Lines Matching +full:gcc +full:- +full:i686 +full:- +full:linux +full:- +full:gnu
6 # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
15 # -------
20 # ---------------
32 # * Basic Unix tools (Windows users note: a Unix-style find must be before
35 # * GNU Make
37 # * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind)
39 # * arm-gcc and mingw-gcc
40 # * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
53 # The behavior on an error depends on whether --keep-going (alias -k)
55 # * Without --keep-going: the script stops on the first error without
58 # * With --keep-going: the script runs all requested components and
63 # script -c tests/scripts/all.sh
68 # ---------------------
89 # fails if any command in it returns a non-zero status.
93 # cleaned-up state, and don't need to perform the cleanup themselves.
99 # This cleans up after an in-tree use of CMake.
111 # Abort on errors (even on the left-hand side of a pipe).
113 set -e -o pipefail -u
116 shopt -s extglob
119 test -d include -a -d library -a -d programs -a -d tests
123 test -d include -a -d core -a -d drivers -a -d programs -a -d tests
128 echo "Must be run from Mbed TLS / TF-PSA-Crypto root" >&2
149 # Files clobbered by in-tree cmake
159 # Seed value used with the --release-test option.
161 # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if
164 # basic-build-test.sh as well.
171 … : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
178 : ${GNUTLS_CLI:="gnutls-cli"}
179 : ${GNUTLS_SERV:="gnutls-serv"}
183 : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
184 : ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
185 : ${CLANG_LATEST:="clang-latest"}
186 : ${CLANG_EARLIEST:="clang-earliest"}
187 : ${GCC_LATEST:="gcc-latest"}
188 : ${GCC_EARLIEST:="gcc-earliest"}
189 # if MAKEFLAGS is not set add the -j option to speed up invocations of make
190 if [ -z "${MAKEFLAGS+set}" ]; then
191 export MAKEFLAGS="-j$(all_sh_nproc)"
194 if [ -z "${CC+set}" ] && (type clang > /dev/null 2>&1); then
202 # default to -O2, use -Ox _after_ this if you want another level
203 ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
213 ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
225 if [[ -e ${PWD}/tests/scripts/quiet ]]; then
235 set -f
255 $0 --no-armcc --except test_memsan
259 -h|--help Print this help and exit.
260 --list-all-components List all available test components and exit.
261 --list-components List components supported on this platform and exit.
264 -q|--quiet Only output component names, and errors if any.
265 -f|--force Force the tests to overwrite any modified files.
266 -k|--keep-going Run all tests and report errors at the end.
267 -m|--memory Additional optional memory tests.
268 --append-outcome Append to the outcome file (if used).
269 --arm-none-eabi-gcc-prefix=<string>
270 Prefix for a cross-compiler for arm-none-eabi
272 --arm-linux-gnueabi-gcc-prefix=<string>
273 Prefix for a cross-compiler for arm-linux-gnueabi
275 --armcc Run ARM Compiler builds (on by default).
276 --restore First clean up the build tree, restoring backed up
279 --error-test Error test mode: run a failing function in addition
281 --except Exclude the COMPONENTs listed on the command line,
283 --no-append-outcome Write a new outcome file and analyze it (default).
284 --no-armcc Skip ARM Compiler builds.
285 --no-force Refuse to overwrite modified files (default).
286 --no-keep-going Stop at the first error (default).
287 --no-memory No additional memory tests (default).
288 --no-quiet Print full output from components.
289 --out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
290 --outcome-file=<path> File where test outcomes are written (not done if
292 --random-seed Use a random seed value for randomized tests (default).
293 …-r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED…
294 -s|--seed Integer seed value to use for this test run.
297 --armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
298 --armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory.
299 --clang-earliest=<Clang_earliest_path> Earliest version of clang available
300 --clang-latest=<Clang_latest_path> Latest version of clang available
301 --gcc-earliest=<GCC_earliest_path> Earliest version of GCC available
302 --gcc-latest=<GCC_latest_path> Latest version of GCC available
303 --gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
304 --gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
305 --openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
306 … --openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
320 find . -name .git -prune -o \
321 -iname CMakeFiles -exec rm -rf {} \+ -o \
322 \( -iname cmake_install.cmake -o \
323 -iname CTestTestfile.cmake -o \
324 -iname CMakeCache.txt -o \
325 -path './cmake/*.cmake' \) -exec rm -f {} \+
326 # Recover files overwritten by in-tree CMake builds
327 rm -f include/Makefile include/mbedtls/Makefile programs/!(fuzz)/Makefile
330 rm -rf programs/test/cmake_subproject/build
331 rm -f programs/test/cmake_subproject/Makefile
332 rm -f programs/test/cmake_subproject/cmake_subproject
335 rm -rf programs/test/cmake_package/build
336 rm -f programs/test/cmake_package/Makefile
337 rm -f programs/test/cmake_package/cmake_package
340 rm -rf programs/test/cmake_package_install/build
341 rm -f programs/test/cmake_package_install/Makefile
342 rm -f programs/test/cmake_package_install/cmake_package_install
346 if [[ -e "$x$backup_suffix" ]]; then
347 cp -p "$x$backup_suffix" "$x"
353 # in non-keep-going mode).
358 rm -f "$x$backup_suffix"
370 trap - $1
371 kill -$1 $$
383 nproc || # Linux
384 sysctl -n hw.ncpuonline || # NetBSD, OpenBSD
385 sysctl -n hw.ncpu || # FreeBSD
392 if [ -n "${current_component:-}" ]; then
398 if [ $QUIET -eq 1 ]; then
416 WARNING_CFLAGS='-Werror -xc -std=c99' make lib
419 "$ARMC6_FROMELF" -z library/*.o
448 while [ $# -gt 0 ]; do
450 --append-outcome) append_outcome=1;;
451 --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
452 --arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";;
453 --armcc) no_armcc=;;
454 --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
455 --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
456 --clang-earliest) shift; CLANG_EARLIEST="$1";;
457 --clang-latest) shift; CLANG_LATEST="$1";;
458 --error-test) error_test=$((error_test + 1));;
459 --except) all_except=1;;
460 --force|-f) FORCE=1;;
461 --gcc-earliest) shift; GCC_EARLIEST="$1";;
462 --gcc-latest) shift; GCC_LATEST="$1";;
463 --gnutls-cli) shift; GNUTLS_CLI="$1";;
464 --gnutls-legacy-cli) shift;; # ignored for backward compatibility
465 --gnutls-legacy-serv) shift;; # ignored for backward compatibility
466 --gnutls-serv) shift; GNUTLS_SERV="$1";;
467 --help|-h) usage; exit;;
468 --keep-going|-k) KEEP_GOING=1;;
469 --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
470 --list-components) list_components=1;;
471 --memory|-m) MEMORY=1;;
472 --no-append-outcome) append_outcome=0;;
473 --no-armcc) no_armcc=1;;
474 --no-force) FORCE=0;;
475 --no-keep-going) KEEP_GOING=0;;
476 --no-memory) MEMORY=0;;
477 --no-quiet) QUIET=0;;
478 --openssl) shift; OPENSSL="$1";;
479 --openssl-next) shift; OPENSSL_NEXT="$1";;
480 --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";;
481 --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
482 --quiet|-q) QUIET=1;;
483 --random-seed) unset SEED;;
484 --release-test|-r) SEED=$RELEASE_SEED;;
485 --restore) restore_first=1;;
486 --seed|-s) shift; SEED="$1";;
487 -*)
489 echo >&2 "Run $0 --help for usage."
507 if [ $list_components -eq 1 ]; then
513 if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then
517 # --no-armcc is a legacy option. The modern way is --except '*_armcc*'.
