Lines Matching +full:debian +full:- +full:arm64 +full:- +full:build +full:- +full:test
6 # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
15 # -------
20 # ---------------
22 # Warning: the test is destructive. It includes various build modes and
32 # * Basic Unix tools (Windows users note: a Unix-style find must be before
39 # * arm-gcc and mingw-gcc
40 # * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
46 # * OPENSSL = 1.0.2g (without Debian/Ubuntu patches)
53 # The behavior on an error depends on whether --keep-going (alias -k)
55 # * Without --keep-going: the script stops on the first error without
58 # * With --keep-going: the script runs all requested components and
63 # script -c tests/scripts/all.sh
68 # ---------------------
75 # * component_build_XXX: build things but don't run them.
76 # * component_test_XXX: build and test.
89 # fails if any command in it returns a non-zero status.
93 # cleaned-up state, and don't need to perform the cleanup themselves.
99 # This cleans up after an in-tree use of CMake.
111 # Abort on errors (even on the left-hand side of a pipe).
113 set -e -o pipefail -u
116 shopt -s extglob
119 test -d include -a -d library -a -d programs -a -d tests
123 test -d include -a -d core -a -d drivers -a -d programs -a -d tests
128 echo "Must be run from Mbed TLS / TF-PSA-Crypto root" >&2
140 CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
149 # Files clobbered by in-tree cmake
159 # Seed value used with the --release-test option.
161 # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if
164 # basic-build-test.sh as well.
171 … : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
178 : ${GNUTLS_CLI:="gnutls-cli"}
179 : ${GNUTLS_SERV:="gnutls-serv"}
183 : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
184 : ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
185 : ${CLANG_LATEST:="clang-latest"}
186 : ${CLANG_EARLIEST:="clang-earliest"}
187 : ${GCC_LATEST:="gcc-latest"}
188 : ${GCC_EARLIEST:="gcc-earliest"}
189 # if MAKEFLAGS is not set add the -j option to speed up invocations of make
190 if [ -z "${MAKEFLAGS+set}" ]; then
191 export MAKEFLAGS="-j$(all_sh_nproc)"
193 # if CC is not set, use clang by default (if present) to improve build times
194 if [ -z "${CC+set}" ] && (type clang > /dev/null 2>&1); then
202 # default to -O2, use -Ox _after_ this if you want another level
203 ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
213 ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
225 if [[ -e ${PWD}/tests/scripts/quiet ]]; then
230 # Test whether the component $1 is included in the command line patterns.
235 set -f
255 $0 --no-armcc --except test_memsan
259 -h|--help Print this help and exit.
260 --list-all-components List all available test components and exit.
261 --list-components List components supported on this platform and exit.
264 -q|--quiet Only output component names, and errors if any.
265 -f|--force Force the tests to overwrite any modified files.
266 -k|--keep-going Run all tests and report errors at the end.
267 -m|--memory Additional optional memory tests.
268 --append-outcome Append to the outcome file (if used).
269 --arm-none-eabi-gcc-prefix=<string>
270 Prefix for a cross-compiler for arm-none-eabi
272 --arm-linux-gnueabi-gcc-prefix=<string>
273 Prefix for a cross-compiler for arm-linux-gnueabi
275 --armcc Run ARM Compiler builds (on by default).
276 --restore First clean up the build tree, restoring backed up
279 --error-test Error test mode: run a failing function in addition
281 --except Exclude the COMPONENTs listed on the command line,
283 --no-append-outcome Write a new outcome file and analyze it (default).
284 --no-armcc Skip ARM Compiler builds.
285 --no-force Refuse to overwrite modified files (default).
286 --no-keep-going Stop at the first error (default).
287 --no-memory No additional memory tests (default).
288 --no-quiet Print full output from components.
289 --out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
290 --outcome-file=<path> File where test outcomes are written (not done if
292 --random-seed Use a random seed value for randomized tests (default).
293 …-r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED…
294 -s|--seed Integer seed value to use for this test run.
297 --armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
298 --armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory.
299 --clang-earliest=<Clang_earliest_path> Earliest version of clang available
300 --clang-latest=<Clang_latest_path> Latest version of clang available
301 --gcc-earliest=<GCC_earliest_path> Earliest version of GCC available
302 --gcc-latest=<GCC_latest_path> Latest version of GCC available
303 --gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
304 --gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
305 --openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
306 … --openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
320 find . -name .git -prune -o \
321 -iname CMakeFiles -exec rm -rf {} \+ -o \
322 \( -iname cmake_install.cmake -o \
323 -iname CTestTestfile.cmake -o \
324 -iname CMakeCache.txt -o \
325 -path './cmake/*.cmake' \) -exec rm -f {} \+
326 # Recover files overwritten by in-tree CMake builds
327 rm -f include/Makefile include/mbedtls/Makefile programs/!(fuzz)/Makefile
329 # Remove any artifacts from the component_test_cmake_as_subdirectory test.
330 rm -rf programs/test/cmake_subproject/build
331 rm -f programs/test/cmake_subproject/Makefile
332 rm -f programs/test/cmake_subproject/cmake_subproject
334 # Remove any artifacts from the component_test_cmake_as_package test.
335 rm -rf programs/test/cmake_package/build
336 rm -f programs/test/cmake_package/Makefile
337 rm -f programs/test/cmake_package/cmake_package
339 # Remove any artifacts from the component_test_cmake_as_installed_package test.
340 rm -rf programs/test/cmake_package_install/build
341 rm -f programs/test/cmake_package_install/Makefile
342 rm -f programs/test/cmake_package_install/cmake_package_install
346 if [[ -e "$x$backup_suffix" ]]; then
347 cp -p "$x$backup_suffix" "$x"
353 # in non-keep-going mode).
358 rm -f "$x$backup_suffix"
370 trap - $1
371 kill -$1 $$
384 sysctl -n hw.ncpuonline || # NetBSD, OpenBSD
385 sysctl -n hw.ncpu || # FreeBSD
392 if [ -n "${current_component:-}" ]; then
398 if [ $QUIET -eq 1 ]; then
413 msg "build: ARM Compiler 6 ($FLAGS)"
416 WARNING_CFLAGS='-Werror -xc -std=c99' make lib
419 "$ARMC6_FROMELF" -z library/*.o
448 while [ $# -gt 0 ]; do
450 --append-outcome) append_outcome=1;;
451 --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
452 --arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";;
453 --armcc) no_armcc=;;
454 --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
455 --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
456 --clang-earliest) shift; CLANG_EARLIEST="$1";;
457 --clang-latest) shift; CLANG_LATEST="$1";;
458 --error-test) error_test=$((error_test + 1));;
459 --except) all_except=1;;
460 --force|-f) FORCE=1;;
461 --gcc-earliest) shift; GCC_EARLIEST="$1";;
462 --gcc-latest) shift; GCC_LATEST="$1";;
463 --gnutls-cli) shift; GNUTLS_CLI="$1";;
464 --gnutls-legacy-cli) shift;; # ignored for backward compatibility
465 --gnutls-legacy-serv) shift;; # ignored for backward compatibility
466 --gnutls-serv) shift; GNUTLS_SERV="$1";;
467 --help|-h) usage; exit;;
468 --keep-going|-k) KEEP_GOING=1;;
469 --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
470 --list-components) list_components=1;;
471 --memory|-m) MEMORY=1;;
472 --no-append-outcome) append_outcome=0;;
473 --no-armcc) no_armcc=1;;
474 --no-force) FORCE=0;;
475 --no-keep-going) KEEP_GOING=0;;
476 --no-memory) MEMORY=0;;
477 --no-quiet) QUIET=0;;
478 --openssl) shift; OPENSSL="$1";;
479 --openssl-next) shift; OPENSSL_NEXT="$1";;
480 --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";;
481 --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
482 --quiet|-q) QUIET=1;;
483 --random-seed) unset SEED;;
484 --release-test|-r) SEED=$RELEASE_SEED;;
485 --restore) restore_first=1;;
486 --seed|-s) shift; SEED="$1";;
487 -*)
489 echo >&2 "Run $0 --help for usage."
507 if [ $list_components -eq 1 ]; then
513 if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then
517 # --no-armcc is a legacy option. The modern way is --except '*_armcc*'.
519 if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then
524 if [ $all_except -eq 0 ]; then
528 set -f
544 if [ $unsupported -ne 0 ]; then
549 # Build the list of components to run.
552 if is_component_included "$component"; [ $? -eq $all_except ]; then
562 if [ $FORCE -eq 1 ]; then
563 rm -rf "$OUT_OF_SOURCE_DIR"
564 git checkout-index -f -q $CONFIG_H
568 if [ -d "$OUT_OF_SOURCE_DIR" ]; then
569 echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2
570 echo "You can either delete this directory manually, or force the test by rerunning"
571 echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR"
575 if ! git diff --quiet "$CONFIG_H"; then
576 err_msg "Warning - the configuration file '$CONFIG_H' has been edited. "
577 echo "You can either delete or preserve your work, or force the test by rerunning the"
578 echo "script as: $0 --force"
590 case "$(head -n1 Makefile)" in
592 …git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile pro…
593 … git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
600 cp -p "$x" "$x$backup_suffix"
616 if [ -t 1 ]; then
617 case "${TERM:-}" in
626 failure_summary_file=$PWD/all-sh-failures-$$.log
630 # command fails (test command) or not (configure or build).
643 *make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ...
644 *test*) true;; # make test, tests/stuff, env V=v tests/stuff, ...
660 failed_command=${report_failed_command-$BASH_COMMAND}
662 if [[ $last_failure_status -eq $previous_failure_status &&
664 ${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]]
677 text="$current_section: $failed_command -> $last_failure_status"
681 # If the command is fatal (configure or build command), stop this
682 # component. Otherwise (test command) keep the component running
683 # (run more tests from the same build).
690 if [ $failure_count -gt 0 ]; then
696 elif [ -z "${1-}" ]; then
699 if [ -n "${1-}" ]; then
702 rm -f "$failure_summary_file"
703 if [ $failure_count -gt 0 ]; then
732 if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then
733 rm -f "$MBEDTLS_TEST_OUTCOME_FILE"
738 if [ $QUIET -eq 1 ]; then
745 echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}"
746 echo "SEED: ${SEED-"UNSET"}"
758 # Build the list of variables to pass to output_env.sh.
767 # and ssl-opt.sh, we just export the variables they require.
771 # Avoid passing --seed flag in every call to ssl-opt.sh
772 if [ -n "${SEED-}" ]; then
791 *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";;
811 if [ $QUIET -eq 1 ]; then
828 if [ $QUIET -eq 1 ]; then
836 if command -v clang > /dev/null ; then
837 clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#'
848 # -------------------------
853 # - loc_accel_list="ALG_JPAKE"
854 # - loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY"
869 # file: tests/include/test/drivers/config_test_driver.h. You usually
873 # 3. Build the driver library, then the main libraries, test, and programs.
