Merge remote-tracking branch 'origin/pr/2332' into development

library/CMakeLists.txt

@@ -98,6 +98,12 @@ if(CMAKE_COMPILER_IS_CLANG)
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code")
 endif(CMAKE_COMPILER_IS_CLANG)
 
+if(UNSAFE_BUILD)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error")
+    set(CMAKE_C_FLAGS_ASAN "${CMAKE_C_FLAGS_ASAN} -Wno-error")
+    set(CMAKE_C_FLAGS_ASANDBG "${CMAKE_C_FLAGS_ASANDBG} -Wno-error")
+endif(UNSAFE_BUILD)
+
 if(WIN32)
     set(libs ${libs} ws2_32)
 endif(WIN32)

tests/scripts/all.sh

@@ -59,27 +59,42 @@
 # following naming conventions:
 #  * pre_XXX: things to do before running the tests, in order.
 #  * component_XXX: independent components. They can be run in any order.
-#      * component_check_XXX: quick tests that aren't worth parallelizing
+#      * component_check_XXX: quick tests that aren't worth parallelizing.
-#      * component_build_XXX: build things but don't run them
+#      * component_build_XXX: build things but don't run them.
-#      * component_test_XXX: build and test
+#      * component_test_XXX: build and test.
+#  * support_XXX: if support_XXX exists and returns false then
+#    component_XXX is not run by default.
 #  * post_XXX: things to do after running the tests.
 #  * other: miscellaneous support functions.
 #
+# Each component must start by invoking `msg` with a short informative message.
+#
+# The framework performs some cleanup tasks after each component. This
+# means that components can assume that the working directory is in a
+# cleaned-up state, and don't need to perform the cleanup themselves.
+# * Run `make clean`.
+# * Restore `include/mbedtks/config.h` from a backup made before running
+#   the component.
+# * Check out `Makefile`, `library/Makefile`, `programs/Makefile` and
+#   `tests/Makefile` from git. This cleans up after an in-tree use of
+#   CMake.
+#
+# Any command that is expected to fail must be protected so that the
+# script keeps running in --keep-going mode despite `set -e`. In keep-going
+# mode, if a protected command fails, this is logged as a failure and the
+# script will exit with a failure status once it has run all components.
+# Commands can be protected in any of the following ways:
+# * `make` is a function which runs the `make` command with protection.
+#   Note that you must write `make VAR=value`, not `VAR=value make`,
+#   because the `VAR=value make` syntax doesn't work with functions.
+# * Put `report_status` before the command to protect it.
+# * Put `if_build_successful` before a command. This protects it, and
+#   additionally skips it if a prior invocation of `make` in the same
+#   component failed.
+#
 # The tests are roughly in order from fastest to slowest. This doesn't
 # have to be exact, but in general you should add slower tests towards
 # the end and fast checks near the beginning.
-#
-# Sanity checks have the following form:
-#   1. msg "short description of what is about to be done"
-#   2. run sanity check (failure stops the script)
-#
-# Build or build-and-test steps have the following form:
-#   1. msg "short description of what is about to be done"
-#   2. cleanup
-#   3. preparation (config.pl, cmake, ...) (failure stops the script)
-#   4. make
-#   5. Run tests if relevant. All tests must be prefixed with
-#      if_build_successful for the sake of --keep-going.
 
 
 
@@ -91,10 +106,7 @@
 set -eu
 
 pre_check_environment () {
-    if [ "$( uname )" != "Linux" ]; then
+    if [ -d library -a -d include -a -d tests ]; then :; else
-        echo "This script only works in Linux" >&2
-        exit 1
-    elif [ -d library -a -d include -a -d tests ]; then :; else
         echo "Must be run from mbed TLS root" >&2
         exit 1
     fi
@@ -104,13 +116,9 @@ pre_initialize_variables () {
     CONFIG_H='include/mbedtls/config.h'
     CONFIG_BAK="$CONFIG_H.bak"
 
-    COMPONENTS=
-    ALL_EXCEPT=0
     MEMORY=0
     FORCE=0
-    INTROSPECTION_MODE=
     KEEP_GOING=0
-    RUN_ARMCC=1
 
     # Default commands, can be overridden by the environment
     : ${OPENSSL:="openssl"}
@@ -125,17 +133,32 @@ pre_initialize_variables () {
     : ${ARMC6_BIN_DIR:=/usr/bin}
 
