1#! /usr/bin/env bash 2 3# all.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 7 8 9 10################################################################ 11#### Documentation 12################################################################ 13 14# Purpose 15# ------- 16# 17# To run all tests possible or available on the platform. 18# 19# Notes for users 20# --------------- 21# 22# Warning: the test is destructive. It includes various build modes and 23# configurations, and can and will arbitrarily change the current CMake 24# configuration. The following files must be committed into git: 25# * include/mbedtls/config.h 26# * Makefile, library/Makefile, programs/Makefile, tests/Makefile, 27# programs/fuzz/Makefile 28# After running this script, the CMake cache will be lost and CMake 29# will no longer be initialised. 30# 31# The script assumes the presence of a number of tools: 32# * Basic Unix tools (Windows users note: a Unix-style find must be before 33# the Windows find in the PATH) 34# * Perl 35# * GNU Make 36# * CMake 37# * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind) 38# * G++ 39# * arm-gcc and mingw-gcc 40# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc 41# * OpenSSL and GnuTLS command line tools, recent enough for the 42# interoperability tests. If they don't support SSLv3 then a legacy 43# version of these tools must be present as well (search for LEGACY 44# below). 45# See the invocation of check_tools below for details. 46# 47# This script must be invoked from the toplevel directory of a git 48# working copy of Mbed TLS. 49# 50# The behavior on an error depends on whether --keep-going (alias -k) 51# is in effect. 52# * Without --keep-going: the script stops on the first error without 53# cleaning up. This lets you work in the configuration of the failing 54# component. 55# * With --keep-going: the script runs all requested components and 56# reports failures at the end. In particular the script always cleans 57# up on exit. 58# 59# Note that the output is not saved. You may want to run 60# script -c tests/scripts/all.sh 61# or 62# tests/scripts/all.sh >all.log 2>&1 63# 64# Notes for maintainers 65# --------------------- 66# 67# The bulk of the code is organized into functions that follow one of the 68# following naming conventions: 69# * pre_XXX: things to do before running the tests, in order. 70# * component_XXX: independent components. They can be run in any order. 71# * component_check_XXX: quick tests that aren't worth parallelizing. 72# * component_build_XXX: build things but don't run them. 73# * component_test_XXX: build and test. 74# * support_XXX: if support_XXX exists and returns false then 75# component_XXX is not run by default. 76# * post_XXX: things to do after running the tests. 77# * other: miscellaneous support functions. 78# 79# Each component must start by invoking `msg` with a short informative message. 80# 81# Warning: due to the way bash detects errors, the failure of a command 82# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'. 83# 84# Each component is executed in a separate shell process. The component 85# fails if any command in it returns a non-zero status. 86# 87# The framework performs some cleanup tasks after each component. This 88# means that components can assume that the working directory is in a 89# cleaned-up state, and don't need to perform the cleanup themselves. 90# * Run `make clean`. 91# * Restore `include/mbedtks/config.h` from a backup made before running 92# the component. 93# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`, 94# `tests/Makefile` and `programs/fuzz/Makefile` from git. 95# This cleans up after an in-tree use of CMake. 96# 97# The tests are roughly in order from fastest to slowest. This doesn't 98# have to be exact, but in general you should add slower tests towards 99# the end and fast checks near the beginning. 100 101 102 103################################################################ 104#### Initialization and command line parsing 105################################################################ 106 107# Abort on errors (even on the left-hand side of a pipe). 108# Treat uninitialised variables as errors. 