883 # you don't want to build everything when iterating during development.
885 # helper_libtestdriver1_make_main "$loc_accel_list" -C tests test_suite_foo
888 # Adjust the configuration - for both libtestdriver1 and main library,
897 # Enable PSA-based config (necessary to use drivers)
904 # If threading is enabled on the normal build, then we need to enable it in the drivers as well,
907 scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_C
911 scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_PTHREAD
916 # The function optionally accepts 1 parameter: a space-separated list of the
919 allowed_list="${1:-}"
920 scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
932 for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
944 for item in $(sed -n 's/^#define PSA_WANT_\(DH_RFC7919_[0-9]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
957 …for item in $(sed -n "s/^#define PSA_WANT_\(KEY_TYPE_${key_type}_[0-9A-Z_a-z]*\).*/\1/p" <"$CRYPTO…
968 # Build the drivers library libtestdriver1.a (with ASan).
971 # 1. a space-separated list of things to accelerate;
972 # 2. optional: a space-separate list of things to also support.
975 loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
976 …make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_…
979 # Build the main libraries, programs and tests,
983 # 1. a space-separated list of things to accelerate;
985 # (examples: lib, -C tests test_suite_xxx, etc.)
992 …loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g'…
993 …loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&…
994 …$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_L…
1002 # Test Suites to be executed
1004 # The test ordering tries to optimize for the following criteria:
1007 # time, so start with a GCC build).
1018 msg "Check: check-generated-files, files generated with make" # 2s
1020 tests/scripts/check-generated-files.sh
1022 msg "Check: check-generated-files -u, files present" # 2s
1023 tests/scripts/check-generated-files.sh -u
1025 tests/scripts/check-generated-files.sh
1027 msg "Check: check-generated-files -u, files absent" # 2s
1029 tests/scripts/check-generated-files.sh -u
1031 tests/scripts/check-generated-files.sh
1039 tests/scripts/check-doxy-blocks.pl
1049 rm -f ChangeLog.new
1050 scripts/assemble_changelog.py -o ChangeLog.new
1051 if [ -e ChangeLog.new ]; then
1053 # non-empty.
1054 diff -u ChangeLog ChangeLog.new || true
1061 tests/scripts/check_names.py -v
1065 msg "Check: test case descriptions" # < 1s
1066 if [ $QUIET -eq 1 ]; then
1067 opt='--quiet'
1071 tests/scripts/check_test_cases.py -q $opt
1076 msg "Check: test case dependencies: legacy vs PSA" # < 1s
1079 # PSA test should use PSA feature macros (PSA_WANT_xxx, more rarely
1087 found="check-test-deps-found-$$"
1088 expected="check-test-deps-expected-$$"
1093 grep -Eo '!?MBEDTLS_[^: ]*' |
1094 grep -v -e MBEDTLS_PSA_ -e MBEDTLS_TEST_ |
1095 sort -u > $found
1097 # Expected ones with justification - keep in sorted order by ASCII table!
1098 rm -f $expected
1099 # No PSA equivalent - WANT_KEY_TYPE_AES means all sizes
1101 # No PSA equivalent - used to skip decryption tests in PSA-ECB, CBC/XTS/NIST_KW/DES
1104 # in order to build a fake RSA key of the wanted size based on
1106 # the test code and that's probably the most convenient way of achieving
1107 # the test's goal.
1109 # No PSA equivalent - we should probably have one in the future.
1111 # No PSA equivalent - needed by some init tests
1113 # No PSA equivalent - required to run threaded tests.
1117 # We want an exact match, to ensure the above list remains up-to-date.
1120 # - Each '+' line is a macro that was found but not expected. You want to
1123 # - Each '-' line is a macro that was expected but not found; it means the
1125 diff -U0 $expected $found
1138 #### Build and test many configurations and targets
1142 msg "build: make, default config (out-of-box)" # ~1min
1147 msg "test: main suites make, default config (out-of-box)" # ~10s
1148 make test
1150 msg "selftest: make, default config (out-of-box)" # ~10s
1151 programs/test/selftest
1153 msg "program demos: make, default config (out-of-box)" # ~10s
1158 msg "build: cmake, gcc, ASan" # ~ 1 min 50s
1159 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1162 msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
1163 make test
1165 msg "program demos (ASan build)" # ~10s
1168 msg "test: selftest (ASan build)" # ~ 10s
1169 programs/test/selftest
1171 msg "test: metatests (GCC, ASan build)"
1172 tests/scripts/run-metatests.sh any asan poison
1174 msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
1175 tests/ssl-opt.sh
1177 msg "test: compat.sh (ASan build)" # ~ 6 min
1180 msg "test: context-info.sh (ASan build)" # ~ 15 sec
1181 tests/context-info.sh
1185 msg "build: cmake, gcc, ASan" # ~ 1 min 50s
1187 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1190 msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
1191 make test
1193 msg "test: selftest (ASan build)" # ~ 10s
1194 programs/test/selftest
1196 msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
1197 tests/ssl-opt.sh
1199 msg "test: compat.sh (ASan build)" # ~ 6 min
1202 msg "test: context-info.sh (ASan build)" # ~ 15 sec
1203 tests/context-info.sh
1207 msg "build: full config, cmake, gcc, ASan"
1209 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1212 msg "test: main suites (inc. selftests) (full config, ASan build)"
1213 make test
1215 msg "test: selftest (ASan build)" # ~ 10s
1216 programs/test/selftest
1218 msg "test: ssl-opt.sh (full config, ASan build)"
1219 tests/ssl-opt.sh
1221 msg "test: compat.sh (full config, ASan build)"
1224 msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
1225 tests/context-info.sh
1230 msg "build: full config, cmake, gcc, ASan"
1233 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1236 msg "test: main suites (inc. selftests) (full config, ASan build)"
1237 make test
1239 msg "test: selftest (ASan build)" # ~ 10s
1240 programs/test/selftest
1242 msg "test: ssl-opt.sh (full config, ASan build)"
1243 tests/ssl-opt.sh
1245 msg "test: compat.sh (full config, ASan build)"
1248 msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
1249 tests/context-info.sh
1253 msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
1256 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1259 msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
1260 make test
1264 msg "build: full config + MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS, cmake, gcc, ASan"
1267 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1270 msg "test: full config + MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS, cmake, gcc, ASan"
1271 make test
1279 grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")"
1283 msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc"
1288 # We can only compile, not link, since our test and sample programs
1291 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib
1293 # Check that if a symbol is renamed by crypto_spe.h, the non-renamed
1299 # Get a list of library-wise undefined symbols and ensure that they only
1302 # - component_test_default_psa_crypto_client_without_crypto_provider
1303 # - component_build_full_psa_crypto_client_without_crypto_provider.
1305 …nm library/libmbedcrypto.a | grep ' [TRrDC] ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_def.t…
1306 nm library/libmbedcrypto.a | grep ' U ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_undef.txt
1307 comm sym_def.txt sym_undef.txt -13 > linking_errors.txt
1314 msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
1325 msg "check missing symbols: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
1328 msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
1329 make test
1333 msg "build: full config - PSA_CRYPTO_C"
1344 # Since there is no crypto provider in this build it is not possible to
1345 # build all the test executables and progrems due to missing PSA functions
1346 # at link time. Therefore we will just build libraries and we'll check
1350 msg "check missing symbols: full config - PSA_CRYPTO_C"
1354 # Ensure that desired functions are included into the build (extend the
1362 msg "build: default config minus MBEDTLS_GENPRIME"
1366 msg "test: default config minus MBEDTLS_GENPRIME"
1367 make test
1371 msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
1372 # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
1373 # want to re-generate generated files that depend on it, quite correctly.
1376 # cmake can't know this, but re-generation is actually not necessary as
1378 # whether they're on or off. So, disable cmake's (over-sensitive here)
1381 CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
1382 tests/scripts/test-ref-configs.pl
1386 msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
1388 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1391 msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s
1392 make test
1394 msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
1395 tests/ssl-opt.sh
1399 msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)"
1404 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1407 …msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s
1408 make test
1410 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min
1411 tests/ssl-opt.sh
1415 msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
1417 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1420 msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
1421 make test
1423 msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
1424 tests/ssl-opt.sh -f RSA
1426 msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
1427 tests/compat.sh -t RSA
1429 msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec
1430 tests/context-info.sh
1434 msg "build: Full minus CTR_DRBG, classic crypto in TLS"
1440 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1443 msg "test: Full minus CTR_DRBG, classic crypto - main suites"
1444 make test
1446 # In this configuration, the TLS test programs use HMAC_DRBG.
1449 msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)"
1450 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
1452 msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)"
1453 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
1457 msg "build: Full minus CTR_DRBG, PSA crypto in TLS"
1462 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1465 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites"
1466 make test
1468 # In this configuration, the TLS test programs use HMAC_DRBG.
1471 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
1472 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
1474 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)"
1475 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
1479 msg "build: Full minus HMAC_DRBG, classic crypto in TLS"
1486 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1489 msg "test: Full minus HMAC_DRBG, classic crypto - main suites"
1490 make test
1495 # Test SSL with non-deterministic ECDSA. Only test features that
1497 msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)"
1498 tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
1500 # To save time, only test one protocol version, since this part of
1502 msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)"
1503 tests/compat.sh -m tls12 -t 'ECDSA'
1507 msg "build: Full minus HMAC_DRBG, PSA crypto in TLS"
1513 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1516 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites"
1517 make test
1522 # Test SSL with non-deterministic ECDSA. Only test features that
1524 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
1525 tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
1527 # To save time, only test one protocol version, since this part of
1529 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)"
1530 tests/compat.sh -m tls12 -t 'ECDSA'
1534 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS"
1546 # the SSL test programs don't have an RNG and can't work. Explicitly
1547 # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG.
1548 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS"
1550 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites"
1551 make test
1553 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)"
1554 tests/ssl-opt.sh -f 'Default'
1558 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS"
1569 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites"
1570 make test
1572 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)"
1573 tests/ssl-opt.sh -f 'Default\|opaque'
1577 msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
1584 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
1585 make test
1587 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
1588 tests/ssl-opt.sh -f 'Default\|opaque'
1592 msg "build: full + MBEDTLS_PSA_INJECT_ENTROPY"
1600 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-f…
1602 msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY"
1603 make test
1607 msg "build: default plus MBEDTLS_TEST_SW_INET_PTON"
1611 make CFLAGS="-DMBEDTLS_TEST_SW_INET_PTON"
1613 msg "test: default plus MBEDTLS_TEST_SW_INET_PTON"
1614 make test
1618 msg "build: full without pkparse and pkwrite"
1626 # Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config).
