Lines Matching +full:build +full:- +full:and +full:- +full:test
6 # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
15 # -------
20 # ---------------
22 # Warning: the test is destructive. It includes various build modes and
23 # configurations, and can and will arbitrarily change the current CMake
28 # After running this script, the CMake cache will be lost and CMake
32 # * Basic Unix tools (Windows users note: a Unix-style find must be before
37 # * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind)
39 # * arm-gcc and mingw-gcc
40 # * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
41 # * OpenSSL and GnuTLS command line tools, in suitable versions for the
53 # The behavior on an error depends on whether --keep-going (alias -k)
55 # * Without --keep-going: the script stops on the first error without
58 # * With --keep-going: the script runs all requested components and
63 # script -c tests/scripts/all.sh
68 # ---------------------
75 # * component_build_XXX: build things but don't run them.
76 # * component_test_XXX: build and test.
78 # * support_XXX: if support_XXX exists and returns false then
89 # fails if any command in it returns a non-zero status.
93 # cleaned-up state, and don't need to perform the cleanup themselves.
98 # `tests/Makefile` and `programs/fuzz/Makefile` from git.
99 # This cleans up after an in-tree use of CMake.
103 # the end and fast checks near the beginning.
108 #### Initialization and command line parsing
111 # Abort on errors (even on the left-hand side of a pipe).
113 set -e -o pipefail -u
116 shopt -s extglob
119 test -d include -a -d library -a -d programs -a -d tests
123 test -d include -a -d core -a -d drivers -a -d programs -a -d tests
128 echo "Must be run from Mbed TLS / TF-PSA-Crypto root" >&2
140 CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
143 # suffix from auxiliary scripts so that all.sh and auxiliary scripts can
149 # Files clobbered by in-tree cmake
159 # Seed value used with the --release-test option.
161 # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if
164 # basic-build-test.sh as well.
167 # Specify character collation for regular expressions and sorting with C locale
171 … : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
178 : ${GNUTLS_CLI:="gnutls-cli"}
179 : ${GNUTLS_SERV:="gnutls-serv"}
183 : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
184 : ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
185 : ${CLANG_LATEST:="clang-latest"}
186 : ${CLANG_EARLIEST:="clang-earliest"}
187 : ${GCC_LATEST:="gcc-latest"}
188 : ${GCC_EARLIEST:="gcc-earliest"}
189 # if MAKEFLAGS is not set add the -j option to speed up invocations of make
190 if [ -z "${MAKEFLAGS+set}" ]; then
191 export MAKEFLAGS="-j$(all_sh_nproc)"
193 # if CC is not set, use clang by default (if present) to improve build times
194 if [ -z "${CC+set}" ] && (type clang > /dev/null 2>&1); then
201 # CFLAGS and LDFLAGS for Asan builds that don't use CMake
202 # default to -O2, use -Ox _after_ this if you want another level
203 ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
213 ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
221 # Pick up "quiet" wrappers for make and cmake, which don't output very much
225 if [[ -e ${PWD}/tests/scripts/quiet ]]; then
230 # Test whether the component $1 is included in the command line patterns.
235 set -f
255 $0 --no-armcc --except test_memsan
256 Run everything except builds that require armcc and MemSan.
259 -h|--help Print this help and exit.
260 --list-all-components List all available test components and exit.
261 --list-components List components supported on this platform and exit.
264 -q|--quiet Only output component names, and errors if any.
265 -f|--force Force the tests to overwrite any modified files.
266 -k|--keep-going Run all tests and report errors at the end.
267 -m|--memory Additional optional memory tests.
268 --append-outcome Append to the outcome file (if used).
269 --arm-none-eabi-gcc-prefix=<string>
270 Prefix for a cross-compiler for arm-none-eabi
272 --arm-linux-gnueabi-gcc-prefix=<string>
273 Prefix for a cross-compiler for arm-linux-gnueabi
275 --armcc Run ARM Compiler builds (on by default).
276 --restore First clean up the build tree, restoring backed up
279 --error-test Error test mode: run a failing function in addition
281 --except Exclude the COMPONENTs listed on the command line,
283 --no-append-outcome Write a new outcome file and analyze it (default).
284 --no-armcc Skip ARM Compiler builds.
285 --no-force Refuse to overwrite modified files (default).
286 --no-keep-going Stop at the first error (default).
287 --no-memory No additional memory tests (default).
288 --no-quiet Print full output from components.
289 --out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
290 --outcome-file=<path> File where test outcomes are written (not done if
292 --random-seed Use a random seed value for randomized tests (default).
293 …-r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED…
294 -s|--seed Integer seed value to use for this test run.
297 --armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
298 --armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory.
299 --clang-earliest=<Clang_earliest_path> Earliest version of clang available
300 --clang-latest=<Clang_latest_path> Latest version of clang available
301 --gcc-earliest=<GCC_earliest_path> Earliest version of GCC available
302 --gcc-latest=<GCC_latest_path> Latest version of GCC available
303 --gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
304 --gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
305 --openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
306 … --openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
320 find . -name .git -prune -o \
321 -iname CMakeFiles -exec rm -rf {} \+ -o \
322 \( -iname cmake_install.cmake -o \
323 -iname CTestTestfile.cmake -o \
324 -iname CMakeCache.txt -o \
325 -path './cmake/*.cmake' \) -exec rm -f {} \+
326 # Recover files overwritten by in-tree CMake builds
327 rm -f include/Makefile include/mbedtls/Makefile programs/!(fuzz)/Makefile
329 # Remove any artifacts from the component_test_cmake_as_subdirectory test.
330 rm -rf programs/test/cmake_subproject/build
331 rm -f programs/test/cmake_subproject/Makefile
332 rm -f programs/test/cmake_subproject/cmake_subproject
334 # Remove any artifacts from the component_test_cmake_as_package test.
335 rm -rf programs/test/cmake_package/build
336 rm -f programs/test/cmake_package/Makefile
337 rm -f programs/test/cmake_package/cmake_package
339 # Remove any artifacts from the component_test_cmake_as_installed_package test.
340 rm -rf programs/test/cmake_package_install/build
341 rm -f programs/test/cmake_package_install/Makefile
342 rm -f programs/test/cmake_package_install/cmake_package_install
346 if [[ -e "$x$backup_suffix" ]]; then
347 cp -p "$x$backup_suffix" "$x"
353 # in non-keep-going mode).
358 rm -f "$x$backup_suffix"
370 trap - $1
371 kill -$1 $$
384 sysctl -n hw.ncpuonline || # NetBSD, OpenBSD
385 sysctl -n hw.ncpu || # FreeBSD
392 if [ -n "${current_component:-}" ]; then
398 if [ $QUIET -eq 1 ]; then
413 msg "build: ARM Compiler 6 ($FLAGS)"
416 WARNING_CFLAGS='-Werror -xc -std=c99' make lib
419 "$ARMC6_FROMELF" -z library/*.o
447 # all.sh will still run and work properly.
448 while [ $# -gt 0 ]; do
450 --append-outcome) append_outcome=1;;
451 --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
452 --arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";;
453 --armcc) no_armcc=;;
454 --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
455 --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
456 --clang-earliest) shift; CLANG_EARLIEST="$1";;
457 --clang-latest) shift; CLANG_LATEST="$1";;
458 --error-test) error_test=$((error_test + 1));;
459 --except) all_except=1;;
460 --force|-f) FORCE=1;;
461 --gcc-earliest) shift; GCC_EARLIEST="$1";;
462 --gcc-latest) shift; GCC_LATEST="$1";;
463 --gnutls-cli) shift; GNUTLS_CLI="$1";;
464 --gnutls-legacy-cli) shift;; # ignored for backward compatibility
465 --gnutls-legacy-serv) shift;; # ignored for backward compatibility
466 --gnutls-serv) shift; GNUTLS_SERV="$1";;
467 --help|-h) usage; exit;;
468 --keep-going|-k) KEEP_GOING=1;;
469 --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
470 --list-components) list_components=1;;
471 --memory|-m) MEMORY=1;;
472 --no-append-outcome) append_outcome=0;;
473 --no-armcc) no_armcc=1;;
474 --no-force) FORCE=0;;
475 --no-keep-going) KEEP_GOING=0;;
476 --no-memory) MEMORY=0;;
477 --no-quiet) QUIET=0;;
478 --openssl) shift; OPENSSL="$1";;
479 --openssl-next) shift; OPENSSL_NEXT="$1";;
480 --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";;
481 --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
482 --quiet|-q) QUIET=1;;
483 --random-seed) unset SEED;;
484 --release-test|-r) SEED=$RELEASE_SEED;;
485 --restore) restore_first=1;;
486 --seed|-s) shift; SEED="$1";;
487 -*)
489 echo >&2 "Run $0 --help for usage."
507 if [ $list_components -eq 1 ]; then
513 if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then
517 # --no-armcc is a legacy option. The modern way is --except '*_armcc*'.
519 if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then
524 if [ $all_except -eq 0 ]; then
528 set -f
544 if [ $unsupported -ne 0 ]; then
549 # Build the list of components to run.
552 if is_component_included "$component"; [ $? -eq $all_except ]; then
562 if [ $FORCE -eq 1 ]; then
563 rm -rf "$OUT_OF_SOURCE_DIR"
564 git checkout-index -f -q $CONFIG_H
568 if [ -d "$OUT_OF_SOURCE_DIR" ]; then
569 echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2
570 echo "You can either delete this directory manually, or force the test by rerunning"
571 echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR"
575 if ! git diff --quiet "$CONFIG_H"; then
576 err_msg "Warning - the configuration file '$CONFIG_H' has been edited. "
577 echo "You can either delete or preserve your work, or force the test by rerunning the"
578 echo "script as: $0 --force"
590 case "$(head -n1 Makefile)" in
592 …git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile pro…
593 … git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
600 cp -p "$x" "$x$backup_suffix"
616 if [ -t 1 ]; then
617 case "${TERM:-}" in
626 failure_summary_file=$PWD/all-sh-failures-$$.log
630 # command fails (test command) or not (configure or build).
643 *make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ...
644 *test*) true;; # make test, tests/stuff, env V=v tests/stuff, ...
660 failed_command=${report_failed_command-$BASH_COMMAND}
662 if [[ $last_failure_status -eq $previous_failure_status &&
664 ${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]]
668 # command of a function returns a nonzero status, and the function
677 text="$current_section: $failed_command -> $last_failure_status"
681 # If the command is fatal (configure or build command), stop this
682 # component. Otherwise (test command) keep the component running
683 # (run more tests from the same build).
690 if [ $failure_count -gt 0 ]; then
696 elif [ -z "${1-}" ]; then
699 if [ -n "${1-}" ]; then
702 rm -f "$failure_summary_file"
703 if [ $failure_count -gt 0 ]; then
709 # record_status() and if_build_succeeded() are kept temporarily for backward
732 if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then
733 rm -f "$MBEDTLS_TEST_OUTCOME_FILE"
738 if [ $QUIET -eq 1 ]; then
745 echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}"
746 echo "SEED: ${SEED-"UNSET"}"
758 # Build the list of variables to pass to output_env.sh.
762 # Require OpenSSL and GnuTLS if running any tests (as opposed to
763 # only doing builds). Not all tests run OpenSSL and GnuTLS, but this
766 # To avoid setting OpenSSL and GnuTLS for each call to compat.sh
767 # and ssl-opt.sh, we just export the variables they require.