519 if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then
524 if [ $all_except -eq 0 ]; then
528 set -f
544 if [ $unsupported -ne 0 ]; then
552 if is_component_included "$component"; [ $? -eq $all_except ]; then
562 if [ $FORCE -eq 1 ]; then
563 rm -rf "$OUT_OF_SOURCE_DIR"
564 git checkout-index -f -q $CONFIG_H
568 if [ -d "$OUT_OF_SOURCE_DIR" ]; then
569 echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2
571 echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR"
575 if ! git diff --quiet "$CONFIG_H"; then
576 err_msg "Warning - the configuration file '$CONFIG_H' has been edited. "
578 echo "script as: $0 --force"
590 case "$(head -n1 Makefile)" in
592 …git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile pro…
593 … git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
600 cp -p "$x" "$x$backup_suffix"
616 if [ -t 1 ]; then
617 case "${TERM:-}" in
618 *color*|cygwin|linux|rxvt*|screen|[Eex]term*)
626 failure_summary_file=$PWD/all-sh-failures-$$.log
643 *make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ...
660 failed_command=${report_failed_command-$BASH_COMMAND}
662 if [[ $last_failure_status -eq $previous_failure_status &&
664 ${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]]
677 text="$current_section: $failed_command -> $last_failure_status"
690 if [ $failure_count -gt 0 ]; then
696 elif [ -z "${1-}" ]; then
699 if [ -n "${1-}" ]; then
702 rm -f "$failure_summary_file"
703 if [ $failure_count -gt 0 ]; then
732 if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then
733 rm -f "$MBEDTLS_TEST_OUTCOME_FILE"
738 if [ $QUIET -eq 1 ]; then
745 echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}"
746 echo "SEED: ${SEED-"UNSET"}"
767 # and ssl-opt.sh, we just export the variables they require.
771 # Avoid passing --seed flag in every call to ssl-opt.sh
772 if [ -n "${SEED-}" ]; then
787 *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";;
791 *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";;
811 if [ $QUIET -eq 1 ]; then
828 if [ $QUIET -eq 1 ]; then
836 if command -v clang > /dev/null ; then
837 clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#'
848 # -------------------------
853 # - loc_accel_list="ALG_JPAKE"
854 # - loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY"
885 # helper_libtestdriver1_make_main "$loc_accel_list" -C tests test_suite_foo
888 # Adjust the configuration - for both libtestdriver1 and main library,
897 # Enable PSA-based config (necessary to use drivers)
907 scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_C
911 scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_PTHREAD
916 # The function optionally accepts 1 parameter: a space-separated list of the
919 allowed_list="${1:-}"
920 scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
932 for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
944 for item in $(sed -n 's/^#define PSA_WANT_\(DH_RFC7919_[0-9]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
957 …for item in $(sed -n "s/^#define PSA_WANT_\(KEY_TYPE_${key_type}_[0-9A-Z_a-z]*\).*/\1/p" <"$CRYPTO…
971 # 1. a space-separated list of things to accelerate;
972 # 2. optional: a space-separate list of things to also support.
975 loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
976 …make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_…
983 # 1. a space-separated list of things to accelerate;
985 # (examples: lib, -C tests test_suite_xxx, etc.)
992 …loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g'…
993 …loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&…
994 …$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_L…
1007 # time, so start with a GCC build).
1018 msg "Check: check-generated-files, files generated with make" # 2s
1020 tests/scripts/check-generated-files.sh
1022 msg "Check: check-generated-files -u, files present" # 2s
1023 tests/scripts/check-generated-files.sh -u
1025 tests/scripts/check-generated-files.sh
1027 msg "Check: check-generated-files -u, files absent" # 2s
1029 tests/scripts/check-generated-files.sh -u
1031 tests/scripts/check-generated-files.sh
1039 tests/scripts/check-doxy-blocks.pl
1049 rm -f ChangeLog.new
1050 scripts/assemble_changelog.py -o ChangeLog.new
1051 if [ -e ChangeLog.new ]; then
1053 # non-empty.
1054 diff -u ChangeLog ChangeLog.new || true
1061 tests/scripts/check_names.py -v
1066 if [ $QUIET -eq 1 ]; then
1067 opt='--quiet'
1071 tests/scripts/check_test_cases.py -q $opt
1087 found="check-test-deps-found-$$"
1088 expected="check-test-deps-expected-$$"
1093 grep -Eo '!?MBEDTLS_[^: ]*' |
1094 grep -v -e MBEDTLS_PSA_ -e MBEDTLS_TEST_ |
1095 sort -u > $found
1097 # Expected ones with justification - keep in sorted order by ASCII table!
1098 rm -f $expected
1099 # No PSA equivalent - WANT_KEY_TYPE_AES means all sizes
1101 # No PSA equivalent - used to skip decryption tests in PSA-ECB, CBC/XTS/NIST_KW/DES
1109 # No PSA equivalent - we should probably have one in the future.
1111 # No PSA equivalent - needed by some init tests
1113 # No PSA equivalent - required to run threaded tests.
1117 # We want an exact match, to ensure the above list remains up-to-date.
1120 # - Each '+' line is a macro that was found but not expected. You want to
1123 # - Each '-' line is a macro that was expected but not found; it means the
1125 diff -U0 $expected $found
1142 msg "build: make, default config (out-of-box)" # ~1min
1147 msg "test: main suites make, default config (out-of-box)" # ~10s
1150 msg "selftest: make, default config (out-of-box)" # ~10s
1153 msg "program demos: make, default config (out-of-box)" # ~10s
1158 msg "build: cmake, gcc, ASan" # ~ 1 min 50s
1159 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1171 msg "test: metatests (GCC, ASan build)"
1172 tests/scripts/run-metatests.sh any asan poison
1174 msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
1175 tests/ssl-opt.sh
1180 msg "test: context-info.sh (ASan build)" # ~ 15 sec
1181 tests/context-info.sh
1185 msg "build: cmake, gcc, ASan" # ~ 1 min 50s
1187 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1196 msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
1197 tests/ssl-opt.sh
1202 msg "test: context-info.sh (ASan build)" # ~ 15 sec
1203 tests/context-info.sh
1207 msg "build: full config, cmake, gcc, ASan"
1209 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1218 msg "test: ssl-opt.sh (full config, ASan build)"
1219 tests/ssl-opt.sh
1224 msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
1225 tests/context-info.sh
1230 msg "build: full config, cmake, gcc, ASan"
1233 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1242 msg "test: ssl-opt.sh (full config, ASan build)"
1243 tests/ssl-opt.sh
1248 msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
1249 tests/context-info.sh
1253 msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
1256 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1259 msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
1264 msg "build: full config + MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS, cmake, gcc, ASan"
1267 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1270 msg "test: full config + MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS, cmake, gcc, ASan"
1279 grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")"
1283 msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc"
1291 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib
1293 # Check that if a symbol is renamed by crypto_spe.h, the non-renamed
1299 # Get a list of library-wise undefined symbols and ensure that they only
1302 # - component_test_default_psa_crypto_client_without_crypto_provider
1303 # - component_build_full_psa_crypto_client_without_crypto_provider.
1305 …nm library/libmbedcrypto.a | grep ' [TRrDC] ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_def.t…
1306 nm library/libmbedcrypto.a | grep ' U ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_undef.txt
1307 comm sym_def.txt sym_undef.txt -13 > linking_errors.txt
1314 msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
1325 msg "check missing symbols: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
1328 msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
1333 msg "build: full config - PSA_CRYPTO_C"
1350 msg "check missing symbols: full config - PSA_CRYPTO_C"
1371 msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
1372 # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
1373 # want to re-generate generated files that depend on it, quite correctly.