1630 msg "test: full without pkparse and pkwrite"
1631 make test
1635 msg "build: crypto_full with only the light subset of MD"
1646 # Disable things that would auto-enable MD_C
1649 # Note: MD-light is auto-enabled in build_info.h by modules that need it,
1657 msg "test: crypto_full with only the light subset of MD"
1658 make test
1662 msg "build: full no CIPHER no PSA_CRYPTO_C"
1682 msg "test: full no CIPHER no PSA_CRYPTO_C"
1683 make test
1686 # This is a common configurator and test function that is used in:
1687 # - component_test_full_no_cipher_with_psa_crypto
1688 # - component_test_full_no_cipher_with_psa_crypto_config
1690 # - $1: boolean value which basically reflects status of MBEDTLS_PSA_CRYPTO_CONFIG
1691 # - $2: a text string which describes the test component
1696 msg "build: $COMPONENT_DESCRIPTION"
1701 if [ "$USE_CRYPTO_CONFIG" -eq 1 ]; then
1702 # The built-in implementation of the following algs/key-types depends
1706 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
1707 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
1708 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
1709 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
1710 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
1711 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
1712 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
1713 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
1714 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
1715 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
1721 scripts/config.py unset-all MBEDTLS_CIPHER_MODE
1729 # Ensure that CIPHER_C was not re-enabled
1732 msg "test: $COMPONENT_DESCRIPTION"
1733 make test
1745 msg "build: full no PSA_WANT_ALG_CCM"
1748 # - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA
1749 # - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated
1757 # PSA_WANT_ALG_CCM to be re-enabled.
1758 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM
1762 msg "test: full no PSA_WANT_ALG_CCM"
1763 make test
1767 msg "build: full no PSA_WANT_ALG_CCM_STAR_NO_TAG"
1772 # Disable CCM_STAR_NO_TAG, which is the target of this test, as well as all
1778 # PSA_WANT_ALG_CCM_STAR_NO_TAG to be re-enabled.
1779 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
1780 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_STREAM_CIPHER
1781 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR
1782 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB
1783 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB
1784 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
1785 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
1786 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
1793 msg "test: full no PSA_WANT_ALG_CCM_STAR_NO_TAG"
1794 make test
1798 msg "build: full minus bignum"
1810 # Disable what auto-enables ECP_LIGHT
1847 msg "test: full minus bignum"
1848 make test
1852 msg "build: default with only stream cipher"
1860 …# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, A…
1862 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1864 …# Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_C…
1872 msg "test: default with only stream cipher"
1873 make test
1875 # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
1879 msg "build: default with only stream cipher use psa"
1888 …# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, A…
1890 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1892 …# Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_C…
1900 msg "test: default with only stream cipher use psa"
1901 make test
1903 # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
1907 msg "build: default with only CBC-legacy cipher"
1915 …# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, AR…
1917 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1919 …# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_…
1927 msg "test: default with only CBC-legacy cipher"
1928 make test
1930 msg "test: default with only CBC-legacy cipher - ssl-opt.sh (subset)"
1931 tests/ssl-opt.sh -f "TLS 1.2"
1935 msg "build: default with only CBC-legacy cipher use psa"
1944 …# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, AR…
1946 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1948 …# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_…
1956 msg "test: default with only CBC-legacy cipher use psa"
1957 make test
1959 msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)"
1960 tests/ssl-opt.sh -f "TLS 1.2"
1964 msg "build: default with only CBC-legacy and CBC-EtM ciphers"
1972 …# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, AR…
1974 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1976 …# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_…
1984 msg "test: default with only CBC-legacy and CBC-EtM ciphers"
1985 make test
1987 msg "test: default with only CBC-legacy and CBC-EtM ciphers - ssl-opt.sh (subset)"
1988 tests/ssl-opt.sh -f "TLS 1.2"
1992 msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa"
2001 …# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, AR…
2003 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
2005 …# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_…
2013 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa"
2014 make test
2016 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)"
2017 tests/ssl-opt.sh -f "TLS 1.2"
2020 # We're not aware of any other (open source) implementation of EC J-PAKE in TLS
2022 # implementations ourselves: one using PSA, the other not. At least test that
2025 msg "build: TLS1.2 server+client w/ EC-JPAKE w/o USE_PSA"
2028 # https://github.com/Mbed-TLS/mbedtls/issues/8229
2030 make -C programs ssl/ssl_server2 ssl/ssl_client2
2034 msg "build: TLS1.2 server+client w/ EC-JPAKE w/ USE_PSA"
2038 make -C programs ssl/ssl_server2 ssl/ssl_client2
2039 make -C programs test/udp_proxy test/query_compile_time_config
2041 msg "test: server w/o USE_PSA - client w/ USE_PSA, text password"
2042 P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS"
2043 msg "test: server w/o USE_PSA - client w/ USE_PSA, opaque password"
2044 P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password client only, working, TLS"
2045 msg "test: client w/o USE_PSA - server w/ USE_PSA, text password"
2046 P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS"
2047 msg "test: client w/o USE_PSA - server w/ USE_PSA, opaque password"
2048 P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password server only, working, TLS"
2054 msg "build: Everest ECDH context (ASan build)" # ~ 6 min
2056 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan .
2059 msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
2060 make test
2062 msg "test: metatests (clang, ASan)"
2063 tests/scripts/run-metatests.sh any asan poison
2065 msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
2066 tests/ssl-opt.sh -f ECDH
2068 msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
2070 tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
2074 msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
2081 scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
2086 msg "test: Everest ECDH context, only Curve25519" # ~ 50s
2087 make test
2091 msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
2094 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2097 msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
2098 tests/ssl-opt.sh -f "Max fragment\|Large packet"
2102 msg "build: small SSL_IN_CONTENT_LEN (ASan build)"
2105 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2108 msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
2109 tests/ssl-opt.sh -f "Max fragment"
2113 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0"
2115 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2118 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
2119 …tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free bu…
2123 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1"
2125 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2128 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
2129 …tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSe…
2133 msg "build+test: psa_collect_statuses" # ~30s
2137 grep -q '^0:psa_crypto_init:' tests/statuses.log
2138 rm -f tests/statuses.log
2142 msg "build: cmake, full config, clang" # ~ 50s
2144 CC=clang CXX=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On -D TEST_CPP=1 .
2147 msg "test: main suites (full config, clang)" # ~ 5s
2148 make test
2150 msg "test: cpp_dummy_build (full config, clang)" # ~ 1s
2151 programs/test/cpp_dummy_build
2153 msg "test: metatests (clang)"
2154 tests/scripts/run-metatests.sh any pthread
2159 msg "test: psa_constant_names (full config, clang)" # ~ 1s
2162 msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
2163 tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
2165 msg "test: compat.sh NULL (full config)" # ~ 2 min
2166 tests/compat.sh -e '^$' -f 'NULL'
2168 msg "test: compat.sh ARIA + ChachaPoly"
2169 env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
2173 # Skip the test suites that don't have any constant-flow annotations.
2177 git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' |
2184 # Skip all but the given test suite
2186 ls -1 tests/suites/test_suite_*.function |
2187 grep -v $1.function |
2196 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
2197 # - or alternatively, change the build type to MemSanDbg, which enables
2200 …msg "build: cmake MSan (clang), full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testin…
2205 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
2208 msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, Msan + constant flow)"
2209 make test
2215 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
2216 # - or alternatively, change the build type to MemSanDbg, which enables
2219 msg "build: cmake MSan (clang), full config with constant flow testing"
2223 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
2226 msg "test: main suites (Msan + constant flow)"
2227 make test
2232 # (heap buffer overflows, use of uninitialized memory, use-after-free,
2236 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
2237 # - or alternatively, build with debug info and manually run the offending
2238 # test suite with valgrind --track-origins=yes, then check if the origin
2240 …msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
2245 cmake -D CMAKE_BUILD_TYPE:String=Release .
2250 msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)"
2253 # Test asm path in constant time module - by default, it will test the plain C
2255 msg "test: valgrind asm constant_time"
2256 scripts/config.py --force set MBEDTLS_TEST_CONSTANT_FLOW_ASM
2258 cmake -D CMAKE_BUILD_TYPE:String=Release .
2266 # (heap buffer overflows, use of uninitialized memory, use-after-free,
2270 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
2271 # - or alternatively, build with debug info and manually run the offending
2272 # test suite with valgrind --track-origins=yes, then check if the origin
2274 msg "build: cmake release GCC, full config with constant flow testing"
2278 cmake -D CMAKE_BUILD_TYPE:String=Release .
2283 msg "test: some suites (valgrind + constant flow)"
2288 msg "build: TSan (clang)"
2292 # Self-tests do not currently use multiple threads.
2298 CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan .
2301 msg "test: main suites (TSan)"
2302 make test
2306 # Test that removing the deprecated features from the default
2308 msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s
2310 make CFLAGS='-O -Werror -Wall -Wextra'
2312 msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s
2313 make test
2317 msg "build: make, full_no_deprecated config" # ~ 30s
2319 make CFLAGS='-O -Werror -Wall -Wextra'
2321 msg "test: make, full_no_deprecated config" # ~ 5s
2322 make test
2324 msg "test: ensure that X509 has no direct dependency on BIGNUM_C"
2329 # Test that there is nothing deprecated in "full_no_deprecated".
2332 msg "build: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 30s
2336 make CFLAGS='-O -Werror -Wall -Wextra'
2338 msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s
2339 make test
2343 # Test that when MBEDTLS_DEPRECATED_WARNING is enabled, the build passes
2345 msg "build: make, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s
2349 # Note that gcc is required to allow the use of -Wno-error=cpp, which allows us to
2351 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs
2353 msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s
2357 # from the use of deprecated functions in test suites.
2358 …make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DM…
2360 msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s
2361 make test
2370 ! nm "$@" 2>/dev/null | grep -v ':$' | grep .
