1#! /usr/bin/env bash 2 3# all.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 7# 8# Licensed under the Apache License, Version 2.0 (the "License"); you may 9# not use this file except in compliance with the License. 10# You may obtain a copy of the License at 11# 12# http://www.apache.org/licenses/LICENSE-2.0 13# 14# Unless required by applicable law or agreed to in writing, software 15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17# See the License for the specific language governing permissions and 18# limitations under the License. 19 20 21 22################################################################ 23#### Documentation 24################################################################ 25 26# Purpose 27# ------- 28# 29# To run all tests possible or available on the platform. 30# 31# Notes for users 32# --------------- 33# 34# Warning: the test is destructive. It includes various build modes and 35# configurations, and can and will arbitrarily change the current CMake 36# configuration. The following files must be committed into git: 37# * include/mbedtls/mbedtls_config.h 38# * Makefile, library/Makefile, programs/Makefile, tests/Makefile, 39# programs/fuzz/Makefile 40# After running this script, the CMake cache will be lost and CMake 41# will no longer be initialised. 42# 43# The script assumes the presence of a number of tools: 44# * Basic Unix tools (Windows users note: a Unix-style find must be before 45# the Windows find in the PATH) 46# * Perl 47# * GNU Make 48# * CMake 49# * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind) 50# * G++ 51# * arm-gcc and mingw-gcc 52# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc 53# * OpenSSL and GnuTLS command line tools, recent enough for the 54# interoperability tests. If they don't support old features which we want 55# to test, then a legacy version of these tools must be present as well 56# (search for LEGACY below). 57# See the invocation of check_tools below for details. 58# 59# This script must be invoked from the toplevel directory of a git 60# working copy of Mbed TLS. 61# 62# The behavior on an error depends on whether --keep-going (alias -k) 63# is in effect. 64# * Without --keep-going: the script stops on the first error without 65# cleaning up. This lets you work in the configuration of the failing 66# component. 67# * With --keep-going: the script runs all requested components and 68# reports failures at the end. In particular the script always cleans 69# up on exit. 70# 71# Note that the output is not saved. You may want to run 72# script -c tests/scripts/all.sh 73# or 74# tests/scripts/all.sh >all.log 2>&1 75# 76# Notes for maintainers 77# --------------------- 78# 79# The bulk of the code is organized into functions that follow one of the 80# following naming conventions: 81# * pre_XXX: things to do before running the tests, in order. 82# * component_XXX: independent components. They can be run in any order. 83# * component_check_XXX: quick tests that aren't worth parallelizing. 84# * component_build_XXX: build things but don't run them. 85# * component_test_XXX: build and test. 86# * support_XXX: if support_XXX exists and returns false then 87# component_XXX is not run by default. 88# * post_XXX: things to do after running the tests. 89# * other: miscellaneous support functions. 90# 91# Each component must start by invoking `msg` with a short informative message. 92# 93# Warning: due to the way bash detects errors, the failure of a command 94# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'. 95# 96# Each component is executed in a separate shell process. The component 97# fails if any command in it returns a non-zero status. 98# 99# The framework performs some cleanup tasks after each component. This 100# means that components can assume that the working directory is in a 101# cleaned-up state, and don't need to perform the cleanup themselves. 102# * Run `make clean`. 103# * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running 104# the component. 105# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`, 106# `tests/Makefile` and `programs/fuzz/Makefile` from git. 107# This cleans up after an in-tree use of CMake. 108# 109# The tests are roughly in order from fastest to slowest. This doesn't 110# have to be exact, but in general you should add slower tests towards 111# the end and fast checks near the beginning. 112 113 114 115################################################################ 116#### Initialization and command line parsing 117################################################################ 118 119# Abort on errors (even on the left-hand side of a pipe). 120# Treat uninitialised variables as errors. 121set -e -o pipefail -u 122 123pre_check_environment () { 124 if [ -d library -a -d include -a -d tests ]; then :; else 125 echo "Must be run from mbed TLS root" >&2 126 exit 1 127 fi 128} 129 130pre_initialize_variables () { 131 CONFIG_H='include/mbedtls/mbedtls_config.h' 132 CRYPTO_CONFIG_H='include/psa/crypto_config.h' 133 134 # Files that are clobbered by some jobs will be backed up. Use a different 135 # suffix from auxiliary scripts so that all.sh and auxiliary scripts can 136 # independently decide when to remove the backup file. 137 backup_suffix='.all.bak' 138 # Files clobbered by config.py 139 files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H" 140 # Files clobbered by in-tree cmake 141 files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile" 142 143 append_outcome=0 144 MEMORY=0 145 FORCE=0 146 QUIET=0 147 KEEP_GOING=0 148 149 # Seed value used with the --release-test option. 150 # 151 # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if 152 # both values are kept in sync. If you change the value here because it 153 # breaks some tests, you'll definitely want to change it in 154 # basic-build-test.sh as well. 155 RELEASE_SEED=1 156 157 : ${MBEDTLS_TEST_OUTCOME_FILE=} 158 : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} 159 export MBEDTLS_TEST_OUTCOME_FILE 160 export MBEDTLS_TEST_PLATFORM 161 162 # Default commands, can be overridden by the environment 163 : ${OPENSSL:="openssl"} 164 : ${OPENSSL_LEGACY:="$OPENSSL"} 165 : ${OPENSSL_NEXT:="$OPENSSL"} 166 : ${GNUTLS_CLI:="gnutls-cli"} 167 : ${GNUTLS_SERV:="gnutls-serv"} 168 : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} 169 : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} 170 : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} 171 : ${ARMC5_BIN_DIR:=/usr/bin} 172 : ${ARMC6_BIN_DIR:=/usr/bin} 173 : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-} 174 : ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-} 175 176 # if MAKEFLAGS is not set add the -j option to speed up invocations of make 177 if [ -z "${MAKEFLAGS+set}" ]; then 178 export MAKEFLAGS="-j$(all_sh_nproc)" 179 fi 180 181 # Include more verbose output for failing tests run by CMake or make 182 export CTEST_OUTPUT_ON_FAILURE=1 183 184 # CFLAGS and LDFLAGS for Asan builds that don't use CMake 185 ASAN_CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all' 186 187 # Gather the list of available components. These are the functions 188 # defined in this script whose name starts with "component_". 189 # Parse the script with sed. This way we get the functions in the order 190 # they are defined. 191 ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0") 192 193 # Exclude components that are not supported on this platform. 194 SUPPORTED_COMPONENTS= 195 for component in $ALL_COMPONENTS; do 196 case $(type "support_$component" 2>&1) in 197 *' function'*) 198 if ! support_$component; then continue; fi;; 199 esac 200 SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component" 201 done 202} 203 204# Test whether the component $1 is included in the command line patterns. 205is_component_included() 206{ 207 # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS 208 # only does word splitting. 209 set -f 210 for pattern in $COMMAND_LINE_COMPONENTS; do 211 set +f 212 case ${1#component_} in $pattern) return 0;; esac 213 done 214 set +f 215 return 1 216} 217 218usage() 219{ 220 cat <<EOF 221Usage: $0 [OPTION]... [COMPONENT]... 222Run mbedtls release validation tests. 223By default, run all tests. With one or more COMPONENT, run only those. 224COMPONENT can be the name of a component or a shell wildcard pattern. 225 226Examples: 227 $0 "check_*" 228 Run all sanity checks. 229 $0 --no-armcc --except test_memsan 230 Run everything except builds that require armcc and MemSan. 231 232Special options: 233 -h|--help Print this help and exit. 234 --list-all-components List all available test components and exit. 235 --list-components List components supported on this platform and exit. 236 237General options: 238 -q|--quiet Only output component names, and errors if any. 239 -f|--force Force the tests to overwrite any modified files. 240 -k|--keep-going Run all tests and report errors at the end. 241 -m|--memory Additional optional memory tests. 242 --append-outcome Append to the outcome file (if used). 243 --arm-none-eabi-gcc-prefix=<string> 244 Prefix for a cross-compiler for arm-none-eabi 245 (default: "${ARM_NONE_EABI_GCC_PREFIX}") 246 --arm-linux-gnueabi-gcc-prefix=<string> 247 Prefix for a cross-compiler for arm-linux-gnueabi 248 (default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}") 249 --armcc Run ARM Compiler builds (on by default). 250 --restore First clean up the build tree, restoring backed up 251 files. Do not run any components unless they are 252 explicitly specified. 253 --error-test Error test mode: run a failing function in addition 254 to any specified component. May be repeated. 255 --except Exclude the COMPONENTs listed on the command line, 256 instead of running only those. 257 --no-append-outcome Write a new outcome file and analyze it (default). 258 --no-armcc Skip ARM Compiler builds. 259 --no-force Refuse to overwrite modified files (default). 260 --no-keep-going Stop at the first error (default). 261 --no-memory No additional memory tests (default). 262 --no-quiet Print full ouput from components. 263 --out-of-source-dir=<path> Directory used for CMake out-of-source build tests. 264 --outcome-file=<path> File where test outcomes are written (not done if 265 empty; default: \$MBEDTLS_TEST_OUTCOME_FILE). 266 --random-seed Use a random seed value for randomized tests (default). 267 -r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}. 268 -s|--seed Integer seed value to use for this test run. 269 270Tool path options: 271 --armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory. 272 --armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory. 273 --gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests. 274 --gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests. 275 --gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests. 276 --gnutls-legacy-serv=<GnuTLS_serv_path> GnuTLS server executable to use for legacy tests. 277 --openssl=<OpenSSL_path> OpenSSL executable to use for most tests. 278 --openssl-legacy=<OpenSSL_path> OpenSSL executable to use for legacy tests.. 279 --openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA 280EOF 281} 282 283# Cleanup before/after running a component. 284# Remove built files as well as the cmake cache/config. 285# Does not remove generated source files. 286cleanup() 287{ 288 command make clean 289 290 # Remove CMake artefacts 291 find . -name .git -prune -o \ 292 -iname CMakeFiles -exec rm -rf {} \+ -o \ 293 \( -iname cmake_install.cmake -o \ 294 -iname CTestTestfile.cmake -o \ 295 -iname CMakeCache.txt -o \ 296 -path './cmake/*.cmake' \) -exec rm -f {} \+ 297 # Recover files overwritten by in-tree CMake builds 298 rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile 299 300 # Remove any artifacts from the component_test_cmake_as_subdirectory test. 301 rm -rf programs/test/cmake_subproject/build 302 rm -f programs/test/cmake_subproject/Makefile 303 rm -f programs/test/cmake_subproject/cmake_subproject 304 305 # Remove any artifacts from the component_test_cmake_as_package test. 306 rm -rf programs/test/cmake_package/build 307 rm -f programs/test/cmake_package/Makefile 308 rm -f programs/test/cmake_package/cmake_package 309 310 # Remove any artifacts from the component_test_cmake_as_installed_package test. 311 rm -rf programs/test/cmake_package_install/build 312 rm -f programs/test/cmake_package_install/Makefile 313 rm -f programs/test/cmake_package_install/cmake_package_install 314 315 # Restore files that may have been clobbered by the job 316 for x in $files_to_back_up; do 317 cp -p "$x$backup_suffix" "$x" 318 done 319} 320 321# Final cleanup when this script exits (except when exiting on a failure 322# in non-keep-going mode). 323final_cleanup () { 324 cleanup 325 326 for x in $files_to_back_up; do 327 rm -f "$x$backup_suffix" 328 done 329} 330 331# Executed on exit. May be redefined depending on command line options. 332final_report () { 333 : 334} 335 336fatal_signal () { 337 final_cleanup 338 final_report $1 339 trap - $1 340 kill -$1 $$ 341} 342 343trap 'fatal_signal HUP' HUP 344trap 'fatal_signal INT' INT 345trap 'fatal_signal TERM' TERM 346 347# Number of processors on this machine. Used as the default setting 348# for parallel make. 349all_sh_nproc () 350{ 351 { 352 nproc || # Linux 353 sysctl -n hw.ncpuonline || # NetBSD, OpenBSD 354 sysctl -n hw.ncpu || # FreeBSD 355 echo 1 356 } 2>/dev/null 357} 358 359msg() 360{ 361 if [ -n "${current_component:-}" ]; then 362 current_section="${current_component#component_}: $1" 363 else 364 current_section="$1" 365 fi 366 367 if [ $QUIET -eq 1 ]; then 368 return 369 fi 370 371 echo "" 372 echo "******************************************************************" 373 echo "* $current_section " 374 printf "* "; date 375 echo "******************************************************************" 376} 377 378armc6_build_test() 379{ 380 FLAGS="$1" 381 382 msg "build: ARM Compiler 6 ($FLAGS)" 383 ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ 384 WARNING_CFLAGS='-xc -std=c99' make lib 385 386 msg "size: ARM Compiler 6 ($FLAGS)" 387 "$ARMC6_FROMELF" -z library/*.o 388 389 make clean 390} 391 392err_msg() 393{ 394 echo "$1" >&2 395} 396 397check_tools() 398{ 399 for TOOL in "$@"; do 400 if ! `type "$TOOL" >/dev/null 2>&1`; then 401 err_msg "$TOOL not found!" 402 exit 1 403 fi 404 done 405} 406 407pre_parse_command_line () { 408 COMMAND_LINE_COMPONENTS= 409 all_except=0 410 error_test=0 411 restore_first=0 412 no_armcc= 413 414 # Note that legacy options are ignored instead of being omitted from this 415 # list of options, so invocations that worked with previous version of 416 # all.sh will still run and work properly. 