1376 # cmake can't know this, but re-generation is actually not necessary as
1378 # whether they're on or off. So, disable cmake's (over-sensitive here)
1381 CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
1382 tests/scripts/test-ref-configs.pl
1388 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1391 msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s
1394 msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
1395 tests/ssl-opt.sh
1404 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1407 …msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s
1410 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min
1411 tests/ssl-opt.sh
1417 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1420 msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
1423 msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
1424 tests/ssl-opt.sh -f RSA
1426 msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
1427 tests/compat.sh -t RSA
1429 msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec
1430 tests/context-info.sh
1440 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1443 msg "test: Full minus CTR_DRBG, classic crypto - main suites"
1449 msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)"
1450 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
1452 msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)"
1453 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
1462 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1465 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites"
1471 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
1472 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
1474 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)"
1475 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
1486 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1489 msg "test: Full minus HMAC_DRBG, classic crypto - main suites"
1495 # Test SSL with non-deterministic ECDSA. Only test features that
1497 msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)"
1498 tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
1502 msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)"
1503 tests/compat.sh -m tls12 -t 'ECDSA'
1513 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1516 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites"
1522 # Test SSL with non-deterministic ECDSA. Only test features that
1524 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
1525 tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
1529 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)"
1530 tests/compat.sh -m tls12 -t 'ECDSA'
1547 # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG.
1548 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS"
1550 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites"
1553 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)"
1554 tests/ssl-opt.sh -f 'Default'
1569 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites"
1572 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)"
1573 tests/ssl-opt.sh -f 'Default\|opaque'
1588 tests/ssl-opt.sh -f 'Default\|opaque'
1600 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-f…
1611 make CFLAGS="-DMBEDTLS_TEST_SW_INET_PTON"
1626 # Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config).
1646 # Disable things that would auto-enable MD_C
1649 # Note: MD-light is auto-enabled in build_info.h by modules that need it,
1687 # - component_test_full_no_cipher_with_psa_crypto
1688 # - component_test_full_no_cipher_with_psa_crypto_config
1690 # - $1: boolean value which basically reflects status of MBEDTLS_PSA_CRYPTO_CONFIG
1691 # - $2: a text string which describes the test component
1701 if [ "$USE_CRYPTO_CONFIG" -eq 1 ]; then
1702 # The built-in implementation of the following algs/key-types depends
1706 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
1707 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
1708 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
1709 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
1710 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
1711 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
1712 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
1713 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
1714 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
1715 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
1721 scripts/config.py unset-all MBEDTLS_CIPHER_MODE
1729 # Ensure that CIPHER_C was not re-enabled
1748 # - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA
1749 # - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated
1757 # PSA_WANT_ALG_CCM to be re-enabled.
1758 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM
1778 # PSA_WANT_ALG_CCM_STAR_NO_TAG to be re-enabled.
1779 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
1780 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_STREAM_CIPHER
1781 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR
1782 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB
1783 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB
1784 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
1785 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
1786 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
1810 # Disable what auto-enables ECP_LIGHT
1860 …# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, A…
1862 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1864 …# Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_C…
1875 # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
1888 …# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, A…
1890 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1892 …# Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_C…
1903 # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
1907 msg "build: default with only CBC-legacy cipher"
1915 …# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, AR…
1917 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1919 …# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_…
1927 msg "test: default with only CBC-legacy cipher"
1930 msg "test: default with only CBC-legacy cipher - ssl-opt.sh (subset)"
1931 tests/ssl-opt.sh -f "TLS 1.2"
1935 msg "build: default with only CBC-legacy cipher use psa"
1944 …# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, AR…
1946 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1948 …# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_…
1956 msg "test: default with only CBC-legacy cipher use psa"
1959 msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)"
1960 tests/ssl-opt.sh -f "TLS 1.2"
1964 msg "build: default with only CBC-legacy and CBC-EtM ciphers"
1972 …# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, AR…
1974 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1976 …# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_…
1984 msg "test: default with only CBC-legacy and CBC-EtM ciphers"
1987 msg "test: default with only CBC-legacy and CBC-EtM ciphers - ssl-opt.sh (subset)"
1988 tests/ssl-opt.sh -f "TLS 1.2"
1992 msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa"
2001 …# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, AR…
2003 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
2005 …# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_…
2013 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa"
2016 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)"
2017 tests/ssl-opt.sh -f "TLS 1.2"
2020 # We're not aware of any other (open source) implementation of EC J-PAKE in TLS
2025 msg "build: TLS1.2 server+client w/ EC-JPAKE w/o USE_PSA"
2028 # https://github.com/Mbed-TLS/mbedtls/issues/8229
2030 make -C programs ssl/ssl_server2 ssl/ssl_client2
2034 msg "build: TLS1.2 server+client w/ EC-JPAKE w/ USE_PSA"
2038 make -C programs ssl/ssl_server2 ssl/ssl_client2
2039 make -C programs test/udp_proxy test/query_compile_time_config
2041 msg "test: server w/o USE_PSA - client w/ USE_PSA, text password"
2042 P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS"
2043 msg "test: server w/o USE_PSA - client w/ USE_PSA, opaque password"
2044 P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password client only, working, TLS"
2045 msg "test: client w/o USE_PSA - server w/ USE_PSA, text password"
2046 P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS"
2047 msg "test: client w/o USE_PSA - server w/ USE_PSA, opaque password"
2048 P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password server only, working, TLS"
2056 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan .
2059 msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
2063 tests/scripts/run-metatests.sh any asan poison
2065 msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
2066 tests/ssl-opt.sh -f ECDH
2068 msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
2070 tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
2081 scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
2094 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2097 msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
2098 tests/ssl-opt.sh -f "Max fragment\|Large packet"
2105 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2108 msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
2109 tests/ssl-opt.sh -f "Max fragment"
2115 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2118 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
2119 …tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free bu…
2125 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2128 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
2129 …tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSe…
2137 grep -q '^0:psa_crypto_init:' tests/statuses.log
2138 rm -f tests/statuses.log
2144 CC=clang CXX=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On -D TEST_CPP=1 .
2154 tests/scripts/run-metatests.sh any pthread
2162 msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
2163 tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
2166 tests/compat.sh -e '^$' -f 'NULL'
2169 env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
2173 # Skip the test suites that don't have any constant-flow annotations.
2177 git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' |
2186 ls -1 tests/suites/test_suite_*.function |
2187 grep -v $1.function |
2196 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
2197 # - or alternatively, change the build type to MemSanDbg, which enables
2205 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
2215 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
2216 # - or alternatively, change the build type to MemSanDbg, which enables
2223 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
2232 # (heap buffer overflows, use of uninitialized memory, use-after-free,
2236 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
2237 # - or alternatively, build with debug info and manually run the offending
2238 # test suite with valgrind --track-origins=yes, then check if the origin
2240 …msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
2245 cmake -D CMAKE_BUILD_TYPE:String=Release .
2253 # Test asm path in constant time module - by default, it will test the plain C
2256 scripts/config.py --force set MBEDTLS_TEST_CONSTANT_FLOW_ASM
2258 cmake -D CMAKE_BUILD_TYPE:String=Release .
2266 # (heap buffer overflows, use of uninitialized memory, use-after-free,
2270 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
2271 # - or alternatively, build with debug info and manually run the offending
2272 # test suite with valgrind --track-origins=yes, then check if the origin
2274 msg "build: cmake release GCC, full config with constant flow testing"
2278 cmake -D CMAKE_BUILD_TYPE:String=Release .
2292 # Self-tests do not currently use multiple threads.
2298 CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan .
2310 make CFLAGS='-O -Werror -Wall -Wextra'
2319 make CFLAGS='-O -Werror -Wall -Wextra'
2336 make CFLAGS='-O -Werror -Wall -Wextra'
2349 # Note that gcc is required to allow the use of -Wno-error=cpp, which allows us to
2351 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs
2358 …make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DM…
2370 ! nm "$@" 2>/dev/null | grep -v ':$' | grep .