2374 msg "build: make, crypto only"
2376 make CFLAGS='-O1 -Werror'
2381 msg "build: make, crypto only, full config"
2383 make CFLAGS='-O1 -Werror'
2388 msg "build: make, config for PSA crypto service"
2414 make CFLAGS='-O1 -Werror' all test
2419 msg "build: make, crypto only, baremetal config"
2421 make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
2429 msg "build: make, baremetal config"
2431 make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
2435 # which makes the no-time.h-in-baremetal check fail. Ubuntu 16.04 has this
2437 ! grep -q -F time.h /usr/include/x86_64-linux-gnu/sys/types.h
2442 msg "test/build: depends.py cipher_id (gcc)"
2443 tests/scripts/depends.py cipher_id --unset-use-psa
2447 msg "test/build: depends.py cipher_chaining (gcc)"
2448 tests/scripts/depends.py cipher_chaining --unset-use-psa
2452 msg "test/build: depends.py cipher_padding (gcc)"
2453 tests/scripts/depends.py cipher_padding --unset-use-psa
2457 msg "test/build: depends.py curves (gcc)"
2458 tests/scripts/depends.py curves --unset-use-psa
2462 msg "test/build: depends.py hashes (gcc)"
2463 tests/scripts/depends.py hashes --unset-use-psa
2467 msg "test/build: depends.py kex (gcc)"
2468 tests/scripts/depends.py kex --unset-use-psa
2472 msg "test/build: depends.py pkalgs (gcc)"
2473 tests/scripts/depends.py pkalgs --unset-use-psa
2478 msg "test/build: depends.py cipher_id (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2483 msg "test/build: depends.py cipher_chaining (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2488 msg "test/build: depends.py cipher_padding (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2493 msg "test/build: depends.py curves (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2498 msg "test/build: depends.py hashes (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2503 msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2508 msg "test/build: depends.py pkalgs (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2513 msg "build: full config - only DH 2048"
2518 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_3072
2519 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_4096
2520 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_6144
2521 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_8192
2523 make CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS"
2525 msg "test: full config - only DH 2048"
2526 make test
2528 msg "ssl-opt: full config - only DH 2048"
2529 tests/ssl-opt.sh -f "ffdh"
2533 msg "build: !MBEDTLS_PK_RSA_ALT_SUPPORT" # ~30s
2540 # Only compile - this is primarily to test for compile issues
2541 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy'
2545 msg "build: MBEDTLS_XXX_ALT" # ~30s
2569 scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT'
2574 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
2578 msg "build: MBEDTLS_DHM_ALT" # ~30s
2585 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
2589 # full minus MBEDTLS_PSA_CRYPTO_C: run the same set of tests as basic-build-test.sh
2590 msg "build: cmake, full config minus PSA crypto, ASan"
2601 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2604 msg "test: main suites (full minus PSA crypto)"
2605 make test
2607 # Note: ssl-opt.sh has some test cases that depend on
2610 msg "test: ssl-opt.sh (full minus PSA crypto)"
2611 tests/ssl-opt.sh
2613 msg "test: compat.sh default (full minus PSA crypto)"
2616 msg "test: compat.sh NULL (full minus PSA crypto)"
2617 tests/compat.sh -f 'NULL'
2619 msg "test: compat.sh ARIA + ChachaPoly (full minus PSA crypto)"
2620 env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
2624 msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
2632 # ---------
2644 # Build
2645 # -----
2655 # Make sure this was not re-enabled by accident (additive config)
2659 # -------------
2661 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
2662 make test
2666 msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
2674 # ---------
2689 # Build
2690 # -----
2696 # Make sure this was not re-enabled by accident (additive config)
2700 # -------------
2702 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
2703 make test
2707 msg "build: full with accelerated FFDH"
2715 # ---------
2727 # Build
2728 # -----
2734 # Make sure this was not re-enabled by accident (additive config)
2738 # -------------
2740 msg "test: full with accelerated FFDH"
2741 make test
2743 msg "ssl-opt: full with accelerated FFDH alg"
2744 tests/ssl-opt.sh -f "ffdh"
2748 msg "build: full with non-accelerated FFDH"
2758 msg "test suites: full with non-accelerated FFDH alg"
2759 make test
2761 msg "ssl-opt: full with non-accelerated FFDH alg"
2762 tests/ssl-opt.sh -f "ffdh"
2766 msg "build: full with accelerated PAKE"
2773 # ---------
2777 # Make built-in fallback not available
2781 # Build
2782 # -----
2788 # Make sure this was not re-enabled by accident (additive config)
2792 # -------------
2794 msg "test: full with accelerated PAKE"
2795 make test
2799 msg "build: full with accelerated EC algs and some key types"
2813 # ---------
2818 # Disable modules that are accelerated - some will be re-enabled
2824 # Disable all curves - those that aren't accelerated should be re-enabled
2833 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
2835 # Build
2836 # -----
2845 # ECP should be re-enabled but not the others
2852 # -------------
2854 msg "test suites: full with accelerated EC algs and some key types"
2855 make test
2858 # Run tests with only (non-)Weierstrass accelerated
2860 # - component_test_psa_crypto_config_accel_ecc_weierstrass_curves
2861 # - component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves
2864 if [ $weierstrass -eq 1 ]; then
2867 desc="non-Weierstrass"
2870 msg "build: crypto_full minus PK with accelerated EC algs and $desc curves"
2879 for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
2889 if [ $weierstrass -eq 1 ]; then
2903 # ---------
2906 # that's what's supported now, see docs/driver-only-builds.md.
2912 # Disable modules that are accelerated - some will be re-enabled
2918 # Disable all curves - those that aren't accelerated should be re-enabled
2927 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
2929 # Build
2930 # -----
2939 # We expect ECDH to be re-enabled for the missing curves
2941 # We expect ECP to be re-enabled, however the parts specific to the
2943 # - functions with mxz in the name are specific to Montgomery curves
2944 # - ecp_muladd is specific to Weierstrass curves
2946 if [ $weierstrass -eq 1 ]; then
2953 # We expect ECDSA and ECJPAKE to be re-enabled only when
2955 if [ $weierstrass -eq 1 ]; then
2964 # -------------
2966 msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves"
2967 make test
2978 # Auxiliary function to build config for all EC based algorithms (EC-JPAKE,
2981 # - 0 keep built-in EC algs,
2982 # - 1 exclude built-in EC algs (driver only).
2985 # same config, except for the use of driver or built-in EC algorithms:
2986 # - component_test_psa_crypto_config_accel_ecc_ecp_light_only;
2987 # - component_test_psa_crypto_config_reference_ecc_ecp_light_only.
2988 # This supports comparing their test coverage with analyze_outcomes.py.
2993 if [ "$driver_only" -eq 1 ]; then
3009 msg "build: full with accelerated EC algs"
3019 # ---------
3021 # Use the same config as reference, only without built-in EC algs
3025 # - MBEDTLS_PK_PARSE_EC_EXTENDED
3026 # - MBEDTLS_PK_PARSE_EC_COMPRESSED
3028 # Build
3029 # -----
3038 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
3045 # -------------
3047 msg "test suites: full with accelerated EC algs"
3048 make test
3050 msg "ssl-opt: full with accelerated EC algs"
3051 tests/ssl-opt.sh
3056 msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs"
3062 msg "test suites: full with non-accelerated EC algs"
3063 make test
3065 msg "ssl-opt: full with non-accelerated EC algs"
3066 tests/ssl-opt.sh
3070 # - component_test_psa_crypto_config_accel_ecc_no_ecp_at_all()
3071 # - component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
3076 # - 1: building with accelerated EC algorithms (ECDSA, ECDH, ECJPAKE), therefore
3077 # excluding their built-in implementation as well as ECP_C & ECP_LIGHT
3078 # - 0: include built-in implementation of EC algorithms.
3087 if [ "$driver_only" -eq 1 ]; then
3096 # Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
3099 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
3107 # Build and test a configuration where driver accelerates all EC algs while
3113 msg "build: full + accelerated EC algs - ECP"
3123 # ---------
3130 # Build
3131 # -----
3134 # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic.
3142 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
3146 # Also ensure that ECP module was not re-enabled
3150 # -------------
3152 msg "test: full + accelerated EC algs - ECP"
3153 make test
3155 msg "ssl-opt: full + accelerated EC algs - ECP"
3156 tests/ssl-opt.sh
3163 msg "build: full + non accelerated EC algs"
3169 msg "test: full + non accelerated EC algs"
3170 make test
3172 msg "ssl-opt: full + non accelerated EC algs"
3173 tests/ssl-opt.sh
3177 # - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
3178 # - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
3180 # - component_test_psa_crypto_config_accel_ecc_no_bignum
3181 # - accelerate all EC algs, disable RSA and FFDH
3182 # - component_test_psa_crypto_config_reference_ecc_no_bignum
3183 # - this is the reference component of the above
3184 # - it still disables RSA and FFDH, but it uses builtin EC algs
3185 # - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
3186 # - accelerate all EC and FFDH algs, disable only RSA
3187 # - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
3188 # - this is the reference component of the above
3189 # - it still disables RSA, but it uses builtin EC and FFDH algs
3202 if [ "$driver_only" -eq 1 ]; then
3213 # Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
3216 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
3218 # RSA support is intentionally disabled on this test because RSA_C depends
3220 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*"
3221 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*"
3236 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH
3237 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
3238 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*"
3244 # exchanges only in the accelerated build
3245 if [ "$driver_only" -eq 1 ]; then
3259 # - component_test_psa_crypto_config_accel_ecc_no_bignum
3260 # - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
3262 # The goal is to build and test accelerating either:
3263 # - ECC only or
3264 # - both ECC and FFDH
3275 removed_text="ECP - DH"
3281 msg "build: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM"
3298 # ---------
3305 # Build
3306 # -----
3309 # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic.
3317 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
3321 # Also ensure that ECP, RSA, [DHM] or BIGNUM modules were not re-enabled
3328 # -------------
3330 msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - DHM - BIGNUM"
3332 make test
3334 msg "ssl-opt: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM"
3335 tests/ssl-opt.sh
3339 # - component_test_psa_crypto_config_reference_ecc_no_bignum
3340 # - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
3342 # The goal is to build and test a reference scenario (i.e. with builtin
3359 msg "build: full + non accelerated $accel_text algs + USE_PSA"
3365 msg "test suites: full + non accelerated EC algs + USE_PSA"
3366 make test
3368 msg "ssl-opt: full + non accelerated $accel_text algs + USE_PSA"
3369 tests/ssl-opt.sh
3389 # - component_test_tfm_config_p256m_driver_accel_ec()
3390 # - component_test_tfm_config()
3392 # Enable TF-M config
3393 cp configs/config-tfm.h "$CONFIG_H"
3400 # - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS
3403 # Config adjustment for better test coverage in our environment.
3404 # This is not needed just to build and pass tests.
3413 msg "build: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
3417 # Build crypto library
3418 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS"
3420 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
3424 # Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled
3430 grep -q p256_ecdsa_ library/libmbedcrypto.a
3432 # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
3433 # files, so we want to ensure that it has not be re-enabled accidentally.
3437 msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
3438 make test
3448 # can compare this test with test_tfm_config_p256m_driver_accel_ec
3451 msg "build: TF-M config"
3452 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' tests
3457 # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
3458 # files, so we want to ensure that it has not be re-enabled accidentally.