771 # Avoid passing --seed flag in every call to ssl-opt.sh
772 if [ -n "${SEED-}" ]; then
791 *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";;
811 if [ $QUIET -eq 1 ]; then
828 if [ $QUIET -eq 1 ]; then
836 if command -v clang > /dev/null ; then
837 clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#'
848 # -------------------------
850 # 1. Define the list algorithms and key types to accelerate,
853 # - loc_accel_list="ALG_JPAKE"
854 # - loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY"
855 # 2. Make configurations changes for the driver and/or main libraries.
859 # the base to use, and makes common adjustments.
861 # These changes affect both the driver and the main libraries.
869 # file: tests/include/test/drivers/config_test_driver.h. You usually
873 # 3. Build the driver library, then the main libraries, test, and programs.
883 # you don't want to build everything when iterating during development.
885 # helper_libtestdriver1_make_main "$loc_accel_list" -C tests test_suite_foo
888 # Adjust the configuration - for both libtestdriver1 and main library,
897 # Enable PSA-based config (necessary to use drivers)
900 # Dynamic secure element support is a deprecated feature and needs to be disabled here.
901 # This is done to have the same form of psa_key_attributes_s for libdriver and library.
904 # If threading is enabled on the normal build, then we need to enable it in the drivers as well,
907 scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_C
911 scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_PTHREAD
916 # The function optionally accepts 1 parameter: a space-separated list of the
919 allowed_list="${1:-}"
920 scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
932 for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
944 for item in $(sed -n 's/^#define PSA_WANT_\(DH_RFC7919_[0-9]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
957 …for item in $(sed -n "s/^#define PSA_WANT_\(KEY_TYPE_${key_type}_[0-9A-Z_a-z]*\).*/\1/p" <"$CRYPTO…
968 # Build the drivers library libtestdriver1.a (with ASan).
971 # 1. a space-separated list of things to accelerate;
972 # 2. optional: a space-separate list of things to also support.
975 loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
976 …make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_…
979 # Build the main libraries, programs and tests,
983 # 1. a space-separated list of things to accelerate;
985 # (examples: lib, -C tests test_suite_xxx, etc.)
991 # we need flags both with and without the LIBTESTDRIVER1_ prefix
992 …loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g'…
993 …loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&…
994 …$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_L…
1002 # Test Suites to be executed
1004 # The test ordering tries to optimize for the following criteria:
1006 # and/or are more likely to fail than others (eg I use Clang most of the
1007 # time, so start with a GCC build).
1018 msg "Check: check-generated-files, files generated with make" # 2s
1020 tests/scripts/check-generated-files.sh
1022 msg "Check: check-generated-files -u, files present" # 2s
1023 tests/scripts/check-generated-files.sh -u
1025 tests/scripts/check-generated-files.sh
1027 msg "Check: check-generated-files -u, files absent" # 2s
1029 tests/scripts/check-generated-files.sh -u
1031 tests/scripts/check-generated-files.sh
1039 tests/scripts/check-doxy-blocks.pl
1049 rm -f ChangeLog.new
1050 scripts/assemble_changelog.py -o ChangeLog.new
1051 if [ -e ChangeLog.new ]; then
1053 # non-empty.
1054 diff -u ChangeLog ChangeLog.new || true
1060 msg "Check: declared and exported names (builds the library)" # < 3s
1061 tests/scripts/check_names.py -v
1065 msg "Check: test case descriptions" # < 1s
1066 if [ $QUIET -eq 1 ]; then
1067 opt='--quiet'
1071 tests/scripts/check_test_cases.py -q $opt
1076 msg "Check: test case dependencies: legacy vs PSA" # < 1s
1079 # PSA test should use PSA feature macros (PSA_WANT_xxx, more rarely
1087 found="check-test-deps-found-$$"
1088 expected="check-test-deps-expected-$$"
1093 grep -Eo '!?MBEDTLS_[^: ]*' |
1094 grep -v -e MBEDTLS_PSA_ -e MBEDTLS_TEST_ |
1095 sort -u > $found
1097 # Expected ones with justification - keep in sorted order by ASCII table!
1098 rm -f $expected
1099 # No PSA equivalent - WANT_KEY_TYPE_AES means all sizes
1101 # No PSA equivalent - used to skip decryption tests in PSA-ECB, CBC/XTS/NIST_KW/DES
1104 # in order to build a fake RSA key of the wanted size based on
1106 # the test code and that's probably the most convenient way of achieving
1107 # the test's goal.
1109 # No PSA equivalent - we should probably have one in the future.
1111 # No PSA equivalent - needed by some init tests
1113 # No PSA equivalent - required to run threaded tests.
1117 # We want an exact match, to ensure the above list remains up-to-date.
1120 # - Each '+' line is a macro that was found but not expected. You want to
1121 # find where that macro occurs, and either replace it with PSA macros, or
1123 # - Each '-' line is a macro that was expected but not found; it means the
1125 diff -U0 $expected $found
1138 #### Build and test many configurations and targets
1142 msg "build: make, default config (out-of-box)" # ~1min
1147 msg "test: main suites make, default config (out-of-box)" # ~10s
1148 make test
1150 msg "selftest: make, default config (out-of-box)" # ~10s
1151 programs/test/selftest
1153 msg "program demos: make, default config (out-of-box)" # ~10s
1158 msg "build: cmake, gcc, ASan" # ~ 1 min 50s
1159 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1162 msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
1163 make test
1165 msg "program demos (ASan build)" # ~10s
1168 msg "test: selftest (ASan build)" # ~ 10s
1169 programs/test/selftest
1171 msg "test: metatests (GCC, ASan build)"
1172 tests/scripts/run-metatests.sh any asan poison
1174 msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
1175 tests/ssl-opt.sh
1177 msg "test: compat.sh (ASan build)" # ~ 6 min
1180 msg "test: context-info.sh (ASan build)" # ~ 15 sec
1181 tests/context-info.sh
1185 msg "build: cmake, gcc, ASan" # ~ 1 min 50s
1187 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1190 msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
1191 make test
1193 msg "test: selftest (ASan build)" # ~ 10s
1194 programs/test/selftest
1196 msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
1197 tests/ssl-opt.sh
1199 msg "test: compat.sh (ASan build)" # ~ 6 min
1202 msg "test: context-info.sh (ASan build)" # ~ 15 sec
1203 tests/context-info.sh
1207 msg "build: full config, cmake, gcc, ASan"
1209 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1212 msg "test: main suites (inc. selftests) (full config, ASan build)"
1213 make test
1215 msg "test: selftest (ASan build)" # ~ 10s
1216 programs/test/selftest
1218 msg "test: ssl-opt.sh (full config, ASan build)"
1219 tests/ssl-opt.sh
1221 msg "test: compat.sh (full config, ASan build)"
1224 msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
1225 tests/context-info.sh
1230 msg "build: full config, cmake, gcc, ASan"
1233 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1236 msg "test: main suites (inc. selftests) (full config, ASan build)"
1237 make test
1239 msg "test: selftest (ASan build)" # ~ 10s
1240 programs/test/selftest
1242 msg "test: ssl-opt.sh (full config, ASan build)"
1243 tests/ssl-opt.sh
1245 msg "test: compat.sh (full config, ASan build)"
1248 msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
1249 tests/context-info.sh
1253 msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
1256 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1259 msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
1260 make test
1264 msg "build: full config + MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS, cmake, gcc, ASan"
1267 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
1270 msg "test: full config + MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS, cmake, gcc, ASan"
1271 make test
1279 grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")"
1283 msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc"
1288 # We can only compile, not link, since our test and sample programs
1291 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib
1293 # Check that if a symbol is renamed by crypto_spe.h, the non-renamed
1299 # Get a list of library-wise undefined symbols and ensure that they only
1300 # belong to psa_xxx() functions and not to mbedtls_yyy() ones.
1302 # - component_test_default_psa_crypto_client_without_crypto_provider
1303 # - component_build_full_psa_crypto_client_without_crypto_provider.
1305 …nm library/libmbedcrypto.a | grep ' [TRrDC] ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_def.t…
1306 nm library/libmbedcrypto.a | grep ' U ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_undef.txt
1307 comm sym_def.txt sym_undef.txt -13 > linking_errors.txt
1314 msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
1325 msg "check missing symbols: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
1328 msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
1329 make test
1333 msg "build: full config - PSA_CRYPTO_C"
1335 # Use full config which includes USE_PSA and CRYPTO_CLIENT.
1340 # Dynamic secure element support is a deprecated feature and it is not
1341 # available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled.
1344 # Since there is no crypto provider in this build it is not possible to
1345 # build all the test executables and progrems due to missing PSA functions
1346 # at link time. Therefore we will just build libraries and we'll check
1350 msg "check missing symbols: full config - PSA_CRYPTO_C"
1354 # Ensure that desired functions are included into the build (extend the
1362 msg "build: default config minus MBEDTLS_GENPRIME"
1366 msg "test: default config minus MBEDTLS_GENPRIME"
1367 make test
1371 msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
1372 # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
1373 # want to re-generate generated files that depend on it, quite correctly.
1376 # cmake can't know this, but re-generation is actually not necessary as
1378 # whether they're on or off. So, disable cmake's (over-sensitive here)
1379 # dependency resolution for generated files and just rely on them being
1381 CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
1382 tests/scripts/test-ref-configs.pl
1386 msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
1388 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1391 msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s
1392 make test
1394 msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
1395 tests/ssl-opt.sh
1399 msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)"
1404 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1407 …msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s
1408 make test
1410 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min
1411 tests/ssl-opt.sh
1415 msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
1417 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1420 msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
1421 make test
1423 msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
1424 tests/ssl-opt.sh -f RSA
1426 msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
1427 tests/compat.sh -t RSA
1429 msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec
1430 tests/context-info.sh
1434 msg "build: Full minus CTR_DRBG, classic crypto in TLS"
1440 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1443 msg "test: Full minus CTR_DRBG, classic crypto - main suites"
1444 make test
1446 # In this configuration, the TLS test programs use HMAC_DRBG.
1449 msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)"
1450 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
1452 msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)"
1453 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
1457 msg "build: Full minus CTR_DRBG, PSA crypto in TLS"
1462 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1465 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites"
1466 make test
1468 # In this configuration, the TLS test programs use HMAC_DRBG.
1471 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
1472 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
1474 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)"
1475 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
1479 msg "build: Full minus HMAC_DRBG, classic crypto in TLS"
1486 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1489 msg "test: Full minus HMAC_DRBG, classic crypto - main suites"
1490 make test
1495 # Test SSL with non-deterministic ECDSA. Only test features that
1497 msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)"
1498 tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
1500 # To save time, only test one protocol version, since this part of
1502 msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)"
1503 tests/compat.sh -m tls12 -t 'ECDSA'
1507 msg "build: Full minus HMAC_DRBG, PSA crypto in TLS"
1513 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1516 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites"
1517 make test
1522 # Test SSL with non-deterministic ECDSA. Only test features that
1524 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
1525 tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
1527 # To save time, only test one protocol version, since this part of
1529 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)"
1530 tests/compat.sh -m tls12 -t 'ECDSA'
1534 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS"
1545 # When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG,
1546 # the SSL test programs don't have an RNG and can't work. Explicitly
1547 # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG.