2376 make CFLAGS='-O1 -Werror'
2383 make CFLAGS='-O1 -Werror'
2414 make CFLAGS='-O1 -Werror' all test
2421 make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
2431 make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
2435 # which makes the no-time.h-in-baremetal check fail. Ubuntu 16.04 has this
2437 ! grep -q -F time.h /usr/include/x86_64-linux-gnu/sys/types.h
2442 msg "test/build: depends.py cipher_id (gcc)"
2443 tests/scripts/depends.py cipher_id --unset-use-psa
2447 msg "test/build: depends.py cipher_chaining (gcc)"
2448 tests/scripts/depends.py cipher_chaining --unset-use-psa
2452 msg "test/build: depends.py cipher_padding (gcc)"
2453 tests/scripts/depends.py cipher_padding --unset-use-psa
2457 msg "test/build: depends.py curves (gcc)"
2458 tests/scripts/depends.py curves --unset-use-psa
2462 msg "test/build: depends.py hashes (gcc)"
2463 tests/scripts/depends.py hashes --unset-use-psa
2467 msg "test/build: depends.py kex (gcc)"
2468 tests/scripts/depends.py kex --unset-use-psa
2472 msg "test/build: depends.py pkalgs (gcc)"
2473 tests/scripts/depends.py pkalgs --unset-use-psa
2478 msg "test/build: depends.py cipher_id (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2483 msg "test/build: depends.py cipher_chaining (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2488 msg "test/build: depends.py cipher_padding (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2493 msg "test/build: depends.py curves (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2498 msg "test/build: depends.py hashes (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2503 msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2508 msg "test/build: depends.py pkalgs (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2513 msg "build: full config - only DH 2048"
2518 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_3072
2519 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_4096
2520 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_6144
2521 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_8192
2523 make CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS"
2525 msg "test: full config - only DH 2048"
2528 msg "ssl-opt: full config - only DH 2048"
2529 tests/ssl-opt.sh -f "ffdh"
2540 # Only compile - this is primarily to test for compile issues
2541 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy'
2569 scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT'
2574 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
2585 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
2589 # full minus MBEDTLS_PSA_CRYPTO_C: run the same set of tests as basic-build-test.sh
2601 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2607 # Note: ssl-opt.sh has some test cases that depend on
2610 msg "test: ssl-opt.sh (full minus PSA crypto)"
2611 tests/ssl-opt.sh
2617 tests/compat.sh -f 'NULL'
2620 env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
2632 # ---------
2645 # -----
2655 # Make sure this was not re-enabled by accident (additive config)
2659 # -------------
2674 # ---------
2690 # -----
2696 # Make sure this was not re-enabled by accident (additive config)
2700 # -------------
2715 # ---------
2728 # -----
2734 # Make sure this was not re-enabled by accident (additive config)
2738 # -------------
2743 msg "ssl-opt: full with accelerated FFDH alg"
2744 tests/ssl-opt.sh -f "ffdh"
2748 msg "build: full with non-accelerated FFDH"
2758 msg "test suites: full with non-accelerated FFDH alg"
2761 msg "ssl-opt: full with non-accelerated FFDH alg"
2762 tests/ssl-opt.sh -f "ffdh"
2773 # ---------
2777 # Make built-in fallback not available
2782 # -----
2788 # Make sure this was not re-enabled by accident (additive config)
2792 # -------------
2813 # ---------
2818 # Disable modules that are accelerated - some will be re-enabled
2824 # Disable all curves - those that aren't accelerated should be re-enabled
2833 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
2836 # -----
2845 # ECP should be re-enabled but not the others
2852 # -------------
2858 # Run tests with only (non-)Weierstrass accelerated
2860 # - component_test_psa_crypto_config_accel_ecc_weierstrass_curves
2861 # - component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves
2864 if [ $weierstrass -eq 1 ]; then
2867 desc="non-Weierstrass"
2879 for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
2889 if [ $weierstrass -eq 1 ]; then
2903 # ---------
2906 # that's what's supported now, see docs/driver-only-builds.md.
2912 # Disable modules that are accelerated - some will be re-enabled
2918 # Disable all curves - those that aren't accelerated should be re-enabled
2927 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
2930 # -----
2939 # We expect ECDH to be re-enabled for the missing curves
2941 # We expect ECP to be re-enabled, however the parts specific to the
2943 # - functions with mxz in the name are specific to Montgomery curves
2944 # - ecp_muladd is specific to Weierstrass curves
2946 if [ $weierstrass -eq 1 ]; then
2953 # We expect ECDSA and ECJPAKE to be re-enabled only when
2955 if [ $weierstrass -eq 1 ]; then
2964 # -------------
2978 # Auxiliary function to build config for all EC based algorithms (EC-JPAKE,
2981 # - 0 keep built-in EC algs,
2982 # - 1 exclude built-in EC algs (driver only).
2985 # same config, except for the use of driver or built-in EC algorithms:
2986 # - component_test_psa_crypto_config_accel_ecc_ecp_light_only;
2987 # - component_test_psa_crypto_config_reference_ecc_ecp_light_only.
2993 if [ "$driver_only" -eq 1 ]; then
3019 # ---------
3021 # Use the same config as reference, only without built-in EC algs
3025 # - MBEDTLS_PK_PARSE_EC_EXTENDED
3026 # - MBEDTLS_PK_PARSE_EC_COMPRESSED
3029 # -----
3038 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
3045 # -------------
3050 msg "ssl-opt: full with accelerated EC algs"
3051 tests/ssl-opt.sh
3056 msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs"
3062 msg "test suites: full with non-accelerated EC algs"
3065 msg "ssl-opt: full with non-accelerated EC algs"
3066 tests/ssl-opt.sh
3070 # - component_test_psa_crypto_config_accel_ecc_no_ecp_at_all()
3071 # - component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
3076 # - 1: building with accelerated EC algorithms (ECDSA, ECDH, ECJPAKE), therefore
3077 # excluding their built-in implementation as well as ECP_C & ECP_LIGHT
3078 # - 0: include built-in implementation of EC algorithms.
3087 if [ "$driver_only" -eq 1 ]; then
3096 # Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
3099 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
3113 msg "build: full + accelerated EC algs - ECP"
3123 # ---------
3131 # -----
3134 # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic.
3142 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
3146 # Also ensure that ECP module was not re-enabled
3150 # -------------
3152 msg "test: full + accelerated EC algs - ECP"
3155 msg "ssl-opt: full + accelerated EC algs - ECP"
3156 tests/ssl-opt.sh
3172 msg "ssl-opt: full + non accelerated EC algs"
3173 tests/ssl-opt.sh
3177 # - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
3178 # - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
3180 # - component_test_psa_crypto_config_accel_ecc_no_bignum
3181 # - accelerate all EC algs, disable RSA and FFDH
3182 # - component_test_psa_crypto_config_reference_ecc_no_bignum
3183 # - this is the reference component of the above
3184 # - it still disables RSA and FFDH, but it uses builtin EC algs
3185 # - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
3186 # - accelerate all EC and FFDH algs, disable only RSA
3187 # - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
3188 # - this is the reference component of the above
3189 # - it still disables RSA, but it uses builtin EC and FFDH algs
3202 if [ "$driver_only" -eq 1 ]; then
3213 # Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
3216 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
3220 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*"
3221 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*"
3236 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH
3237 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
3238 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*"
3245 if [ "$driver_only" -eq 1 ]; then
3259 # - component_test_psa_crypto_config_accel_ecc_no_bignum
3260 # - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
3263 # - ECC only or
3264 # - both ECC and FFDH
3275 removed_text="ECP - DH"
3281 msg "build: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM"
3298 # ---------
3306 # -----
3309 # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic.
