• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/usr/bin/env perl
2
3# key-exchanges.pl
4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
7#
8# This file is provided under the Apache License 2.0, or the
9# GNU General Public License v2.0 or later.
10#
11# **********
12# Apache License 2.0:
13#
14# Licensed under the Apache License, Version 2.0 (the "License"); you may
15# not use this file except in compliance with the License.
16# You may obtain a copy of the License at
17#
18# http://www.apache.org/licenses/LICENSE-2.0
19#
20# Unless required by applicable law or agreed to in writing, software
21# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
22# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
23# See the License for the specific language governing permissions and
24# limitations under the License.
25#
26# **********
27#
28# **********
29# GNU General Public License v2.0 or later:
30#
31# This program is free software; you can redistribute it and/or modify
32# it under the terms of the GNU General Public License as published by
33# the Free Software Foundation; either version 2 of the License, or
34# (at your option) any later version.
35#
36# This program is distributed in the hope that it will be useful,
37# but WITHOUT ANY WARRANTY; without even the implied warranty of
38# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
39# GNU General Public License for more details.
40#
41# You should have received a copy of the GNU General Public License along
42# with this program; if not, write to the Free Software Foundation, Inc.,
43# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
44#
45# **********
46#
47# Purpose
48#
49# To test the code dependencies on individual key exchanges in the SSL module.
50# is a verification step to ensure we don't ship SSL code that do not work
51# for some build options.
52#
53# The process is:
54#       for each possible key exchange
55#           build the library with all but that key exchange disabled
56#
57# Usage: tests/scripts/key-exchanges.pl
58#
59# This script should be executed from the root of the project directory.
60#
61# For best effect, run either with cmake disabled, or cmake enabled in a mode
62# that includes -Werror.
63
64use warnings;
65use strict;
66
67-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
68
69my $sed_cmd = 's/^#define \(MBEDTLS_KEY_EXCHANGE_.*_ENABLED\)/\1/p';
70my $config_h = 'include/mbedtls/config.h';
71my @kexes = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` );
72
73system( "cp $config_h $config_h.bak" ) and die;
74sub abort {
75    system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
76    # use an exit code between 1 and 124 for git bisect (die returns 255)
77    warn $_[0];
78    exit 1;
79}
80
81for my $kex (@kexes) {
82    system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
83    system( "make clean" ) and die;
84
85    print "\n******************************************\n";
86    print "* Testing with key exchange: $kex\n";
87    print "******************************************\n";
88
89    # full config with all key exchanges disabled except one
90    system( "scripts/config.pl full" ) and abort "Failed config full\n";
91    for my $k (@kexes) {
92        next if $k eq $kex;
93        system( "scripts/config.pl unset $k" )
94            and abort "Failed to disable $k\n";
95    }
96
97    system( "make lib CFLAGS='-Os -Werror'" ) and abort "Failed to build lib: $kex\n";
98}
99
100system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
101system( "make clean" ) and die;
102exit 0;
103