109set -e -o pipefail -u 110 111# Enable ksh/bash extended file matching patterns 112shopt -s extglob 113 114pre_check_environment () { 115 if [ -d library -a -d include -a -d tests ]; then :; else 116 echo "Must be run from Mbed TLS root" >&2 117 exit 1 118 fi 119} 120 121pre_initialize_variables () { 122 CONFIG_H='include/mbedtls/config.h' 123 CRYPTO_CONFIG_H='include/psa/crypto_config.h' 124 125 # Files that are clobbered by some jobs will be backed up. Use a different 126 # suffix from auxiliary scripts so that all.sh and auxiliary scripts can 127 # independently decide when to remove the backup file. 128 backup_suffix='.all.bak' 129 # Files clobbered by config.py 130 files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H" 131 # Files clobbered by in-tree cmake 132 files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile" 133 134 append_outcome=0 135 MEMORY=0 136 FORCE=0 137 QUIET=0 138 KEEP_GOING=0 139 140 # Seed value used with the --release-test option. 141 # 142 # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if 143 # both values are kept in sync. If you change the value here because it 144 # breaks some tests, you'll definitely want to change it in 145 # basic-build-test.sh as well. 146 RELEASE_SEED=1 147 148 : ${MBEDTLS_TEST_OUTCOME_FILE=} 149 : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} 150 export MBEDTLS_TEST_OUTCOME_FILE 151 export MBEDTLS_TEST_PLATFORM 152 153 # Default commands, can be overridden by the environment 154 : ${OPENSSL:="openssl"} 155 : ${OPENSSL_LEGACY:="$OPENSSL"} 156 : ${OPENSSL_NEXT:="$OPENSSL"} 157 : ${GNUTLS_CLI:="gnutls-cli"} 158 : ${GNUTLS_SERV:="gnutls-serv"} 159 : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} 160 : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} 161 : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} 162 : ${ARMC5_BIN_DIR:=/usr/bin} 163 : ${ARMC6_BIN_DIR:=/usr/bin} 164 : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-} 165 : ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-} 166 : ${CLANG_LATEST:="clang-latest"} 167 : ${CLANG_EARLIEST:="clang-earliest"} 168 : ${GCC_LATEST:="gcc-latest"} 169 : ${GCC_EARLIEST:="gcc-earliest"} 170 171 # if MAKEFLAGS is not set add the -j option to speed up invocations of make 172 if [ -z "${MAKEFLAGS+set}" ]; then 173 export MAKEFLAGS="-j$(all_sh_nproc)" 174 fi 175 176 # Include more verbose output for failing tests run by CMake or make 177 export CTEST_OUTPUT_ON_FAILURE=1 178 179 # CFLAGS and LDFLAGS for Asan builds that don't use CMake 180 # default to -O2, use -Ox _after_ this if you want another level 181 ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' 182 183 # Platform tests have an allocation that returns null 184 export ASAN_OPTIONS="allocator_may_return_null=1" 185 export MSAN_OPTIONS="allocator_may_return_null=1" 186 187 # Gather the list of available components. These are the functions 188 # defined in this script whose name starts with "component_". 189 ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//') 190 191 # Exclude components that are not supported on this platform. 192 SUPPORTED_COMPONENTS= 193 for component in $ALL_COMPONENTS; do 194 case $(type "support_$component" 2>&1) in 195 *' function'*) 196 if ! support_$component; then continue; fi;; 197 esac 198 SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component" 199 done 200} 201 202# Test whether the component $1 is included in the command line patterns. 203is_component_included() 204{ 205 # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS 206 # only does word splitting. 207 set -f 208 for pattern in $COMMAND_LINE_COMPONENTS; do 209 set +f 210 case ${1#component_} in $pattern) return 0;; esac 211 done 212 set +f 213 return 1 214} 215 216usage() 217{ 218 cat <<EOF 219Usage: $0 [OPTION]... [COMPONENT]... 220Run mbedtls release validation tests. 221By default, run all tests. With one or more COMPONENT, run only those. 222COMPONENT can be the name of a component or a shell wildcard pattern. 223 224Examples: 225 $0 "check_*" 226 Run all sanity checks. 227 $0 --no-armcc --except test_memsan 228 Run everything except builds that require armcc and MemSan. 