417 while [ $# -gt 0 ]; do 418 case "$1" in 419 --append-outcome) append_outcome=1;; 420 --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";; 421 --arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";; 422 --armcc) no_armcc=;; 423 --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; 424 --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; 425 --error-test) error_test=$((error_test + 1));; 426 --except) all_except=1;; 427 --force|-f) FORCE=1;; 428 --gnutls-cli) shift; GNUTLS_CLI="$1";; 429 --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; 430 --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; 431 --gnutls-serv) shift; GNUTLS_SERV="$1";; 432 --help|-h) usage; exit;; 433 --keep-going|-k) KEEP_GOING=1;; 434 --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;; 435 --list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;; 436 --memory|-m) MEMORY=1;; 437 --no-append-outcome) append_outcome=0;; 438 --no-armcc) no_armcc=1;; 439 --no-force) FORCE=0;; 440 --no-keep-going) KEEP_GOING=0;; 441 --no-memory) MEMORY=0;; 442 --no-quiet) QUIET=0;; 443 --openssl) shift; OPENSSL="$1";; 444 --openssl-legacy) shift; OPENSSL_LEGACY="$1";; 445 --openssl-next) shift; OPENSSL_NEXT="$1";; 446 --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";; 447 --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; 448 --quiet|-q) QUIET=1;; 449 --random-seed) unset SEED;; 450 --release-test|-r) SEED=$RELEASE_SEED;; 451 --restore) restore_first=1;; 452 --seed|-s) shift; SEED="$1";; 453 -*) 454 echo >&2 "Unknown option: $1" 455 echo >&2 "Run $0 --help for usage." 456 exit 120 457 ;; 458 *) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";; 459 esac 460 shift 461 done 462 463 # With no list of components, run everything. 464 if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then 465 all_except=1 466 fi 467 468 # --no-armcc is a legacy option. The modern way is --except '*_armcc*'. 469 # Ignore it if components are listed explicitly on the command line. 470 if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then 471 COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*" 472 fi 473 474 # Error out if an explicitly requested component doesn't exist. 475 if [ $all_except -eq 0 ]; then 476 unsupported=0 477 # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS 478 # only does word splitting. 479 set -f 480 for component in $COMMAND_LINE_COMPONENTS; do 481 set +f 482 # If the requested name includes a wildcard character, don't 483 # check it. Accept wildcard patterns that don't match anything. 484 case $component in 485 *[*?\[]*) continue;; 486 esac 487 case " $SUPPORTED_COMPONENTS " in 488 *" $component "*) :;; 489 *) 490 echo >&2 "Component $component was explicitly requested, but is not known or not supported." 491 unsupported=$((unsupported + 1));; 492 esac 493 done 494 set +f 495 if [ $unsupported -ne 0 ]; then 496 exit 2 497 fi 498 fi 499 500 # Build the list of components to run. 501 RUN_COMPONENTS= 502 for component in $SUPPORTED_COMPONENTS; do 503 if is_component_included "$component"; [ $? -eq $all_except ]; then 504 RUN_COMPONENTS="$RUN_COMPONENTS $component" 505 fi 506 done 507 508 unset all_except 509 unset no_armcc 510} 511 512pre_check_git () { 513 if [ $FORCE -eq 1 ]; then 514 rm -rf "$OUT_OF_SOURCE_DIR" 515 git checkout-index -f -q $CONFIG_H 516 cleanup 517 else 518 519 if [ -d "$OUT_OF_SOURCE_DIR" ]; then 520 echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2 521 echo "You can either delete this directory manually, or force the test by rerunning" 522 echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR" 523 exit 1 524 fi 525 526 if ! git diff --quiet include/mbedtls/mbedtls_config.h; then 527 err_msg "Warning - the configuration file 'include/mbedtls/mbedtls_config.h' has been edited. " 528 echo "You can either delete or preserve your work, or force the test by rerunning the" 529 echo "script as: $0 --force" 530 exit 1 531 fi 532 fi 533} 534 535pre_restore_files () { 536 # If the makefiles have been generated by a framework such as cmake, 537 # restore them from git. If the makefiles look like modifications from 538 # the ones checked into git, take care not to modify them. Whatever 539 # this function leaves behind is what the script will restore before 540 # each component. 541 case "$(head -n1 Makefile)" in 542 *[Gg]enerated*) 543 git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile 544 git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile 545 ;; 546 esac 547} 548 549pre_back_up () { 550 for x in $files_to_back_up; do 551 cp -p "$x" "$x$backup_suffix" 552 done 553} 554 555pre_setup_keep_going () { 556 failure_count=0 # Number of failed components 557 last_failure_status=0 # Last failure status in this component 558 559 # See err_trap 560 previous_failure_status=0 561 previous_failed_command= 562 previous_failure_funcall_depth=0 563 unset report_failed_command 564 565 start_red= 566 end_color= 567 if [ -t 1 ]; then 568 case "${TERM:-}" in 569 *color*|cygwin|linux|rxvt*|screen|[Eex]term*) 570 start_red=$(printf '\033[31m') 571 end_color=$(printf '\033[0m') 572 ;; 573 esac 574 fi 575 576 # Keep a summary of failures in a file. We'll print it out at the end. 577 failure_summary_file=$PWD/all-sh-failures-$$.log 578 : >"$failure_summary_file" 579 580 # Whether it makes sense to keep a component going after the specified 581 # command fails (test command) or not (configure or build). 582 # This function normally receives the failing simple command 583 # ($BASH_COMMAND) as an argument, but if $report_failed_command is set, 584 # this is passed instead. 585 # This doesn't have to be 100% accurate: all failures are recorded anyway. 586 # False positives result in running things that can't be expected to 587 # work. False negatives result in things not running after something else 588 # failed even though they might have given useful feedback. 589 can_keep_going_after_failure () { 590 case "$1" in 591 "msg "*) false;; 592 "cd "*) false;; 593 *make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ... 594 *test*) true;; # make test, tests/stuff, env V=v tests/stuff, ... 595 *make*check*) true;; 596 "grep "*) true;; 597 "[ "*) true;; 598 "! "*) true;; 599 *) false;; 600 esac 601 } 602 603 # This function runs if there is any error in a component. 604 # It must either exit with a nonzero status, or set 605 # last_failure_status to a nonzero value. 606 err_trap () { 607 # Save $? (status of the failing command). This must be the very 608 # first thing, before $? is overridden. 609 last_failure_status=$? 610 failed_command=${report_failed_command-$BASH_COMMAND} 611 612 if [[ $last_failure_status -eq $previous_failure_status && 613 "$failed_command" == "$previous_failed_command" && 614 ${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]] 615 then 616 # The same command failed twice in a row, but this time one level 617 # less deep in the function call stack. This happens when the last 618 # command of a function returns a nonzero status, and the function 619 # returns that same status. Ignore the second failure. 620 previous_failure_funcall_depth=${#FUNCNAME[@]} 621 return 622 fi 623 previous_failure_status=$last_failure_status 624 previous_failed_command=$failed_command 625 previous_failure_funcall_depth=${#FUNCNAME[@]} 626 627 text="$current_section: $failed_command -> $last_failure_status" 628 echo "${start_red}^^^^$text^^^^${end_color}" >&2 629 echo "$text" >>"$failure_summary_file" 630 631 # If the command is fatal (configure or build command), stop this 632 # component. Otherwise (test command) keep the component running 633 # (run more tests from the same build). 634 if ! can_keep_going_after_failure "$failed_command"; then 635 exit $last_failure_status 636 fi 637 } 638 639 final_report () { 640 if [ $failure_count -gt 0 ]; then 641 echo 642 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" 643 echo "${start_red}FAILED: $failure_count components${end_color}" 644 cat "$failure_summary_file" 645 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" 646 elif [ -z "${1-}" ]; then 647 echo "SUCCESS :)" 648 fi 649 if [ -n "${1-}" ]; then 650 echo "Killed by SIG$1." 651 fi 652 rm -f "$failure_summary_file" 653 if [ $failure_count -gt 0 ]; then 654 exit 1 655 fi 656 } 657} 658 659# record_status() and if_build_succeeded() are kept temporarily for backward 660# compatibility. Don't use them in new components. 661record_status () { 662 "$@" 663} 664if_build_succeeded () { 665 "$@" 666} 667 668# '! true' does not trigger the ERR trap. Arrange to trigger it, with 669# a reasonably informative error message (not just "$@"). 670not () { 671 if "$@"; then 672 report_failed_command="! $*" 673 false 674 unset report_failed_command 675 fi 676} 677 678pre_prepare_outcome_file () { 679 case "$MBEDTLS_TEST_OUTCOME_FILE" in 680 [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";; 681 esac 682 if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then 683 rm -f "$MBEDTLS_TEST_OUTCOME_FILE" 684 fi 685} 686 687pre_print_configuration () { 688 if [ $QUIET -eq 1 ]; then 689 return 690 fi 691 692 msg "info: $0 configuration" 693 echo "MEMORY: $MEMORY" 694 echo "FORCE: $FORCE" 695 echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}" 696 echo "SEED: ${SEED-"UNSET"}" 697 echo 698 echo "OPENSSL: $OPENSSL" 699 echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" 700 echo "OPENSSL_NEXT: $OPENSSL_NEXT" 701 echo "GNUTLS_CLI: $GNUTLS_CLI" 702 echo "GNUTLS_SERV: $GNUTLS_SERV" 703 echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" 704 echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" 705 echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR" 706 echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR" 707} 708 709# Make sure the tools we need are available. 710pre_check_tools () { 711 # Build the list of variables to pass to output_env.sh. 712 set env 713 714 case " $RUN_COMPONENTS " in 715 # Require OpenSSL and GnuTLS if running any tests (as opposed to 716 # only doing builds). Not all tests run OpenSSL and GnuTLS, but this 717 # is a good enough approximation in practice. 718 *" test_"*) 719 # To avoid setting OpenSSL and GnuTLS for each call to compat.sh 720 # and ssl-opt.sh, we just export the variables they require. 721 export OPENSSL_CMD="$OPENSSL" 722 export GNUTLS_CLI="$GNUTLS_CLI" 723 export GNUTLS_SERV="$GNUTLS_SERV" 724 # Avoid passing --seed flag in every call to ssl-opt.sh 725 if [ -n "${SEED-}" ]; then 726 export SEED 727 fi 728 set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" 729 set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV" 730 set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" 731 set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" 732 check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ 733 "$GNUTLS_CLI" "$GNUTLS_SERV" \ 734 "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" 735 ;; 736 esac 737 738 case " $RUN_COMPONENTS " in 739 *_doxygen[_\ ]*) check_tools "doxygen" "dot";; 740 esac 741 742 case " $RUN_COMPONENTS " in 743 *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";; 744 esac 745 746 case " $RUN_COMPONENTS " in 747 *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";; 748 esac 749 750 case " $RUN_COMPONENTS " in 751 *" test_zeroize "*) check_tools "gdb";; 752 esac 753 754 case " $RUN_COMPONENTS " in 755 *_armcc*) 756 ARMC5_CC="$ARMC5_BIN_DIR/armcc" 757 ARMC5_AR="$ARMC5_BIN_DIR/armar" 758 ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf" 759 ARMC6_CC="$ARMC6_BIN_DIR/armclang" 760 ARMC6_AR="$ARMC6_BIN_DIR/armar" 761 ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf" 762 check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \ 763 "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";; 764 esac 765 766 # past this point, no call to check_tool, only printing output 767 if [ $QUIET -eq 1 ]; then 768 return 769 fi 770 771 msg "info: output_env.sh" 772 case $RUN_COMPONENTS in 773 *_armcc*) 774 set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;; 775 *) set "$@" RUN_ARMCC=0;; 776 esac 777 "$@" scripts/output_env.sh 778} 779 780pre_generate_files() { 781 # since make doesn't have proper dependencies, remove any possibly outdate 782 # file that might be around before generating fresh ones 783 make neat 784 if [ $QUIET -eq 1 ]; then 785 make generated_files >/dev/null 786 else 787 make generated_files 788 fi 789} 790 791 792 793################################################################ 794#### Basic checks 795################################################################ 796 797# 798# Test Suites to be executed 799# 800# The test ordering tries to optimize for the following criteria: 801# 1. Catch possible problems early, by running first tests that run quickly 802# and/or are more likely to fail than others (eg I use Clang most of the 803# time, so start with a GCC build). 804# 2. Minimize total running time, by avoiding useless rebuilds 805# 806# Indicative running times are given for reference. 807 808component_check_recursion () { 809 msg "Check: recursion.pl" # < 1s 810 tests/scripts/recursion.pl library/*.c 811} 812 813component_check_generated_files () { 814 msg "Check: check-generated-files, files generated with make" # 2s 815 make generated_files 816 tests/scripts/check-generated-files.sh 817 818 msg "Check: check-generated-files -u, files present" # 2s 819 tests/scripts/check-generated-files.sh -u 820 # Check that the generated files are considered up to date. 821 tests/scripts/check-generated-files.sh 822 823 msg "Check: check-generated-files -u, files absent" # 2s 824 command make neat 825 tests/scripts/check-generated-files.sh -u 826 # Check that the generated files are considered up to date. 827 tests/scripts/check-generated-files.sh 828 829 # This component ends with the generated files present in the source tree. 830 # This is necessary for subsequent components! 831} 832 833component_check_doxy_blocks () { 834 msg "Check: doxygen markup outside doxygen blocks" # < 1s 835 tests/scripts/check-doxy-blocks.pl 836} 837 838component_check_files () { 839 msg "Check: file sanity checks (permissions, encodings)" # < 1s 840 tests/scripts/check_files.py 841} 842 843component_check_changelog () { 844 msg "Check: changelog entries" # < 1s 845 rm -f ChangeLog.new 846 scripts/assemble_changelog.py -o ChangeLog.new 847 if [ -e ChangeLog.new ]; then 848 # Show the diff for information. It isn't an error if the diff is 849 # non-empty. 