start.tv_usec = offset.tv_usec;
+ gettimeofday( &t->start, NULL );
return( 0 );
}
-
- delta = ( offset.tv_sec - t->start.tv_sec ) * 1000
- + ( offset.tv_usec - t->start.tv_usec ) / 1000;
-
- return( delta );
+ else
+ {
+ unsigned long delta;
+ struct timeval now;
+ gettimeofday( &now, NULL );
+ delta = ( now.tv_sec - t->start.tv_sec ) * 1000ul
+ + ( now.tv_usec - t->start.tv_usec ) / 1000;
+ return( delta );
+ }
}
#if defined(INTEGRITY)
@@ -318,6 +319,12 @@
alarmed = 0;
signal( SIGALRM, sighandler );
alarm( seconds );
+ if( seconds == 0 )
+ {
+ /* alarm(0) cancelled any previous pending alarm, but the
+ handler won't fire, so raise the flag straight away. */
+ alarmed = 1;
+ }
}
void m_sleep( int milliseconds )
@@ -359,6 +366,19 @@
(void) j;
}
+#define FAIL do \
+ { \
+ if( verbose != 0 ) \
+ { \
+ polarssl_printf( "failed at line %d\n", __LINE__ ); \
+ polarssl_printf( " cycles=%lu ratio=%lu millisecs=%lu secs=%lu hardfail=%d\n", \
+ cycles, ratio, millisecs, secs, hardfail ); \
+ polarssl_printf( " elapsed(hires)=%lu\n", \
+ get_timer( &hires, 0 ) ); \
+ } \
+ return( 1 ); \
+ } while( 0 )
+
/*
* Checkup routine
*
@@ -367,9 +387,9 @@
*/
int timing_self_test( int verbose )
{
- unsigned long cycles, ratio;
- unsigned long millisecs, secs;
- int hardfail;
+ unsigned long cycles = 0, ratio = 0;
+ unsigned long millisecs = 0, secs = 0;
+ int hardfail = 0;
struct hr_time hires;
if( verbose != 0 )
@@ -378,8 +398,8 @@
if( verbose != 0 )
polarssl_printf( " TIMING test #1 (m_sleep / get_timer): " );
- for( secs = 1; secs <= 3; secs++ )
{
+ secs = 1;
(void) get_timer( &hires, 1 );
m_sleep( (int)( 500 * secs ) );
@@ -387,12 +407,7 @@
millisecs = get_timer( &hires, 0 );
if( millisecs < 400 * secs || millisecs > 600 * secs )
- {
- if( verbose != 0 )
- polarssl_printf( "failed\n" );
-
- return( 1 );
- }
+ FAIL;
}
if( verbose != 0 )
@@ -401,8 +416,8 @@
if( verbose != 0 )
polarssl_printf( " TIMING test #2 (set_alarm / get_timer): " );
- for( secs = 1; secs <= 3; secs++ )
{
+ secs = 1;
(void) get_timer( &hires, 1 );
set_alarm( (int) secs );
@@ -414,12 +429,7 @@
/* For some reason on Windows it looks like alarm has an extra delay
* (maybe related to creating a new thread). Allow some room here. */
if( millisecs < 800 * secs || millisecs > 1200 * secs + 300 )
- {
- if( verbose != 0 )
- polarssl_printf( "failed\n" );
-
- return( 1 );
- }
+ FAIL;
}
if( verbose != 0 )
@@ -433,7 +443,6 @@
* On a 4Ghz 32-bit machine the cycle counter wraps about once per second;
* since the whole test is about 10ms, it shouldn't happen twice in a row.
*/
- hardfail = 0;
hard_test:
if( hardfail > 1 )
@@ -485,12 +494,7 @@
millisecs = get_timer( &hires, 0 );
if( millisecs < 400 * secs || millisecs > 600 * secs )
- {
- if( verbose != 0 )
- polarssl_printf( "failed\n" );
-
- return( 1 );
- }
+ FAIL;
}
if( verbose != 0 )
diff --git a/scripts/config.pl b/scripts/config.pl
index a50a80c..fd88211 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -1,22 +1,81 @@
#!/usr/bin/perl
-
-# Tune the configuration file
+#
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
+# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved
+#
+# Purpose
+#
+# Comments and uncomments #define lines in the given header file and optionally
+# sets their value or can get the value. This is to provide scripting control of
+# what preprocessor symbols, and therefore what build time configuration flags
+# are set in the 'config.h' file.