     # if MAKEFLAGS is not set add the -j option to speed up invocations of make
-    if [ -n "${MAKEFLAGS+set}" ]; then
+    if [ -z "${MAKEFLAGS+set}" ]; then
         export MAKEFLAGS="-j"
     fi
+
+    # Gather the list of available components. These are the functions
+    # defined in this script whose name starts with "component_".
+    # Parse the script with sed, because in sh there is no way to list
+    # defined functions.
+    ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0")
+
+    # Exclude components that are not supported on this platform.
+    SUPPORTED_COMPONENTS=
+    for component in $ALL_COMPONENTS; do
+        case $(type "support_$component" 2>&1) in
+            *' function'*)
+                if ! support_$component; then continue; fi;;
+        esac
+        SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component"
+    done
 }
 
-# Test whether $1 is excluded via $COMPONENTS (a space-separated list of
+# Test whether the component $1 is included in the command line patterns.
-# wildcard patterns).
+is_component_included()
-component_is_excluded()
 {
     set -f
-    for pattern in $COMPONENTS; do
+    for pattern in $COMMAND_LINE_COMPONENTS; do
         set +f
         case ${1#component_} in $pattern) return 0;; esac
     done
@@ -149,21 +172,26 @@ usage()
 Usage: $0 [OPTION]... [COMPONENT]...
 Run mbedtls release validation tests.
 By default, run all tests. With one or more COMPONENT, run only those.
+COMPONENT can be the name of a component or a shell wildcard pattern.
+
+Examples:
+  $0 "check_*"
+    Run all sanity checks.
+  $0 --no-armcc --except test_memsan
+    Run everything except builds that require armcc and MemSan.
 
 Special options:
   -h|--help             Print this help and exit.
-  --list-components     List available test components and exit.
+  --list-all-components List all available test components and exit.
+  --list-components     List components supported on this platform and exit.
 
 General options:
   -f|--force            Force the tests to overwrite any modified files.
   -k|--keep-going       Run all tests and report errors at the end.
   -m|--memory           Additional optional memory tests.
      --armcc            Run ARM Compiler builds (on by default).
-     --except           If some components are passed on the command line,
+     --except           Exclude the COMPONENTs listed on the command line,
-                        run all the tests except for these components. In
+                        instead of running only those.
-                        this mode, you can pass shell wildcard patterns as
-                        component names, e.g. "$0 --except 'test_*'" to
-                        exclude all components that run tests.
      --no-armcc         Skip ARM Compiler builds.
      --no-force         Refuse to overwrite modified files (default).
      --no-keep-going    Stop at the first error (default).
@@ -275,12 +303,16 @@ check_headers_in_cpp () {
 }
 
 pre_parse_command_line () {
+    COMMAND_LINE_COMPONENTS=
+    all_except=0
+    no_armcc=
+
     while [ $# -gt 0 ]; do
         case "$1" in
-              --armcc) RUN_ARMCC=1;;
+            --armcc) no_armcc=;;
             --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
             --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
-              --except) ALL_EXCEPT=1;;
+            --except) all_except=1;;
             --force|-f) FORCE=1;;
             --gnutls-cli) shift; GNUTLS_CLI="$1";;
             --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";;
@@ -288,9 +320,10 @@ pre_parse_command_line () {
             --gnutls-serv) shift; GNUTLS_SERV="$1";;
             --help|-h) usage; exit;;
             --keep-going|-k) KEEP_GOING=1;;
-              --list-components) INTROSPECTION_MODE=list_components;;
+            --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
+            --list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;;
             --memory|-m) MEMORY=1;;
-              --no-armcc) RUN_ARMCC=0;;
+            --no-armcc) no_armcc=1;;
             --no-force) FORCE=0;;
             --no-keep-going) KEEP_GOING=0;;
             --no-memory) MEMORY=0;;
@@ -306,15 +339,37 @@ pre_parse_command_line () {
                 echo >&2 "Run $0 --help for usage."
                 exit 120
                 ;;
-              *)
+            *) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";;
-                  COMPONENTS="$COMPONENTS $1";;
         esac
         shift
     done
+
+    # With no list of components, run everything.
+    if [ -z "$COMMAND_LINE_COMPONENTS" ]; then
+        all_except=1
+    fi
+
+    # --no-armcc is a legacy option. The modern way is --except '*_armcc*'.
+    # Ignore it if components are listed explicitly on the command line.
+    if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then
+        COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*"
+    fi
+
+    # Build the list of components to run.
+    RUN_COMPONENTS=
+    for component in $SUPPORTED_COMPONENTS; do
+        if is_component_included "$component"; [ $? -eq $all_except ]; then
+            RUN_COMPONENTS="$RUN_COMPONENTS $component"
+        fi
+    done
+
+    unset all_except
+    unset no_armcc
 }
 