850 diff -u ChangeLog ChangeLog.new || true 851 rm ChangeLog.new 852 fi 853} 854 855component_check_names () { 856 msg "Check: declared and exported names (builds the library)" # < 3s 857 tests/scripts/check_names.py -v 858} 859 860component_check_test_cases () { 861 msg "Check: test case descriptions" # < 1s 862 if [ $QUIET -eq 1 ]; then 863 opt='--quiet' 864 else 865 opt='' 866 fi 867 tests/scripts/check_test_cases.py $opt 868 unset opt 869} 870 871component_check_doxygen_warnings () { 872 msg "Check: doxygen warnings (builds the documentation)" # ~ 3s 873 tests/scripts/doxygen.sh 874} 875 876 877 878################################################################ 879#### Build and test many configurations and targets 880################################################################ 881 882component_test_default_out_of_box () { 883 msg "build: make, default config (out-of-box)" # ~1min 884 make 885 # Disable fancy stuff 886 SAVE_MBEDTLS_TEST_OUTCOME_FILE="$MBEDTLS_TEST_OUTCOME_FILE" 887 unset MBEDTLS_TEST_OUTCOME_FILE 888 889 msg "test: main suites make, default config (out-of-box)" # ~10s 890 make test 891 892 msg "selftest: make, default config (out-of-box)" # ~10s 893 programs/test/selftest 894 895 export MBEDTLS_TEST_OUTCOME_FILE="$SAVE_MBEDTLS_TEST_OUTCOME_FILE" 896 unset SAVE_MBEDTLS_TEST_OUTCOME_FILE 897} 898 899component_test_default_cmake_gcc_asan () { 900 msg "build: cmake, gcc, ASan" # ~ 1 min 50s 901 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 902 make 903 904 msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s 905 make test 906 907 msg "test: selftest (ASan build)" # ~ 10s 908 programs/test/selftest 909 910 msg "test: ssl-opt.sh (ASan build)" # ~ 1 min 911 tests/ssl-opt.sh 912 913 msg "test: compat.sh (ASan build)" # ~ 6 min 914 tests/compat.sh 915 916 msg "test: context-info.sh (ASan build)" # ~ 15 sec 917 tests/context-info.sh 918} 919 920component_test_full_cmake_gcc_asan () { 921 msg "build: full config, cmake, gcc, ASan" 922 scripts/config.py full 923 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 924 make 925 926 msg "test: main suites (inc. selftests) (full config, ASan build)" 927 make test 928 929 msg "test: selftest (ASan build)" # ~ 10s 930 programs/test/selftest 931 932 msg "test: ssl-opt.sh (full config, ASan build)" 933 tests/ssl-opt.sh 934 935 msg "test: compat.sh (full config, ASan build)" 936 tests/compat.sh 937 938 msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec 939 tests/context-info.sh 940} 941 942component_test_psa_crypto_key_id_encodes_owner () { 943 msg "build: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" 944 scripts/config.py full 945 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 946 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 947 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 948 make 949 950 msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" 951 make test 952} 953 954# check_renamed_symbols HEADER LIB 955# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol 956# name is LIB. 957check_renamed_symbols () { 958 ! nm "$2" | sed 's/.* //' | 959 grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")" 960} 961 962component_build_psa_crypto_spm () { 963 msg "build: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc" 964 scripts/config.py full 965 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 966 scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS 967 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 968 scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM 969 # We can only compile, not link, since our test and sample programs 970 # aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM 971 # is active. 972 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib 973 974 # Check that if a symbol is renamed by crypto_spe.h, the non-renamed 975 # version is not present. 976 echo "Checking for renamed symbols in the library" 977 check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a 978} 979 980component_test_psa_crypto_client () { 981 msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make" 982 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C 983 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 984 scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT 985 make 986 987 msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make" 988 make test 989} 990 991component_test_psa_crypto_rsa_no_genprime() { 992 msg "build: default config minus MBEDTLS_GENPRIME" 993 scripts/config.py unset MBEDTLS_GENPRIME 994 make 995 996 msg "test: default config minus MBEDTLS_GENPRIME" 997 make test 998} 999 1000component_test_ref_configs () { 1001 msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s 1002 # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake 1003 # want to re-generate generated files that depend on it, quite correctly. 1004 # However this doesn't work as the generation script expects a specific 1005 # format for mbedtls_config.h, which the other files don't follow. Also, 1006 # cmake can't know this, but re-generation is actually not necessary as 1007 # the generated files only depend on the list of available options, not 1008 # whether they're on or off. So, disable cmake's (over-sensitive here) 1009 # dependency resolution for generated files and just rely on them being 1010 # present (thanks to pre_generate_files) by turning GEN_FILES off. 1011 CC=gcc cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan . 1012 tests/scripts/test-ref-configs.pl 1013} 1014 1015component_test_no_renegotiation () { 1016 msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min 1017 scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION 1018 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1019 make 1020 1021 msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s 1022 make test 1023 1024 msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min 1025 tests/ssl-opt.sh 1026} 1027 1028component_test_no_pem_no_fs () { 1029 msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)" 1030 scripts/config.py unset MBEDTLS_PEM_PARSE_C 1031 scripts/config.py unset MBEDTLS_FS_IO 1032 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem 1033 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS 1034 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1035 make 1036 1037 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s 1038 make test 1039 1040 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min 1041 tests/ssl-opt.sh 1042} 1043 1044component_test_rsa_no_crt () { 1045 msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min 1046 scripts/config.py set MBEDTLS_RSA_NO_CRT 1047 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1048 make 1049 1050 msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s 1051 make test 1052 1053 msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s 1054 tests/ssl-opt.sh -f RSA 1055 1056 msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min 1057 tests/compat.sh -t RSA 1058 1059 msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec 1060 tests/context-info.sh 1061} 1062 1063component_test_no_ctr_drbg_classic () { 1064 msg "build: Full minus CTR_DRBG, classic crypto in TLS" 1065 scripts/config.py full 1066 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1067 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1068 1069 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1070 make 1071 1072 msg "test: Full minus CTR_DRBG, classic crypto - main suites" 1073 make test 1074 1075 # In this configuration, the TLS test programs use HMAC_DRBG. 1076 # The SSL tests are slow, so run a small subset, just enough to get 1077 # confidence that the SSL code copes with HMAC_DRBG. 1078 msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)" 1079 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' 1080 1081 msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)" 1082 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL 1083} 1084 1085component_test_no_ctr_drbg_use_psa () { 1086 msg "build: Full minus CTR_DRBG, PSA crypto in TLS" 1087 scripts/config.py full 1088 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1089 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1090 1091 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1092 make 1093 1094 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites" 1095 make test 1096 1097 # In this configuration, the TLS test programs use HMAC_DRBG. 1098 # The SSL tests are slow, so run a small subset, just enough to get 1099 # confidence that the SSL code copes with HMAC_DRBG. 1100 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" 1101 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' 1102 1103 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)" 1104 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL 1105} 1106 1107component_test_no_hmac_drbg_classic () { 1108 msg "build: Full minus HMAC_DRBG, classic crypto in TLS" 1109 scripts/config.py full 1110 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1111 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1112 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1113 1114 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1115 make 1116 1117 msg "test: Full minus HMAC_DRBG, classic crypto - main suites" 1118 make test 1119 1120 # Normally our ECDSA implementation uses deterministic ECDSA. But since 1121 # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used 1122 # instead. 1123 # Test SSL with non-deterministic ECDSA. Only test features that 1124 # might be affected by how ECDSA signature is performed. 1125 msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)" 1126 tests/ssl-opt.sh -f 'Default\|SSL async private: sign' 1127 1128 # To save time, only test one protocol version, since this part of 1129 # the protocol is identical in (D)TLS up to 1.2. 1130 msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)" 1131 tests/compat.sh -m tls12 -t 'ECDSA' 1132} 1133 1134component_test_no_hmac_drbg_use_psa () { 1135 msg "build: Full minus HMAC_DRBG, PSA crypto in TLS" 1136 scripts/config.py full 1137 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1138 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1139 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1140 1141 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1142 make 1143 1144 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites" 1145 make test 1146 1147 # Normally our ECDSA implementation uses deterministic ECDSA. But since 1148 # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used 1149 # instead. 1150 # Test SSL with non-deterministic ECDSA. Only test features that 1151 # might be affected by how ECDSA signature is performed. 1152 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" 1153 tests/ssl-opt.sh -f 'Default\|SSL async private: sign' 1154 1155 # To save time, only test one protocol version, since this part of 1156 # the protocol is identical in (D)TLS up to 1.2. 1157 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)" 1158 tests/compat.sh -m tls12 -t 'ECDSA' 1159} 1160 1161component_test_psa_external_rng_no_drbg_classic () { 1162 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS" 1163 scripts/config.py full 1164 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1165 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 1166 scripts/config.py unset MBEDTLS_ENTROPY_C 1167 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 1168 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 1169 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1170 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1171 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1172 # When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG, 1173 # the SSL test programs don't have an RNG and can't work. Explicitly 1174 # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG. 1175 make CFLAGS="$ASAN_CFLAGS -O2 -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS" 1176 1177 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites" 1178 make test 1179 1180 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)" 1181 tests/ssl-opt.sh -f 'Default' 1182} 1183 1184component_test_psa_external_rng_no_drbg_use_psa () { 1185 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS" 1186 scripts/config.py full 1187 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 1188 scripts/config.py unset MBEDTLS_ENTROPY_C 1189 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 1190 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 1191 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1192 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1193 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1194 make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1195 1196 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" 1197 make test 1198 1199 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)" 1200 tests/ssl-opt.sh -f 'Default\|opaque' 1201} 1202 1203component_test_psa_external_rng_use_psa_crypto () { 1204 msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" 1205 scripts/config.py full 1206 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 1207 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1208 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1209 make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1210 1211 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" 1212 make test 1213 1214 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" 1215 tests/ssl-opt.sh -f 'Default\|opaque' 1216} 1217 1218component_test_everest () { 1219 msg "build: Everest ECDH context (ASan build)" # ~ 6 min 1220 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 1221 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan . 1222 make 1223 1224 msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s 1225 make test 1226 1227 msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s 1228 tests/ssl-opt.sh -f ECDH 1229 1230 msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min 1231 # Exclude some symmetric ciphers that are redundant here to gain time. 1232 tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES' 1233} 1234 1235component_test_everest_curve25519_only () { 1236 msg "build: Everest ECDH context, only Curve25519" # ~ 6 min 1237 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 1238 scripts/config.py unset MBEDTLS_ECDSA_C 1239 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1240 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1241 scripts/config.py unset MBEDTLS_ECJPAKE_C 1242 # Disable all curves 1243 for c in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do 1244 scripts/config.py unset "$c" 1245 done 1246 scripts/config.py set MBEDTLS_ECP_DP_CURVE25519_ENABLED 1247 1248 make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1249 1250 msg "test: Everest ECDH context, only Curve25519" # ~ 50s 1251 make test 1252} 1253 1254component_test_small_ssl_out_content_len () { 1255 msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" 1256 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 1257 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 1258 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1259 make 1260 1261 msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" 1262 tests/ssl-opt.sh -f "Max fragment\|Large packet" 1263} 1264 1265component_test_small_ssl_in_content_len () { 1266 msg "build: small SSL_IN_CONTENT_LEN (ASan build)" 1267 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 4096 1268 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 1269 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1270 make 1271 1272 msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" 1273 tests/ssl-opt.sh -f "Max fragment" 1274} 1275 1276component_test_small_ssl_dtls_max_buffering () { 1277 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" 1278 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 1279 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1280 make 1281 1282 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" 1283 tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" 1284} 1285 1286component_test_small_mbedtls_ssl_dtls_max_buffering () { 1287 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" 1288 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190 1289 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1290 make 1291 1292 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" 1293 tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" 1294} 1295 1296component_test_psa_collect_statuses () { 1297 msg "build+test: psa_collect_statuses" # ~30s 1298 scripts/config.py full 1299 tests/scripts/psa_collect_statuses.py 1300 # Check that psa_crypto_init() succeeded at least once 1301 grep -q '^0:psa_crypto_init:' tests/statuses.log 1302 rm -f tests/statuses.log 1303} 1304 1305component_test_full_cmake_clang () { 1306 msg "build: cmake, full config, clang" # ~ 50s 1307 scripts/config.py full 1308 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On . 