1548 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS"
1550 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites"
1551 make test
1553 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)"
1554 tests/ssl-opt.sh -f 'Default'
1558 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS"
1569 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites"
1570 make test
1572 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)"
1573 tests/ssl-opt.sh -f 'Default\|opaque'
1577 msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
1584 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
1585 make test
1587 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
1588 tests/ssl-opt.sh -f 'Default\|opaque'
1592 msg "build: full + MBEDTLS_PSA_INJECT_ENTROPY"
1600 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-f…
1602 msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY"
1603 make test
1607 msg "build: default plus MBEDTLS_TEST_SW_INET_PTON"
1611 make CFLAGS="-DMBEDTLS_TEST_SW_INET_PTON"
1613 msg "test: default plus MBEDTLS_TEST_SW_INET_PTON"
1614 make test
1618 msg "build: full without pkparse and pkwrite"
1626 # Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config).
1630 msg "test: full without pkparse and pkwrite"
1631 make test
1635 msg "build: crypto_full with only the light subset of MD"
1646 # Disable things that would auto-enable MD_C
1649 # Note: MD-light is auto-enabled in build_info.h by modules that need it,
1657 msg "test: crypto_full with only the light subset of MD"
1658 make test
1662 msg "build: full no CIPHER no PSA_CRYPTO_C"
1682 msg "test: full no CIPHER no PSA_CRYPTO_C"
1683 make test
1686 # This is a common configurator and test function that is used in:
1687 # - component_test_full_no_cipher_with_psa_crypto
1688 # - component_test_full_no_cipher_with_psa_crypto_config
1690 # - $1: boolean value which basically reflects status of MBEDTLS_PSA_CRYPTO_CONFIG
1691 # - $2: a text string which describes the test component
1696 msg "build: $COMPONENT_DESCRIPTION"
1701 if [ "$USE_CRYPTO_CONFIG" -eq 1 ]; then
1702 # The built-in implementation of the following algs/key-types depends
1704 # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305
1706 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
1707 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
1708 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
1709 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
1710 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
1711 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
1712 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
1713 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
1714 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
1715 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
1720 # Keep CHACHA20 and CHACHAPOLY enabled since they do not depend on CIPHER_C.
1721 scripts/config.py unset-all MBEDTLS_CIPHER_MODE
1729 # Ensure that CIPHER_C was not re-enabled
1732 msg "test: $COMPONENT_DESCRIPTION"
1733 make test
1745 msg "build: full no PSA_WANT_ALG_CCM"
1748 # - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA
1749 # - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated
1757 # PSA_WANT_ALG_CCM to be re-enabled.
1758 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM
1762 msg "test: full no PSA_WANT_ALG_CCM"
1763 make test
1767 msg "build: full no PSA_WANT_ALG_CCM_STAR_NO_TAG"
1772 # Disable CCM_STAR_NO_TAG, which is the target of this test, as well as all
1778 # PSA_WANT_ALG_CCM_STAR_NO_TAG to be re-enabled.
1779 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
1780 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_STREAM_CIPHER
1781 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR
1782 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB
1783 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB
1784 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
1785 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
1786 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
1793 msg "test: full no PSA_WANT_ALG_CCM_STAR_NO_TAG"
1794 make test
1798 msg "build: full minus bignum"
1810 # Disable what auto-enables ECP_LIGHT
1829 # PK and its dependencies
1847 msg "test: full minus bignum"
1848 make test
1852 msg "build: default with only stream cipher"
1860 …# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, A…
1862 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1864 …# Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_C…
1872 msg "test: default with only stream cipher"
1873 make test
1875 # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
1879 msg "build: default with only stream cipher use psa"
1888 …# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, A…
1890 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1892 …# Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_C…
1900 msg "test: default with only stream cipher use psa"
1901 make test
1903 # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
1907 msg "build: default with only CBC-legacy cipher"
1915 …# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, AR…
1917 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1919 …# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_…
1927 msg "test: default with only CBC-legacy cipher"
1928 make test
1930 msg "test: default with only CBC-legacy cipher - ssl-opt.sh (subset)"
1931 tests/ssl-opt.sh -f "TLS 1.2"
1935 msg "build: default with only CBC-legacy cipher use psa"
1944 …# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, AR…
1946 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1948 …# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_…
1956 msg "test: default with only CBC-legacy cipher use psa"
1957 make test
1959 msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)"
1960 tests/ssl-opt.sh -f "TLS 1.2"
1964 msg "build: default with only CBC-legacy and CBC-EtM ciphers"
1972 …# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, AR…
1974 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1976 …# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_…
1984 msg "test: default with only CBC-legacy and CBC-EtM ciphers"
1985 make test
1987 msg "test: default with only CBC-legacy and CBC-EtM ciphers - ssl-opt.sh (subset)"
1988 tests/ssl-opt.sh -f "TLS 1.2"
1992 msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa"
2001 …# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, AR…
2003 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
2005 …# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_…
2013 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa"
2014 make test
2016 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)"
2017 tests/ssl-opt.sh -f "TLS 1.2"
2020 # We're not aware of any other (open source) implementation of EC J-PAKE in TLS
2022 # implementations ourselves: one using PSA, the other not. At least test that
2025 msg "build: TLS1.2 server+client w/ EC-JPAKE w/o USE_PSA"
2028 # https://github.com/Mbed-TLS/mbedtls/issues/8229
2030 make -C programs ssl/ssl_server2 ssl/ssl_client2
2034 msg "build: TLS1.2 server+client w/ EC-JPAKE w/ USE_PSA"
2038 make -C programs ssl/ssl_server2 ssl/ssl_client2
2039 make -C programs test/udp_proxy test/query_compile_time_config
2041 msg "test: server w/o USE_PSA - client w/ USE_PSA, text password"
2042 P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS"
2043 msg "test: server w/o USE_PSA - client w/ USE_PSA, opaque password"
2044 P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password client only, working, TLS"
2045 msg "test: client w/o USE_PSA - server w/ USE_PSA, text password"
2046 P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS"
2047 msg "test: client w/o USE_PSA - server w/ USE_PSA, opaque password"
2048 P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password server only, working, TLS"
2054 msg "build: Everest ECDH context (ASan build)" # ~ 6 min
2056 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan .
2059 msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
2060 make test
2062 msg "test: metatests (clang, ASan)"
2063 tests/scripts/run-metatests.sh any asan poison
2065 msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
2066 tests/ssl-opt.sh -f ECDH
2068 msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
2070 tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
2074 msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
2081 scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
2086 msg "test: Everest ECDH context, only Curve25519" # ~ 50s
2087 make test
2091 msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
2094 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2097 msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
2098 tests/ssl-opt.sh -f "Max fragment\|Large packet"
2102 msg "build: small SSL_IN_CONTENT_LEN (ASan build)"
2105 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2108 msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
2109 tests/ssl-opt.sh -f "Max fragment"
2113 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0"
2115 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2118 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
2119 …tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free bu…
2123 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1"
2125 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2128 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
2129 …tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSe…
2133 msg "build+test: psa_collect_statuses" # ~30s
2137 grep -q '^0:psa_crypto_init:' tests/statuses.log
2138 rm -f tests/statuses.log
2142 msg "build: cmake, full config, clang" # ~ 50s
2144 CC=clang CXX=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On -D TEST_CPP=1 .
2147 msg "test: main suites (full config, clang)" # ~ 5s
2148 make test
2150 msg "test: cpp_dummy_build (full config, clang)" # ~ 1s
2151 programs/test/cpp_dummy_build
2153 msg "test: metatests (clang)"
2154 tests/scripts/run-metatests.sh any pthread
2159 msg "test: psa_constant_names (full config, clang)" # ~ 1s
2162 msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
2163 tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
2165 msg "test: compat.sh NULL (full config)" # ~ 2 min
2166 tests/compat.sh -e '^$' -f 'NULL'
2168 msg "test: compat.sh ARIA + ChachaPoly"
2169 env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
2173 # Skip the test suites that don't have any constant-flow annotations.
2177 git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' |
2184 # Skip all but the given test suite
2186 ls -1 tests/suites/test_suite_*.function |
2187 grep -v $1.function |
2194 # This tests both (1) accesses to undefined memory, and (2) branches or
2196 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
2197 # - or alternatively, change the build type to MemSanDbg, which enables
2198 # origin tracking and nicer stack traces (which are useful for debugging
2199 # anyway), and check if the origin was TEST_CF_SECRET() or something else.
2200 …msg "build: cmake MSan (clang), full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testin…
2205 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
2208 msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, Msan + constant flow)"
2209 make test
2213 # This tests both (1) accesses to undefined memory, and (2) branches or
2215 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
2216 # - or alternatively, change the build type to MemSanDbg, which enables
2217 # origin tracking and nicer stack traces (which are useful for debugging
2218 # anyway), and check if the origin was TEST_CF_SECRET() or something else.
2219 msg "build: cmake MSan (clang), full config with constant flow testing"
2223 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
2226 msg "test: main suites (Msan + constant flow)"
2227 make test
2232 # (heap buffer overflows, use of uninitialized memory, use-after-free,
2233 # etc.) and (2) branches or memory access depending on secret values,
2235 # secret and actually uninitialized:
2236 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
2237 # - or alternatively, build with debug info and manually run the offending
2238 # test suite with valgrind --track-origins=yes, then check if the origin
2240 …msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
2245 cmake -D CMAKE_BUILD_TYPE:String=Release .
2250 msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)"
2253 # Test asm path in constant time module - by default, it will test the plain C
2255 msg "test: valgrind asm constant_time"
2256 scripts/config.py --force set MBEDTLS_TEST_CONSTANT_FLOW_ASM
2258 cmake -D CMAKE_BUILD_TYPE:String=Release .
2266 # (heap buffer overflows, use of uninitialized memory, use-after-free,
2267 # etc.) and (2) branches or memory access depending on secret values,
2269 # secret and actually uninitialized:
2270 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
2271 # - or alternatively, build with debug info and manually run the offending
2272 # test suite with valgrind --track-origins=yes, then check if the origin
2274 msg "build: cmake release GCC, full config with constant flow testing"
2278 cmake -D CMAKE_BUILD_TYPE:String=Release .
2283 msg "test: some suites (valgrind + constant flow)"
2288 msg "build: TSan (clang)"
2292 # Self-tests do not currently use multiple threads.
2298 CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan .
2301 msg "test: main suites (TSan)"
2302 make test
2306 # Test that removing the deprecated features from the default
2308 msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s
2310 make CFLAGS='-O -Werror -Wall -Wextra'
2312 msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s
2313 make test
2317 msg "build: make, full_no_deprecated config" # ~ 30s
2319 make CFLAGS='-O -Werror -Wall -Wextra'
2321 msg "test: make, full_no_deprecated config" # ~ 5s
2322 make test
2324 msg "test: ensure that X509 has no direct dependency on BIGNUM_C"
2329 # Test that there is nothing deprecated in "full_no_deprecated".
2332 msg "build: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 30s
2336 make CFLAGS='-O -Werror -Wall -Wextra'
2338 msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s
2339 make test
2343 # Test that when MBEDTLS_DEPRECATED_WARNING is enabled, the build passes
2345 msg "build: make, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s
2349 # Note that gcc is required to allow the use of -Wno-error=cpp, which allows us to
2351 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs
2353 msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s
2356 # Expect warnings from '#warning' directives in check_config.h and
2357 # from the use of deprecated functions in test suites.
2358 …make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DM…
2360 msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s
2361 make test
2367 # Check that the specified libraries exist and are empty.
2370 ! nm "$@" 2>/dev/null | grep -v ':$' | grep .
2374 msg "build: make, crypto only"
2376 make CFLAGS='-O1 -Werror'
2381 msg "build: make, crypto only, full config"
2383 make CFLAGS='-O1 -Werror'
2388 msg "build: make, config for PSA crypto service"
2400 # Keep MBEDTLS_CIPHER_C because psa_crypto_cipher, CCM and GCM need it.