3461 msg "test: TF-M config"
3462 make test
3467 # - starts from the "full" configuration minus the list of symbols passed in
3469 # - build
3470 # - test only TLS (i.e. test_suite_tls and ssl-opt)
3474 msg "build: full minus something, test TLS"
3484 msg "test: full minus something, test TLS"
3487 msg "ssl-opt: full minus something, test TLS"
3488 tests/ssl-opt.sh
3501 # - component_test_psa_ecc_key_pair_no_derive
3502 # - component_test_psa_ecc_key_pair_no_generate
3503 # The goal is to test with all PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy symbols
3505 # - $1 is the key type under test, i.e. ECC/RSA/DH
3506 # - $2 is the key option to be unset (i.e. generate, derive, etc)
3512 msg "build: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
3519 scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want"
3523 msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
3524 make test
3541 if [ "$driver_only" -eq 1 ]; then
3547 # We need PEM parsing in the test library as well to support the import
3549 scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_PEM_PARSE_C
3550 scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_BASE64_C
3555 msg "build: crypto_full with accelerated RSA"
3566 # ---------
3570 # Build
3571 # -----
3580 # Make sure this was not re-enabled by accident (additive config)
3584 # -------------
3586 msg "test: crypto_full with accelerated RSA"
3587 make test
3591 msg "build: crypto_full with non-accelerated RSA"
3594 # ---------
3597 # Build
3598 # -----
3602 # -------------
3603 msg "test: crypto_full with non-accelerated RSA"
3604 make test
3607 # This is a temporary test to verify that full RSA support is present even when
3610 msg "Build: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC"
3640 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
3641 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
3642 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
3646 msg "Test: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC"
3647 make test
3649 # Parse only 1 relevant line from the outcome file, i.e. a test which is
3652 … cat $MBEDTLS_TEST_OUTCOME_FILE | grep 'RSA PKCS1 Sign #1 (SHA512, 1536 bits RSA)' | grep -q "PASS"
3660 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
3667 # ---------
3682 # Build
3683 # -----
3689 # There's a risk of something getting re-enabled via config_psa.h;
3698 # -------------
3700 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
3701 make test
3705 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash"
3706 # This component ensures that all the test cases for
3720 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash"
3721 make test
3724 # Auxiliary function to build config for hashes with and without drivers
3729 if [ "$driver_only" -eq 1 ]; then
3730 # disable the built-in implementation of hashes
3748 msg "test: full with accelerated hashes"
3755 # ---------
3759 # Build
3760 # -----
3766 # There's a risk of something getting re-enabled via config_psa.h;
3775 # -------------
3777 msg "test: full with accelerated hashes"
3778 make test
3782 # dependency declarations in ssl-opt.sh and in TLS code are correct.
3783 msg "test: ssl-opt.sh, full with accelerated hashes"
3784 tests/ssl-opt.sh
3787 # interop testing (besides, we already got some from ssl-opt.sh).
3788 msg "test: compat.sh, full with accelerated hashes"
3789 tests/compat.sh -p mbedTLS -V YES
3794 # script to find regression in test coverage when accelerated hash is used (tests and ssl-opt).
3797 msg "test: full without accelerated hashes"
3803 msg "test: full without accelerated hashes"
3804 make test
3806 msg "test: ssl-opt.sh, full without accelerated hashes"
3807 tests/ssl-opt.sh
3810 # Auxiliary function to build config for hashes with and without drivers
3816 if [ "$driver_only" -eq 1 ]; then
3822 scripts/config.py unset-all MBEDTLS_SHA
3835 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
3839 msg "test: full with accelerated hmac"
3847 # ---------
3851 # Build
3852 # -----
3858 # Ensure that built-in support for HMAC is disabled.
3862 # -------------
3864 msg "test: full with accelerated hmac"
3865 make test
3869 msg "test: full without accelerated hmac"
3875 msg "test: full without accelerated hmac"
3876 make test
3880 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated DES"
3884 # would automatically be re-enabled by "config_adjust_legacy_from_psa.c"
3894 # ---------
3909 # Build
3910 # -----
3916 # Make sure this was not re-enabled by accident (additive config)
3920 # -------------
3922 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated DES"
3923 make test
3927 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
3933 # ---------
3943 # Disable CCM_STAR_NO_TAG because this re-enables CCM_C.
3944 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
3946 # Build
3947 # -----
3953 # Make sure this was not re-enabled by accident (additive config)
3959 # -------------
3961 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
3962 make test
3966 # - component_test_psa_crypto_config_accel_cipher_aead_cmac
3967 # - component_test_psa_crypto_config_reference_cipher_aead_cmac
3975 # The 2 following test components, i.e.
3976 # - component_test_psa_crypto_config_accel_cipher_aead_cmac
3977 # - component_test_psa_crypto_config_reference_cipher_aead_cmac
3978 # are meant to be used together in analyze_outcomes.py script in order to test
3981 msg "build: full config with accelerated cipher inc. AEAD and CMAC"
3989 # ---------
4014 # Build
4015 # -----
4021 # Make sure this was not re-enabled by accident (additive config)
4033 # -------------
4035 msg "test: full config with accelerated cipher inc. AEAD and CMAC"
4036 make test
4038 msg "ssl-opt: full config with accelerated cipher inc. AEAD and CMAC"
4039 tests/ssl-opt.sh
4042 tests/compat.sh -V NO -p mbedTLS
4046 msg "build: full config with non-accelerated cipher inc. AEAD and CMAC"
4051 msg "test: full config with non-accelerated cipher inc. AEAD and CMAC"
4052 make test
4054 msg "ssl-opt: full config with non-accelerated cipher inc. AEAD and CMAC"
4055 tests/ssl-opt.sh
4057 msg "compat.sh: full config with non-accelerated cipher inc. AEAD and CMAC"
4058 tests/compat.sh -V NO -p mbedTLS
4067 if [ "$TEST_WITH_DRIVER" -eq 1 ]; then
4076 # legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h".
4079 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR
4080 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB
4081 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB
4082 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
4083 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
4084 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC
4085 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
4099 msg "build: full + PSA dispatch in block_cipher"
4105 # ---------
4109 # Build
4110 # -----
4116 # Make sure disabled components were not re-enabled by accident (additive
4123 # -------------
4125 msg "test: full + PSA dispatch in block_cipher"
4126 make test
4131 msg "build: full + legacy dispatch in block_cipher"
4137 msg "test: full + legacy dispatch in block_cipher"
4138 make test
4142 msg "build: full minus CHACHAPOLY"
4145 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
4148 msg "test: full minus CHACHAPOLY"
4149 make test
4153 msg "build: full minus CHACHAPOLY and GCM"
4157 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
4158 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM
4161 msg "test: full minus CHACHAPOLY and GCM"
4162 make test
4166 msg "build: CCM + AES + SHA256 configuration"
4169 cp configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H"
4173 msg "test: CCM + AES + SHA256 configuration"
4174 make test
4177 # This should be renamed to test and updated once the accelerator ECDH code is in place and ready t…
4179 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
4189 …eed to define the correct symbol and include the test driver header path in order to build with th…
4190 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../t…
4193 # This should be renamed to test and updated once the accelerator HMAC code is in place and ready t…
4195 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC"
4199 …eed to define the correct symbol and include the test driver header path in order to build with th…
4200 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../t…
4203 # This should be renamed to test and updated once the accelerator HKDF code is in place and ready t…
4205 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
4209 # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it.
4211 …eed to define the correct symbol and include the test driver header path in order to build with th…
4212 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../t…
4215 # This should be renamed to test and updated once the accelerator MD5 code is in place and ready to…
4217 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD5 - other hashes"
4221 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4222 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4223 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4224 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
4225 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4226 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
4227 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4230 …eed to define the correct symbol and include the test driver header path in order to build with th…
4231 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../te…
4234 # This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and re…
4236 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RIPEMD160 - other hashes"
4240 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4241 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4242 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4243 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
4244 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4245 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
4246 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4249 …eed to define the correct symbol and include the test driver header path in order to build with th…
4250 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -…
4253 # This should be renamed to test and updated once the accelerator SHA1 code is in place and ready t…
4255 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_1 - other hashes"
4259 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4260 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4261 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4262 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
4263 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4264 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
4265 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4268 …eed to define the correct symbol and include the test driver header path in order to build with th…
4269 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../…
4272 # This should be renamed to test and updated once the accelerator SHA224 code is in place and ready…
4274 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_224 - other hashes"
4278 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4279 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4280 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4281 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4282 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
4283 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4284 …eed to define the correct symbol and include the test driver header path in order to build with th…
4285 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I.…
4288 # This should be renamed to test and updated once the accelerator SHA256 code is in place and ready…
4290 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_256 - other hashes"
4294 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4295 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4296 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4297 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4298 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4299 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
4300 …eed to define the correct symbol and include the test driver header path in order to build with th…
4301 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I.…
4304 # This should be renamed to test and updated once the accelerator SHA384 code is in place and ready…
4306 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_384 - other hashes"
4310 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4311 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4312 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4313 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4314 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
4315 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4318 …eed to define the correct symbol and include the test driver header path in order to build with th…
4319 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I.…
4322 # This should be renamed to test and updated once the accelerator SHA512 code is in place and ready…
4324 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_512 - other hashes"
4328 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4329 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4330 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4331 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4332 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
4333 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4334 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4337 …eed to define the correct symbol and include the test driver header path in order to build with th…
4338 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I.…
4341 # This should be renamed to test and updated once the accelerator RSA code is in place and ready to…
4343 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RS…
4347 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
4348 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
4349 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
4350 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
4351 …eed to define the correct symbol and include the test driver header path in order to build with th…
4352 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V1…
4355 # This should be renamed to test and updated once the accelerator RSA code is in place and ready to…
4357 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA…
4361 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
4362 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
4363 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
4364 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
4365 …eed to define the correct symbol and include the test driver header path in order to build with th…
4366 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V1…
4369 # This should be renamed to test and updated once the accelerator RSA code is in place and ready to…
4371 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_K…
4375 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_OAEP 1
4376 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
4377 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
4378 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
4379 …eed to define the correct symbol and include the test driver header path in order to build with th…
4380 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I…
4383 # This should be renamed to test and updated once the accelerator RSA code is in place and ready to…
4385 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KE…
4389 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
4390 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
4391 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
4392 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
4393 …eed to define the correct symbol and include the test driver header path in order to build with th…
4394 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I.…
4397 # This should be renamed to test and updated once the accelerator RSA code is in place and ready to…
4399 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_…
4403 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
4404 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
4405 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
4406 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
4407 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
4408 …eed to define the correct symbol and include the test driver header path in order to build with th…
4409 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KE…
4412 # This should be renamed to test and updated once the accelerator RSA code is in place and ready to…
4414 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PS…
4418 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
4419 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
4420 …eed to define the correct symbol and include the test driver header path in order to build with th…
4421 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PU…
4430 # test the TF-M configuration can build cleanly with various warning flags enabled
4431 cp configs/config-tfm.h "$CONFIG_H"
4433 msg "build: TF-M config, armclang armv7-m thumb2"
4434 …--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strin…
4438 # Check that the TF-M configuration can build cleanly with various
4439 # warning flags enabled. We don't build or run tests, since the
4440 # TF-M configuration needs a TF-M platform. A tweaked version of
4442 # configs/config-tfm.h, tested via test-ref-configs.pl.