1309 make 1310 1311 msg "test: main suites (full config, clang)" # ~ 5s 1312 make test 1313 1314 msg "test: psa_constant_names (full config, clang)" # ~ 1s 1315 tests/scripts/test_psa_constant_names.py 1316 1317 msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s 1318 tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' 1319 1320 msg "test: compat.sh DES, 3DES & NULL (full config)" # ~ 2 min 1321 env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES' 1322 1323 msg "test: compat.sh ARIA + ChachaPoly" 1324 env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' 1325} 1326 1327component_test_memsan_constant_flow () { 1328 # This tests both (1) accesses to undefined memory, and (2) branches or 1329 # memory access depending on secret values. To distinguish between those: 1330 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist? 1331 # - or alternatively, change the build type to MemSanDbg, which enables 1332 # origin tracking and nicer stack traces (which are useful for debugging 1333 # anyway), and check if the origin was TEST_CF_SECRET() or something else. 1334 msg "build: cmake MSan (clang), full config with constant flow testing" 1335 scripts/config.py full 1336 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN 1337 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm 1338 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . 1339 make 1340 1341 msg "test: main suites (Msan + constant flow)" 1342 make test 1343} 1344 1345component_test_valgrind_constant_flow () { 1346 # This tests both (1) everything that valgrind's memcheck usually checks 1347 # (heap buffer overflows, use of uninitialized memory, use-after-free, 1348 # etc.) and (2) branches or memory access depending on secret values, 1349 # which will be reported as uninitialized memory. To distinguish between 1350 # secret and actually uninitialized: 1351 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? 1352 # - or alternatively, build with debug info and manually run the offending 1353 # test suite with valgrind --track-origins=yes, then check if the origin 1354 # was TEST_CF_SECRET() or something else. 1355 msg "build: cmake release GCC, full config with constant flow testing" 1356 scripts/config.py full 1357 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND 1358 cmake -D CMAKE_BUILD_TYPE:String=Release . 1359 make 1360 1361 # this only shows a summary of the results (how many of each type) 1362 # details are left in Testing/<date>/DynamicAnalysis.xml 1363 msg "test: main suites (valgrind + constant flow)" 1364 make memcheck 1365} 1366 1367component_test_default_no_deprecated () { 1368 # Test that removing the deprecated features from the default 1369 # configuration leaves something consistent. 1370 msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s 1371 scripts/config.py set MBEDTLS_DEPRECATED_REMOVED 1372 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1373 1374 msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s 1375 make test 1376} 1377 1378component_test_full_no_deprecated () { 1379 msg "build: make, full_no_deprecated config" # ~ 30s 1380 scripts/config.py full_no_deprecated 1381 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1382 1383 msg "test: make, full_no_deprecated config" # ~ 5s 1384 make test 1385} 1386 1387component_test_full_no_deprecated_deprecated_warning () { 1388 # Test that there is nothing deprecated in "full_no_deprecated". 1389 # A deprecated feature would trigger a warning (made fatal) from 1390 # MBEDTLS_DEPRECATED_WARNING. 1391 msg "build: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 30s 1392 scripts/config.py full_no_deprecated 1393 scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED 1394 scripts/config.py set MBEDTLS_DEPRECATED_WARNING 1395 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1396 1397 msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s 1398 make test 1399} 1400 1401component_test_full_deprecated_warning () { 1402 # Test that when MBEDTLS_DEPRECATED_WARNING is enabled, the build passes 1403 # with only certain whitelisted types of warnings. 1404 msg "build: make, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s 1405 scripts/config.py full 1406 scripts/config.py set MBEDTLS_DEPRECATED_WARNING 1407 # Expect warnings from '#warning' directives in check_config.h. 1408 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs 1409 1410 msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s 1411 # Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features. 1412 # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set. 1413 # Expect warnings from '#warning' directives in check_config.h and 1414 # from the use of deprecated functions in test suites. 1415 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests 1416 1417 msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s 1418 make test 1419} 1420 1421# Check that the specified libraries exist and are empty. 1422are_empty_libraries () { 1423 nm "$@" >/dev/null 2>/dev/null 1424 ! nm "$@" 2>/dev/null | grep -v ':$' | grep . 1425} 1426 1427component_build_crypto_default () { 1428 msg "build: make, crypto only" 1429 scripts/config.py crypto 1430 make CFLAGS='-O1 -Werror' 1431 are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1432} 1433 1434component_build_crypto_full () { 1435 msg "build: make, crypto only, full config" 1436 scripts/config.py crypto_full 1437 make CFLAGS='-O1 -Werror' 1438 are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1439} 1440 1441component_build_crypto_baremetal () { 1442 msg "build: make, crypto only, baremetal config" 1443 scripts/config.py crypto_baremetal 1444 make CFLAGS='-O1 -Werror' 1445 are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1446} 1447 1448component_test_depends_curves () { 1449 msg "test/build: curves.pl (gcc)" # ~ 4 min 1450 tests/scripts/curves.pl 1451} 1452 1453component_test_depends_curves_psa () { 1454 msg "test/build: curves.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" 1455 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1456 tests/scripts/curves.pl 1457} 1458 1459component_test_depends_hashes () { 1460 msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min 1461 tests/scripts/depends-hashes.pl 1462} 1463 1464component_test_depends_hashes_psa () { 1465 msg "test/build: depends-hashes.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" 1466 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1467 tests/scripts/depends-hashes.pl 1468} 1469 1470component_test_depends_pkalgs () { 1471 msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min 1472 tests/scripts/depends-pkalgs.pl 1473} 1474 1475component_test_depends_pkalgs_psa () { 1476 msg "test/build: depends-pkalgs.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" 1477 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1478 tests/scripts/depends-pkalgs.pl 1479} 1480 1481component_build_key_exchanges () { 1482 msg "test/build: key-exchanges (gcc)" # ~ 1 min 1483 tests/scripts/key-exchanges.pl 1484} 1485 1486component_test_make_cxx () { 1487 msg "build: Unix make, full, gcc + g++" 1488 scripts/config.py full 1489 make TEST_CPP=1 lib programs 1490 1491 msg "test: cpp_dummy_build" 1492 programs/test/cpp_dummy_build 1493} 1494 1495component_build_module_alt () { 1496 msg "build: MBEDTLS_XXX_ALT" # ~30s 1497 scripts/config.py full 1498 # Disable options that are incompatible with some ALT implementations. 1499 # aesni.c and padlock.c reference mbedtls_aes_context fields directly. 1500 scripts/config.py unset MBEDTLS_AESNI_C 1501 scripts/config.py unset MBEDTLS_PADLOCK_C 1502 # You can only have one threading implementation: alt or pthread, not both. 1503 scripts/config.py unset MBEDTLS_THREADING_PTHREAD 1504 # The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields 1505 # directly and assumes the implementation works with partial groups. 1506 scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED 1507 # Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable 1508 # MBEDTLS_XXX_YYY_ALT which are for single functions. 1509 scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT' 1510 scripts/config.py unset MBEDTLS_DHM_ALT #incompatible with MBEDTLS_DEBUG_C 1511 # We can only compile, not link, since we don't have any implementations 1512 # suitable for testing with the dummy alt headers. 1513 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib 1514} 1515 1516component_build_dhm_alt () { 1517 msg "build: MBEDTLS_DHM_ALT" # ~30s 1518 scripts/config.py full 1519 scripts/config.py set MBEDTLS_DHM_ALT 1520 # debug.c currently references mbedtls_dhm_context fields directly. 1521 scripts/config.py unset MBEDTLS_DEBUG_C 1522 # We can only compile, not link, since we don't have any implementations 1523 # suitable for testing with the dummy alt headers. 1524 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib 1525} 1526 1527component_test_no_use_psa_crypto_full_cmake_asan() { 1528 # full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh 1529 msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan" 1530 scripts/config.py full 1531 scripts/config.py set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC 1532 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C 1533 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1534 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 1535 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C 1536 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 1537 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 1538 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1539 make 1540 1541 msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)" 1542 make test 1543 1544 msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)" 1545 tests/ssl-opt.sh 1546 1547 msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)" 1548 tests/compat.sh 1549 1550 msg "test: compat.sh DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)" 1551 env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES' 1552 1553 msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)" 1554 env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' 1555} 1556 1557component_test_psa_crypto_config_accel_ecdsa () { 1558 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA" 1559 1560 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 1561 # partial support for cipher operations in the driver test library. 1562 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 1563 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 1564 1565 # SHA384 needed for some ECDSA signature tests. 1566 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA384_C 1567 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C 1568 1569 loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" 1570 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 1571 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 1572 1573 # Restore test driver base configuration 1574 scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA384_C 1575 scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C 1576 1577 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1578 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1579 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1580 scripts/config.py unset MBEDTLS_ECDSA_C 1581 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1582 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1583 1584 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 1585 make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 1586 1587 unset loc_accel_flags 1588 unset loc_accel_list 1589 1590 if_build_succeeded not grep mbedtls_ecdsa_ library/ecdsa.o 1591 1592 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA" 1593 make test 1594} 1595 1596component_test_psa_crypto_config_accel_rsa_signature () { 1597 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" 1598 1599 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 1600 # partial support for cipher operations in the driver test library. 1601 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 1602 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 1603 1604 # It seems it is not possible to remove only the support for RSA signature 1605 # in the library. Thus we have to remove all RSA support (signature and 1606 # encryption/decryption). AS there is no driver support for asymmetric 1607 # encryption/decryption so far remove RSA encryption/decryption from the 1608 # application algorithm list. 1609 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 1610 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1611 1612 # Make sure both the library and the test library support the SHA hash 1613 # algorithms and only those ones (SHA256 is included by default). That way: 1614 # - the test library can compute the RSA signatures even in the case of a 1615 # composite RSA signature algorithm based on a SHA hash (no other hash 1616 # used in the unit tests). 1617 # - the dependency of RSA signature tests on PSA_WANT_ALG_SHA_xyz is 1618 # fulfilled as the hash SHA algorithm is supported by the library, and 1619 # thus the tests are run, not skipped. 1620 # - when testing a signature key with an algorithm wildcard built from 1621 # PSA_ALG_ANY_HASH as algorithm to test with the key, the chosen hash 1622 # algorithm based on the hashes supported by the library is also 1623 # supported by the test library. 