2408 # MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C are actually currently needed
2414 make CFLAGS='-O1 -Werror' all test
2419 msg "build: make, crypto only, baremetal config"
2421 make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
2429 msg "build: make, baremetal config"
2431 make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
2435 # which makes the no-time.h-in-baremetal check fail. Ubuntu 16.04 has this
2437 ! grep -q -F time.h /usr/include/x86_64-linux-gnu/sys/types.h
2442 msg "test/build: depends.py cipher_id (gcc)"
2443 tests/scripts/depends.py cipher_id --unset-use-psa
2447 msg "test/build: depends.py cipher_chaining (gcc)"
2448 tests/scripts/depends.py cipher_chaining --unset-use-psa
2452 msg "test/build: depends.py cipher_padding (gcc)"
2453 tests/scripts/depends.py cipher_padding --unset-use-psa
2457 msg "test/build: depends.py curves (gcc)"
2458 tests/scripts/depends.py curves --unset-use-psa
2462 msg "test/build: depends.py hashes (gcc)"
2463 tests/scripts/depends.py hashes --unset-use-psa
2467 msg "test/build: depends.py kex (gcc)"
2468 tests/scripts/depends.py kex --unset-use-psa
2472 msg "test/build: depends.py pkalgs (gcc)"
2473 tests/scripts/depends.py pkalgs --unset-use-psa
2478 msg "test/build: depends.py cipher_id (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2483 msg "test/build: depends.py cipher_chaining (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2488 msg "test/build: depends.py cipher_padding (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2493 msg "test/build: depends.py curves (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2498 msg "test/build: depends.py hashes (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2503 msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2508 msg "test/build: depends.py pkalgs (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
2513 msg "build: full config - only DH 2048"
2518 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_3072
2519 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_4096
2520 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_6144
2521 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_8192
2523 make CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS"
2525 msg "test: full config - only DH 2048"
2526 make test
2528 msg "ssl-opt: full config - only DH 2048"
2529 tests/ssl-opt.sh -f "ffdh"
2533 msg "build: !MBEDTLS_PK_RSA_ALT_SUPPORT" # ~30s
2540 # Only compile - this is primarily to test for compile issues
2541 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy'
2545 msg "build: MBEDTLS_XXX_ALT" # ~30s
2549 # aesni.c and padlock.c reference mbedtls_aes_context fields directly.
2558 # directly and assumes the implementation works with partial groups.
2569 scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT'
2574 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
2578 msg "build: MBEDTLS_DHM_ALT" # ~30s
2585 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
2589 # full minus MBEDTLS_PSA_CRYPTO_C: run the same set of tests as basic-build-test.sh
2590 msg "build: cmake, full config minus PSA crypto, ASan"
2601 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2604 msg "test: main suites (full minus PSA crypto)"
2605 make test
2607 # Note: ssl-opt.sh has some test cases that depend on
2610 msg "test: ssl-opt.sh (full minus PSA crypto)"
2611 tests/ssl-opt.sh
2613 msg "test: compat.sh default (full minus PSA crypto)"
2616 msg "test: compat.sh NULL (full minus PSA crypto)"
2617 tests/compat.sh -f 'NULL'
2619 msg "test: compat.sh ARIA + ChachaPoly (full minus PSA crypto)"
2620 env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
2624 msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
2626 # Algorithms and key types to accelerate
2632 # ---------
2644 # Build
2645 # -----
2655 # Make sure this was not re-enabled by accident (additive config)
2659 # -------------
2661 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
2662 make test
2666 msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
2668 # Algorithms and key types to accelerate
2674 # ---------
2689 # Build
2690 # -----
2696 # Make sure this was not re-enabled by accident (additive config)
2700 # -------------
2702 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
2703 make test
2707 msg "build: full with accelerated FFDH"
2709 # Algorithms and key types to accelerate
2715 # ---------
2717 # start with full (USE_PSA and TLS 1.3)
2727 # Build
2728 # -----
2734 # Make sure this was not re-enabled by accident (additive config)
2738 # -------------
2740 msg "test: full with accelerated FFDH"
2741 make test
2743 msg "ssl-opt: full with accelerated FFDH alg"
2744 tests/ssl-opt.sh -f "ffdh"
2748 msg "build: full with non-accelerated FFDH"
2750 # Start with full (USE_PSA and TLS 1.3)
2758 msg "test suites: full with non-accelerated FFDH alg"
2759 make test
2761 msg "ssl-opt: full with non-accelerated FFDH alg"
2762 tests/ssl-opt.sh -f "ffdh"
2766 msg "build: full with accelerated PAKE"
2773 # ---------
2777 # Make built-in fallback not available
2781 # Build
2782 # -----
2788 # Make sure this was not re-enabled by accident (additive config)
2792 # -------------
2794 msg "test: full with accelerated PAKE"
2795 make test
2799 msg "build: full with accelerated EC algs and some key types"
2801 # Algorithms and key types to accelerate
2802 # For key types, use an explicitly list to omit GENERATE (and DERIVE)
2813 # ---------
2818 # Disable modules that are accelerated - some will be re-enabled
2824 # Disable all curves - those that aren't accelerated should be re-enabled
2829 # 6061, 6332 and following ones)
2833 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
2835 # Build
2836 # -----
2845 # ECP should be re-enabled but not the others
2852 # -------------
2854 msg "test suites: full with accelerated EC algs and some key types"
2855 make test
2858 # Run tests with only (non-)Weierstrass accelerated
2860 # - component_test_psa_crypto_config_accel_ecc_weierstrass_curves
2861 # - component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves
2864 if [ $weierstrass -eq 1 ]; then
2867 desc="non-Weierstrass"
2870 msg "build: crypto_full minus PK with accelerated EC algs and $desc curves"
2879 for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
2889 if [ $weierstrass -eq 1 ]; then
2895 # Algorithms and key types to accelerate
2903 # ---------
2905 # Start with config crypto_full and remove PK_C:
2906 # that's what's supported now, see docs/driver-only-builds.md.
2912 # Disable modules that are accelerated - some will be re-enabled
2918 # Disable all curves - those that aren't accelerated should be re-enabled
2923 # 6061, 6332 and following ones)
2927 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
2929 # Build
2930 # -----
2939 # We expect ECDH to be re-enabled for the missing curves
2941 # We expect ECP to be re-enabled, however the parts specific to the
2943 # - functions with mxz in the name are specific to Montgomery curves
2944 # - ecp_muladd is specific to Weierstrass curves
2946 if [ $weierstrass -eq 1 ]; then
2953 # We expect ECDSA and ECJPAKE to be re-enabled only when
2955 if [ $weierstrass -eq 1 ]; then
2964 # -------------
2966 msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves"
2967 make test
2978 # Auxiliary function to build config for all EC based algorithms (EC-JPAKE,
2979 # ECDH, ECDSA) with and without drivers.
2981 # - 0 keep built-in EC algs,
2982 # - 1 exclude built-in EC algs (driver only).
2985 # same config, except for the use of driver or built-in EC algorithms:
2986 # - component_test_psa_crypto_config_accel_ecc_ecp_light_only;
2987 # - component_test_psa_crypto_config_reference_ecc_ecp_light_only.
2988 # This supports comparing their test coverage with analyze_outcomes.py.
2993 if [ "$driver_only" -eq 1 ]; then
3003 # 6061, 6332 and following ones)
3009 msg "build: full with accelerated EC algs"
3011 # Algorithms and key types to accelerate
3019 # ---------
3021 # Use the same config as reference, only without built-in EC algs
3025 # - MBEDTLS_PK_PARSE_EC_EXTENDED
3026 # - MBEDTLS_PK_PARSE_EC_COMPRESSED
3028 # Build
3029 # -----
3038 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
3045 # -------------
3047 msg "test suites: full with accelerated EC algs"
3048 make test
3050 msg "ssl-opt: full with accelerated EC algs"
3051 tests/ssl-opt.sh
3056 msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs"
3062 msg "test suites: full with non-accelerated EC algs"
3063 make test
3065 msg "ssl-opt: full with non-accelerated EC algs"
3066 tests/ssl-opt.sh
3070 # - component_test_psa_crypto_config_accel_ecc_no_ecp_at_all()
3071 # - component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
3076 # - 1: building with accelerated EC algorithms (ECDSA, ECDH, ECJPAKE), therefore
3077 # excluding their built-in implementation as well as ECP_C & ECP_LIGHT
3078 # - 0: include built-in implementation of EC algorithms.
3080 # PK_C and RSA_C are always disabled to ensure there is no remaining dependency
3087 if [ "$driver_only" -eq 1 ]; then
3096 # Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
3099 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
3103 # 6061, 6332 and following ones)
3107 # Build and test a configuration where driver accelerates all EC algs while
3108 # all support and dependencies from ECP and ECP_LIGHT are removed on the library
3113 msg "build: full + accelerated EC algs - ECP"
3115 # Algorithms and key types to accelerate
3123 # ---------
3125 # Set common configurations between library's and driver's builds
3130 # Build
3131 # -----
3134 # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic.
3142 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
3146 # Also ensure that ECP module was not re-enabled
3150 # -------------
3152 msg "test: full + accelerated EC algs - ECP"
3153 make test
3155 msg "ssl-opt: full + accelerated EC algs - ECP"
3156 tests/ssl-opt.sh
3163 msg "build: full + non accelerated EC algs"
3169 msg "test: full + non accelerated EC algs"
3170 make test
3172 msg "ssl-opt: full + non accelerated EC algs"
3173 tests/ssl-opt.sh
3177 # - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
3178 # - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
3179 # and indirectly from:
3180 # - component_test_psa_crypto_config_accel_ecc_no_bignum
3181 # - accelerate all EC algs, disable RSA and FFDH
3182 # - component_test_psa_crypto_config_reference_ecc_no_bignum
3183 # - this is the reference component of the above
3184 # - it still disables RSA and FFDH, but it uses builtin EC algs
3185 # - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
3186 # - accelerate all EC and FFDH algs, disable only RSA
3187 # - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
3188 # - this is the reference component of the above
3189 # - it still disables RSA, but it uses builtin EC and FFDH algs
3202 if [ "$driver_only" -eq 1 ]; then
3213 # Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
3216 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
3218 # RSA support is intentionally disabled on this test because RSA_C depends
3220 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*"
3221 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*"
3234 # When testing ECC only, we disable FFDH support, both from builtin and
3235 # PSA sides, and also disable the key exchanges that depend on DHM.
3236 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH
3237 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
3238 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*"
3243 # When testing ECC and DH instead, we disable DHM and depending key
3244 # exchanges only in the accelerated build
3245 if [ "$driver_only" -eq 1 ]; then
3254 # 6061, 6332 and following ones)
3259 # - component_test_psa_crypto_config_accel_ecc_no_bignum
3260 # - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
3262 # The goal is to build and test accelerating either:
3263 # - ECC only or
3264 # - both ECC and FFDH
3275 removed_text="ECP - DH"
3281 msg "build: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM"
3298 # ---------
3300 # Set common configurations between library's and driver's builds
3305 # Build
3306 # -----
3309 # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic.