229 230Special options: 231 -h|--help Print this help and exit. 232 --list-all-components List all available test components and exit. 233 --list-components List components supported on this platform and exit. 234 235General options: 236 -q|--quiet Only output component names, and errors if any. 237 -f|--force Force the tests to overwrite any modified files. 238 -k|--keep-going Run all tests and report errors at the end. 239 -m|--memory Additional optional memory tests. 240 --append-outcome Append to the outcome file (if used). 241 --arm-none-eabi-gcc-prefix=<string> 242 Prefix for a cross-compiler for arm-none-eabi 243 (default: "${ARM_NONE_EABI_GCC_PREFIX}") 244 --arm-linux-gnueabi-gcc-prefix=<string> 245 Prefix for a cross-compiler for arm-linux-gnueabi 246 (default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}") 247 --armcc Run ARM Compiler builds (on by default). 248 --restore First clean up the build tree, restoring backed up 249 files. Do not run any components unless they are 250 explicitly specified. 251 --error-test Error test mode: run a failing function in addition 252 to any specified component. May be repeated. 253 --except Exclude the COMPONENTs listed on the command line, 254 instead of running only those. 255 --no-append-outcome Write a new outcome file and analyze it (default). 256 --no-armcc Skip ARM Compiler builds. 257 --no-force Refuse to overwrite modified files (default). 258 --no-keep-going Stop at the first error (default). 259 --no-memory No additional memory tests (default). 260 --no-quiet Print full output from components. 261 --out-of-source-dir=<path> Directory used for CMake out-of-source build tests. 262 --outcome-file=<path> File where test outcomes are written (not done if 263 empty; default: \$MBEDTLS_TEST_OUTCOME_FILE). 264 --random-seed Use a random seed value for randomized tests (default). 265 -r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}. 266 -s|--seed Integer seed value to use for this test run. 267 268Tool path options: 269 --armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory. 270 --armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory. 271 --clang-earliest=<Clang_earliest_path> Earliest version of clang available 272 --clang-latest=<Clang_latest_path> Latest version of clang available 273 --gcc-earliest=<GCC_earliest_path> Earliest version of GCC available 274 --gcc-latest=<GCC_latest_path> Latest version of GCC available 275 --gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests. 276 --gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests. 277 --gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests. 278 --gnutls-legacy-serv=<GnuTLS_serv_path> GnuTLS server executable to use for legacy tests. 279 --openssl=<OpenSSL_path> OpenSSL executable to use for most tests. 280 --openssl-legacy=<OpenSSL_path> OpenSSL executable to use for legacy tests e.g. SSLv3. 281 --openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA 282EOF 283} 284 285# Cleanup before/after running a component. 286# Remove built files as well as the cmake cache/config. 287# Does not remove generated source files. 288cleanup() 289{ 290 command make clean 291 292 # Remove CMake artefacts 293 find . -name .git -prune -o \ 294 -iname CMakeFiles -exec rm -rf {} \+ -o \ 295 \( -iname cmake_install.cmake -o \ 296 -iname CTestTestfile.cmake -o \ 297 -iname CMakeCache.txt \) -exec rm {} \+ 298 # Recover files overwritten by in-tree CMake builds 299 rm -f include/Makefile include/mbedtls/Makefile programs/!(fuzz)/Makefile 300 301 # Remove any artifacts from the component_test_cmake_as_subdirectory test. 302 rm -rf programs/test/cmake_subproject/build 303 rm -f programs/test/cmake_subproject/Makefile 304 rm -f programs/test/cmake_subproject/cmake_subproject 305 306 # Restore files that may have been clobbered by the job 307 for x in $files_to_back_up; do 308 if [[ -e "$x$backup_suffix" ]]; then 309 cp -p "$x$backup_suffix" "$x" 310 fi 311 done 312} 313 314# Final cleanup when this script exits (except when exiting on a failure 315# in non-keep-going mode). 316final_cleanup () { 317 cleanup 318 319 for x in $files_to_back_up; do 320 rm -f "$x$backup_suffix" 321 done 322} 323 324# Executed on exit. May be redefined depending on command line options. 