3317 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
3321 # Also ensure that ECP, RSA, [DHM] or BIGNUM modules were not re-enabled
3328 # -------------
3330 msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - DHM - BIGNUM"
3334 msg "ssl-opt: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM"
3335 tests/ssl-opt.sh
3339 # - component_test_psa_crypto_config_reference_ecc_no_bignum
3340 # - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
3368 msg "ssl-opt: full + non accelerated $accel_text algs + USE_PSA"
3369 tests/ssl-opt.sh
3389 # - component_test_tfm_config_p256m_driver_accel_ec()
3390 # - component_test_tfm_config()
3392 # Enable TF-M config
3393 cp configs/config-tfm.h "$CONFIG_H"
3400 # - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS
3413 msg "build: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
3418 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS"
3420 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
3424 # Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled
3430 grep -q p256_ecdsa_ library/libmbedcrypto.a
3432 # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
3433 # files, so we want to ensure that it has not be re-enabled accidentally.
3437 msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
3451 msg "build: TF-M config"
3452 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' tests
3457 # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
3458 # files, so we want to ensure that it has not be re-enabled accidentally.
3461 msg "test: TF-M config"
3467 # - starts from the "full" configuration minus the list of symbols passed in
3469 # - build
3470 # - test only TLS (i.e. test_suite_tls and ssl-opt)
3487 msg "ssl-opt: full minus something, test TLS"
3488 tests/ssl-opt.sh
3501 # - component_test_psa_ecc_key_pair_no_derive
3502 # - component_test_psa_ecc_key_pair_no_generate
3505 # - $1 is the key type under test, i.e. ECC/RSA/DH
3506 # - $2 is the key option to be unset (i.e. generate, derive, etc)
3512 msg "build: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
3519 scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want"
3523 msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
3541 if [ "$driver_only" -eq 1 ]; then
3549 scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_PEM_PARSE_C
3550 scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_BASE64_C
3566 # ---------
3571 # -----
3580 # Make sure this was not re-enabled by accident (additive config)
3584 # -------------
3591 msg "build: crypto_full with non-accelerated RSA"
3594 # ---------
3598 # -----
3602 # -------------
3603 msg "test: crypto_full with non-accelerated RSA"
3610 msg "Build: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC"
3640 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
3641 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
3642 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
3646 msg "Test: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC"
3652 … cat $MBEDTLS_TEST_OUTCOME_FILE | grep 'RSA PKCS1 Sign #1 (SHA512, 1536 bits RSA)' | grep -q "PASS"
3667 # ---------
3683 # -----
3689 # There's a risk of something getting re-enabled via config_psa.h;
3698 # -------------
3729 if [ "$driver_only" -eq 1 ]; then
3730 # disable the built-in implementation of hashes
3755 # ---------
3760 # -----
3766 # There's a risk of something getting re-enabled via config_psa.h;
3775 # -------------
3782 # dependency declarations in ssl-opt.sh and in TLS code are correct.
3783 msg "test: ssl-opt.sh, full with accelerated hashes"
3784 tests/ssl-opt.sh
3787 # interop testing (besides, we already got some from ssl-opt.sh).
3789 tests/compat.sh -p mbedTLS -V YES
3794 # script to find regression in test coverage when accelerated hash is used (tests and ssl-opt).
3806 msg "test: ssl-opt.sh, full without accelerated hashes"
3807 tests/ssl-opt.sh
3816 if [ "$driver_only" -eq 1 ]; then
3822 scripts/config.py unset-all MBEDTLS_SHA
3835 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
3847 # ---------
3852 # -----
3858 # Ensure that built-in support for HMAC is disabled.
3862 # -------------
3884 # would automatically be re-enabled by "config_adjust_legacy_from_psa.c"
3894 # ---------
3910 # -----
3916 # Make sure this was not re-enabled by accident (additive config)
3920 # -------------
3933 # ---------
3943 # Disable CCM_STAR_NO_TAG because this re-enables CCM_C.
3944 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
3947 # -----
3953 # Make sure this was not re-enabled by accident (additive config)
3959 # -------------
3966 # - component_test_psa_crypto_config_accel_cipher_aead_cmac
3967 # - component_test_psa_crypto_config_reference_cipher_aead_cmac
3976 # - component_test_psa_crypto_config_accel_cipher_aead_cmac
3977 # - component_test_psa_crypto_config_reference_cipher_aead_cmac
3989 # ---------
4015 # -----
4021 # Make sure this was not re-enabled by accident (additive config)
4033 # -------------
4038 msg "ssl-opt: full config with accelerated cipher inc. AEAD and CMAC"
4039 tests/ssl-opt.sh
4042 tests/compat.sh -V NO -p mbedTLS
4046 msg "build: full config with non-accelerated cipher inc. AEAD and CMAC"
4051 msg "test: full config with non-accelerated cipher inc. AEAD and CMAC"
4054 msg "ssl-opt: full config with non-accelerated cipher inc. AEAD and CMAC"
4055 tests/ssl-opt.sh
4057 msg "compat.sh: full config with non-accelerated cipher inc. AEAD and CMAC"
4058 tests/compat.sh -V NO -p mbedTLS
4067 if [ "$TEST_WITH_DRIVER" -eq 1 ]; then
4076 # legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h".
4079 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR
4080 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB
4081 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB
4082 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
4083 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
4084 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC
4085 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
4105 # ---------
4110 # -----
4116 # Make sure disabled components were not re-enabled by accident (additive
4123 # -------------
4145 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
4157 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
4158 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM
4169 cp configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H"
4179 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
4190 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../t…
4195 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC"
4200 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../t…
4205 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
4212 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../t…
4217 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD5 - other hashes"
4221 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4222 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4223 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4224 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
4225 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4226 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
4227 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4231 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../te…
4236 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RIPEMD160 - other hashes"
4240 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4241 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4242 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4243 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
4244 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4245 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
4246 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4250 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -…
4255 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_1 - other hashes"
4259 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4260 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4261 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4262 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
4263 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4264 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
4265 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4269 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../…
4274 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_224 - other hashes"
4278 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4279 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4280 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4281 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4282 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
4283 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4285 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I.…
4290 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_256 - other hashes"
4294 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4295 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4296 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4297 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4298 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4299 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
4301 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I.…
4306 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_384 - other hashes"
4310 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4311 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4312 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4313 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4314 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
4315 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4319 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I.…
4324 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_512 - other hashes"
4328 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4329 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4330 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4331 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4332 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
4333 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4334 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4338 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I.…
4343 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RS…
4347 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
4348 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
4349 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
4350 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
4352 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V1…
4357 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA…
4361 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
4362 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
4363 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
4364 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
4366 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V1…
4371 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_K…
4375 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_OAEP 1
4376 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
4377 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
4378 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
4380 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I…
4385 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KE…
4389 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
4390 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
4391 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
4392 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
4394 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I.…
4399 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_…
4403 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
4404 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
4405 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
4406 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
4407 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
4409 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KE…
4414 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PS…
4418 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
4419 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
4421 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PU…
4430 # test the TF-M configuration can build cleanly with various warning flags enabled
4431 cp configs/config-tfm.h "$CONFIG_H"
4433 msg "build: TF-M config, armclang armv7-m thumb2"
4434 …--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strin…
4438 # Check that the TF-M configuration can build cleanly with various
4440 # TF-M configuration needs a TF-M platform. A tweaked version of
4442 # configs/config-tfm.h, tested via test-ref-configs.pl.
4443 cp configs/config-tfm.h "$CONFIG_H"
4445 msg "build: TF-M config, clang, armv7-m thumb2"
4446 …--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-str…
4448 msg "build: TF-M config, gcc native build"
4450 …gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wf…
4460 # e.g. "-DOPT1 -DOPT2 ...". It must return 0 iff the combination is valid, non-zero if invalid.