+#
+# Usage: config.pl [-f <file> | --file <file>] [-o | --force]
+# [set <symbol> <value> | unset <symbol> | get <symbol> |
+# full | realfull]
+#
+# Full usage description provided below.
+#
+# Things that shouldn't be enabled with "full".
+#
+# POLARSSL_TEST_NULL_ENTROPY
+# POLARSSL_DEPRECATED_REMOVED
+# POLARSSL_HAVE_SSE2
+# POLARSSL_PLATFORM_NO_STD_FUNCTIONS
+# POLARSSL_ECP_DP_M221_ENABLED
+# POLARSSL_ECP_DP_M383_ENABLED
+# POLARSSL_ECP_DP_M511_ENABLED
+# POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
+# POLARSSL_NO_PLATFORM_ENTROPY
+# POLARSSL_REMOVE_ARC4_CIPHERSUITES
+# POLARSSL_SSL_HW_RECORD_ACCEL
+# POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
+# POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+# - this could be enabled if the respective tests were adapted
+# POLARSSL_ZLIB_SUPPORT
+# POLARSSL_PKCS11_C
+# and any symbol beginning _ALT
+#
use warnings;
use strict;
+my $config_file = "include/polarssl/config.h";
my $usage = <<EOU;
-$0 [-f <file>] unset <name>
-$0 [-f <file>] set <name> [<value>]
-EOU
-# for our eyes only:
-# $0 [-f <file>] full
+$0 [-f <file> | --file <file>] [-o | --force]
+ [set <symbol> <value> | unset <symbol> | get <symbol> |
+ full | realfull | baremetal]
-# Things that shouldn't be enabled with "full".
-# Notes:
-# - POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 and
-# POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION could be enabled if the
-# respective tests were adapted
+Commands
+ set <symbol> [<value>] - Uncomments or adds a #define for the <symbol> to
+ the configuration file, and optionally making it
+ of <value>.
+ If the symbol isn't present in the file an error
+ is returned.
+ unset <symbol> - Comments out the #define for the given symbol if
+ present in the configuration file.
+ get <symbol> - Finds the #define for the given symbol, returning
+ an exitcode of 0 if the symbol is found, and 1 if
+ not. The value of the symbol is output if one is
+ specified in the configuration file.
+ full - Uncomments all #define's in the configuration file
+ excluding some reserved symbols, until the
+ 'Module configuration options' section
+ realfull - Uncomments all #define's with no exclusions
+ baremetal - Sets full configuration suitable for baremetal build.
+
+Options
+ -f | --file <filename> - The file or file path for the configuration file
+ to edit. When omitted, the following default is
+ used:
+ $config_file
+ -o | --force - If the symbol isn't present in the configuration
+ file when setting its value, a #define is
+ appended to the end of the file.
+
+EOU
+
my @excluded = qw(
POLARSSL_ERROR_STRERROR_BC
POLARSSL_MEMORY_C
@@ -39,86 +98,199 @@
_ALT\s*$
);
+# Things that should be disabled in "baremetal"
+my @excluded_baremetal = qw(
+POLARSSL_NET_C
+POLARSSL_TIMING_C
+POLARSSL_FS_IO
+POLARSSL_ENTROPY_NV_SEED
+POLARSSL_HAVE_TIME
+POLARSSL_HAVE_TIME_DATE
+POLARSSL_DEPRECATED_WARNING
+POLARSSL_HAVEGE_C
+POLARSSL_THREADING_C
+POLARSSL_THREADING_PTHREAD
+POLARSSL_MEMORY_BACKTRACE
+POLARSSL_MEMORY_BUFFER_ALLOC_C
+POLARSSL_PLATFORM_TIME_ALT
+POLARSSL_PLATFORM_FPRINTF_ALT
+);
+
# Things that should be enabled in "full" even if they match @excluded
my @non_excluded = qw(
PLATFORM_[A-Z0-9]+_ALT
);
-my $config_file = "include/polarssl/config.h";
+# Things that should be enabled in "baremetal"
+my @non_excluded_baremetal = qw(
+POLARSSL_NO_PLATFORM_ENTROPY
+);
-# get -f option
-if (@ARGV >= 2 && $ARGV[0] eq "-f") {
- shift; # -f
- $config_file = shift;
+# Process the command line arguments
- -f $config_file or die "No such file: $config_file\n";
-} else {
- if (! -f $config_file) {
- chdir '..' or die;
- -d $config_file
- or die "Without -f, must be run from root or scripts\n"
+my $force_option = 0;
+
+my ($arg, $name, $value, $action);
+
+while ($arg = shift) {
+
+ # Check if the argument is an option
+ if ($arg eq "-f" || $arg eq "--file") {
+ $config_file = shift;
+
+ -f $config_file or die "No such file: $config_file\n";
+
+ }
+ elsif ($arg eq "-o" || $arg eq "--force") {
+ $force_option = 1;
+
+ }
+ else
+ {
+ # ...else assume it's a command
+ $action = $arg;
+
+ if ($action eq "full" || $action eq "realfull" || $action eq "baremetal" ) {
+ # No additional parameters
+ die $usage if @ARGV;
+
+ }
+ elsif ($action eq "unset" || $action eq "get") {
+ die $usage unless @ARGV;
+ $name = shift;
+
+ }
+ elsif ($action eq "set") {
+ die $usage unless @ARGV;
+ $name = shift;
+ $value = shift if @ARGV;
+
+ }
+ else {
+ die "Command '$action' not recognised.\n\n".$usage;
+ }
}
}
-# get action
-die $usage unless @ARGV;
-my $action = shift;
+# If no command was specified, exit...