3317 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
3321 # Also ensure that ECP, RSA, [DHM] or BIGNUM modules were not re-enabled
3328 # -------------
3330 msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - DHM - BIGNUM"
3332 make test
3334 msg "ssl-opt: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM"
3335 tests/ssl-opt.sh
3339 # - component_test_psa_crypto_config_reference_ecc_no_bignum
3340 # - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
3342 # The goal is to build and test a reference scenario (i.e. with builtin
3359 msg "build: full + non accelerated $accel_text algs + USE_PSA"
3365 msg "test suites: full + non accelerated EC algs + USE_PSA"
3366 make test
3368 msg "ssl-opt: full + non accelerated $accel_text algs + USE_PSA"
3369 tests/ssl-opt.sh
3389 # - component_test_tfm_config_p256m_driver_accel_ec()
3390 # - component_test_tfm_config()
3392 # Enable TF-M config
3393 cp configs/config-tfm.h "$CONFIG_H"
3400 # - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS
3403 # Config adjustment for better test coverage in our environment.
3404 # This is not needed just to build and pass tests.
3413 msg "build: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
3417 # Build crypto library
3418 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS"
3420 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
3424 # Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled
3430 grep -q p256_ecdsa_ library/libmbedcrypto.a
3432 # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
3433 # files, so we want to ensure that it has not be re-enabled accidentally.
3437 msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
3438 make test
3448 # can compare this test with test_tfm_config_p256m_driver_accel_ec
3451 msg "build: TF-M config"
3452 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' tests
3457 # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
3458 # files, so we want to ensure that it has not be re-enabled accidentally.
3461 msg "test: TF-M config"
3462 make test
3465 # Common helper for component_full_without_ecdhe_ecdsa() and
3467 # - starts from the "full" configuration minus the list of symbols passed in
3469 # - build
3470 # - test only TLS (i.e. test_suite_tls and ssl-opt)
3474 msg "build: full minus something, test TLS"
3484 msg "test: full minus something, test TLS"
3487 msg "ssl-opt: full minus something, test TLS"
3488 tests/ssl-opt.sh
3501 # - component_test_psa_ecc_key_pair_no_derive
3502 # - component_test_psa_ecc_key_pair_no_generate
3503 # The goal is to test with all PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy symbols
3505 # - $1 is the key type under test, i.e. ECC/RSA/DH
3506 # - $2 is the key option to be unset (i.e. generate, derive, etc)
3512 msg "build: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
3519 scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want"
3523 msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
3524 make test
3541 if [ "$driver_only" -eq 1 ]; then
3542 # Remove RSA support and its dependencies
3547 # We need PEM parsing in the test library as well to support the import
3549 scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_PEM_PARSE_C
3550 scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_BASE64_C
3555 msg "build: crypto_full with accelerated RSA"
3566 # ---------
3570 # Build
3571 # -----
3580 # Make sure this was not re-enabled by accident (additive config)
3584 # -------------
3586 msg "test: crypto_full with accelerated RSA"
3587 make test
3591 msg "build: crypto_full with non-accelerated RSA"
3594 # ---------
3597 # Build
3598 # -----
3602 # -------------
3603 msg "test: crypto_full with non-accelerated RSA"
3604 make test
3607 # This is a temporary test to verify that full RSA support is present even when
3610 msg "Build: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC"
3624 # Remove RSA support and its dependencies
3640 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
3641 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
3642 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
3646 msg "Test: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC"
3647 make test
3649 # Parse only 1 relevant line from the outcome file, i.e. a test which is
3652 … cat $MBEDTLS_TEST_OUTCOME_FILE | grep 'RSA PKCS1 Sign #1 (SHA512, 1536 bits RSA)' | grep -q "PASS"
3660 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
3667 # ---------
3682 # Build
3683 # -----
3689 # There's a risk of something getting re-enabled via config_psa.h;
3698 # -------------
3700 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
3701 make test
3705 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash"
3706 # This component ensures that all the test cases for
3720 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash"
3721 make test
3724 # Auxiliary function to build config for hashes with and without drivers
3729 if [ "$driver_only" -eq 1 ]; then
3730 # disable the built-in implementation of hashes
3745 # is related to this component and both components need to be kept in sync.
3748 msg "test: full with accelerated hashes"
3755 # ---------
3759 # Build
3760 # -----
3766 # There's a risk of something getting re-enabled via config_psa.h;
3775 # -------------
3777 msg "test: full with accelerated hashes"
3778 make test
3782 # dependency declarations in ssl-opt.sh and in TLS code are correct.
3783 msg "test: ssl-opt.sh, full with accelerated hashes"
3784 tests/ssl-opt.sh
3787 # interop testing (besides, we already got some from ssl-opt.sh).
3788 msg "test: compat.sh, full with accelerated hashes"
3789 tests/compat.sh -p mbedTLS -V YES
3794 # script to find regression in test coverage when accelerated hash is used (tests and ssl-opt).
3797 msg "test: full without accelerated hashes"
3803 msg "test: full without accelerated hashes"
3804 make test
3806 msg "test: ssl-opt.sh, full without accelerated hashes"
3807 tests/ssl-opt.sh
3810 # Auxiliary function to build config for hashes with and without drivers
3816 if [ "$driver_only" -eq 1 ]; then
3821 # and MD module is able to perform PSA dispathing.
3822 scripts/config.py unset-all MBEDTLS_SHA
3835 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
3839 msg "test: full with accelerated hmac"
3847 # ---------
3851 # Build
3852 # -----
3858 # Ensure that built-in support for HMAC is disabled.
3862 # -------------
3864 msg "test: full with accelerated hmac"
3865 make test
3869 msg "test: full without accelerated hmac"
3875 msg "test: full without accelerated hmac"
3876 make test
3880 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated DES"
3883 # CBC and ECB modes, we need to accelerate more than that otherwise DES_C
3884 # would automatically be re-enabled by "config_adjust_legacy_from_psa.c"
3894 # ---------
3909 # Build
3910 # -----
3916 # Make sure this was not re-enabled by accident (additive config)
3920 # -------------
3922 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated DES"
3923 make test
3927 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
3933 # ---------
3943 # Disable CCM_STAR_NO_TAG because this re-enables CCM_C.
3944 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
3946 # Build
3947 # -----
3953 # Make sure this was not re-enabled by accident (additive config)
3959 # -------------
3961 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
3962 make test
3966 # - component_test_psa_crypto_config_accel_cipher_aead_cmac
3967 # - component_test_psa_crypto_config_reference_cipher_aead_cmac
3975 # The 2 following test components, i.e.
3976 # - component_test_psa_crypto_config_accel_cipher_aead_cmac
3977 # - component_test_psa_crypto_config_reference_cipher_aead_cmac
3978 # are meant to be used together in analyze_outcomes.py script in order to test
3979 # driver's coverage for ciphers and AEADs.
3981 msg "build: full config with accelerated cipher inc. AEAD and CMAC"
3989 # ---------
4010 # Disable CIPHER_C entirely as all ciphers/AEADs are accelerated and PSA
4014 # Build
4015 # -----
4021 # Make sure this was not re-enabled by accident (additive config)
4033 # -------------
4035 msg "test: full config with accelerated cipher inc. AEAD and CMAC"
4036 make test
4038 msg "ssl-opt: full config with accelerated cipher inc. AEAD and CMAC"
4039 tests/ssl-opt.sh
4041 msg "compat.sh: full config with accelerated cipher inc. AEAD and CMAC"
4042 tests/compat.sh -V NO -p mbedTLS
4046 msg "build: full config with non-accelerated cipher inc. AEAD and CMAC"
4051 msg "test: full config with non-accelerated cipher inc. AEAD and CMAC"
4052 make test
4054 msg "ssl-opt: full config with non-accelerated cipher inc. AEAD and CMAC"
4055 tests/ssl-opt.sh
4057 msg "compat.sh: full config with non-accelerated cipher inc. AEAD and CMAC"
4058 tests/compat.sh -V NO -p mbedTLS
4067 if [ "$TEST_WITH_DRIVER" -eq 1 ]; then
4076 # legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h".
4079 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR
4080 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB
4081 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB
4082 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
4083 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
4084 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC
4085 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
4093 # not defined. ARIA and Camellia are not a problem in this case because
4099 msg "build: full + PSA dispatch in block_cipher"
4105 # ---------
4109 # Build
4110 # -----
4116 # Make sure disabled components were not re-enabled by accident (additive
4123 # -------------
4125 msg "test: full + PSA dispatch in block_cipher"
4126 make test
4131 msg "build: full + legacy dispatch in block_cipher"
4137 msg "test: full + legacy dispatch in block_cipher"
4138 make test
4142 msg "build: full minus CHACHAPOLY"
4145 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
4148 msg "test: full minus CHACHAPOLY"
4149 make test
4153 msg "build: full minus CHACHAPOLY and GCM"
4157 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
4158 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM
4161 msg "test: full minus CHACHAPOLY and GCM"
4162 make test
4166 msg "build: CCM + AES + SHA256 configuration"
4169 cp configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H"
4173 msg "test: CCM + AES + SHA256 configuration"
4174 make test
4177 # This should be renamed to test and updated once the accelerator ECDH code is in place and ready t…
4179 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
4189 …# Need to define the correct symbol and include the test driver header path in order to build with…
4190 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../t…
4193 # This should be renamed to test and updated once the accelerator HMAC code is in place and ready t…
4195 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC"
4199 …# Need to define the correct symbol and include the test driver header path in order to build with…
4200 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../t…
4203 # This should be renamed to test and updated once the accelerator HKDF code is in place and ready t…
4205 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
4209 # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it.
4211 …# Need to define the correct symbol and include the test driver header path in order to build with…
4212 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../t…
4215 # This should be renamed to test and updated once the accelerator MD5 code is in place and ready to…
4217 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD5 - other hashes"
4221 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4222 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4223 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4224 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
4225 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4226 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
4227 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4230 …# Need to define the correct symbol and include the test driver header path in order to build with…
4231 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../te…
4234 # This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and re…
4236 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RIPEMD160 - other hashes"
4240 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4241 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4242 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4243 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
4244 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4245 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
4246 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4249 …# Need to define the correct symbol and include the test driver header path in order to build with…
4250 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -…
4253 # This should be renamed to test and updated once the accelerator SHA1 code is in place and ready t…
4255 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_1 - other hashes"
4259 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4260 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4261 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4262 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
4263 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4264 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
4265 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4268 …# Need to define the correct symbol and include the test driver header path in order to build with…
4269 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../…
4272 # This should be renamed to test and updated once the accelerator SHA224 code is in place and ready…
4274 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_224 - other hashes"
4278 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4279 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4280 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4281 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4282 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
4283 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4284 …# Need to define the correct symbol and include the test driver header path in order to build with…
4285 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I.…
4288 # This should be renamed to test and updated once the accelerator SHA256 code is in place and ready…
4290 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_256 - other hashes"
4294 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4295 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4296 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4297 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4298 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4299 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
4300 …# Need to define the correct symbol and include the test driver header path in order to build with…
4301 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I.…
4304 # This should be renamed to test and updated once the accelerator SHA384 code is in place and ready…
4306 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_384 - other hashes"
4310 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4311 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4312 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4313 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4314 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
4315 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4318 …# Need to define the correct symbol and include the test driver header path in order to build with…
4319 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I.…
4322 # This should be renamed to test and updated once the accelerator SHA512 code is in place and ready…
4324 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_512 - other hashes"
4328 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
4329 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
4330 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
4331 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
4332 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
4333 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
4334 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
4337 …# Need to define the correct symbol and include the test driver header path in order to build with…
4338 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I.…
4341 # This should be renamed to test and updated once the accelerator RSA code is in place and ready to…
4343 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RS…
4347 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
4348 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
4349 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
4350 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
4351 …# Need to define the correct symbol and include the test driver header path in order to build with…
4352 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V1…
4355 # This should be renamed to test and updated once the accelerator RSA code is in place and ready to…
4357 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA…
4361 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
4362 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
4363 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
4364 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
4365 …# Need to define the correct symbol and include the test driver header path in order to build with…
4366 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V1…
4369 # This should be renamed to test and updated once the accelerator RSA code is in place and ready to…
4371 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_K…
4375 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_OAEP 1
4376 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
4377 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
4378 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
4379 …# Need to define the correct symbol and include the test driver header path in order to build with…
4380 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I…
4383 # This should be renamed to test and updated once the accelerator RSA code is in place and ready to…
4385 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KE…
4389 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
4390 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
4391 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
4392 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
4393 …# Need to define the correct symbol and include the test driver header path in order to build with…
4394 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I.…
4397 # This should be renamed to test and updated once the accelerator RSA code is in place and ready to…
4399 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_…
4403 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
4404 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
4405 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
4406 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
4407 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
4408 …# Need to define the correct symbol and include the test driver header path in order to build with…
4409 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KE…
4412 # This should be renamed to test and updated once the accelerator RSA code is in place and ready to…
4414 …msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PS…
4418 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
4419 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
4420 …# Need to define the correct symbol and include the test driver header path in order to build with…
4421 …make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PU…
4430 # test the TF-M configuration can build cleanly with various warning flags enabled
4431 cp configs/config-tfm.h "$CONFIG_H"
4433 msg "build: TF-M config, armclang armv7-m thumb2"
4434 …--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strin…
4438 # Check that the TF-M configuration can build cleanly with various
4439 # warning flags enabled. We don't build or run tests, since the
4440 # TF-M configuration needs a TF-M platform. A tweaked version of
4442 # configs/config-tfm.h, tested via test-ref-configs.pl.