4477 # The most common issue is unused variables/functions, so ensure -Wunused is set.
4478 …-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wform…
4483 # Add -fsyntax-only as we only want a syntax check and don't need to generate a file.
4484 compile_cmd="clang \$(LOCAL_CFLAGS) ${warning_flags} -fsyntax-only -c"
4502 opt=-D${options[$j]}
4509 if [[ -z $validate_options ]] || $validate_options "${clang_args}"; then
4521 make -s -f ${makefile} build_test_config_combos
4542 # 18s - around 90ms per clang invocation on M1 Pro
4578 msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s
4588 # to re-enable platform integration features otherwise disabled in C99 builds
4589 make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs
4590 make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test
4595 msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s
4600 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check .
4605 msg "build: full config except SSL server, make, gcc" # ~ 30s
4608 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
4612 msg "build: full config except SSL client, make, gcc" # ~ 30s
4615 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
4621 msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s
4624 scripts/config.py set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
4625 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib
4634 cmake -DCMAKE_BUILD_TYPE:String=Release .
4645 cmake -DCMAKE_BUILD_TYPE:String=Release .
4651 msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C"
4653 tests/ssl-opt.sh -e '^DTLS proxy'
4660 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4663 msg "test: ssl-opt.sh, MFL-related tests"
4664 tests/ssl-opt.sh -f "Max fragment length"
4671 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4677 msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
4678 tests/ssl-opt.sh
4683 msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
4684 tests/context-info.sh
4692 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4696 tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
4698 msg "test: context-info.sh (disabled MFL extension case)"
4699 tests/context-info.sh
4705 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4711 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
4712 tests/ssl-opt.sh
4722 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4728 msg "test: ssl-opt.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled"
4729 tests/ssl-opt.sh
4742 cmake -DCMAKE_BUILD_TYPE:String=Release .
4749 tests/ssl-opt.sh -f "Handshake memory usage"
4762 msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
4763 tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM'
4769 cmake -D CMAKE_BUILD_TYPE:String=Check .
4772 msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites"
4781 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4791 …make CC=$ASAN_CC CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-nul…
4801 msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)"
4807 tests/ssl-opt.sh -e 'proxy'
4811 # Check that gcc targets x86_64 (we can build AESNI), and check for
4817 # In principle 32-bit x86 can support AESNI, but our implementation does not
4818 # support 32-bit x86, so we check for x86-64.
4819 # We can only grep /proc/cpuinfo on Linux, so this also checks for Linux
4820 (gcc -v 2>&1 | grep Target | grep -q x86_64) &&
4821 [[ "$HOSTTYPE" == "x86_64" && "$OSTYPE" == "linux-gnu" ]] &&
4822 (lscpu | grep -qw aes)
4829 # This test does not require the host to have support for AESNI (if it doesn't, the run-time
4841 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes'
4842 # check that we built intrinsics - this should be used by default when supported by the compiler
4843 ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
4848 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes'
4849 … # check that we built assembly - this should be built if the compiler does not support intrinsics
4850 ./programs/test/selftest aes | grep "AESNI code" | grep -q "assembly"
4857 make CC=gcc CFLAGS='-O2 -Werror'
4859 ./programs/test/selftest aes | not grep -q "AESNI code"
4860 not grep -q "AES note: using AESNI" ./programs/test/selftest
4861 grep -q "AES note: built-in implementation." ./programs/test/selftest
4868 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes'
4869 ./programs/test/selftest aes | grep -q "AES note: using AESNI"
4870 ./programs/test/selftest aes | not grep -q "AES note: built-in implementation."
4871 grep -q "AES note: using AESNI" ./programs/test/selftest
4872 not grep -q "AES note: built-in implementation." ./programs/test/selftest
4886 …make -C tests test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=1 -DMBEDTLS_SHA3_PI_UNROLL=1 -DM…
4891 …make -C tests test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=0 -DMBEDTLS_SHA3_PI_UNROLL=0 -DM…
4896 support_test_m32_no_asm && (lscpu | grep -qw aes)
4910 # test the intrinsics implementation with gcc
4911 msg "AES tests, test intrinsics (gcc)"
4913 make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
4914 # check that we built intrinsics - this should be used by default when supported by the compiler
4915 ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
4916 grep -q "AES note: using AESNI" ./programs/test/selftest
4917 grep -q "AES note: built-in implementation." ./programs/test/selftest
4918 grep -q "AES note: using VIA Padlock" ./programs/test/selftest
4919 grep -q mbedtls_aesni_has_support ./programs/test/selftest
4926 make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32'
4927 ./programs/test/selftest aes | grep -q "AES note: using AESNI"
4928 ./programs/test/selftest aes | not grep -q "AES note: built-in implementation."
4929 grep -q "AES note: using AESNI" ./programs/test/selftest
4930 not grep -q "AES note: built-in implementation." ./programs/test/selftest
4931 not grep -q "AES note: using VIA Padlock" ./programs/test/selftest
4932 not grep -q mbedtls_aesni_has_support ./programs/test/selftest
4937 support_test_aesni_m32 && [[ $(clang_version) -ge 4 ]]
4950 make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
4951 # check that we built intrinsics - this should be used by default when supported by the compiler
4952 ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
4953 grep -q "AES note: using AESNI" ./programs/test/selftest
4954 grep -q "AES note: built-in implementation." ./programs/test/selftest
4955 grep -q "AES note: using VIA Padlock" ./programs/test/selftest
4956 grep -q mbedtls_aesni_has_support ./programs/test/selftest
4959 # For timebeing, no aarch64 gcc available in CI and no arm64 CI node.
4964 # armc[56] don't support SHA-512 intrinsics
4971 # this feature would prevent us from building with -Werror on
4979 armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
4984 armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
4989 [[ $(clang_version) -ge 11 ]]
4998 make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
5001 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -mar…
5004 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mth…
5009 make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
5012 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -mar…
5015 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mth…
5020 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -mar…
5021 grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
5023 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mth…
5024 grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
5026 make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
5027 grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
5033 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -mar…
5034 not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
5036 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mth…
5037 not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
5039 make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
5040 not grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
5045 [[ $(clang_version) -ge 4 ]]
5055 make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
5057 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -ma…
5064 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mt…
5069 make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
5076 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -ma…
5078 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mt…
5086 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -ma…
5087 grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
5090 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mt…
5091 grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
5094 make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
5095 grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
5102 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -ma…
5103 not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
5106 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mt…
5107 not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
5110 make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
5111 not grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
5121 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
5122 grep -q mbedtls_padlock_has_support ./programs/test/selftest
5127 ( [ "$MBEDTLS_TEST_PLATFORM" == "Linux-x86_64" ] || \
5128 [ "$MBEDTLS_TEST_PLATFORM" == "Linux-amd64" ] ) && \
5129 [ "`dpkg --print-foreign-architectures`" == "i386" ]
5141 make CFLAGS='-O2 -Werror -Wall -Wextra'
5148 msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
5153 make CC=clang CFLAGS='-Werror -Wall -Wextra'
5155 msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
5160 msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
5166 make CFLAGS='-O2 -Werror -Wall -Wextra'
5168 msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
5171 msg "selftest: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
5176 msg "build: default config + GCM_LARGE_TABLE - AESNI_C - AESCE_C"
5182 make CFLAGS='-O2 -Werror -Wall -Wextra'
5184 msg "test: default config - GCM_LARGE_TABLE - AESNI_C - AESCE_C"
5191 make CFLAGS='-O2 -Werror -Wall -Wextra'
5200 make CFLAGS='-O2 -Werror -Wall -Wextra'
5210 make CFLAGS='-O2 -Werror -Wall -Wextra'
5217 # - enable/disable the list of config options passed from -s/-u respectively.