4443 cp configs/config-tfm.h "$CONFIG_H"
4445 msg "build: TF-M config, clang, armv7-m thumb2"
4446 …--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-str…
4448 msg "build: TF-M config, gcc native build"
4450 …-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-…
4453 # Test that the given .o file builds with all (valid) combinations of the given options.
4460 # e.g. "-DOPT1 -DOPT2 ...". It must return 0 iff the combination is valid, non-zero if invalid.
4477 # The most common issue is unused variables/functions, so ensure -Wunused is set.
4478 …-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wform…
4480 # Extract the command generated by the Makefile to build the target file.
4483 # Add -fsyntax-only as we only want a syntax check and don't need to generate a file.
4484 compile_cmd="clang \$(LOCAL_CFLAGS) ${warning_flags} -fsyntax-only -c"
4502 opt=-D${options[$j]}
4509 if [[ -z $validate_options ]] || $validate_options "${clang_args}"; then
4521 make -s -f ${makefile} build_test_config_combos
4542 # 18s - around 90ms per clang invocation on M1 Pro
4545 # Test that all the combinations build cleanly.
4548 msg "build: aes.o for all combinations of relevant config options"
4557 msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT"
4575 # Full configuration build, without platform support, file IO and net sockets.
4578 msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s
4588 # to re-enable platform integration features otherwise disabled in C99 builds
4589 make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs
4590 make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test
4595 msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s
4600 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check .
4605 msg "build: full config except SSL server, make, gcc" # ~ 30s
4608 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
4612 msg "build: full config except SSL client, make, gcc" # ~ 30s
4615 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
4621 msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s
4625 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib
4629 msg "build: default config with memory buffer allocator and backtrace enabled"
4634 cmake -DCMAKE_BUILD_TYPE:String=Release .
4637 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE"
4638 make test
4642 msg "build: default config with memory buffer allocator"
4645 cmake -DCMAKE_BUILD_TYPE:String=Release .
4648 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C"
4649 make test
4651 msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C"
4653 tests/ssl-opt.sh -e '^DTLS proxy'
4658 msg "build: default config except MFL extension (ASan build)" # ~ 30s
4660 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4663 msg "test: ssl-opt.sh, MFL-related tests"
4664 tests/ssl-opt.sh -f "Max fragment length"
4668 msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)"
4671 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4674 msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
4675 make test
4677 msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
4678 tests/ssl-opt.sh
4680 msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
4683 msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
4684 tests/context-info.sh
4688 msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)"
4692 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4695 msg "test: MFL tests (disabled MFL extension case) & large packet tests"
4696 tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
4698 msg "test: context-info.sh (disabled MFL extension case)"
4699 tests/context-info.sh
4703 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)"
4705 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4708 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
4709 make test
4711 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
4712 tests/ssl-opt.sh
4714 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
4719 msg "build: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled (ASan build)"
4722 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4725 msg "test: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy)"
4726 make test
4728 msg "test: ssl-opt.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled"
4729 tests/ssl-opt.sh
4731 msg "test: compat.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled"
4736 msg "build: default config with memory buffer allocator and MFL extension"
4742 cmake -DCMAKE_BUILD_TYPE:String=Release .
4745 …msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG…
4746 make test
4748 …msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG…
4749 tests/ssl-opt.sh -f "Handshake memory usage"
4753 msg "build: when no ciphersuites have MAC"
4759 msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
4760 make test
4762 msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
4763 tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM'
4767 msg "build: default config without MBEDTLS_HAVE_TIME_DATE"
4769 cmake -D CMAKE_BUILD_TYPE:String=Check .
4772 msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites"
4773 make test
4777 msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
4781 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4784 msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
4785 make test
4789 msg "build: malloc(0) returns NULL (ASan+UBSan build)"
4791 …make CC=$ASAN_CC CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-nul…
4793 msg "test: malloc(0) returns NULL (ASan+UBSan build)"
4794 make test
4796 msg "selftest: malloc(0) returns NULL (ASan+UBSan build)"
4797 # Just the calloc selftest. "make test" ran the others as part of the
4798 # test suites.
4799 programs/test/selftest calloc
4801 msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)"
4807 tests/ssl-opt.sh -e 'proxy'
4811 # Check that gcc targets x86_64 (we can build AESNI), and check for
4815 # with the name of the corresponding test, component_test_aesni.
4817 # In principle 32-bit x86 can support AESNI, but our implementation does not
4818 # support 32-bit x86, so we check for x86-64.
4820 (gcc -v 2>&1 | grep Target | grep -q x86_64) &&
4821 [[ "$HOSTTYPE" == "x86_64" && "$OSTYPE" == "linux-gnu" ]] &&
4822 (lscpu | grep -qw aes)
4827 # fallback. It also tests the logic that is used to select which implementation(s) to build.
4829 # This test does not require the host to have support for AESNI (if it doesn't, the run-time
4833 msg "build: default config with different AES implementations"
4838 # test the intrinsics implementation
4839 msg "AES tests, test intrinsics"
4841 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes'
4842 # check that we built intrinsics - this should be used by default when supported by the compiler
4843 ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
4845 # test the asm implementation
4846 msg "AES tests, test assembly"
4848 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes'
4849 … # check that we built assembly - this should be built if the compiler does not support intrinsics
4850 ./programs/test/selftest aes | grep "AESNI code" | grep -q "assembly"
4852 # test the plain C implementation
4857 make CC=gcc CFLAGS='-O2 -Werror'
4859 ./programs/test/selftest aes | not grep -q "AESNI code"
4860 not grep -q "AES note: using AESNI" ./programs/test/selftest
4861 grep -q "AES note: built-in implementation." ./programs/test/selftest
4863 # test the intrinsics implementation
4866 msg "AES tests, test AESNI only"
4868 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes'
4869 ./programs/test/selftest aes | grep -q "AES note: using AESNI"
4870 ./programs/test/selftest aes | not grep -q "AES note: built-in implementation."
4871 grep -q "AES note: using AESNI" ./programs/test/selftest
4872 not grep -q "AES note: built-in implementation." ./programs/test/selftest
4878 # define minimal config sufficient to test SHA3
4886 …make -C tests test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=1 -DMBEDTLS_SHA3_PI_UNROLL=1 -DM…
4891 …make -C tests test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=0 -DMBEDTLS_SHA3_PI_UNROLL=0 -DM…
4896 support_test_m32_no_asm && (lscpu | grep -qw aes)
4904 msg "build: default config with different AES implementations"
4910 # test the intrinsics implementation with gcc
4911 msg "AES tests, test intrinsics (gcc)"
4913 make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
4914 # check that we built intrinsics - this should be used by default when supported by the compiler
4915 ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
4916 grep -q "AES note: using AESNI" ./programs/test/selftest
4917 grep -q "AES note: built-in implementation." ./programs/test/selftest
4918 grep -q "AES note: using VIA Padlock" ./programs/test/selftest
4919 grep -q mbedtls_aesni_has_support ./programs/test/selftest
4924 msg "AES tests, test AESNI only"
4926 make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32'
4927 ./programs/test/selftest aes | grep -q "AES note: using AESNI"
4928 ./programs/test/selftest aes | not grep -q "AES note: built-in implementation."
4929 grep -q "AES note: using AESNI" ./programs/test/selftest
4930 not grep -q "AES note: built-in implementation." ./programs/test/selftest
4931 not grep -q "AES note: using VIA Padlock" ./programs/test/selftest
4932 not grep -q mbedtls_aesni_has_support ./programs/test/selftest
4936 # clang >= 4 is required to build with target attributes
4937 support_test_aesni_m32 && [[ $(clang_version) -ge 4 ]]
4947 # test the intrinsics implementation with clang
4948 msg "AES tests, test intrinsics (clang)"
4950 make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
4951 # check that we built intrinsics - this should be used by default when supported by the compiler
4952 ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
4953 grep -q "AES note: using AESNI" ./programs/test/selftest
4954 grep -q "AES note: built-in implementation." ./programs/test/selftest
4955 grep -q "AES note: using VIA Padlock" ./programs/test/selftest
4956 grep -q mbedtls_aesni_has_support ./programs/test/selftest
4959 # For timebeing, no aarch64 gcc available in CI and no arm64 CI node.
4961 msg "Build: AESCE test on arm64 platform without plain C."
4964 # armc[56] don't support SHA-512 intrinsics
4968 # With this enabled, the library does build correctly under armclang,
4971 # this feature would prevent us from building with -Werror on
4976 msg "AESCE, build with default configuration."
4979 armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
4981 msg "AESCE, build AESCE only"
4984 armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
4988 # clang >= 11 is required to build with AES extensions
4989 [[ $(clang_version) -ge 11 ]]
4993 # Test variations of AES with Armv8 crypto extensions
4998 make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
5001 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -mar…
5004 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mth…
5009 make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
5012 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -mar…
5015 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mth…
5017 # test for presence of AES instructions
5019 msg "clang, test A32 crypto instructions built"
5020 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -mar…
5021 grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
5022 msg "clang, test T32 crypto instructions built"
5023 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mth…
5024 grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
5025 msg "clang, test aarch64 crypto instructions built"
5026 make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
5027 grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
5029 # test for absence of AES instructions
5032 msg "clang, test A32 crypto instructions not built"
5033 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -mar…
5034 not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
5035 msg "clang, test T32 crypto instructions not built"
5036 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mth…
5037 not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
5038 msg "clang, test aarch64 crypto instructions not built"
5039 make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
5040 not grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
5044 # clang >= 4 is required to build with SHA extensions
5045 [[ $(clang_version) -ge 4 ]]
5052 # Test variations of SHA256 Armv8 crypto extensions
5055 make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
5057 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -ma…
5061 # test the deprecated form of the config option
5064 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mt…
5069 make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
5073 # test the deprecated form of the config option
5076 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -ma…
5078 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mt…
5085 msg "${opt} clang, test A32 crypto instructions built"
5086 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -ma…
5087 grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
5089 msg "${opt} clang, test T32 crypto instructions built"
5090 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mt…
5091 grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
5093 msg "${opt} clang, test aarch64 crypto instructions built"
5094 make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
5095 grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
5101 msg "clang, test A32 crypto instructions not built"
5102 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -ma…
5103 not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
5105 msg "clang, test T32 crypto instructions not built"
5106 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mt…
5107 not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
5109 msg "clang, test aarch64 crypto instructions not built"
5110 make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
5111 not grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
5117 msg "AES:VIA PadLock, build with default configuration."