+if ( not defined($action) ){ die $usage; }
-my ($name, $value);
-if ($action eq "full") {
- # nothing to do
-} elsif ($action eq "unset") {
- die $usage unless @ARGV;
- $name = shift;
-} elsif ($action eq "set") {
- die $usage unless @ARGV;
- $name = shift;
- $value = shift if @ARGV;
-} else {
- die $usage;
+# Check the config file is present
+if (! -f $config_file) {
+
+ chdir '..' or die;
+
+ # Confirm this is the project root directory and try again
+ if ( !(-d 'scripts' && -d 'include' && -d 'library' && -f $config_file) ) {
+ die "If no file specified, must be run from the project root or scripts directory.\n";
+ }
}
-die $usage if @ARGV;
+
+
+# Now read the file and process the contents
open my $config_read, '<', $config_file or die "read $config_file: $!\n";
my @config_lines = <$config_read>;
close $config_read;
-my $exclude_re = join '|', @excluded;
-my $no_exclude_re = join '|', @non_excluded;
+# Add required baremetal symbols to the list that is included.
+if ( $action eq "baremetal" ) {
+ @non_excluded = ( @non_excluded, @non_excluded_baremetal );
+}
-open my $config_write, '>', $config_file or die "write $config_file: $!\n";
+my ($exclude_re, $no_exclude_re, $exclude_baremetal_re);
+if ($action eq "realfull") {
+ $exclude_re = qr/^$/;
+ $no_exclude_re = qr/./;
+} else {
+ $exclude_re = join '|', @excluded;
+ $no_exclude_re = join '|', @non_excluded;
+}
+if ( $action eq "baremetal" ) {
+ $exclude_baremetal_re = join '|', @excluded_baremetal;
+}
+
+my $config_write = undef;
+if ($action ne "get") {
+ open $config_write, '>', $config_file or die "write $config_file: $!\n";
+}
my $done;
for my $line (@config_lines) {
- if ($action eq "full") {
+ if ($action eq "full" || $action eq "realfull" || $action eq "baremetal" ) {
if ($line =~ /name SECTION: Module configuration options/) {
$done = 1;
}
if (!$done && $line =~ m!^//\s?#define! &&
- ( $line !~ /$exclude_re/ || $line =~ /$no_exclude_re/ ) ) {
- $line =~ s!^//!!;
+ ( $line !~ /$exclude_re/ || $line =~ /$no_exclude_re/ ) &&
+ ( $action ne "baremetal" || ( $line !~ /$exclude_baremetal_re/ ) ) ) {
+ $line =~ s!^//\s?!!;
+ }
+ if (!$done && $line =~ m!^\s?#define! &&
+ ! ( ( $line !~ /$exclude_re/ || $line =~ /$no_exclude_re/ ) &&
+ ( $action ne "baremetal" || ( $line !~ /$exclude_baremetal_re/ ) ) ) ) {
+ $line =~ s!^!//!;
}
} elsif ($action eq "unset") {
- if (!$done && $line =~ /^\s*#define\s*$name/) {
+ if (!$done && $line =~ /^\s*#define\s*$name\b/) {
$line = '//' . $line;
$done = 1;
}
} elsif (!$done && $action eq "set") {
- if ($line =~ m!^(?://)?\s*#define\s*$name!) {
+ if ($line =~ m!^(?://)?\s*#define\s*$name\b!) {
$line = "#define $name";
$line .= " $value" if defined $value && $value ne "";
$line .= "\n";
$done = 1;
}
+ } elsif (!$done && $action eq "get") {
+ if ($line =~ /^\s*#define\s*$name(?:\s+(.*?))\s*(?:$|\/\*|\/\/)/) {
+ $value = $1;
+ $done = 1;
+ }
}
- print $config_write $line;
+ if (defined $config_write) {
+ print $config_write $line or die "write $config_file: $!\n";
+ }
}
-close $config_write;
+# Did the set command work?