4443 cp configs/config-tfm.h "$CONFIG_H"
4445 msg "build: TF-M config, clang, armv7-m thumb2"
4446 …--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-str…
4448 msg "build: TF-M config, gcc native build"
4450 …-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-…
4453 # Test that the given .o file builds with all (valid) combinations of the given options.
4460 # e.g. "-DOPT1 -DOPT2 ...". It must return 0 iff the combination is valid, non-zero if invalid.
4477 # The most common issue is unused variables/functions, so ensure -Wunused is set.
4478 …-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wform…
4480 # Extract the command generated by the Makefile to build the target file.
4483 # Add -fsyntax-only as we only want a syntax check and don't need to generate a file.
4484 compile_cmd="clang \$(LOCAL_CFLAGS) ${warning_flags} -fsyntax-only -c"
4502 opt=-D${options[$j]}
4509 if [[ -z $validate_options ]] || $validate_options "${clang_args}"; then
4521 make -s -f ${makefile} build_test_config_combos
4542 # 18s - around 90ms per clang invocation on M1 Pro
4545 # Test that all the combinations build cleanly.
4548 msg "build: aes.o for all combinations of relevant config options"
4557 msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT"
4575 # Full configuration build, without platform support, file IO and net sockets.
4576 # This should catch missing mbedtls_printf definitions, and by disabling file
4578 msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s
4588 # to re-enable platform integration features otherwise disabled in C99 builds
4589 make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs
4590 make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test
4595 msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s
4600 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check .
4605 msg "build: full config except SSL server, make, gcc" # ~ 30s
4608 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
4612 msg "build: full config except SSL client, make, gcc" # ~ 30s
4615 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
4621 msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s
4625 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib
4629 msg "build: default config with memory buffer allocator and backtrace enabled"
4634 cmake -DCMAKE_BUILD_TYPE:String=Release .
4637 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE"
4638 make test
4642 msg "build: default config with memory buffer allocator"
4645 cmake -DCMAKE_BUILD_TYPE:String=Release .
4648 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C"
4649 make test
4651 msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C"
4653 tests/ssl-opt.sh -e '^DTLS proxy'
4658 msg "build: default config except MFL extension (ASan build)" # ~ 30s
4660 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4663 msg "test: ssl-opt.sh, MFL-related tests"
4664 tests/ssl-opt.sh -f "Max fragment length"
4668 msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)"
4671 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4674 msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
4675 make test
4677 msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
4678 tests/ssl-opt.sh
4680 msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
4683 msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
4684 tests/context-info.sh
4688 msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)"
4692 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4695 msg "test: MFL tests (disabled MFL extension case) & large packet tests"
4696 tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
4698 msg "test: context-info.sh (disabled MFL extension case)"
4699 tests/context-info.sh
4703 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)"
4705 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4708 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
4709 make test
4711 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
4712 tests/ssl-opt.sh
4714 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
4719 msg "build: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled (ASan build)"
4722 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4725 msg "test: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy)"
4726 make test
4728 msg "test: ssl-opt.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled"
4729 tests/ssl-opt.sh
4731 msg "test: compat.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled"
4736 msg "build: default config with memory buffer allocator and MFL extension"
4742 cmake -DCMAKE_BUILD_TYPE:String=Release .
4745 …msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG…
4746 make test
4748 …msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG…
4749 tests/ssl-opt.sh -f "Handshake memory usage"
4753 msg "build: when no ciphersuites have MAC"
4759 msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
4760 make test
4762 msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
4763 tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM'
4767 msg "build: default config without MBEDTLS_HAVE_TIME_DATE"
4769 cmake -D CMAKE_BUILD_TYPE:String=Check .
4772 msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites"
4773 make test
4777 msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
4781 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
4784 msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
4785 make test
4789 msg "build: malloc(0) returns NULL (ASan+UBSan build)"
4791 …make CC=$ASAN_CC CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-nul…
4793 msg "test: malloc(0) returns NULL (ASan+UBSan build)"
4794 make test
4796 msg "selftest: malloc(0) returns NULL (ASan+UBSan build)"
4797 # Just the calloc selftest. "make test" ran the others as part of the
4798 # test suites.
4799 programs/test/selftest calloc
4801 msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)"
4803 # and time (including time indirectly wasted due to flaky tests).
4806 # UDP proxy, which tend to be slower and flakier.
4807 tests/ssl-opt.sh -e 'proxy'
4811 # Check that gcc targets x86_64 (we can build AESNI), and check for
4815 # with the name of the corresponding test, component_test_aesni.
4817 # In principle 32-bit x86 can support AESNI, but our implementation does not
4818 # support 32-bit x86, so we check for x86-64.
4820 (gcc -v 2>&1 | grep Target | grep -q x86_64) &&
4821 [[ "$HOSTTYPE" == "x86_64" && "$OSTYPE" == "linux-gnu" ]] &&
4822 (lscpu | grep -qw aes)
4826 # This tests the two AESNI implementations (intrinsics and assembly), and also the plain C
4827 # fallback. It also tests the logic that is used to select which implementation(s) to build.
4829 # This test does not require the host to have support for AESNI (if it doesn't, the run-time
4833 msg "build: default config with different AES implementations"
4838 # test the intrinsics implementation
4839 msg "AES tests, test intrinsics"
4841 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes'
4842 # check that we built intrinsics - this should be used by default when supported by the compiler
4843 ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
4845 # test the asm implementation
4846 msg "AES tests, test assembly"
4848 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes'
4849 … # check that we built assembly - this should be built if the compiler does not support intrinsics
4850 ./programs/test/selftest aes | grep "AESNI code" | grep -q "assembly"
4852 # test the plain C implementation
4857 make CC=gcc CFLAGS='-O2 -Werror'
4859 ./programs/test/selftest aes | not grep -q "AESNI code"
4860 not grep -q "AES note: using AESNI" ./programs/test/selftest
4861 grep -q "AES note: built-in implementation." ./programs/test/selftest
4863 # test the intrinsics implementation
4866 msg "AES tests, test AESNI only"
4868 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes'
4869 ./programs/test/selftest aes | grep -q "AES note: using AESNI"
4870 ./programs/test/selftest aes | not grep -q "AES note: built-in implementation."
4871 grep -q "AES note: using AESNI" ./programs/test/selftest
4872 not grep -q "AES note: built-in implementation." ./programs/test/selftest
4878 # define minimal config sufficient to test SHA3
4886 …make -C tests test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=1 -DMBEDTLS_SHA3_PI_UNROLL=1 -DM…
4891 …make -C tests test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=0 -DMBEDTLS_SHA3_PI_UNROLL=0 -DM…
4896 support_test_m32_no_asm && (lscpu | grep -qw aes)
4902 # AESNI intrinsic code supports i386 and assembly code does not support it.
4904 msg "build: default config with different AES implementations"
4910 # test the intrinsics implementation with gcc
4911 msg "AES tests, test intrinsics (gcc)"
4913 make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
4914 # check that we built intrinsics - this should be used by default when supported by the compiler
4915 ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
4916 grep -q "AES note: using AESNI" ./programs/test/selftest
4917 grep -q "AES note: built-in implementation." ./programs/test/selftest
4918 grep -q "AES note: using VIA Padlock" ./programs/test/selftest
4919 grep -q mbedtls_aesni_has_support ./programs/test/selftest
4924 msg "AES tests, test AESNI only"
4926 make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32'
4927 ./programs/test/selftest aes | grep -q "AES note: using AESNI"
4928 ./programs/test/selftest aes | not grep -q "AES note: built-in implementation."
4929 grep -q "AES note: using AESNI" ./programs/test/selftest
4930 not grep -q "AES note: built-in implementation." ./programs/test/selftest
4931 not grep -q "AES note: using VIA Padlock" ./programs/test/selftest
4932 not grep -q mbedtls_aesni_has_support ./programs/test/selftest
4936 # clang >= 4 is required to build with target attributes
4937 support_test_aesni_m32 && [[ $(clang_version) -ge 4 ]]
4947 # test the intrinsics implementation with clang
4948 msg "AES tests, test intrinsics (clang)"
4950 make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
4951 # check that we built intrinsics - this should be used by default when supported by the compiler
4952 ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
4953 grep -q "AES note: using AESNI" ./programs/test/selftest
4954 grep -q "AES note: built-in implementation." ./programs/test/selftest
4955 grep -q "AES note: using VIA Padlock" ./programs/test/selftest
4956 grep -q mbedtls_aesni_has_support ./programs/test/selftest
4959 # For timebeing, no aarch64 gcc available in CI and no arm64 CI node.
4961 msg "Build: AESCE test on arm64 platform without plain C."
4964 # armc[56] don't support SHA-512 intrinsics
4968 # With this enabled, the library does build correctly under armclang,
4970 # unavailable, and the user is notified via a #warning. So enabling
4971 # this feature would prevent us from building with -Werror on
4976 msg "AESCE, build with default configuration."