5121 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
5122 grep -q mbedtls_padlock_has_support ./programs/test/selftest
5127 ( [ "$MBEDTLS_TEST_PLATFORM" == "Linux-x86_64" ] || \
5128 [ "$MBEDTLS_TEST_PLATFORM" == "Linux-amd64" ] ) && \
5129 [ "`dpkg --print-foreign-architectures`" == "i386" ]
5137 msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH"
5141 make CFLAGS='-O2 -Werror -Wall -Wextra'
5143 msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH"
5144 make test
5148 msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
5153 make CC=clang CFLAGS='-Werror -Wall -Wextra'
5155 msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
5156 make test
5160 msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
5166 make CFLAGS='-O2 -Werror -Wall -Wextra'
5168 msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
5169 make test
5171 msg "selftest: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
5172 programs/test/selftest
5176 msg "build: default config + GCM_LARGE_TABLE - AESNI_C - AESCE_C"
5182 make CFLAGS='-O2 -Werror -Wall -Wextra'
5184 msg "test: default config - GCM_LARGE_TABLE - AESNI_C - AESCE_C"
5185 make test
5189 msg "build: default config with AES_FEWER_TABLES enabled"
5191 make CFLAGS='-O2 -Werror -Wall -Wextra'
5193 msg "test: AES_FEWER_TABLES"
5194 make test
5198 msg "build: default config with AES_ROM_TABLES enabled"
5200 make CFLAGS='-O2 -Werror -Wall -Wextra'
5202 msg "test: AES_ROM_TABLES"
5203 make test
5207 msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled"
5210 make CFLAGS='-O2 -Werror -Wall -Wextra'
5212 msg "test: AES_FEWER_TABLES + AES_ROM_TABLES"
5213 make test
5217 # - enable/disable the list of config options passed from -s/-u respectively.
5218 # - build
5219 # - test for tests_suite_xxx
5220 # - selftest
5223 # [-s set_opts] [-u unset_opts] [-c cflags] [-l ldflags] [option [...]]
5224 # Options: -s set_opts the list of config options to enable
5225 # -u unset_opts the list of config options to disable
5226 # -c cflags the list of options passed to CFLAGS
5227 # -l ldflags the list of options passed to LDFLAGS
5229 while [ $# -gt 0 ]; do
5231 -s)
5233 -u)
5235 -c)
5236 shift; local cflags="-Werror -Wall -Wextra $1";;
5237 -l)
5242 set_opts="${set_opts:-}"
5243 unset_opts="${unset_opts:-}"
5244 cflags="${cflags:-}"
5245 ldflags="${ldflags:-}"
5247 [ -n "$set_opts" ] && echo "Enabling: $set_opts" && scripts/config.py set-all $set_opts
5248 [ -n "$unset_opts" ] && echo "Disabling: $unset_opts" && scripts/config.py unset-all $unset_opts
5250 …msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $uns…
5252 make CFLAGS="-O2 $cflags" LDFLAGS="$ldflags"
5263 …msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unse…
5264 make test
5266 …ult config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $c…
5267 programs/test/selftest
5271 # - component_test_block_cipher_no_decrypt_aesni_legacy()
5272 # - component_test_block_cipher_no_decrypt_aesni_use_psa()
5273 # in order to test BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics,
5277 # test AESNI intrinsics
5279 -s "MBEDTLS_AESNI_C" \
5280 -c "-mpclmul -msse2 -maes"
5282 # test AESNI assembly
5284 -s "MBEDTLS_AESNI_C" \
5285 -c "-mno-pclmul -mno-sse2 -mno-aes"
5287 # test AES C implementation
5289 -u "MBEDTLS_AESNI_C"
5291 # test AESNI intrinsics for i386 target
5293 -s "MBEDTLS_AESNI_C" \
5294 -c "-m32 -mpclmul -msse2 -maes" \
5295 -l "-m32"
5310 if [ "$use_psa" -eq 1 ]; then
5314 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
5315 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
5316 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
5317 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES
5342 # armc[56] don't support SHA-512 intrinsics
5346 # With this enabled, the library does build correctly under armclang,
5349 # this feature would prevent us from building with -Werror on
5356 # test AESCE baremetal build
5358 msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESCE"
5359 … armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra"
5373 msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
5377 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
5380 msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
5381 make test
5385 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
5389 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
5392 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
5393 make test
5397 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
5402 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
5405 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
5406 make test
5410 msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C"
5412 make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS"
5414 msg "test: default config + MBEDTLS_PSA_CRYPTO_SE_C"
5415 make test
5419 msg "build: full + test drivers dispatching to builtins"
5422 loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
5423 …loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
5424 loc_cflags="${loc_cflags} -I../tests/include -O2"
5428 msg "test: full + test drivers dispatching to builtins"
5429 make test
5433 msg "build/test: make shared" # ~ 40s
5436 programs/test/dlopen_demo.sh
5440 msg "build/test: cmake shared" # ~ 2min
5441 cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
5444 make test
5445 programs/test/dlopen_demo.sh
5450 $cc --version
5452 msg "build/test: $cc $opt, $info" # ~ 30s
5453 make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror"
5456 # optimizations use inline assembly whereas runs with -O0
5458 make test # ~30s
5468 test_build_opt 'full config' clang -O0 -Os -O2
5474 test_build_opt 'full config' "$CLANG_LATEST" -O0 -Os -O2
5482 test_build_opt 'full config' "$CLANG_EARLIEST" -O0
5490 test_build_opt 'full config' "$GCC_LATEST" -O0 -Os -O2
5498 test_build_opt 'full config' "$GCC_EARLIEST" -O0
5505 msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s
5506 scripts/config.py -w full_config.h full
5508 make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'"
5510 programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
5513 msg "build: make with MBEDTLS_CONFIG_FILE + MBEDTLS_USER_CONFIG_FILE"
5517 …make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"use…
5518 not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
5520 rm -f user_config.h full_config.h
5524 msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE" # ~40s
5528 make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'"
5530 programs/test/query_compile_time_config MBEDTLS_CMAC_C
5533 … msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE + MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s
5538 …make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DMBEDTLS_PSA_CRYP…
5539 not programs/test/query_compile_time_config MBEDTLS_CMAC_C
5541 rm -f psa_test_config.h psa_user_config.h
5545 msg "build: make with PSA alt headers" # ~20s
5549 …make -C tests include/alt-extra/psa/crypto_platform_alt.h include/alt-extra/psa/crypto_struct_alt.h
5551 # Build the library and some programs.
5552 # Don't build the fuzzers to avoid having to go through hoops to set
5554 …make CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platfo…
5555 …make -C programs -o fuzz CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE=…
5559 programs/test/query_included_headers | grep -x PSA_CRYPTO_PLATFORM_ALT_H
5560 programs/test/query_included_headers | grep -x PSA_CRYPTO_STRUCT_ALT_H
5561 programs/test/query_included_headers | not grep -x PSA_CRYPTO_PLATFORM_H
5562 programs/test/query_included_headers | not grep -x PSA_CRYPTO_STRUCT_H
5566 # Build without assembly, so as to use portable C code (in a 32-bit
5567 # build) and not the i386-specific inline assembly.
5570 # this target (cannot find libclang_rt.lsan-i386.a - this is a known clang issue).
5571 msg "build: i386, make, gcc, no asm (ASan build)" # ~ 30s
5575 scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
5576 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
5578 msg "test: i386, make, gcc, no asm (ASan build)"
5579 make test
5582 case $(uname -m) in
5589 # Build with optimization, to use the i386 specific inline assembly
5591 msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s
5593 scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
5594 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
5596 msg "test: i386, make, gcc -O2 (ASan build)"
5597 make test
5599 msg "test ssl-opt.sh, i386, make, gcc-O2"
5600 tests/ssl-opt.sh
5607 msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min
5609 scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
5610 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
5612 msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
5613 make test
5615 msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
5616 tests/ssl-opt.sh -f ECDH
5618 …msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 …
5620 tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
5627 msg "build: 64-bit ILP32, make, gcc" # ~ 30s
5629 make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -mx32' LDFLAGS='-mx32'
5631 msg "test: 64-bit ILP32, make, gcc"
5632 make test
5635 case $(uname -m) in
5642 msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s
5644 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
5647 msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s
5648 make test
5652 msg "build: gcc, force 32-bit bignum limbs"
5657 make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32'
5659 msg "test: gcc, force 32-bit bignum limbs"
5660 make test
5664 msg "build: gcc, force 64-bit bignum limbs"
5669 make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64'
5671 msg "test: gcc, force 64-bit bignum limbs"
5672 make test
5676 msg "build: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)"
5683 …make CC=gcc CFLAGS="$ASAN_CFLAGS -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32" LDFLAGS="$ASAN_CFLAGS"
5685 msg "test: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)"
5686 make test
5690 msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
5693 make CFLAGS='-Werror -O1'
5695 msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
5696 make test
5700 msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
5703 make CFLAGS='-Werror -O1'
5705 msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
5706 make test
5710 msg "build: no strings" # ~10s
5717 make CFLAGS='-Werror -Os'
5719 msg "test: no strings" # ~ 10s
5720 make test
5724 msg "build: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s
5728 make CFLAGS='-Werror -O2'
5730 msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s
5731 make test
5733 msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_INFO" # ~ 1 min
5734 tests/ssl-opt.sh
5738 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" # ~ 10s
5740 …I_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib
5742 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug"
5743 ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
5747 msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s
5749 # Build for a target platform that's close to what Debian uses
5750 # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
5751 # See https://github.com/Mbed-TLS/mbedtls/pull/2169 and comments.
5752 # Build everything including programs, see for example
5753 # https://github.com/Mbed-TLS/mbedtls/pull/3449#issuecomment-675313720
5754 …c" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAG…
5756 msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
5757 ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o
5764 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s
5768 # in case the gcc-arm-linux-gnueabi toolchain is not available
5769 …NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-marc…
5771 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
5772 ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
5776 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus, baremetal_size" # ~ 10s
5778 …r" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-…
5780 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size"
5781 ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
5784 ${ARM_NONE_EABI_GCC_PREFIX}size -t $lib | grep TOTALS
5789 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
5792 …_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib
5793 echo "Checking that software 64-bit division is not required"
5798 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
5801 …GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mth…
5802 echo "Checking that software 64-bit multiplication is not required"
5811 msg "build: clang thumb 2, make"
5813 …make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -march=armv7-m -mthumb' …
5815 # Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os
5816 msg "build: clang thumb 1 -O0, make"
5818 …make CC="clang" CFLAGS='-std=c99 -Werror -O0 --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb…
5820 msg "build: clang thumb 1 -Os, make"
5822 …make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb…
5826 msg "build: ARM Compiler 5"
5828 # armc[56] don't support SHA-512 intrinsics
5831 # older versions of armcc/armclang don't support AESCE_C on 32-bit Arm
5835 # With this enabled, the library does build correctly under armclang,
5838 # this feature would prevent us from building with -Werror on
5844 make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
5847 "$ARMC5_FROMELF" -z library/*.o
5849 # Compile mostly with -O1 since some Arm inline assembly is disabled for -O0.