 pre_check_git () {
     if [ $FORCE -eq 1 ]; then
+        rm -rf "$OUT_OF_SOURCE_DIR"
         git checkout-index -f -q $CONFIG_H
         cleanup
     else
@@ -326,7 +381,7 @@ pre_check_git () {
             exit 1
         fi
 
-        if ! git diff-files --quiet include/mbedtls/config.h; then
+        if ! git diff --quiet include/mbedtls/config.h; then
             err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. "
             echo "You can either delete or preserve your work, or force the test by rerunning the"
             echo "script as: $0 --force"
@@ -419,34 +474,71 @@ pre_print_configuration () {
     echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
 }
 
+# Make sure the tools we need are available.
 pre_check_tools () {
-    ARMC5_CC="$ARMC5_BIN_DIR/armcc"
+    # Build the list of variables to pass to output_env.sh.
-    ARMC5_AR="$ARMC5_BIN_DIR/armar"
+    set env
-    ARMC6_CC="$ARMC6_BIN_DIR/armclang"
-    ARMC6_AR="$ARMC6_BIN_DIR/armar"
 
-    # To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh
+    case " $RUN_COMPONENTS " in
-    # we just export the variables they require
+        # Require OpenSSL and GnuTLS if running any tests (as opposed to
+        # only doing builds). Not all tests run OpenSSL and GnuTLS, but this
+        # is a good enough approximation in practice.
+        *" test_"*)
+            # To avoid setting OpenSSL and GnuTLS for each call to compat.sh
+            # and ssl-opt.sh, we just export the variables they require.
             export OPENSSL_CMD="$OPENSSL"
             export GNUTLS_CLI="$GNUTLS_CLI"
             export GNUTLS_SERV="$GNUTLS_SERV"
-
             # Avoid passing --seed flag in every call to ssl-opt.sh
             if [ -n "${SEED-}" ]; then
                 export SEED
             fi
-
+            set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY"
-    # Make sure the tools we need are available.
+            set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV"
+            set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI"
+            set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV"
             check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \
                         "$GNUTLS_CLI" "$GNUTLS_SERV" \
-                "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \
+                        "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV"
-                "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" "gdb"
+            ;;
-    if [ $RUN_ARMCC -ne 0 ]; then
+    esac
-        check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR"
+
-    fi
+    case " $RUN_COMPONENTS " in
+        *_doxygen[_\ ]*) check_tools "doxygen" "dot";;
+    esac
+
+    case " $RUN_COMPONENTS " in
+        *_arm_none_eabi_gcc[_\ ]*) check_tools "arm-none-eabi-gcc";;
+    esac
+
+    case " $RUN_COMPONENTS " in
+        *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";;
+    esac
+
+    case " $RUN_COMPONENTS " in
+        *" test_zeroize "*) check_tools "gdb";;
+    esac
+
+    case " $RUN_COMPONENTS " in
+        *_armcc*)
+            ARMC5_CC="$ARMC5_BIN_DIR/armcc"
+            ARMC5_AR="$ARMC5_BIN_DIR/armar"
+            ARMC6_CC="$ARMC6_BIN_DIR/armclang"
+            ARMC6_AR="$ARMC6_BIN_DIR/armar"
+            check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR";;
+    esac
+
+    msg "info: output_env.sh"
+    case $RUN_COMPONENTS in
+        *_armcc*)
+            set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;;
+        *) set "$@" RUN_ARMCC=0;;
+    esac
+    "$@" scripts/output_env.sh
 }
 
 
+
 ################################################################
 #### Basic checks
 ################################################################
@@ -462,14 +554,6 @@ pre_check_tools () {
 #
 # Indicative running times are given for reference.
 