4979 armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
4981 msg "AESCE, build AESCE only"
4984 armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
4988 # clang >= 11 is required to build with AES extensions
4989 [[ $(clang_version) -ge 11 ]]
4993 # Test variations of AES with Armv8 crypto extensions
4998 make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
5001 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -mar…
5004 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mth…
5009 make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
5012 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -mar…
5015 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mth…
5017 # test for presence of AES instructions
5019 msg "clang, test A32 crypto instructions built"
5020 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -mar…
5021 grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
5022 msg "clang, test T32 crypto instructions built"
5023 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mth…
5024 grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
5025 msg "clang, test aarch64 crypto instructions built"
5026 make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
5027 grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
5029 # test for absence of AES instructions
5032 msg "clang, test A32 crypto instructions not built"
5033 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -mar…
5034 not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
5035 msg "clang, test T32 crypto instructions not built"
5036 …make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mth…
5037 not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
5038 msg "clang, test aarch64 crypto instructions not built"
5039 make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
5040 not grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
5044 # clang >= 4 is required to build with SHA extensions
5045 [[ $(clang_version) -ge 4 ]]
5052 # Test variations of SHA256 Armv8 crypto extensions
5055 make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
5057 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -ma…
5061 # test the deprecated form of the config option
5064 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mt…
5069 make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
5073 # test the deprecated form of the config option
5076 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -ma…
5078 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mt…
5085 msg "${opt} clang, test A32 crypto instructions built"
5086 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -ma…
5087 grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
5089 msg "${opt} clang, test T32 crypto instructions built"
5090 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mt…
5091 grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
5093 msg "${opt} clang, test aarch64 crypto instructions built"
5094 make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
5095 grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
5101 msg "clang, test A32 crypto instructions not built"
5102 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -ma…
5103 not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
5105 msg "clang, test T32 crypto instructions not built"
5106 …make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mt…
5107 not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
5109 msg "clang, test aarch64 crypto instructions not built"
5110 make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
5111 not grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
5117 msg "AES:VIA PadLock, build with default configuration."
5121 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
5122 grep -q mbedtls_padlock_has_support ./programs/test/selftest
5127 ( [ "$MBEDTLS_TEST_PLATFORM" == "Linux-x86_64" ] || \
5128 [ "$MBEDTLS_TEST_PLATFORM" == "Linux-amd64" ] ) && \
5129 [ "`dpkg --print-foreign-architectures`" == "i386" ]
5137 msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH"
5141 make CFLAGS='-O2 -Werror -Wall -Wextra'
5143 msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH"
5144 make test
5148 msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
5153 make CC=clang CFLAGS='-Werror -Wall -Wextra'
5155 msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
5156 make test
5160 msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
5166 make CFLAGS='-O2 -Werror -Wall -Wextra'
5168 msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
5169 make test
5171 msg "selftest: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
5172 programs/test/selftest
5176 msg "build: default config + GCM_LARGE_TABLE - AESNI_C - AESCE_C"
5182 make CFLAGS='-O2 -Werror -Wall -Wextra'
5184 msg "test: default config - GCM_LARGE_TABLE - AESNI_C - AESCE_C"
5185 make test
5189 msg "build: default config with AES_FEWER_TABLES enabled"
5191 make CFLAGS='-O2 -Werror -Wall -Wextra'
5193 msg "test: AES_FEWER_TABLES"
5194 make test
5198 msg "build: default config with AES_ROM_TABLES enabled"
5200 make CFLAGS='-O2 -Werror -Wall -Wextra'
5202 msg "test: AES_ROM_TABLES"
5203 make test
5207 msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled"
5210 make CFLAGS='-O2 -Werror -Wall -Wextra'
5212 msg "test: AES_FEWER_TABLES + AES_ROM_TABLES"
5213 make test
5217 # - enable/disable the list of config options passed from -s/-u respectively.
5218 # - build
5219 # - test for tests_suite_xxx
5220 # - selftest
5223 # [-s set_opts] [-u unset_opts] [-c cflags] [-l ldflags] [option [...]]
5224 # Options: -s set_opts the list of config options to enable
5225 # -u unset_opts the list of config options to disable
5226 # -c cflags the list of options passed to CFLAGS
5227 # -l ldflags the list of options passed to LDFLAGS
5229 while [ $# -gt 0 ]; do
5231 -s)
5233 -u)
5235 -c)
5236 shift; local cflags="-Werror -Wall -Wextra $1";;
5237 -l)
5242 set_opts="${set_opts:-}"
5243 unset_opts="${unset_opts:-}"
5244 cflags="${cflags:-}"
5245 ldflags="${ldflags:-}"
5247 [ -n "$set_opts" ] && echo "Enabling: $set_opts" && scripts/config.py set-all $set_opts
5248 [ -n "$unset_opts" ] && echo "Disabling: $unset_opts" && scripts/config.py unset-all $unset_opts
5250 …msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $uns…
5252 make CFLAGS="-O2 $cflags" LDFLAGS="$ldflags"
5263 …msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unse…
5264 make test
5266 …ult config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $c…
5267 programs/test/selftest
5271 # - component_test_block_cipher_no_decrypt_aesni_legacy()
5272 # - component_test_block_cipher_no_decrypt_aesni_use_psa()
5273 # in order to test BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics,
5274 # AESNI assembly and AES C implementation on x86_64 and with AESNI intrinsics
5277 # test AESNI intrinsics
5279 -s "MBEDTLS_AESNI_C" \
5280 -c "-mpclmul -msse2 -maes"
5282 # test AESNI assembly
5284 -s "MBEDTLS_AESNI_C" \
5285 -c "-mno-pclmul -mno-sse2 -mno-aes"
5287 # test AES C implementation
5289 -u "MBEDTLS_AESNI_C"
5291 # test AESNI intrinsics for i386 target
5293 -s "MBEDTLS_AESNI_C" \
5294 -c "-m32 -mpclmul -msse2 -maes" \
5295 -l "-m32"
5310 if [ "$use_psa" -eq 1 ]; then
5314 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
5315 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
5316 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
5317 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES
5342 # armc[56] don't support SHA-512 intrinsics
5346 # With this enabled, the library does build correctly under armclang,
5348 # unavailable, and the user is notified via a #warning. So enabling
5349 # this feature would prevent us from building with -Werror on
5356 # test AESCE baremetal build
5358 msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESCE"
5359 … armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra"
5367 # Make sure we don't have mbedtls_aesce_inverse_key and aesce_decrypt_block in AESCE
5373 msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
5377 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
5380 msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
5381 make test
5385 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
5389 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
5392 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
5393 make test
5397 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
5402 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
5405 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
5406 make test
5410 msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C"
5412 make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS"
5414 msg "test: default config + MBEDTLS_PSA_CRYPTO_SE_C"
5415 make test
5419 msg "build: full + test drivers dispatching to builtins"
5422 loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
5423 …loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
5424 loc_cflags="${loc_cflags} -I../tests/include -O2"
5428 msg "test: full + test drivers dispatching to builtins"
5429 make test
5433 msg "build/test: make shared" # ~ 40s
5436 programs/test/dlopen_demo.sh
5440 msg "build/test: cmake shared" # ~ 2min
5441 cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
5444 make test
5445 programs/test/dlopen_demo.sh
5450 $cc --version
5452 msg "build/test: $cc $opt, $info" # ~ 30s
5453 make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror"
5456 # optimizations use inline assembly whereas runs with -O0
5458 make test # ~30s
5468 test_build_opt 'full config' clang -O0 -Os -O2
5474 test_build_opt 'full config' "$CLANG_LATEST" -O0 -Os -O2
5482 test_build_opt 'full config' "$CLANG_EARLIEST" -O0
5490 test_build_opt 'full config' "$GCC_LATEST" -O0 -Os -O2
5498 test_build_opt 'full config' "$GCC_EARLIEST" -O0
5505 msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s
5506 scripts/config.py -w full_config.h full
5508 make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'"
5510 programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
5513 msg "build: make with MBEDTLS_CONFIG_FILE + MBEDTLS_USER_CONFIG_FILE"
5517 …make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"use…
5518 not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
5520 rm -f user_config.h full_config.h
5524 msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE" # ~40s
5528 make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'"
5530 programs/test/query_compile_time_config MBEDTLS_CMAC_C
5533 … msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE + MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s
5538 …make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DMBEDTLS_PSA_CRYP…
5539 not programs/test/query_compile_time_config MBEDTLS_CMAC_C
5541 rm -f psa_test_config.h psa_user_config.h
5545 msg "build: make with PSA alt headers" # ~20s
5549 …make -C tests include/alt-extra/psa/crypto_platform_alt.h include/alt-extra/psa/crypto_struct_alt.h
5551 # Build the library and some programs.
5552 # Don't build the fuzzers to avoid having to go through hoops to set
5554 …make CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platfo…
5555 …make -C programs -o fuzz CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE=…
5557 # Check that we're getting the alternative include guards and not the
5559 programs/test/query_included_headers | grep -x PSA_CRYPTO_PLATFORM_ALT_H
5560 programs/test/query_included_headers | grep -x PSA_CRYPTO_STRUCT_ALT_H
5561 programs/test/query_included_headers | not grep -x PSA_CRYPTO_PLATFORM_H
5562 programs/test/query_included_headers | not grep -x PSA_CRYPTO_STRUCT_H
5566 # Build without assembly, so as to use portable C code (in a 32-bit
5567 # build) and not the i386-specific inline assembly.
5570 # this target (cannot find libclang_rt.lsan-i386.a - this is a known clang issue).
5571 msg "build: i386, make, gcc, no asm (ASan build)" # ~ 30s
5575 scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
5576 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
5578 msg "test: i386, make, gcc, no asm (ASan build)"
5579 make test
5582 case $(uname -m) in
5589 # Build with optimization, to use the i386 specific inline assembly
5590 # and go faster for tests.
5591 msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s
5593 scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
5594 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
5596 msg "test: i386, make, gcc -O2 (ASan build)"
5597 make test
5599 msg "test ssl-opt.sh, i386, make, gcc-O2"
5600 tests/ssl-opt.sh
5607 msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min
5609 scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
5610 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
5612 msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
5613 make test
5615 msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
5616 tests/ssl-opt.sh -f ECDH
5618 …msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 …
5620 tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
5627 msg "build: 64-bit ILP32, make, gcc" # ~ 30s
5629 make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -mx32' LDFLAGS='-mx32'
5631 msg "test: 64-bit ILP32, make, gcc"
5632 make test
5635 case $(uname -m) in
5642 msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s
5644 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
5647 msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s
5648 make test
5652 msg "build: gcc, force 32-bit bignum limbs"
5657 make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32'
5659 msg "test: gcc, force 32-bit bignum limbs"
5660 make test
5664 msg "build: gcc, force 64-bit bignum limbs"
5669 make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64'
5671 msg "test: gcc, force 64-bit bignum limbs"
5672 make test
5676 msg "build: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)"
5683 …make CC=gcc CFLAGS="$ASAN_CFLAGS -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32" LDFLAGS="$ASAN_CFLAGS"
5685 msg "test: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)"
5686 make test
5690 msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
5693 make CFLAGS='-Werror -O1'
5695 msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
5696 make test
5700 msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
5703 make CFLAGS='-Werror -O1'
5705 msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
5706 make test
5710 msg "build: no strings" # ~10s
5717 make CFLAGS='-Werror -Os'
5719 msg "test: no strings" # ~ 10s
5720 make test
5724 msg "build: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s
5728 make CFLAGS='-Werror -O2'
5730 msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s
5731 make test
5733 msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_INFO" # ~ 1 min
5734 tests/ssl-opt.sh
5738 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" # ~ 10s
5740 …I_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib
5742 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug"
5743 ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
5747 msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s
5749 # Build for a target platform that's close to what Debian uses
5751 # See https://github.com/Mbed-TLS/mbedtls/pull/2169 and comments.