5851 # ARM Compiler 6 - Target ARMv7-A
5852 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a"
5854 # ARM Compiler 6 - Target ARMv7-M
5855 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m"
5857 # ARM Compiler 6 - Target ARMv7-M+DSP
5858 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m+dsp"
5860 # ARM Compiler 6 - Target ARMv8-A - AArch32
5861 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8.2-a"
5863 # ARM Compiler 6 - Target ARMv8-M
5864 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main"
5866 # ARM Compiler 6 - Target Cortex-M0 - no optimisation
5867 armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0"
5869 # ARM Compiler 6 - Target Cortex-M0
5870 armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0"
5872 # ARM Compiler 6 - Target ARMv8.2-A - AArch64
5874 # Re-enable MBEDTLS_AESCE_C as this should be supported by the version of armclang
5877 armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
5887 msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_3, cmake, gcc, ASan"
5889 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
5892 msg "test: main suites (inc. selftests) (ASan build)"
5893 make test
5895 msg "test: ssl-opt.sh (ASan build)"
5896 tests/ssl-opt.sh
5898 msg "test: compat.sh (ASan build)"
5903 msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_2"
5906 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
5908 msg "test: TLS 1.3 only, all key exchange modes enabled"
5909 make test
5911 msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled"
5912 tests/ssl-opt.sh
5916 msg "build: TLS 1.3 only from default, only PSK key exchange mode"
5928 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
5933 msg "ssl-opt.sh: TLS 1.3 only, only PSK key exchange mode enabled"
5934 tests/ssl-opt.sh
5938 msg "build: TLS 1.3 only from default, only ephemeral key exchange mode"
5942 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
5947 msg "ssl-opt.sh: TLS 1.3 only, only ephemeral key exchange mode"
5948 tests/ssl-opt.sh
5952 msg "build: TLS 1.3 only from default, only ephemeral ffdh key exchange mode"
5958 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
5963 msg "ssl-opt.sh: TLS 1.3 only, only ephemeral ffdh key exchange mode"
5964 tests/ssl-opt.sh
5968 msg "build: TLS 1.3 only from default, only PSK ephemeral key exchange mode"
5978 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
5983 msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral key exchange mode"
5984 tests/ssl-opt.sh
5988 msg "build: TLS 1.3 only from default, only PSK ephemeral ffdh key exchange mode"
5999 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
6004 msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode"
6005 tests/ssl-opt.sh
6009 msg "build: TLS 1.3 only from default, without ephemeral key exchange mode"
6018 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
6023 msg "ssl-opt.sh: TLS 1.3 only, PSK and PSK ephemeral key exchange modes"
6024 tests/ssl-opt.sh
6028 msg "build: TLS 1.3 only from default, without PSK key exchange mode"
6031 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
6036 msg "ssl-opt.sh: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
6037 tests/ssl-opt.sh
6041 msg "build: default config plus early data minus padding"
6044 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
6046 msg "test: default config plus early data minus padding"
6047 make test
6048 msg "ssl-opt.sh (TLS 1.3 no padding)"
6049 tests/ssl-opt.sh
6053 msg "build: default config plus early data minus middlebox compatibility mode"
6056 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
6058 msg "test: default config plus early data minus middlebox compatibility mode"
6059 make test
6060 msg "ssl-opt.sh (TLS 1.3 no compatibility mode)"
6061 tests/ssl-opt.sh
6065 msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
6066 …make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall …
6069 …make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -maes …
6072 msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
6073 …make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall …
6074 …make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall …
6077 …msg "build: Windows cross build - mingw64, make (Library only, default config without MBEDTLS_AESN…
6079 …make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall …
6083 case $(i686-w64-mingw32-gcc -dumpversion 2>/dev/null) in
6084 [0-5]*|"") false;;
6090 msg "build: MSan (clang)" # ~ 1 min 20s
6092 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
6095 msg "test: main suites (MSan)" # ~ 10s
6096 make test
6098 msg "test: metatests (MSan)"
6099 tests/scripts/run-metatests.sh any msan
6104 msg "test: ssl-opt.sh (MSan)" # ~ 1 min
6105 tests/ssl-opt.sh
6109 if [ "$MEMORY" -gt 0 ]; then
6110 msg "test: compat.sh (MSan)" # ~ 6 min 20s
6116 msg "build: Release (clang)"
6118 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
6121 msg "test: main suites, Valgrind (default config)"
6127 if [ "$MEMORY" -gt 0 ]; then
6128 msg "test: ssl-opt.sh --memcheck (default config)"
6129 tests/ssl-opt.sh --memcheck
6132 if [ "$MEMORY" -gt 1 ]; then
6133 msg "test: compat.sh --memcheck (default config)"
6134 tests/compat.sh --memcheck
6137 if [ "$MEMORY" -gt 0 ]; then
6138 msg "test: context-info.sh --memcheck (default config)"
6139 tests/context-info.sh --memcheck
6144 msg "build: Release, full (clang)"
6147 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
6150 msg "test: main suites, Valgrind (full config)"
6160 # Attempt to parse lsb-release to find out distribution and version. If not
6161 # found this should fail safe (test is supported).
6162 if [[ -f /etc/lsb-release ]]; then
6164 while read -r lsb_line; do
6169 done < /etc/lsb-release
6176 # Running the out of source CMake test on Ubuntu 16.04 using more than one
6177 # processor (as the CI does) can create a race condition whereby the build
6181 [ "$distrib_id" != "Ubuntu" ] || [ "$distrib_ver_major" -gt 16 ]
6189 msg "build: cmake 'out-of-source' build"
6194 cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON "$MBEDTLS_ROOT_DIR"
6197 msg "test: cmake 'out-of-source' build"
6198 make test
6199 # Check that ssl-opt.sh can find the test programs.
6202 # file is missing (ssl-opt.sh tolerates the absence of some files so
6204 ./tests/ssl-opt.sh -f 'Default' >ssl-opt.out 2>ssl-opt.err
6205 grep PASS ssl-opt.out
6206 cat ssl-opt.err >&2
6207 # If ssl-opt.err is non-empty, record an error and keep going.
6208 [ ! -s ssl-opt.err ]
6209 rm ssl-opt.out ssl-opt.err
6211 rm -rf "$OUT_OF_SOURCE_DIR"
6219 msg "build: cmake 'as-subdirectory' build"
6220 cd programs/test/cmake_subproject
6222 cmake -D GEN_FILES=ON .
6235 msg "build: cmake 'as-package' build"
6236 cd programs/test/cmake_package
6250 msg "build: cmake 'as-installed-package' build"
6251 cd programs/test/cmake_package_install
6261 # Make a copy of config file to use for the in-tree test
6268 # Build once to get the generated files (which need an intact config file)
6272 msg "build: cmake with -DMBEDTLS_CONFIG_FILE"
6273 scripts/config.py -w full_config.h full
6274 echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H"
6275 cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h "$MBEDTLS_ROOT_DIR"
6278 msg "build: cmake with -DMBEDTLS_CONFIG_FILE + -DMBEDTLS_USER_CONFIG_FILE"
6283 …cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h…
6285 not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
6287 rm -f user_config.h full_config.h
6290 rm -rf "$OUT_OF_SOURCE_DIR"
6292 # Now repeat the test for an in-tree build:
6294 # Restore config for the in-tree test
6297 # Build once to get the generated files (which need an intact config)
6301 msg "build: cmake (in-tree) with -DMBEDTLS_CONFIG_FILE"
6302 scripts/config.py -w full_config.h full
6303 echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H"
6304 cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h .
6307 msg "build: cmake (in-tree) with -DMBEDTLS_CONFIG_FILE + -DMBEDTLS_USER_CONFIG_FILE"
6312 …cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h…
6314 not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
6316 rm -f user_config.h full_config.h
6324 msg "build: check for obviously wrong calls to mbedtls_platform_zeroize()"
6328 # Only compile - we're looking for sizeof-pointer-memaccess warnings
6329 …CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_T…
6334 # Test that the function mbedtls_platform_zeroize() is not optimized away by
6344 if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then
6345 gdb_disable_aslr='set disable-randomization off'
6348 for optimization_flag in -O2 -O3 -Ofast -Os; do
6350 msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
6352 …gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroi…
6354 not grep -i "error" test_zeroize.log
6355 rm -f test_zeroize.log
6362 # The arch tests build with gcc, so require use of gcc here to link properly
6363 msg "build: make, default config (out-of-box), libmbedcrypto.a only"
6364 CC=gcc make -C library libmbedcrypto.a
6366 msg "unit test: test_psa_compliance.py"
6371 # psa-compliance-tests only supports CMake >= 3.10.0
6372 ver="$(cmake --version)"
6379 [ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ]
6388 case $(uncrustify --version) in
6396 tests/scripts/check-python-files.sh
6400 msg "unit test: generate_test_code.py"
6403 # harmless info on stdout so it can be suppress with --quiet.
6406 msg "unit test: translate_ciphers.py"
6407 python3 -m unittest tests/scripts/translate_ciphers.py 2>&1
6428 # Function invoked by --error-test to test error reporting.
6431 if [ $KEEP_GOING -ne 0 ]; then
6437 # Expected error: 'grep non_existent /dev/null -> 1'
6439 # Expected error: '! grep -q . tests/scripts/all.sh -> 1'
6440 not grep -q . "$0"
6441 # Expected error: 'make unknown_target -> 2'
6463 if [ $KEEP_GOING -eq 1 ]; then
6464 # We want to keep running if the subshell fails, so 'set -e' must
6469 if [ $QUIET -eq 1 ]; then
6474 if [ $KEEP_GOING -eq 1 ]; then
6475 # Keep "set -e" off, and run an ERR trap instead to record failures.
6476 set -E
6481 if [ $KEEP_GOING -eq 1 ]; then
6482 trap - ERR
6487 if [ $KEEP_GOING -eq 1 ]; then
6488 set -e
6489 if [ $component_status -ne 0 ]; then
6494 # Restore the build tree to a clean state.
6510 if [ $KEEP_GOING -eq 1 ]; then