325final_report () { 326 : 327} 328 329fatal_signal () { 330 final_cleanup 331 final_report $1 332 trap - $1 333 kill -$1 $$ 334} 335 336trap 'fatal_signal HUP' HUP 337trap 'fatal_signal INT' INT 338trap 'fatal_signal TERM' TERM 339 340# Number of processors on this machine. Used as the default setting 341# for parallel make. 342all_sh_nproc () 343{ 344 { 345 nproc || # Linux 346 sysctl -n hw.ncpuonline || # NetBSD, OpenBSD 347 sysctl -n hw.ncpu || # FreeBSD 348 echo 1 349 } 2>/dev/null 350} 351 352msg() 353{ 354 if [ -n "${current_component:-}" ]; then 355 current_section="${current_component#component_}: $1" 356 else 357 current_section="$1" 358 fi 359 360 if [ $QUIET -eq 1 ]; then 361 return 362 fi 363 364 echo "" 365 echo "******************************************************************" 366 echo "* $current_section " 367 printf "* "; date 368 echo "******************************************************************" 369} 370 371armc6_build_test() 372{ 373 FLAGS="$1" 374 375 msg "build: ARM Compiler 6 ($FLAGS)" 376 ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ 377 WARNING_CFLAGS='-Werror -xc -std=c99' make lib 378 379 msg "size: ARM Compiler 6 ($FLAGS)" 380 "$ARMC6_FROMELF" -z library/*.o 381 382 make clean 383} 384 385err_msg() 386{ 387 echo "$1" >&2 388} 389 390check_tools() 391{ 392 for TOOL in "$@"; do 393 if ! `type "$TOOL" >/dev/null 2>&1`; then 394 err_msg "$TOOL not found!" 395 exit 1 396 fi 397 done 398} 399 400pre_parse_command_line () { 401 COMMAND_LINE_COMPONENTS= 402 all_except=0 403 error_test=0 404 restore_first=0 405 no_armcc= 406 407 # Note that legacy options are ignored instead of being omitted from this 408 # list of options, so invocations that worked with previous version of 409 # all.sh will still run and work properly. 410 while [ $# -gt 0 ]; do 411 case "$1" in 412 --append-outcome) append_outcome=1;; 413 --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";; 414 --arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";; 415 --armcc) no_armcc=;; 416 --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; 417 --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; 418 --clang-earliest) shift; CLANG_EARLIEST="$1";; 419 --clang-latest) shift; CLANG_LATEST="$1";; 420 --error-test) error_test=$((error_test + 1));; 421 --except) all_except=1;; 422 --force|-f) FORCE=1;; 423 --gcc-earliest) shift; GCC_EARLIEST="$1";; 424 --gcc-latest) shift; GCC_LATEST="$1";; 425 --gnutls-cli) shift; GNUTLS_CLI="$1";; 426 --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; 427 --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; 428 --gnutls-serv) shift; GNUTLS_SERV="$1";; 429 --help|-h) usage; exit;; 430 --keep-going|-k) KEEP_GOING=1;; 431 --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;; 432 --list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;; 433 --memory|-m) MEMORY=1;; 434 --no-append-outcome) append_outcome=0;; 435 --no-armcc) no_armcc=1;; 436 --no-force) FORCE=0;; 437 --no-keep-going) KEEP_GOING=0;; 438 --no-memory) MEMORY=0;; 439 --no-quiet) QUIET=0;; 440 --openssl) shift; OPENSSL="$1";; 441 --openssl-legacy) shift; OPENSSL_LEGACY="$1";; 442 --openssl-next) shift; OPENSSL_NEXT="$1";; 443 --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";; 444 --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; 445 --quiet|-q) QUIET=1;; 446 --random-seed) unset SEED;; 447 --release-test|-r) SEED=$RELEASE_SEED;; 448 --restore) restore_first=1;; 449 --seed|-s) shift; SEED="$1";; 450 -*) 451 echo >&2 "Unknown option: $1" 452 echo >&2 "Run $0 --help for usage." 453 exit 120 454 ;; 455 *) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";; 456 esac 457 shift 458 done 459 460 # With no list of components, run everything. 461 if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then 462 all_except=1 463 fi 464 465 # --no-armcc is a legacy option. The modern way is --except '*_armcc*'. 466 # Ignore it if components are listed explicitly on the command line. 467 if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then 468 COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*" 469 fi 470 471 # Error out if an explicitly requested component doesn't exist. 472 if [ $all_except -eq 0 ]; then 473 unsupported=0 474 # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS 475 # only does word splitting. 