1624 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1625 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160_C 1626 1627 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA1_C 1628 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C 1629 # We need PEM parsing in the test library as well to support the import 1630 # of PEM encoded RSA keys. 1631 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_PEM_PARSE_C 1632 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_BASE64_C 1633 1634 loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY" 1635 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 1636 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 1637 1638 # Restore test driver base configuration 1639 scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA1_C 1640 scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C 1641 scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_PEM_PARSE_C 1642 scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_BASE64_C 1643 1644 1645 # Mbed TLS library build 1646 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1647 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1648 1649 # Remove RSA support and its dependencies 1650 scripts/config.py unset MBEDTLS_PKCS1_V15 1651 scripts/config.py unset MBEDTLS_PKCS1_V21 1652 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 1653 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 1654 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 1655 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 1656 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 1657 scripts/config.py unset MBEDTLS_RSA_C 1658 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT 1659 1660 scripts/config.py unset MBEDTLS_MD5_C 1661 scripts/config.py unset MBEDTLS_RIPEMD160_C 1662 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1 1663 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_1 1664 scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING 1665 1666 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 1667 make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 1668 1669 unset loc_accel_flags 1670 unset loc_accel_list 1671 1672 if_build_succeeded not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o 1673 if_build_succeeded not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o 1674 1675 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" 1676 make test 1677} 1678 1679component_test_psa_crypto_config_accel_hash () { 1680 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" 1681 1682 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 1683 # partial support for cipher operations in the driver test library. 1684 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 1685 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 1686 1687 loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" 1688 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 1689 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 1690 1691 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1692 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1693 scripts/config.py unset MBEDTLS_MD5_C 1694 scripts/config.py unset MBEDTLS_RIPEMD160_C 1695 scripts/config.py unset MBEDTLS_SHA1_C 1696 # Don't unset MBEDTLS_SHA256_C as it is needed by PSA crypto core. 1697 scripts/config.py unset MBEDTLS_SHA384_C 1698 scripts/config.py unset MBEDTLS_SHA512_C 1699 # Unset MBEDTLS_SSL_PROTO_SSL3, MBEDTLS_SSL_PROTO_TLS1 and MBEDTLS_SSL_PROTO_TLS1_1 as they depend on MBEDTLS_SHA1_C 1700 scripts/config.py unset MBEDTLS_SSL_PROTO_SSL3 1701 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1 1702 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_1 1703 # Unset MBEDTLS_SSL_CBC_RECORD_SPLITTING as it depends on MBEDTLS_SSL_PROTO_TLS1 in the default configuration. 1704 scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING 1705 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 1706 make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 1707 1708 unset loc_accel_flags 1709 unset loc_accel_list 1710 1711 if_build_succeeded not grep mbedtls_sha512_init library/sha512.o 1712 if_build_succeeded not grep mbedtls_sha1_init library/sha1.o 1713 1714 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" 1715 make test 1716} 1717 1718component_test_psa_crypto_config_accel_cipher () { 1719 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher" 1720 1721 loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES" 1722 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 1723 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 1724 1725 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1726 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1727 1728 # There is no intended accelerator support for ALG STREAM_CIPHER and 1729 # ALG_ECB_NO_PADDING. Therefore, asking for them in the build implies the 1730 # inclusion of the Mbed TLS cipher operations. As we want to test here with 1731 # cipher operations solely supported by accelerators, disabled those 1732 # PSA configuration options. 1733 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 1734 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 1735 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CMAC 1736 1737 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC 1738 scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7 1739 scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR 1740 scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB 1741 scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB 1742 scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS 1743 scripts/config.py unset MBEDTLS_DES_C 1744 1745 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 1746 make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 1747 1748 unset loc_accel_flags 1749 unset loc_accel_list 1750 1751 if_build_succeeded not grep mbedtls_des* library/des.o 1752 1753 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" 1754 make test 1755} 1756 1757component_test_psa_crypto_config_no_driver() { 1758 # full plus MBEDTLS_PSA_CRYPTO_CONFIG 1759 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" 1760 scripts/config.py full 1761 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1762 scripts/config.py unset MBEDTLS_PSA_CRYPTO_DRIVERS 1763 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1764 make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1765 1766 msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" 1767 make test 1768} 1769 1770component_test_psa_crypto_config_chachapoly_disabled() { 1771 # full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305 1772 msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305" 1773 scripts/config.py full 1774 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 1775 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_GCM 1776 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CHACHA20_POLY1305 1777 make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1778 1779 msg "test: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305" 1780 make test 1781} 1782 1783# This should be renamed to test and updated once the accelerator ECDSA code is in place and ready to test. 1784component_build_psa_accel_alg_ecdsa() { 1785 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA 1786 # without MBEDTLS_ECDSA_C 1787 # PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_DETERMINISTIC_ECDSA are already 1788 # set in include/psa/crypto_config.h 1789 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDSA without MBEDTLS_ECDSA_C" 1790 scripts/config.py full 1791 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1792 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1793 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1794 scripts/config.py unset MBEDTLS_ECDSA_C 1795 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1796 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1797 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1798 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDSA -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1799} 1800 1801# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test. 1802component_build_psa_accel_alg_ecdh() { 1803 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH 1804 # without MBEDTLS_ECDH_C 1805 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C" 1806 scripts/config.py full 1807 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1808 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1809 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1810 scripts/config.py unset MBEDTLS_ECDH_C 1811 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 1812 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1813 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1814 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 1815 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 1816 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1817 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1818} 1819 1820# This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test. 1821component_build_psa_accel_key_type_ecc_key_pair() { 1822 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1823 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR" 1824 scripts/config.py full 1825 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1826 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1827 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1828 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 1829 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 1830 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1831 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1832} 1833 1834# This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test. 1835component_build_psa_accel_key_type_ecc_public_key() { 1836 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1837 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY" 1838 scripts/config.py full 1839 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1840 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1841 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1842 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 1843 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1844 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1845 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1846} 1847 1848# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. 1849component_build_psa_accel_alg_hmac() { 1850 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC 1851 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC" 1852 scripts/config.py full 1853 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1854 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1855 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1856 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1857 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1858} 1859 1860# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. 1861component_build_psa_accel_alg_hkdf() { 1862 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HKDF 1863 # without MBEDTLS_HKDF_C 1864 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C" 1865 scripts/config.py full 1866 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1867 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1868 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1869 scripts/config.py unset MBEDTLS_HKDF_C 1870 # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it. 1871 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 1872 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1873 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1874} 1875 1876# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test. 1877component_build_psa_accel_alg_md5() { 1878 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD5 without other hashes 1879 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD5 - other hashes" 1880 scripts/config.py full 1881 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1882 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1883 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1884 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1885 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1886 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1887 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1888 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1889 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1890 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1891 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1892} 1893 1894# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test. 1895component_build_psa_accel_alg_ripemd160() { 1896 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RIPEMD160 without other hashes 1897 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RIPEMD160 - other hashes" 1898 scripts/config.py full 1899 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1900 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1901 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1902 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1903 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1904 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1905 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1906 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1907 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1908 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1909 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1910} 1911 1912# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test. 1913component_build_psa_accel_alg_sha1() { 1914 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_1 without other hashes 1915 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_1 - other hashes" 1916 scripts/config.py full 1917 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1918 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1919 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1920 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1921 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1922 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1923 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1924 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1925 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1926 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1927 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1928} 1929 1930# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test. 1931component_build_psa_accel_alg_sha224() { 1932 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_224 without other hashes 1933 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_224 - other hashes" 1934 scripts/config.py full 1935 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1936 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1937 