Merge pull request #4498 from netfoundry/gcc11.fixes_2.16
Backport 2.16: build with gcc11
diff --git a/ChangeLog.d/ciphersuite-sha1-sha384-guard.txt b/ChangeLog.d/ciphersuite-sha1-sha384-guard.txt
new file mode 100644
index 0000000..d253f34
--- /dev/null
+++ b/ChangeLog.d/ciphersuite-sha1-sha384-guard.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available
+ when SHA-1 was disabled and was offered when SHA-1 was enabled but SHA-384
+ was disabled. Fix the dependency. Fixes #4472.
diff --git a/ChangeLog.d/make-generate-tests-python.txt b/ChangeLog.d/make-generate-tests-python.txt
new file mode 100644
index 0000000..0feeff8
--- /dev/null
+++ b/ChangeLog.d/make-generate-tests-python.txt
@@ -0,0 +1,4 @@
+Changes
+ * When building the test suites with GNU make, invoke python3 or python, not
+ python2. The build still works with either Python 2.7 or 3.5+, but we
+ recommend using a version of Python that is supported upstream.
diff --git a/ChangeLog.d/posix-define.txt b/ChangeLog.d/posix-define.txt
new file mode 100644
index 0000000..98cf2d0
--- /dev/null
+++ b/ChangeLog.d/posix-define.txt
@@ -0,0 +1,6 @@
+Bugfix
+ * In library/net_sockets.c, _POSIX_C_SOURCE and _XOPEN_SOURCE are
+ defined to specific values. If the code is used in a context
+ where these are already defined, this can result in a compilation
+ error. Instead, assume that if they are defined, the values will
+ be adequate to build Mbed TLS.
diff --git a/include/mbedtls/padlock.h b/include/mbedtls/padlock.h
index d8246e2..0e4a6bb 100644
--- a/include/mbedtls/padlock.h
+++ b/include/mbedtls/padlock.h
@@ -98,7 +98,7 @@
*
* \param feature The feature to detect
*
- * \return 1 if CPU has support for the feature, 0 otherwise
+ * \return non-zero if CPU has support for the feature, 0 otherwise
*/
int mbedtls_padlock_has_support( int feature );
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 671115f..3874783 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -47,11 +47,15 @@
/* Enable definition of getaddrinfo() even when compiling with -std=c99. Must
* be set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */
+#ifndef _POSIX_C_SOURCE
#define _POSIX_C_SOURCE 200112L
+#endif
#if defined(__NetBSD__)
+#ifndef _XOPEN_SOURCE
#define _XOPEN_SOURCE 600 /* sockaddr_storage */
#endif
+#endif
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 090040e..01df17a 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -918,13 +918,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA1_C)
+#if defined(MBEDTLS_SHA512_C)
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_SHA512_C */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
diff --git a/tests/Makefile b/tests/Makefile
index 1555b55..29f2fa1 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -44,8 +44,7 @@
DLEXT ?= so
EXEXT=
SHARED_SUFFIX=
-# python2 for POSIX since FreeBSD has only python2 as default.
-PYTHON ?= python2
+PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi)
endif
# Zlib shared library extensions:
@@ -63,7 +62,7 @@
.SILENT:
-.PHONY: all check test clean
+.PHONY: all c_files check test clean
all: $(BINARIES)
@@ -71,6 +70,7 @@
$(MAKE) -C ../library
C_FILES := $(addsuffix .c,$(APPS))
+c_files: $(C_FILES)
# Wildcard target for test code generation:
# A .c file is generated for each .data file in the suites/ directory. Each .c
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1e56c3e..1a4de44 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -691,6 +691,18 @@
record_status tests/scripts/doxygen.sh
}
+component_check_python2 () {
+ # Check that what used to work with Python 2 still works with Python 2.
+ msg "check: python2 compatibility"
+ mkdir -p tests/with_python2 tests/with_python3
+ make -C tests PYTHON=python2 c_files
+ mv tests/test_suite_*.c tests/with_python2/
+ make -C tests PYTHON=python3 c_files
+ mv tests/test_suite_*.c tests/with_python3/
+ diff -r tests/with_python2 tests/with_python3
+ rm -rf tests/with_python2 tests/with_python3
+}
+
################################################################
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index f452b37..b74ed55 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -1,4 +1,7 @@
#!/usr/bin/env python3
+
+# This script should still be compatible with Python 2 in Mbed TLS 2.16.x.
+
# Test suites code generator.
#
# Copyright The Mbed TLS Contributors