-pre_print_tools () {
-    msg "info: output_env.sh"
-    OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \
-           GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \
-           GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" ARMC5_CC="$ARMC5_CC" \
-           ARMC6_CC="$ARMC6_CC" RUN_ARMCC="$RUN_ARMCC" scripts/output_env.sh
-}
-
 component_check_recursion () {
     msg "test: recursion.pl" # < 1s
     record_status tests/scripts/recursion.pl library/*.c
@@ -796,7 +880,7 @@ component_test_null_entropy () {
     scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
     scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT
     scripts/config.pl unset MBEDTLS_HAVEGE_C
-    CC=gcc cmake  -D UNSAFE_BUILD=ON -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" .
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON .
     make
 
     msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)"
@@ -857,6 +941,12 @@ component_test_m32_o0 () {
     msg "test: i386, make, gcc -O0 (ASan build)"
     make test
 }
+support_test_m32_o0 () {
+    case $(uname -m) in
+        *64*) true;;
+        *) false;;
+    esac
+}
 
 component_test_m32_o1 () {
     # Build again with -O1, to compile in the i386 specific inline assembly
@@ -867,6 +957,9 @@ component_test_m32_o1 () {
     msg "test: i386, make, gcc -O1 (ASan build)"
     make test
 }
+support_test_m32_o1 () {
+    support_test_m32_o0 "$@"
+}
 
 component_test_mx32 () {
     msg "build: 64-bit ILP32, make, gcc" # ~ 30s
@@ -876,6 +969,12 @@ component_test_mx32 () {
     msg "test: 64-bit ILP32, make, gcc"
     make test
 }
+support_test_mx32 () {
+    case $(uname -m) in
+        amd64|x86_64) true;;
+        *) false;;
+    esac
+}
 
 component_test_have_int32 () {
     msg "build: gcc, force 32-bit bignum limbs"
@@ -997,7 +1096,6 @@ component_build_armcc () {
     scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
     scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME
 
-    if [ $RUN_ARMCC -ne 0 ]; then
     make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
     make clean
 
@@ -1015,7 +1113,6 @@ component_build_armcc () {
 
     # ARM Compiler 6 - Target ARMv8-A - AArch64
     armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
-    fi
 }
 
 component_test_allow_sha1 () {
@@ -1061,7 +1158,7 @@ component_test_memsan () {
     fi
 }
 
-component_test_memcheck () {
+component_test_valgrind () {
     msg "build: Release (clang)"
     CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
     make
@@ -1117,17 +1214,27 @@ component_test_zeroize () {
     # system in all cases that the script fails, so we must manually search the
     # output to check whether the pass string is present and no failure strings
     # were printed.
+
+    # Don't try to disable ASLR. We don't care about ASLR here. We do care
+    # about a spurious message if Gdb tries and fails, so suppress that.
+    gdb_disable_aslr=
+    if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then
+        gdb_disable_aslr='set disable-randomization off'
+    fi
+
     for optimization_flag in -O2 -O3 -Ofast -Os; do
         for compiler in clang gcc; do
             msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
             make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag"
-                if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
+            if_build_succeeded gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
             if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log
             if_build_succeeded not grep -i "error" test_zeroize.log
             rm -f test_zeroize.log
             make clean
         done
     done
+
+    unset gdb_disable_aslr
 }
 
 component_check_python_files () {
@@ -1157,83 +1264,8 @@ post_report () {
 #### Run all the things
 ################################################################
 