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1938 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1939 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1940 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1941 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1942 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1943 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1944 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1945} 1946 1947# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test. 1948component_build_psa_accel_alg_sha256() { 1949 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_256 without other hashes 1950 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_256 - other hashes" 1951 scripts/config.py full 1952 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1953 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1954 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1955 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1956 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1957 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1958 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1959 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1960 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1961 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1962 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1963} 1964 1965# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test. 1966component_build_psa_accel_alg_sha384() { 1967 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_384 without other hashes 1968 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_384 - other hashes" 1969 scripts/config.py full 1970 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1971 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1972 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1973 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1974 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1975 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1976 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1977 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1978 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1979 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1980} 1981 1982# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test. 1983component_build_psa_accel_alg_sha512() { 1984 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_512 without other hashes 1985 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_512 - other hashes" 1986 scripts/config.py full 1987 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1988 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1989 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1990 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1991 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1992 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1993 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1994 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1995 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1996 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1997 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1998} 1999 2000# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2001component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { 2002 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 2003 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 2004 scripts/config.py full 2005 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2006 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2007 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2008 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 2009 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 2010 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 2011 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 2012 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2013 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2014} 2015 2016# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2017component_build_psa_accel_alg_rsa_pkcs1v15_sign() { 2018 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_SIGN and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 2019 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 2020 scripts/config.py full 2021 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2022 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2023 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2024 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 2025 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 2026 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 2027 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 2028 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2029 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2030} 2031 2032# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2033component_build_psa_accel_alg_rsa_oaep() { 2034 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_OAEP and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 2035 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 2036 scripts/config.py full 2037 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2038 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2039 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2040 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_OAEP 1 2041 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 2042 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 2043 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 2044 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2045 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2046} 2047 2048# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2049component_build_psa_accel_alg_rsa_pss() { 2050 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PSS and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 2051 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 2052 scripts/config.py full 2053 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2054 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2055 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2056 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 2057 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 2058 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 2059 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 2060 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2061 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2062} 2063 2064# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2065component_build_psa_accel_key_type_rsa_key_pair() { 2066 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR and PSA_WANT_ALG_RSA_PSS 2067 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR + PSA_WANT_ALG_RSA_PSS" 2068 scripts/config.py full 2069 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2070 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2071 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2072 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 2073 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 2074 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2075 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2076} 2077 2078# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2079component_build_psa_accel_key_type_rsa_public_key() { 2080 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY and PSA_WANT_ALG_RSA_PSS 2081 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS" 2082 scripts/config.py full 2083 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2084 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2085 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2086 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 2087 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 2088 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2089 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2090} 2091 2092component_test_no_platform () { 2093 # Full configuration build, without platform support, file IO and net sockets. 2094 # This should catch missing mbedtls_printf definitions, and by disabling file 2095 # IO, it should catch missing '#include <stdio.h>' 2096 msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s 2097 scripts/config.py full 2098 scripts/config.py unset MBEDTLS_PLATFORM_C 2099 scripts/config.py unset MBEDTLS_NET_C 2100 scripts/config.py unset MBEDTLS_PLATFORM_MEMORY 2101 scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT 2102 scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT 2103 scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT 2104 scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT 2105 scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT 2106 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 2107 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 2108 scripts/config.py unset MBEDTLS_FS_IO 2109 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 2110 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 2111 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C 2112 # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, 2113 # to re-enable platform integration features otherwise disabled in C99 builds 2114 make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs 2115 make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test 2116} 2117 2118component_build_no_std_function () { 2119 # catch compile bugs in _uninit functions 2120 msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s 2121 scripts/config.py full 2122 scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 2123 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 2124 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 2125 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check . 2126 make 2127} 2128 2129component_build_no_ssl_srv () { 2130 msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s 2131 scripts/config.py full 2132 scripts/config.py unset MBEDTLS_SSL_SRV_C 2133 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' 2134} 2135 2136component_build_no_ssl_cli () { 2137 msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s 2138 scripts/config.py full 2139 scripts/config.py unset MBEDTLS_SSL_CLI_C 2140 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' 2141} 2142 2143component_build_no_sockets () { 2144 # Note, C99 compliance can also be tested with the sockets support disabled, 2145 # as that requires a POSIX platform (which isn't the same as C99). 2146 msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s 2147 scripts/config.py full 2148 scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. 2149 scripts/config.py set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux 2150 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib 2151} 2152 2153component_test_memory_buffer_allocator_backtrace () { 2154 msg "build: default config with memory buffer allocator and backtrace enabled" 2155 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 2156 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 2157 scripts/config.py set MBEDTLS_MEMORY_BACKTRACE 2158 scripts/config.py set MBEDTLS_MEMORY_DEBUG 2159 CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . 2160 make 2161 2162 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE" 2163 make test 2164} 2165 2166component_test_memory_buffer_allocator () { 2167 msg "build: default config with memory buffer allocator" 2168 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 2169 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 2170 CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . 2171 make 2172 2173 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C" 2174 make test 2175 2176 msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C" 2177 # MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out. 2178 tests/ssl-opt.sh -e '^DTLS proxy' 2179} 2180 2181component_test_no_max_fragment_length () { 2182 # Run max fragment length tests with MFL disabled 2183 msg "build: default config except MFL extension (ASan build)" # ~ 30s 2184 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2185 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2186 make 2187 2188 msg "test: ssl-opt.sh, MFL-related tests" 2189 tests/ssl-opt.sh -f "Max fragment length" 2190} 2191 2192component_test_asan_remove_peer_certificate () { 2193 msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)" 2194 scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 2195 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2196 make 2197 2198 msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 2199 make test 2200 2201 msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 2202 tests/ssl-opt.sh 2203 2204 msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 2205 tests/compat.sh 2206 2207 msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 2208 tests/context-info.sh 2209} 2210 2211component_test_no_max_fragment_length_small_ssl_out_content_len () { 2212 msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" 2213 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2214 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 2215 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 2216 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2217 make 2218 2219 msg "test: MFL tests (disabled MFL extension case) & large packet tests" 2220 tests/ssl-opt.sh -f "Max fragment length\|Large buffer" 2221 2222 msg "test: context-info.sh (disabled MFL extension case)" 2223 tests/context-info.sh 2224} 2225 2226component_test_variable_ssl_in_out_buffer_len () { 2227 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)" 2228 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 2229 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2230 make 2231 2232 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 2233 make test 2234 2235 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 2236 tests/ssl-opt.sh 2237 2238 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 2239 tests/compat.sh 2240} 2241 2242component_test_variable_ssl_in_out_buffer_len_CID () { 2243 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled (ASan build)" 2244 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 2245 scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID 2246 2247 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2248 make 2249 2250 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID" 2251 make test 2252 2253 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled" 2254 tests/ssl-opt.sh 2255 2256 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled" 2257 tests/compat.sh 2258} 2259 2260component_test_CID_no_debug() { 2261 msg "build: Connection ID enabled, debug disabled" 2262 scripts/config.py unset MBEDTLS_DEBUG_C 2263 scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID 2264 2265 CC=gcc cmake . 