476 set -f 477 for component in $COMMAND_LINE_COMPONENTS; do 478 set +f 479 # If the requested name includes a wildcard character, don't 480 # check it. Accept wildcard patterns that don't match anything. 481 case $component in 482 *[*?\[]*) continue;; 483 esac 484 case " $SUPPORTED_COMPONENTS " in 485 *" $component "*) :;; 486 *) 487 echo >&2 "Component $component was explicitly requested, but is not known or not supported." 488 unsupported=$((unsupported + 1));; 489 esac 490 done 491 set +f 492 if [ $unsupported -ne 0 ]; then 493 exit 2 494 fi 495 fi 496 497 # Build the list of components to run. 498 RUN_COMPONENTS= 499 for component in $SUPPORTED_COMPONENTS; do 500 if is_component_included "$component"; [ $? -eq $all_except ]; then 501 RUN_COMPONENTS="$RUN_COMPONENTS $component" 502 fi 503 done 504 505 unset all_except 506 unset no_armcc 507} 508 509pre_check_git () { 510 if [ $FORCE -eq 1 ]; then 511 rm -rf "$OUT_OF_SOURCE_DIR" 512 git checkout-index -f -q $CONFIG_H 513 cleanup 514 else 515 516 if [ -d "$OUT_OF_SOURCE_DIR" ]; then 517 echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2 518 echo "You can either delete this directory manually, or force the test by rerunning" 519 echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR" 520 exit 1 521 fi 522 523 if ! git diff --quiet include/mbedtls/config.h; then 524 err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " 525 echo "You can either delete or preserve your work, or force the test by rerunning the" 526 echo "script as: $0 --force" 527 exit 1 528 fi 529 fi 530} 531 532pre_restore_files () { 533 # If the makefiles have been generated by a framework such as cmake, 534 # restore them from git. If the makefiles look like modifications from 535 # the ones checked into git, take care not to modify them. Whatever 536 # this function leaves behind is what the script will restore before 537 # each component. 538 case "$(head -n1 Makefile)" in 539 *[Gg]enerated*) 540 git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile 541 git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile 542 ;; 543 esac 544} 545 546pre_back_up () { 547 for x in $files_to_back_up; do 548 cp -p "$x" "$x$backup_suffix" 549 done 550} 551 552pre_setup_keep_going () { 553 failure_count=0 # Number of failed components 554 last_failure_status=0 # Last failure status in this component 555 556 # See err_trap 557 previous_failure_status=0 558 previous_failed_command= 559 previous_failure_funcall_depth=0 560 unset report_failed_command 561 562 start_red= 563 end_color= 564 if [ -t 1 ]; then 565 case "${TERM:-}" in 566 *color*|cygwin|linux|rxvt*|screen|[Eex]term*) 567 start_red=$(printf '\033[31m') 568 end_color=$(printf '\033[0m') 569 ;; 570 esac 571 fi 572 573 # Keep a summary of failures in a file. We'll print it out at the end. 574 failure_summary_file=$PWD/all-sh-failures-$$.log 575 : >"$failure_summary_file" 576 577 # Whether it makes sense to keep a component going after the specified 578 # command fails (test command) or not (configure or build). 579 # This function normally receives the failing simple command 580 # ($BASH_COMMAND) as an argument, but if $report_failed_command is set, 581 # this is passed instead. 582 # This doesn't have to be 100% accurate: all failures are recorded anyway. 583 # False positives result in running things that can't be expected to 584 # work. False negatives result in things not running after something else 585 # failed even though they might have given useful feedback. 586 can_keep_going_after_failure () { 587 case "$1" in 588 "msg "*) false;; 589 "cd "*) false;; 590 *make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ... 591 *test*) true;; # make test, tests/stuff, env V=v tests/stuff, ... 592 *make*check*) true;; 593 "grep "*) true;; 594 "[ "*) true;; 595 "! "*) true;; 596 *) false;; 597 esac 598 } 599 600 # This function runs if there is any error in a component. 601 # It must either exit with a nonzero status, or set 602 # last_failure_status to a nonzero value. 603 err_trap () { 604 # Save $? (status of the failing command). This must be the very 605 # first thing, before $? is overridden. 606 last_failure_status=$? 