+if ($action eq "set" && $force_option && !$done) {
-warn "configuration section not found" if ($action eq "full" && !$done);
-warn "$name not found" if ($action ne "full" && !$done);
+ # If the force option was set, append the symbol to the end of the file
+ my $line = "#define $name";
+ $line .= " $value" if defined $value && $value ne "";
+ $line .= "\n";
+ $done = 1;
+
+ print $config_write $line or die "write $config_file: $!\n";
+}
+
+if (defined $config_write) {
+ close $config_write or die "close $config_file: $!\n";
+}
+
+if ($action eq "get") {
+ if ($done) {
+ if ($value ne '') {
+ print "$value\n";
+ }
+ exit 0;
+ } else {
+ # If the symbol was not found, return an error
+ exit 1;
+ }
+}
+
+if ($action eq "full" && !$done) {
+ die "Configuration section was not found in $config_file\n";
+
+}
+
+if ($action ne "full" && $action ne "unset" && !$done) {
+ die "A #define for the symbol $name was not found in $config_file\n";
+}
__END__
diff --git a/tests/compat.sh b/tests/compat.sh
index 8d057af..d22a281 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -764,6 +764,28 @@
fi
}
+# Wait for process $2 to be listening on port $1
+if type lsof >/dev/null 2>/dev/null; then
+ wait_server_start() {
+ START_TIME=$(date +%s)
+ while ! lsof -a -n -b -i "TCP:$1" -p "$2" >/dev/null 2>/dev/null; do
+ if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
+ echo "SERVERSTART TIMEOUT"
+ echo "SERVERSTART TIMEOUT" >> $SRV_OUT
+ break
+ fi
+ # Linux and *BSD support decimal arguments to sleep. On other
+ # OSes this may be a tight loop.
+ sleep 0.1 2>/dev/null || true
+ done
+ }
+else
+ wait_server_start() {
+ sleep 1
+ }
+fi
+
+
# start_server <name>
# also saves name and command
start_server() {
@@ -792,7 +814,7 @@
$SERVER_CMD >> $SRV_OUT 2>&1 &
PROCESS_ID=$!
- sleep 1
+ wait_server_start "$PORT" "$PROCESS_ID"
}
# terminate the running server
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 51d31fd..b82f18e 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -171,27 +171,26 @@
fi
}
-# wait for server to start: two versions depending on lsof availability
-wait_server_start() {
- if which lsof >/dev/null 2>&1; then
- START_TIME=$( date +%s )
- DONE=0
-
- # make a tight loop, server usually takes less than 1 sec to start
- while [ $DONE -eq 0 ]; do
- if lsof -nbi TCP:"$PORT" 2>/dev/null | grep LISTEN >/dev/null
- then
- DONE=1
- elif [ $(( $( date +%s ) - $START_TIME )) -gt $DOG_DELAY ]; then
- echo "SERVERSTART TIMEOUT"
- echo "SERVERSTART TIMEOUT" >> $SRV_OUT
- DONE=1
- fi
+# Wait for process $2 to be listening on port $1
+if type lsof >/dev/null 2>/dev/null; then
+ wait_server_start() {
+ START_TIME=$(date +%s)
+ while ! lsof -a -n -b -i "TCP:$1" -p "$2" >/dev/null 2>/dev/null; do
+ if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
+ echo "SERVERSTART TIMEOUT"
+ echo "SERVERSTART TIMEOUT" >> $SRV_OUT
+ break
+ fi
+ # Linux and *BSD support decimal arguments to sleep. On other
+ # OSes this may be a tight loop.
+ sleep 0.1 2>/dev/null || true
done
- else
+ }
+else
+ wait_server_start() {
sleep "$START_DELAY"
- fi
-}
+ }
+fi
# wait for client to terminate and set CLI_EXIT
# must be called right after starting the client
@@ -254,7 +253,7 @@
echo "$SRV_CMD" > $SRV_OUT
$SRV_CMD >> $SRV_OUT 2>&1 &
SRV_PID=$!
- wait_server_start
+ wait_server_start "$PORT" "$SRV_PID"
echo "$CLI_CMD" > $CLI_OUT
eval "$CLI_CMD" >> $CLI_OUT 2>&1 &