2266 make 2267 2268 msg "test: Connection ID enabled, debug disabled" 2269 make test 2270} 2271 2272component_test_ssl_alloc_buffer_and_mfl () { 2273 msg "build: default config with memory buffer allocator and MFL extension" 2274 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 2275 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 2276 scripts/config.py set MBEDTLS_MEMORY_DEBUG 2277 scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2278 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 2279 CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . 2280 make 2281 2282 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 2283 make test 2284 2285 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 2286 tests/ssl-opt.sh -f "Handshake memory usage" 2287} 2288 2289component_test_when_no_ciphersuites_have_mac () { 2290 msg "build: when no ciphersuites have MAC" 2291 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 2292 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC 2293 scripts/config.py unset MBEDTLS_CMAC_C 2294 make 2295 2296 msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC" 2297 make test 2298 2299 msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC" 2300 tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM' 2301} 2302 2303component_test_no_date_time () { 2304 msg "build: default config without MBEDTLS_HAVE_TIME_DATE" 2305 scripts/config.py unset MBEDTLS_HAVE_TIME_DATE 2306 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check . 2307 make 2308 2309 msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites" 2310 make test 2311} 2312 2313component_test_platform_calloc_macro () { 2314 msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" 2315 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 2316 scripts/config.py set MBEDTLS_PLATFORM_CALLOC_MACRO calloc 2317 scripts/config.py set MBEDTLS_PLATFORM_FREE_MACRO free 2318 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2319 make 2320 2321 msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" 2322 make test 2323} 2324 2325component_test_malloc_0_null () { 2326 msg "build: malloc(0) returns NULL (ASan+UBSan build)" 2327 scripts/config.py full 2328 make CC=gcc CFLAGS="'-DMBEDTLS_CONFIG_FILE=\"$PWD/tests/configs/config-wrapper-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS" 2329 2330 msg "test: malloc(0) returns NULL (ASan+UBSan build)" 2331 make test 2332 2333 msg "selftest: malloc(0) returns NULL (ASan+UBSan build)" 2334 # Just the calloc selftest. "make test" ran the others as part of the 2335 # test suites. 2336 programs/test/selftest calloc 2337 2338 msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)" 2339 # Run a subset of the tests. The choice is a balance between coverage 2340 # and time (including time indirectly wasted due to flaky tests). 2341 # The current choice is to skip tests whose description includes 2342 # "proxy", which is an approximation of skipping tests that use the 2343 # UDP proxy, which tend to be slower and flakier. 2344 tests/ssl-opt.sh -e 'proxy' 2345} 2346 2347component_test_aes_fewer_tables () { 2348 msg "build: default config with AES_FEWER_TABLES enabled" 2349 scripts/config.py set MBEDTLS_AES_FEWER_TABLES 2350 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 2351 2352 msg "test: AES_FEWER_TABLES" 2353 make test 2354} 2355 2356component_test_aes_rom_tables () { 2357 msg "build: default config with AES_ROM_TABLES enabled" 2358 scripts/config.py set MBEDTLS_AES_ROM_TABLES 2359 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 2360 2361 msg "test: AES_ROM_TABLES" 2362 make test 2363} 2364 2365component_test_aes_fewer_tables_and_rom_tables () { 2366 msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" 2367 scripts/config.py set MBEDTLS_AES_FEWER_TABLES 2368 scripts/config.py set MBEDTLS_AES_ROM_TABLES 2369 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 2370 2371 msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" 2372 make test 2373} 2374 2375component_test_ctr_drbg_aes_256_sha_256 () { 2376 msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2377 scripts/config.py full 2378 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 2379 scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 2380 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2381 make 2382 2383 msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2384 make test 2385} 2386 2387component_test_ctr_drbg_aes_128_sha_512 () { 2388 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" 2389 scripts/config.py full 2390 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 2391 scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY 2392 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2393 make 2394 2395 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" 2396 make test 2397} 2398 2399component_test_ctr_drbg_aes_128_sha_256 () { 2400 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2401 scripts/config.py full 2402 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 2403 scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY 2404 scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 2405 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2406 make 2407 2408 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2409 make test 2410} 2411 2412component_test_se_default () { 2413 msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C" 2414 scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C 2415 make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" 2416 2417 msg "test: default config + MBEDTLS_PSA_CRYPTO_SE_C" 2418 make test 2419} 2420 2421component_test_psa_crypto_drivers () { 2422 msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks" 2423 scripts/config.py full 2424 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2425 scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS 2426 loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL" 2427 loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" 2428 loc_cflags="${loc_cflags} -I../tests/include -O2" 2429 2430 make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" 2431 unset loc_cflags 2432 2433 msg "test: full + MBEDTLS_PSA_CRYPTO_DRIVERS" 2434 make test 2435} 2436 2437component_test_make_shared () { 2438 msg "build/test: make shared" # ~ 40s 2439 make SHARED=1 all check 2440 ldd programs/util/strerror | grep libmbedcrypto 2441 programs/test/dlopen_demo.sh 2442} 2443 2444component_test_cmake_shared () { 2445 msg "build/test: cmake shared" # ~ 2min 2446 cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On . 2447 make 2448 ldd programs/util/strerror | grep libmbedcrypto 2449 make test 2450 programs/test/dlopen_demo.sh 2451} 2452 2453test_build_opt () { 2454 info=$1 cc=$2; shift 2 2455 for opt in "$@"; do 2456 msg "build/test: $cc $opt, $info" # ~ 30s 2457 make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" 2458 # We're confident enough in compilers to not run _all_ the tests, 2459 # but at least run the unit tests. In particular, runs with 2460 # optimizations use inline assembly whereas runs with -O0 2461 # skip inline assembly. 2462 make test # ~30s 2463 make clean 2464 done 2465} 2466 2467component_test_clang_opt () { 2468 scripts/config.py full 2469 test_build_opt 'full config' clang -O0 -Os -O2 2470} 2471 2472component_test_gcc_opt () { 2473 scripts/config.py full 2474 test_build_opt 'full config' gcc -O0 -Os -O2 2475} 2476 2477component_build_mbedtls_config_file () { 2478 msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s 2479 # Use the full config so as to catch a maximum of places where 2480 # the check of MBEDTLS_CONFIG_FILE might be missing. 2481 scripts/config.py full 2482 sed 's!"check_config.h"!"mbedtls/check_config.h"!' <"$CONFIG_H" >full_config.h 2483 echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H" 2484 make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" 2485 rm -f full_config.h 2486} 2487 2488component_test_m32_o0 () { 2489 # Build without optimization, so as to use portable C code (in a 32-bit 2490 # build) and not the i386-specific inline assembly. 2491 msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s 2492 scripts/config.py full 2493 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS" 2494 2495 msg "test: i386, make, gcc -O0 (ASan build)" 2496 make test 2497} 2498support_test_m32_o0 () { 2499 case $(uname -m) in 2500 *64*) true;; 2501 *) false;; 2502 esac 2503} 2504 2505component_test_m32_o2 () { 2506 # Build with optimization, to use the i386 specific inline assembly 2507 # and go faster for tests. 2508 msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s 2509 scripts/config.py full 2510 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS" 2511 2512 msg "test: i386, make, gcc -O2 (ASan build)" 2513 make test 2514 2515 msg "test ssl-opt.sh, i386, make, gcc-O2" 2516 tests/ssl-opt.sh 2517} 2518support_test_m32_o2 () { 2519 support_test_m32_o0 "$@" 2520} 2521 2522component_test_m32_everest () { 2523 msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min 2524 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 2525 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS" 2526 2527 msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s 2528 make test 2529 2530 msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s 2531 tests/ssl-opt.sh -f ECDH 2532 2533 msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min 2534 # Exclude some symmetric ciphers that are redundant here to gain time. 2535 tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES' 2536} 2537support_test_m32_everest () { 2538 support_test_m32_o0 "$@" 2539} 2540 2541component_test_mx32 () { 2542 msg "build: 64-bit ILP32, make, gcc" # ~ 30s 2543 scripts/config.py full 2544 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' 2545 2546 msg "test: 64-bit ILP32, make, gcc" 2547 make test 2548} 2549support_test_mx32 () { 2550 case $(uname -m) in 2551 amd64|x86_64) true;; 2552 *) false;; 2553 esac 2554} 2555 2556component_test_min_mpi_window_size () { 2557 msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s 2558 scripts/config.py set MBEDTLS_MPI_WINDOW_SIZE 1 2559 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2560 make 2561 2562 msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s 2563 make test 2564} 2565 2566component_test_have_int32 () { 2567 msg "build: gcc, force 32-bit bignum limbs" 2568 scripts/config.py unset MBEDTLS_HAVE_ASM 2569 scripts/config.py unset MBEDTLS_AESNI_C 2570 scripts/config.py unset MBEDTLS_PADLOCK_C 2571 make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' 2572 2573 msg "test: gcc, force 32-bit bignum limbs" 2574 make test 2575} 2576 2577component_test_have_int64 () { 2578 msg "build: gcc, force 64-bit bignum limbs" 2579 scripts/config.py unset MBEDTLS_HAVE_ASM 2580 scripts/config.py unset MBEDTLS_AESNI_C 2581 scripts/config.py unset MBEDTLS_PADLOCK_C 2582 make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' 2583 2584 msg "test: gcc, force 64-bit bignum limbs" 2585 make test 2586} 2587 2588component_test_no_udbl_division () { 2589 msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s 2590 scripts/config.py full 2591 scripts/config.py set MBEDTLS_NO_UDBL_DIVISION 2592 make CFLAGS='-Werror -O1' 2593 2594 msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s 2595 make test 2596} 2597 2598component_test_no_64bit_multiplication () { 2599 msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s 2600 scripts/config.py full 2601 scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION 2602 make CFLAGS='-Werror -O1' 2603 2604 msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s 2605 make test 2606} 2607 2608component_test_no_strings () { 2609 msg "build: no strings" # ~10s 2610 scripts/config.py full 2611 # Disable options that activate a large amount of string constants. 2612 scripts/config.py unset MBEDTLS_DEBUG_C 2613 scripts/config.py unset MBEDTLS_ERROR_C 2614 scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY 2615 scripts/config.py unset MBEDTLS_VERSION_FEATURES 2616 make CFLAGS='-Werror -Os' 2617 2618 msg "test: no strings" # ~ 10s 2619 make test 2620} 2621 2622component_test_no_x509_info () { 2623 msg "build: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s 2624 scripts/config.pl full 2625 scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests 2626 scripts/config.pl set MBEDTLS_X509_REMOVE_INFO 2627 make CFLAGS='-Werror -O2' 2628 2629 msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s 2630 make test 2631 2632 msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_INFO" # ~ 1 min 2633 tests/ssl-opt.sh 2634} 2635 2636component_build_arm_none_eabi_gcc () { 2637 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s 2638 scripts/config.py baremetal 2639 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib 2640 2641 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" 2642 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 2643} 2644 2645component_build_arm_linux_gnueabi_gcc_arm5vte () { 2646 msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s 2647 scripts/config.py baremetal 2648 # Build for a target platform that's close to what Debian uses 2649 # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). 2650 # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments. 