-run_all_components () {
-    # Small things
-    run_component component_check_recursion
-    run_component component_check_generated_files
-    run_component component_check_doxy_blocks
-    run_component component_check_files
-    run_component component_check_names
-    run_component component_check_doxygen_warnings
-
-    # Test many different configurations
-    run_component component_test_default_cmake_gcc_asan
-    run_component component_test_ref_configs
-    run_component component_test_sslv3
-    run_component component_test_no_renegotiation
-    run_component component_test_rsa_no_crt
-    run_component component_test_small_ssl_out_content_len
-    run_component component_test_small_ssl_in_content_len
-    run_component component_test_small_ssl_dtls_max_buffering
-    run_component component_test_small_mbedtls_ssl_dtls_max_buffering
-    run_component component_test_full_cmake_clang
-    run_component component_build_deprecated
-    run_component component_test_depends_curves
-    run_component component_test_depends_hashes
-    run_component component_test_depends_pkalgs
-    run_component component_build_key_exchanges
-    run_component component_build_default_make_gcc_and_cxx
-    run_component component_test_check_params_without_platform
-    run_component component_test_check_params_silent
-    run_component component_test_no_platform
-    run_component component_build_no_std_function
-    run_component component_build_no_ssl_srv
-    run_component component_build_no_ssl_cli
-    run_component component_build_no_sockets
-    run_component component_test_no_max_fragment_length
-    run_component component_test_no_max_fragment_length_small_ssl_out_content_len
-    run_component component_test_null_entropy
-    run_component component_test_platform_calloc_macro
-    run_component component_test_aes_fewer_tables
-    run_component component_test_aes_rom_tables
-    run_component component_test_aes_fewer_tables_and_rom_tables
-    if uname -a | grep -F Linux >/dev/null; then
-        run_component component_test_make_shared
-    fi
-    if uname -a | grep -F x86_64 >/dev/null; then
-        run_component component_test_m32_o0
-        run_component component_test_m32_o1
-        run_component component_test_mx32
-    fi
-    run_component component_test_have_int32
-    run_component component_test_have_int64
-    run_component component_test_no_udbl_division
-    run_component component_test_no_64bit_multiplication
-    run_component component_build_arm_none_eabi_gcc
-    run_component component_build_arm_none_eabi_gcc_no_udbl_division
-    run_component component_build_arm_none_eabi_gcc_no_64bit_multiplication
-    run_component component_build_armcc
-    run_component component_test_allow_sha1
-    run_component component_build_mingw
-    # MemSan currently only available on Linux 64 bits
-    if uname -a | grep 'Linux.*x86_64' >/dev/null; then
-        run_component component_test_memsan
-    else # no MemSan
-        run_component component_test_memcheck
-    fi
-    run_component component_test_cmake_out_of_source
-
-    # More small things
-    run_component component_test_zeroize
-    run_component component_check_python_files
-    run_component component_check_generate_test_code
-}
-
 # Run one component and clean up afterwards.
 run_component () {
-    if [ $ALL_EXCEPT -ne 0 ] && component_is_excluded "$1"; then
-        return
-    fi
     # Back up the configuration in case the component modifies it.
     # The cleanup function will restore it.
     cp -p "$CONFIG_H" "$CONFIG_BAK"
@@ -1247,17 +1279,6 @@ pre_check_environment
 pre_initialize_variables
 pre_parse_command_line "$@"
 
-case "$INTROSPECTION_MODE" in
-    list_components)
-        components=
-        newline='
-'
-        run_component () {
-            components="${components}${newline}${1#component_}"
-        }
-        ;;
-
-    *)
 pre_check_git
 build_status=0
 if [ $KEEP_GOING -eq 1 ]; then
@@ -1269,25 +1290,12 @@ case "$INTROSPECTION_MODE" in
 fi
 pre_print_configuration
 pre_check_tools
-        pre_print_tools
 cleanup
-        ;;
-esac
 
-if [ -n "$COMPONENTS" ] && [ $ALL_EXCEPT -eq 0 ]; then
+# Run the requested tests.
-    for component in $COMPONENTS; do
+for component in $RUN_COMPONENTS; do
     run_component "component_$component"
 done
-else
-    run_all_components
-fi
 
 # We're done.
-case "$INTROSPECTION_MODE" in
-    list_components)
-        echo "$components" | sort
-        ;;
-    *)
 post_report
-        ;;
-esac

tests/scripts/test_zeroize.gdb

@@ -41,8 +41,6 @@
 # number does not need to be updated often.
 
 set confirm off
-# We don't need to turn off ASLR, so don't try.
-set disable-randomization off
 
 file ./programs/test/zeroize
 break zeroize.c:100

tests/ssl-opt.sh

@@ -167,7 +167,7 @@ requires_config_disabled() {
 get_config_value_or_default() {
     NAME="$1"
     DEF_VAL=$( grep ".*#define.*${NAME}" ../include/mbedtls/config.h |
-               sed 's/^.*\s\([0-9]*\)$/\1/' )
+               sed 's/^.* \([0-9]*\)$/\1/' )
     ../scripts/config.pl get $NAME || echo "$DEF_VAL"
 }