5752 # Build everything including programs, see for example
5753 # https://github.com/Mbed-TLS/mbedtls/pull/3449#issuecomment-675313720
5754 …c" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAG…
5756 msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
5757 ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o
5764 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s
5768 # in case the gcc-arm-linux-gnueabi toolchain is not available
5769 …NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-marc…
5771 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
5772 ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
5776 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus, baremetal_size" # ~ 10s
5778 …r" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-…
5780 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size"
5781 ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
5784 ${ARM_NONE_EABI_GCC_PREFIX}size -t $lib | grep TOTALS
5789 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
5792 …_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib
5793 echo "Checking that software 64-bit division is not required"
5798 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
5801 …GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mth…
5802 echo "Checking that software 64-bit multiplication is not required"
5811 msg "build: clang thumb 2, make"
5813 …make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -march=armv7-m -mthumb' …
5815 # Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os
5816 msg "build: clang thumb 1 -O0, make"
5818 …make CC="clang" CFLAGS='-std=c99 -Werror -O0 --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb…
5820 msg "build: clang thumb 1 -Os, make"
5822 …make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb…
5826 msg "build: ARM Compiler 5"
5828 # armc[56] don't support SHA-512 intrinsics
5831 # older versions of armcc/armclang don't support AESCE_C on 32-bit Arm
5835 # With this enabled, the library does build correctly under armclang,
5837 # unavailable, and the user is notified via a #warning. So enabling
5838 # this feature would prevent us from building with -Werror on
5844 make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
5847 "$ARMC5_FROMELF" -z library/*.o
5849 # Compile mostly with -O1 since some Arm inline assembly is disabled for -O0.
5851 # ARM Compiler 6 - Target ARMv7-A
5852 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a"
5854 # ARM Compiler 6 - Target ARMv7-M
5855 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m"
5857 # ARM Compiler 6 - Target ARMv7-M+DSP
5858 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m+dsp"
5860 # ARM Compiler 6 - Target ARMv8-A - AArch32
5861 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8.2-a"
5863 # ARM Compiler 6 - Target ARMv8-M
5864 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main"
5866 # ARM Compiler 6 - Target Cortex-M0 - no optimisation
5867 armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0"
5869 # ARM Compiler 6 - Target Cortex-M0
5870 armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0"
5872 # ARM Compiler 6 - Target ARMv8.2-A - AArch64
5874 # Re-enable MBEDTLS_AESCE_C as this should be supported by the version of armclang
5877 armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
5887 msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_3, cmake, gcc, ASan"
5889 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
5892 msg "test: main suites (inc. selftests) (ASan build)"
5893 make test
5895 msg "test: ssl-opt.sh (ASan build)"
5896 tests/ssl-opt.sh
5898 msg "test: compat.sh (ASan build)"
5903 msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_2"
5906 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
5908 msg "test: TLS 1.3 only, all key exchange modes enabled"
5909 make test
5911 msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled"
5912 tests/ssl-opt.sh
5916 msg "build: TLS 1.3 only from default, only PSK key exchange mode"
5928 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
5933 msg "ssl-opt.sh: TLS 1.3 only, only PSK key exchange mode enabled"
5934 tests/ssl-opt.sh
5938 msg "build: TLS 1.3 only from default, only ephemeral key exchange mode"
5942 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
5947 msg "ssl-opt.sh: TLS 1.3 only, only ephemeral key exchange mode"
5948 tests/ssl-opt.sh
5952 msg "build: TLS 1.3 only from default, only ephemeral ffdh key exchange mode"
5958 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
5963 msg "ssl-opt.sh: TLS 1.3 only, only ephemeral ffdh key exchange mode"
5964 tests/ssl-opt.sh
5968 msg "build: TLS 1.3 only from default, only PSK ephemeral key exchange mode"
5978 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
5983 msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral key exchange mode"
5984 tests/ssl-opt.sh
5988 msg "build: TLS 1.3 only from default, only PSK ephemeral ffdh key exchange mode"
5999 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
6004 msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode"
6005 tests/ssl-opt.sh
6009 msg "build: TLS 1.3 only from default, without ephemeral key exchange mode"
6018 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
6020 msg "test_suite_ssl: TLS 1.3 only, PSK and PSK ephemeral key exchange modes"
6023 msg "ssl-opt.sh: TLS 1.3 only, PSK and PSK ephemeral key exchange modes"
6024 tests/ssl-opt.sh
6028 msg "build: TLS 1.3 only from default, without PSK key exchange mode"
6031 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
6033 msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
6036 msg "ssl-opt.sh: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
6037 tests/ssl-opt.sh
6041 msg "build: default config plus early data minus padding"
6044 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
6046 msg "test: default config plus early data minus padding"
6047 make test
6048 msg "ssl-opt.sh (TLS 1.3 no padding)"
6049 tests/ssl-opt.sh
6053 msg "build: default config plus early data minus middlebox compatibility mode"
6056 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
6058 msg "test: default config plus early data minus middlebox compatibility mode"
6059 make test
6060 msg "ssl-opt.sh (TLS 1.3 no compatibility mode)"
6061 tests/ssl-opt.sh
6065 msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
6066 …make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall …
6069 …make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -maes …
6072 msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
6073 …make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall …
6074 …make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall …
6077 …msg "build: Windows cross build - mingw64, make (Library only, default config without MBEDTLS_AESN…
6079 …make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall …
6083 case $(i686-w64-mingw32-gcc -dumpversion 2>/dev/null) in
6084 [0-5]*|"") false;;
6090 msg "build: MSan (clang)" # ~ 1 min 20s
6092 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
6095 msg "test: main suites (MSan)" # ~ 10s
6096 make test
6098 msg "test: metatests (MSan)"
6099 tests/scripts/run-metatests.sh any msan
6104 msg "test: ssl-opt.sh (MSan)" # ~ 1 min
6105 tests/ssl-opt.sh
6109 if [ "$MEMORY" -gt 0 ]; then
6110 msg "test: compat.sh (MSan)" # ~ 6 min 20s
6116 msg "build: Release (clang)"
6118 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
6121 msg "test: main suites, Valgrind (default config)"
6127 if [ "$MEMORY" -gt 0 ]; then
6128 msg "test: ssl-opt.sh --memcheck (default config)"
6129 tests/ssl-opt.sh --memcheck
6132 if [ "$MEMORY" -gt 1 ]; then
6133 msg "test: compat.sh --memcheck (default config)"
6134 tests/compat.sh --memcheck
6137 if [ "$MEMORY" -gt 0 ]; then
6138 msg "test: context-info.sh --memcheck (default config)"
6139 tests/context-info.sh --memcheck
6144 msg "build: Release, full (clang)"
6147 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
6150 msg "test: main suites, Valgrind (full config)"
6160 # Attempt to parse lsb-release to find out distribution and version. If not
6161 # found this should fail safe (test is supported).
6162 if [[ -f /etc/lsb-release ]]; then
6164 while read -r lsb_line; do
6169 done < /etc/lsb-release
6176 # Running the out of source CMake test on Ubuntu 16.04 using more than one
6177 # processor (as the CI does) can create a race condition whereby the build
6181 [ "$distrib_id" != "Ubuntu" ] || [ "$distrib_ver_major" -gt 16 ]
6189 msg "build: cmake 'out-of-source' build"
6194 cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON "$MBEDTLS_ROOT_DIR"
6197 msg "test: cmake 'out-of-source' build"
6198 make test
6199 # Check that ssl-opt.sh can find the test programs.
6202 # file is missing (ssl-opt.sh tolerates the absence of some files so
6204 ./tests/ssl-opt.sh -f 'Default' >ssl-opt.out 2>ssl-opt.err
6205 grep PASS ssl-opt.out
6206 cat ssl-opt.err >&2
6207 # If ssl-opt.err is non-empty, record an error and keep going.
6208 [ ! -s ssl-opt.err ]
6209 rm ssl-opt.out ssl-opt.err
6211 rm -rf "$OUT_OF_SOURCE_DIR"
6219 msg "build: cmake 'as-subdirectory' build"
6220 cd programs/test/cmake_subproject
6222 cmake -D GEN_FILES=ON .
6235 msg "build: cmake 'as-package' build"
6236 cd programs/test/cmake_package
6250 msg "build: cmake 'as-installed-package' build"
6251 cd programs/test/cmake_package_install
6261 # Make a copy of config file to use for the in-tree test
6268 # Build once to get the generated files (which need an intact config file)
6272 msg "build: cmake with -DMBEDTLS_CONFIG_FILE"
6273 scripts/config.py -w full_config.h full
6274 echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H"
6275 cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h "$MBEDTLS_ROOT_DIR"
6278 msg "build: cmake with -DMBEDTLS_CONFIG_FILE + -DMBEDTLS_USER_CONFIG_FILE"
6283 …cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h…
6285 not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
6287 rm -f user_config.h full_config.h
6290 rm -rf "$OUT_OF_SOURCE_DIR"
6292 # Now repeat the test for an in-tree build:
6294 # Restore config for the in-tree test
6297 # Build once to get the generated files (which need an intact config)
6301 msg "build: cmake (in-tree) with -DMBEDTLS_CONFIG_FILE"
6302 scripts/config.py -w full_config.h full
6303 echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H"
6304 cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h .
6307 msg "build: cmake (in-tree) with -DMBEDTLS_CONFIG_FILE + -DMBEDTLS_USER_CONFIG_FILE"
6312 …cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h…
6314 not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
6316 rm -f user_config.h full_config.h
6324 msg "build: check for obviously wrong calls to mbedtls_platform_zeroize()"
6328 # Only compile - we're looking for sizeof-pointer-memaccess warnings
6329 …CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_T…
6334 # Test that the function mbedtls_platform_zeroize() is not optimized away by
6335 # different combinations of compilers and optimization flags by using an
6338 # output to check whether the pass string is present and no failure strings
6342 # about a spurious message if Gdb tries and fails, so suppress that.
6344 if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then
6345 gdb_disable_aslr='set disable-randomization off'
6348 for optimization_flag in -O2 -O3 -Ofast -Os; do
6350 msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
6352 …gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroi…
6354 not grep -i "error" test_zeroize.log
6355 rm -f test_zeroize.log
6362 # The arch tests build with gcc, so require use of gcc here to link properly
6363 msg "build: make, default config (out-of-box), libmbedcrypto.a only"
6364 CC=gcc make -C library libmbedcrypto.a
6366 msg "unit test: test_psa_compliance.py"
6371 # psa-compliance-tests only supports CMake >= 3.10.0
6372 ver="$(cmake --version)"
6379 [ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ]
6388 case $(uncrustify --version) in
6396 tests/scripts/check-python-files.sh
6400 msg "unit test: generate_test_code.py"
6402 # Our convention is to reserve stderr for actual errors, and write
6403 # harmless info on stdout so it can be suppress with --quiet.
6406 msg "unit test: translate_ciphers.py"
6407 python3 -m unittest tests/scripts/translate_ciphers.py 2>&1
6428 # Function invoked by --error-test to test error reporting.
6431 if [ $KEEP_GOING -ne 0 ]; then
6437 # Expected error: 'grep non_existent /dev/null -> 1'
6439 # Expected error: '! grep -q . tests/scripts/all.sh -> 1'
6440 not grep -q . "$0"
6441 # Expected error: 'make unknown_target -> 2'
6446 # Run one component and clean up afterwards.
6461 # Run the component in a subshell, with error trapping and output
6463 if [ $KEEP_GOING -eq 1 ]; then
6464 # We want to keep running if the subshell fails, so 'set -e' must
6469 if [ $QUIET -eq 1 ]; then
6474 if [ $KEEP_GOING -eq 1 ]; then
6475 # Keep "set -e" off, and run an ERR trap instead to record failures.
6476 set -E
6481 if [ $KEEP_GOING -eq 1 ]; then
6482 trap - ERR
6487 if [ $KEEP_GOING -eq 1 ]; then
6488 set -e
6489 if [ $component_status -ne 0 ]; then
6494 # Restore the build tree to a clean state.
6510 if [ $KEEP_GOING -eq 1 ]; then