2651 # Build everything including programs, see for example 2652 # https://github.com/ARMmbed/mbedtls/pull/3449#issuecomment-675313720 2653 make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' 2654 2655 msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1" 2656 ${ARM_LINUX_GNUEABI_GCC_PREFIX}size library/*.o 2657} 2658support_build_arm_linux_gnueabi_gcc_arm5vte () { 2659 type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1 2660} 2661 2662component_build_arm_none_eabi_gcc_arm5vte () { 2663 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s 2664 scripts/config.py baremetal 2665 # This is an imperfect substitute for 2666 # component_build_arm_linux_gnueabi_gcc_arm5vte 2667 # in case the gcc-arm-linux-gnueabi toolchain is not available 2668 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib 2669 2670 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1" 2671 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 2672} 2673 2674component_build_arm_none_eabi_gcc_m0plus () { 2675 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s 2676 scripts/config.py baremetal 2677 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib 2678 2679 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os" 2680 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 2681} 2682 2683component_build_arm_none_eabi_gcc_no_udbl_division () { 2684 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s 2685 scripts/config.py baremetal 2686 scripts/config.py set MBEDTLS_NO_UDBL_DIVISION 2687 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib 2688 echo "Checking that software 64-bit division is not required" 2689 not grep __aeabi_uldiv library/*.o 2690} 2691 2692component_build_arm_none_eabi_gcc_no_64bit_multiplication () { 2693 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s 2694 scripts/config.py baremetal 2695 scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION 2696 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib 2697 echo "Checking that software 64-bit multiplication is not required" 2698 not grep __aeabi_lmul library/*.o 2699} 2700 2701component_build_armcc () { 2702 msg "build: ARM Compiler 5" 2703 scripts/config.py baremetal 2704 make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib 2705 2706 msg "size: ARM Compiler 5" 2707 "$ARMC5_FROMELF" -z library/*.o 2708 2709 make clean 2710 2711 # ARM Compiler 6 - Target ARMv7-A 2712 armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" 2713 2714 # ARM Compiler 6 - Target ARMv7-M 2715 armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" 2716 2717 # ARM Compiler 6 - Target ARMv8-A - AArch32 2718 armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" 2719 2720 # ARM Compiler 6 - Target ARMv8-M 2721 armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" 2722 2723 # ARM Compiler 6 - Target ARMv8-A - AArch64 2724 armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" 2725} 2726 2727component_test_tls13 () { 2728 msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" 2729 scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 2730 scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2731 scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 2732 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2733 make 2734 msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" 2735 make test 2736 msg "ssl-opt.sh (TLS 1.3)" 2737 if_build_succeeded tests/ssl-opt.sh 2738} 2739 2740component_test_tls13_no_compatibility_mode () { 2741 msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" 2742 scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 2743 scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2744 scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 2745 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2746 make 2747 msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" 2748 make test 2749 msg "ssl-opt.sh (TLS 1.3 no compatibility mode)" 2750 if_build_succeeded tests/ssl-opt.sh 2751} 2752 2753component_test_tls13_with_padding () { 2754 msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with padding" 2755 scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 2756 scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2757 scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 2758 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2759 make 2760 msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with padding" 2761 make test 2762 msg "ssl-opt.sh (TLS 1.3 with padding)" 2763 if_build_succeeded tests/ssl-opt.sh 2764} 2765 2766component_test_tls13_with_ecp_restartable () { 2767 msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with ecp_restartable" 2768 scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 2769 scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2770 scripts/config.py set MBEDTLS_ECP_RESTARTABLE 2771 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2772 make 2773 msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with ecp_restartable" 2774 make test 2775 msg "ssl-opt.sh (TLS 1.3 with ecp_restartable)" 2776 if_build_succeeded tests/ssl-opt.sh 2777} 2778 2779component_test_tls13_with_everest () { 2780 msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with Everest" 2781 scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 2782 scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2783 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 2784 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE 2785 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2786 make 2787 msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with Everest" 2788 make test 2789 msg "ssl-opt.sh (TLS 1.3 with everest)" 2790 if_build_succeeded tests/ssl-opt.sh 2791} 2792 2793component_build_mingw () { 2794 msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s 2795 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs 2796 2797 # note Make tests only builds the tests, but doesn't run them 2798 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests 2799 make WINDOWS_BUILD=1 clean 2800 2801 msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s 2802 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs 2803 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests 2804 make WINDOWS_BUILD=1 clean 2805} 2806support_build_mingw() { 2807 case $(i686-w64-mingw32-gcc -dumpversion) in 2808 [0-5]*) false;; 2809 *) true;; 2810 esac 2811} 2812 2813component_test_memsan () { 2814 msg "build: MSan (clang)" # ~ 1 min 20s 2815 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm 2816 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . 2817 make 2818 2819 msg "test: main suites (MSan)" # ~ 10s 2820 make test 2821 2822 msg "test: ssl-opt.sh (MSan)" # ~ 1 min 2823 tests/ssl-opt.sh 2824 2825 # Optional part(s) 2826 2827 if [ "$MEMORY" -gt 0 ]; then 2828 msg "test: compat.sh (MSan)" # ~ 6 min 20s 2829 tests/compat.sh 2830 fi 2831} 2832 2833component_test_valgrind () { 2834 msg "build: Release (clang)" 2835 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . 2836 make 2837 2838 msg "test: main suites valgrind (Release)" 2839 make memcheck 2840 2841 # Optional parts (slow; currently broken on OS X because programs don't 2842 # seem to receive signals under valgrind on OS X). 2843 if [ "$MEMORY" -gt 0 ]; then 2844 msg "test: ssl-opt.sh --memcheck (Release)" 2845 tests/ssl-opt.sh --memcheck 2846 fi 2847 2848 if [ "$MEMORY" -gt 1 ]; then 2849 msg "test: compat.sh --memcheck (Release)" 2850 tests/compat.sh --memcheck 2851 fi 2852 2853 if [ "$MEMORY" -gt 0 ]; then 2854 msg "test: context-info.sh --memcheck (Release)" 2855 tests/context-info.sh --memcheck 2856 fi 2857} 2858 2859support_test_cmake_out_of_source () { 2860 distrib_id="" 2861 distrib_ver="" 2862 distrib_ver_minor="" 2863 distrib_ver_major="" 2864 2865 # Attempt to parse lsb-release to find out distribution and version. If not 2866 # found this should fail safe (test is supported). 2867 if [[ -f /etc/lsb-release ]]; then 2868 2869 while read -r lsb_line; do 2870 case "$lsb_line" in 2871 "DISTRIB_ID"*) distrib_id=${lsb_line/#DISTRIB_ID=};; 2872 "DISTRIB_RELEASE"*) distrib_ver=${lsb_line/#DISTRIB_RELEASE=};; 2873 esac 2874 done < /etc/lsb-release 2875 2876 distrib_ver_major="${distrib_ver%%.*}" 2877 distrib_ver="${distrib_ver#*.}" 2878 distrib_ver_minor="${distrib_ver%%.*}" 2879 fi 2880 2881 # Running the out of source CMake test on Ubuntu 16.04 using more than one 2882 # processor (as the CI does) can create a race condition whereby the build 2883 # fails to see a generated file, despite that file actually having been 2884 # generated. This problem appears to go away with 18.04 or newer, so make 2885 # the out of source tests unsupported on Ubuntu 16.04. 2886 [ "$distrib_id" != "Ubuntu" ] || [ "$distrib_ver_major" -gt 16 ] 2887} 2888 2889component_test_cmake_out_of_source () { 2890 msg "build: cmake 'out-of-source' build" 2891 MBEDTLS_ROOT_DIR="$PWD" 2892 mkdir "$OUT_OF_SOURCE_DIR" 2893 cd "$OUT_OF_SOURCE_DIR" 2894 cmake -D CMAKE_BUILD_TYPE:String=Check "$MBEDTLS_ROOT_DIR" 2895 make 2896 2897 msg "test: cmake 'out-of-source' build" 2898 make test 2899 # Test an SSL option that requires an auxiliary script in test/scripts/. 2900 # Also ensure that there are no error messages such as 2901 # "No such file or directory", which would indicate that some required 2902 # file is missing (ssl-opt.sh tolerates the absence of some files so 2903 # may exit with status 0 but emit errors). 2904 ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err 2905 cat ssl-opt.err >&2 2906 # If ssl-opt.err is non-empty, record an error and keep going. 2907 [ ! -s ssl-opt.err ] 2908 rm ssl-opt.err 2909 cd "$MBEDTLS_ROOT_DIR" 2910 rm -rf "$OUT_OF_SOURCE_DIR" 2911} 2912 2913component_test_cmake_as_subdirectory () { 2914 msg "build: cmake 'as-subdirectory' build" 2915 MBEDTLS_ROOT_DIR="$PWD" 2916 2917 cd programs/test/cmake_subproject 2918 cmake . 2919 make 2920 ./cmake_subproject 2921 2922 cd "$MBEDTLS_ROOT_DIR" 2923 unset MBEDTLS_ROOT_DIR 2924} 2925 2926component_test_cmake_as_package () { 2927 msg "build: cmake 'as-package' build" 2928 MBEDTLS_ROOT_DIR="$PWD" 2929 2930 cd programs/test/cmake_package 2931 cmake . 2932 make 2933 ./cmake_package 2934 2935 cd "$MBEDTLS_ROOT_DIR" 2936 unset MBEDTLS_ROOT_DIR 2937} 2938 2939component_test_cmake_as_package_install () { 2940 msg "build: cmake 'as-installed-package' build" 2941 MBEDTLS_ROOT_DIR="$PWD" 2942 2943 cd programs/test/cmake_package_install 2944 cmake . 2945 make 2946 ./cmake_package_install 2947 2948 cd "$MBEDTLS_ROOT_DIR" 2949 unset MBEDTLS_ROOT_DIR 2950} 2951 2952component_test_zeroize () { 2953 # Test that the function mbedtls_platform_zeroize() is not optimized away by 2954 # different combinations of compilers and optimization flags by using an 2955 # auxiliary GDB script. Unfortunately, GDB does not return error values to the 2956 # system in all cases that the script fails, so we must manually search the 2957 # output to check whether the pass string is present and no failure strings 2958 # were printed. 2959 2960 # Don't try to disable ASLR. We don't care about ASLR here. We do care 2961 # about a spurious message if Gdb tries and fails, so suppress that. 2962 gdb_disable_aslr= 2963 if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then 2964 gdb_disable_aslr='set disable-randomization off' 2965 fi 2966 2967 for optimization_flag in -O2 -O3 -Ofast -Os; do 2968 for compiler in clang gcc; do 2969 msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" 2970 make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" 2971 gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log 2972 grep "The buffer was correctly zeroized" test_zeroize.log 2973 not grep -i "error" test_zeroize.log 2974 rm -f test_zeroize.log 2975 make clean 2976 done 2977 done 2978 2979 unset gdb_disable_aslr 2980} 2981 2982component_test_psa_compliance () { 2983 msg "build: make, default config (out-of-box), libmbedcrypto.a only" 2984 make -C library libmbedcrypto.a 2985 2986 msg "unit test: test_psa_compliance.py" 2987 ./tests/scripts/test_psa_compliance.py 2988} 2989 2990support_test_psa_compliance () { 2991 # psa-compliance-tests only supports CMake >= 3.10.0 2992 ver="$(cmake --version)" 2993 ver="${ver#cmake version }" 2994 ver_major="${ver%%.*}" 2995 2996 ver="${ver#*.}" 2997 ver_minor="${ver%%.*}" 2998 2999 [ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ] 3000} 3001 3002component_check_python_files () { 3003 msg "Lint: Python scripts" 3004 tests/scripts/check-python-files.sh 3005} 3006 3007component_check_test_helpers () { 3008 msg "unit test: generate_test_code.py" 3009 # unittest writes out mundane stuff like number or tests run on stderr. 3010 # Our convention is to reserve stderr for actual errors, and write 3011 # harmless info on stdout so it can be suppress with --quiet. 3012 ./tests/scripts/test_generate_test_code.py 2>&1 3013 3014 msg "unit test: translate_ciphers.py" 3015 python3 -m unittest tests/scripts/translate_ciphers.py 2>&1 3016} 3017 3018################################################################ 3019#### Termination 3020################################################################ 3021 3022post_report () { 3023 msg "Done, cleaning up" 3024 final_cleanup 3025 3026 final_report 3027} 3028 3029 3030 3031################################################################ 3032#### Run all the things 3033################################################################ 3034 3035# Function invoked by --error-test to test error reporting. 3036pseudo_component_error_test () { 3037 msg "Testing error reporting $error_test_i" 3038 if [ $KEEP_GOING -ne 0 ]; then 3039 echo "Expect three failing commands." 3040 fi 3041 # If the component doesn't run in a subshell, changing error_test_i to an 3042 # invalid integer will cause an error in the loop that runs this function. 3043 error_test_i=this_should_not_be_used_since_the_component_runs_in_a_subshell 3044 # Expected error: 'grep non_existent /dev/null -> 1' 3045 grep non_existent /dev/null 3046 # Expected error: '! grep -q . tests/scripts/all.sh -> 1' 3047 not grep -q . "$0" 3048 # Expected error: 'make unknown_target -> 2' 3049 make unknown_target 3050 false "this should not be executed" 3051} 3052 3053# Run one component and clean up afterwards. 3054run_component () { 3055 current_component="$1" 3056 export MBEDTLS_TEST_CONFIGURATION="$current_component" 3057 3058 # Unconditionally create a seedfile that's sufficiently long. 3059 # Do this before each component, because a previous component may 3060 # have messed it up or shortened it. 3061 local dd_cmd 3062 dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1) 3063 case $OSTYPE in 3064 linux*|freebsd*|openbsd*|darwin*) dd_cmd+=(status=none) 3065 esac 3066 "${dd_cmd[@]}" 3067 3068 # Run the component in a subshell, with error trapping and output 3069 # redirection set up based on the relevant options. 3070 if [ $KEEP_GOING -eq 1 ]; then 3071 # We want to keep running if the subshell fails, so 'set -e' must 3072 # be off when the subshell runs. 3073 set +e 3074 fi 3075 ( 3076 if [ $QUIET -eq 1 ]; then 3077 # msg() will be silenced, so just print the component name here. 3078 echo "${current_component#component_}" 3079 exec >/dev/null 3080 fi 3081 if [ $KEEP_GOING -eq 1 ]; then 3082 # Keep "set -e" off, and run an ERR trap instead to record failures. 3083 set -E 3084 trap err_trap ERR 3085 fi 3086 # The next line is what runs the component 3087 "$@" 3088 if [ $KEEP_GOING -eq 1 ]; then 3089 trap - ERR 3090 exit $last_failure_status 3091 fi 3092 ) 3093 component_status=$? 3094 if [ $KEEP_GOING -eq 1 ]; then 3095 set -e 3096 if [ $component_status -ne 0 ]; then 3097 failure_count=$((failure_count + 1)) 3098 fi 3099 fi 3100 3101 # Restore the build tree to a clean state. 3102 cleanup 3103 unset current_component 3104} 3105 3106# Preliminary setup 3107pre_check_environment 3108pre_initialize_variables 3109pre_parse_command_line "$@" 3110 3111pre_check_git 3112pre_restore_files 3113pre_back_up 3114 3115build_status=0 3116if [ $KEEP_GOING -eq 1 ]; then 3117 pre_setup_keep_going 3118fi 3119pre_prepare_outcome_file 3120pre_print_configuration 3121pre_check_tools 3122cleanup 3123pre_generate_files 3124 3125# Run the requested tests. 3126for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do 3127 run_component pseudo_component_error_test 3128done 3129unset error_test_i 3130for component in $RUN_COMPONENTS; do 3131 run_component "component_$component" 3132done 3133 3134# We're done. 3135post_report 3136