5218 # - build
5219 # - test for tests_suite_xxx
5220 # - selftest
5223 # [-s set_opts] [-u unset_opts] [-c cflags] [-l ldflags] [option [...]]
5224 # Options: -s set_opts the list of config options to enable
5225 # -u unset_opts the list of config options to disable
5226 # -c cflags the list of options passed to CFLAGS
5227 # -l ldflags the list of options passed to LDFLAGS
5229 while [ $# -gt 0 ]; do
5231 -s)
5233 -u)
5235 -c)
5236 shift; local cflags="-Werror -Wall -Wextra $1";;
5237 -l)
5242 set_opts="${set_opts:-}"
5243 unset_opts="${unset_opts:-}"
5244 cflags="${cflags:-}"
5245 ldflags="${ldflags:-}"
5247 [ -n "$set_opts" ] && echo "Enabling: $set_opts" && scripts/config.py set-all $set_opts
5248 [ -n "$unset_opts" ] && echo "Disabling: $unset_opts" && scripts/config.py unset-all $unset_opts
5250 …msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $uns…
5252 make CFLAGS="-O2 $cflags" LDFLAGS="$ldflags"
5263 …msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unse…
5266 …ult config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $c…
5271 # - component_test_block_cipher_no_decrypt_aesni_legacy()
5272 # - component_test_block_cipher_no_decrypt_aesni_use_psa()
5279 -s "MBEDTLS_AESNI_C" \
5280 -c "-mpclmul -msse2 -maes"
5284 -s "MBEDTLS_AESNI_C" \
5285 -c "-mno-pclmul -mno-sse2 -mno-aes"
5289 -u "MBEDTLS_AESNI_C"
5293 -s "MBEDTLS_AESNI_C" \
5294 -c "-m32 -mpclmul -msse2 -maes" \
5295 -l "-m32"
5310 if [ "$use_psa" -eq 1 ]; then
5314 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
5315 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
5316 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
5317 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES
5322 # This consistently causes an llvm crash on clang 3.8, so use gcc
5323 export CC=gcc
5329 # This consistently causes an llvm crash on clang 3.8, so use gcc
5330 export CC=gcc
5342 # armc[56] don't support SHA-512 intrinsics
5349 # this feature would prevent us from building with -Werror on
5359 … armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra"
5377 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
5389 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
5402 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
5412 make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS"
5422 loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
5423 …loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
5424 loc_cflags="${loc_cflags} -I../tests/include -O2"
5441 cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
5450 $cc --version
5453 make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror"
5456 # optimizations use inline assembly whereas runs with -O0
5464 # to disable the existing test_clang_opt function for linux.
5465 if [[ $(uname) != "Linux" ]]; then
5468 test_build_opt 'full config' clang -O0 -Os -O2
5474 test_build_opt 'full config' "$CLANG_LATEST" -O0 -Os -O2
5482 test_build_opt 'full config' "$CLANG_EARLIEST" -O0
5490 test_build_opt 'full config' "$GCC_LATEST" -O0 -Os -O2
5498 test_build_opt 'full config' "$GCC_EARLIEST" -O0
5506 scripts/config.py -w full_config.h full
5508 make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'"
5517 …make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"use…
5520 rm -f user_config.h full_config.h
5528 make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'"
5538 …make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DMBEDTLS_PSA_CRYP…
5541 rm -f psa_test_config.h psa_user_config.h
5549 …make -C tests include/alt-extra/psa/crypto_platform_alt.h include/alt-extra/psa/crypto_struct_alt.h
5554 …make CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platfo…
5555 …make -C programs -o fuzz CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE=…
5559 programs/test/query_included_headers | grep -x PSA_CRYPTO_PLATFORM_ALT_H
5560 programs/test/query_included_headers | grep -x PSA_CRYPTO_STRUCT_ALT_H
5561 programs/test/query_included_headers | not grep -x PSA_CRYPTO_PLATFORM_H
5562 programs/test/query_included_headers | not grep -x PSA_CRYPTO_STRUCT_H
5566 # Build without assembly, so as to use portable C code (in a 32-bit
5567 # build) and not the i386-specific inline assembly.
5569 # Note that we require gcc, because clang Asan builds fail to link for
5570 # this target (cannot find libclang_rt.lsan-i386.a - this is a known clang issue).
5571 msg "build: i386, make, gcc, no asm (ASan build)" # ~ 30s
5575 scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
5576 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
5578 msg "test: i386, make, gcc, no asm (ASan build)"
5582 case $(uname -m) in
5591 msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s
5593 scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
5594 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
5596 msg "test: i386, make, gcc -O2 (ASan build)"
5599 msg "test ssl-opt.sh, i386, make, gcc-O2"
5600 tests/ssl-opt.sh
5609 scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
5610 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
5612 msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
5615 msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
5616 tests/ssl-opt.sh -f ECDH
5618 …msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 …
5620 tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
5627 msg "build: 64-bit ILP32, make, gcc" # ~ 30s
5629 make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -mx32' LDFLAGS='-mx32'
5631 msg "test: 64-bit ILP32, make, gcc"
5635 case $(uname -m) in
5644 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
5647 msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s
5652 msg "build: gcc, force 32-bit bignum limbs"
5657 make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32'
5659 msg "test: gcc, force 32-bit bignum limbs"
5664 msg "build: gcc, force 64-bit bignum limbs"
5669 make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64'
5671 msg "test: gcc, force 64-bit bignum limbs"
5676 msg "build: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)"
5683 …make CC=gcc CFLAGS="$ASAN_CFLAGS -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32" LDFLAGS="$ASAN_CFLAGS"
5685 msg "test: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)"
5693 make CFLAGS='-Werror -O1'
5703 make CFLAGS='-Werror -O1'
5717 make CFLAGS='-Werror -Os'
5728 make CFLAGS='-Werror -O2'
5733 msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_INFO" # ~ 1 min
5734 tests/ssl-opt.sh
5738 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" # ~ 10s
5740 …NE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLA…
5742 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug"
5743 ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
5747 msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s
5751 # See https://github.com/Mbed-TLS/mbedtls/pull/2169 and comments.
5753 # https://github.com/Mbed-TLS/mbedtls/pull/3449#issuecomment-675313720
5754 …INUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra …
5756 msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
5757 ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o
5760 type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1
5764 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s
5768 # in case the gcc-arm-linux-gnueabi toolchain is not available
5769 …C_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=arm…
5771 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
5772 ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
5776 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus, baremetal_size" # ~ 10s
5778 …EFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -…
5780 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size"
5781 ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
5784 ${ARM_NONE_EABI_GCC_PREFIX}size -t $lib | grep TOTALS
5789 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
5792 …M_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" …
5793 echo "Checking that software 64-bit division is not required"
5798 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
5801 …EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS=…
5802 echo "Checking that software 64-bit multiplication is not required"
5813 …make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -march=armv7-m -mthumb' …
5815 # Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os
5816 msg "build: clang thumb 1 -O0, make"
5818 …make CC="clang" CFLAGS='-std=c99 -Werror -O0 --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb…
5820 msg "build: clang thumb 1 -Os, make"
5822 …make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb…
5828 # armc[56] don't support SHA-512 intrinsics
5831 # older versions of armcc/armclang don't support AESCE_C on 32-bit Arm
5838 # this feature would prevent us from building with -Werror on
5844 make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
5847 "$ARMC5_FROMELF" -z library/*.o
5849 # Compile mostly with -O1 since some Arm inline assembly is disabled for -O0.
5851 # ARM Compiler 6 - Target ARMv7-A
5852 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a"
5854 # ARM Compiler 6 - Target ARMv7-M
5855 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m"
5857 # ARM Compiler 6 - Target ARMv7-M+DSP
5858 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m+dsp"
5860 # ARM Compiler 6 - Target ARMv8-A - AArch32
5861 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8.2-a"
5863 # ARM Compiler 6 - Target ARMv8-M
5864 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main"
5866 # ARM Compiler 6 - Target Cortex-M0 - no optimisation
5867 armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0"
5869 # ARM Compiler 6 - Target Cortex-M0
5870 armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0"
5872 # ARM Compiler 6 - Target ARMv8.2-A - AArch64
5874 # Re-enable MBEDTLS_AESCE_C as this should be supported by the version of armclang
5877 armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
5887 msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_3, cmake, gcc, ASan"
5889 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
5895 msg "test: ssl-opt.sh (ASan build)"
5896 tests/ssl-opt.sh
5906 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
5911 msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled"
5912 tests/ssl-opt.sh
5928 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
5933 msg "ssl-opt.sh: TLS 1.3 only, only PSK key exchange mode enabled"
5934 tests/ssl-opt.sh
5942 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
5947 msg "ssl-opt.sh: TLS 1.3 only, only ephemeral key exchange mode"
5948 tests/ssl-opt.sh
5958 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
5963 msg "ssl-opt.sh: TLS 1.3 only, only ephemeral ffdh key exchange mode"
5964 tests/ssl-opt.sh
5978 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
5983 msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral key exchange mode"
5984 tests/ssl-opt.sh
5999 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
6004 msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode"
6005 tests/ssl-opt.sh
6018 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
6023 msg "ssl-opt.sh: TLS 1.3 only, PSK and PSK ephemeral key exchange modes"
6024 tests/ssl-opt.sh
6031 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
6036 msg "ssl-opt.sh: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
6037 tests/ssl-opt.sh
6044 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
6048 msg "ssl-opt.sh (TLS 1.3 no padding)"
6049 tests/ssl-opt.sh
6056 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
6060 msg "ssl-opt.sh (TLS 1.3 no compatibility mode)"
6061 tests/ssl-opt.sh
6065 msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
6066 …make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall …
6069 …make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -maes …
6072 msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
6073 …make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall …
6074 …make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall …
6077 …msg "build: Windows cross build - mingw64, make (Library only, default config without MBEDTLS_AESN…
6079 …make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall …
6083 case $(i686-w64-mingw32-gcc -dumpversion 2>/dev/null) in
6084 [0-5]*|"") false;;
6092 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
6099 tests/scripts/run-metatests.sh any msan
6104 msg "test: ssl-opt.sh (MSan)" # ~ 1 min
6105 tests/ssl-opt.sh
6109 if [ "$MEMORY" -gt 0 ]; then
6118 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
6127 if [ "$MEMORY" -gt 0 ]; then
6128 msg "test: ssl-opt.sh --memcheck (default config)"
6129 tests/ssl-opt.sh --memcheck
6132 if [ "$MEMORY" -gt 1 ]; then
6133 msg "test: compat.sh --memcheck (default config)"
6134 tests/compat.sh --memcheck
6137 if [ "$MEMORY" -gt 0 ]; then
6138 msg "test: context-info.sh --memcheck (default config)"
6139 tests/context-info.sh --memcheck
6147 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
6160 # Attempt to parse lsb-release to find out distribution and version. If not
6162 if [[ -f /etc/lsb-release ]]; then
6164 while read -r lsb_line; do
6169 done < /etc/lsb-release
6181 [ "$distrib_id" != "Ubuntu" ] || [ "$distrib_ver_major" -gt 16 ]
6189 msg "build: cmake 'out-of-source' build"
6194 cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON "$MBEDTLS_ROOT_DIR"
6197 msg "test: cmake 'out-of-source' build"
6199 # Check that ssl-opt.sh can find the test programs.
6202 # file is missing (ssl-opt.sh tolerates the absence of some files so
6204 ./tests/ssl-opt.sh -f 'Default' >ssl-opt.out 2>ssl-opt.err
6205 grep PASS ssl-opt.out
6206 cat ssl-opt.err >&2
6207 # If ssl-opt.err is non-empty, record an error and keep going.
6208 [ ! -s ssl-opt.err ]
6209 rm ssl-opt.out ssl-opt.err
6211 rm -rf "$OUT_OF_SOURCE_DIR"
6219 msg "build: cmake 'as-subdirectory' build"
6222 cmake -D GEN_FILES=ON .
6235 msg "build: cmake 'as-package' build"
6250 msg "build: cmake 'as-installed-package' build"
6261 # Make a copy of config file to use for the in-tree test
6272 msg "build: cmake with -DMBEDTLS_CONFIG_FILE"
6273 scripts/config.py -w full_config.h full
6274 echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H"
6275 cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h "$MBEDTLS_ROOT_DIR"
6278 msg "build: cmake with -DMBEDTLS_CONFIG_FILE + -DMBEDTLS_USER_CONFIG_FILE"
6283 …cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h…
6287 rm -f user_config.h full_config.h
6290 rm -rf "$OUT_OF_SOURCE_DIR"
6292 # Now repeat the test for an in-tree build:
6294 # Restore config for the in-tree test
6301 msg "build: cmake (in-tree) with -DMBEDTLS_CONFIG_FILE"
6302 scripts/config.py -w full_config.h full
6303 echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H"
6304 cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h .
6307 msg "build: cmake (in-tree) with -DMBEDTLS_CONFIG_FILE + -DMBEDTLS_USER_CONFIG_FILE"
6312 …cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h…
6316 rm -f user_config.h full_config.h
6328 # Only compile - we're looking for sizeof-pointer-memaccess warnings
6329 …CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_T…
6344 if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then
6345 gdb_disable_aslr='set disable-randomization off'
6348 for optimization_flag in -O2 -O3 -Ofast -Os; do
6349 for compiler in clang gcc; do
6352 …gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroi…
6354 not grep -i "error" test_zeroize.log
6355 rm -f test_zeroize.log
6362 # The arch tests build with gcc, so require use of gcc here to link properly
6363 msg "build: make, default config (out-of-box), libmbedcrypto.a only"
6364 CC=gcc make -C library libmbedcrypto.a
6367 CC=gcc ./tests/scripts/test_psa_compliance.py
6371 # psa-compliance-tests only supports CMake >= 3.10.0
6372 ver="$(cmake --version)"
6379 [ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ]
6388 case $(uncrustify --version) in
6396 tests/scripts/check-python-files.sh
6403 # harmless info on stdout so it can be suppress with --quiet.
6407 python3 -m unittest tests/scripts/translate_ciphers.py 2>&1
6428 # Function invoked by --error-test to test error reporting.
6431 if [ $KEEP_GOING -ne 0 ]; then
6437 # Expected error: 'grep non_existent /dev/null -> 1'
6439 # Expected error: '! grep -q . tests/scripts/all.sh -> 1'
6440 not grep -q . "$0"
6441 # Expected error: 'make unknown_target -> 2'
6457 linux*|freebsd*|openbsd*) dd_cmd+=(status=none)
6463 if [ $KEEP_GOING -eq 1 ]; then
6464 # We want to keep running if the subshell fails, so 'set -e' must
6469 if [ $QUIET -eq 1 ]; then
6474 if [ $KEEP_GOING -eq 1 ]; then
6475 # Keep "set -e" off, and run an ERR trap instead to record failures.
6476 set -E
6481 if [ $KEEP_GOING -eq 1 ]; then
6482 trap - ERR
6487 if [ $KEEP_GOING -eq 1 ]; then
6488 set -e
6489 if [ $component_status -ne 0 ]; then
6510 if [ $KEEP_GOING -eq 1 ]; then