607 failed_command=${report_failed_command-$BASH_COMMAND} 608 609 if [[ $last_failure_status -eq $previous_failure_status && 610 "$failed_command" == "$previous_failed_command" && 611 ${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]] 612 then 613 # The same command failed twice in a row, but this time one level 614 # less deep in the function call stack. This happens when the last 615 # command of a function returns a nonzero status, and the function 616 # returns that same status. Ignore the second failure. 617 previous_failure_funcall_depth=${#FUNCNAME[@]} 618 return 619 fi 620 previous_failure_status=$last_failure_status 621 previous_failed_command=$failed_command 622 previous_failure_funcall_depth=${#FUNCNAME[@]} 623 624 text="$current_section: $failed_command -> $last_failure_status" 625 echo "${start_red}^^^^$text^^^^${end_color}" >&2 626 echo "$text" >>"$failure_summary_file" 627 628 # If the command is fatal (configure or build command), stop this 629 # component. Otherwise (test command) keep the component running 630 # (run more tests from the same build). 631 if ! can_keep_going_after_failure "$failed_command"; then 632 exit $last_failure_status 633 fi 634 } 635 636 final_report () { 637 if [ $failure_count -gt 0 ]; then 638 echo 639 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" 640 echo "${start_red}FAILED: $failure_count components${end_color}" 641 cat "$failure_summary_file" 642 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" 643 elif [ -z "${1-}" ]; then 644 echo "SUCCESS :)" 645 fi 646 if [ -n "${1-}" ]; then 647 echo "Killed by SIG$1." 648 fi 649 rm -f "$failure_summary_file" 650 if [ $failure_count -gt 0 ]; then 651 exit 1 652 fi 653 } 654} 655 656# record_status() and if_build_succeeded() are kept temporarily for backward 657# compatibility. Don't use them in new components. 658record_status () { 659 "$@" 660} 661if_build_succeeded () { 662 "$@" 663} 664 665# '! true' does not trigger the ERR trap. Arrange to trigger it, with 666# a reasonably informative error message (not just "$@"). 667not () { 668 if "$@"; then 669 report_failed_command="! $*" 670 false 671 unset report_failed_command 672 fi 673} 674 675pre_prepare_outcome_file () { 676 case "$MBEDTLS_TEST_OUTCOME_FILE" in 677 [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";; 678 esac 679 if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then 680 rm -f "$MBEDTLS_TEST_OUTCOME_FILE" 681 fi 682} 683 684pre_print_configuration () { 685 if [ $QUIET -eq 1 ]; then 686 return 687 fi 688 689 msg "info: $0 configuration" 690 echo "MEMORY: $MEMORY" 691 echo "FORCE: $FORCE" 692 echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}" 693 echo "SEED: ${SEED-"UNSET"}" 694 echo 695 echo "OPENSSL: $OPENSSL" 696 echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" 697 echo "OPENSSL_NEXT: $OPENSSL_NEXT" 698 echo "GNUTLS_CLI: $GNUTLS_CLI" 699 echo "GNUTLS_SERV: $GNUTLS_SERV" 700 echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" 701 echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" 702 echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR" 703 echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR" 704} 705 706# Make sure the tools we need are available. 707pre_check_tools () { 708 # Build the list of variables to pass to output_env.sh. 709 set env 710 711 case " $RUN_COMPONENTS " in 712 # Require OpenSSL and GnuTLS if running any tests (as opposed to 713 # only doing builds). Not all tests run OpenSSL and GnuTLS, but this 714 # is a good enough approximation in practice. 715 *" test_"*) 716 # To avoid setting OpenSSL and GnuTLS for each call to compat.sh 717 # and ssl-opt.sh, we just export the variables they require. 718 export OPENSSL="$OPENSSL" 719 export GNUTLS_CLI="$GNUTLS_CLI" 720 export GNUTLS_SERV="$GNUTLS_SERV" 721 # Avoid passing --seed flag in every call to ssl-opt.sh 722 if [ -n "${SEED-}" ]; then 723 export SEED 724 fi 725 set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" 726 set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV" 727 set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" 728 set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" 729 check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ 730 "$GNUTLS_CLI" "$GNUTLS_SERV" \ 731 "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" 732 ;; 733 esac 734 735 case " $RUN_COMPONENTS " in 736 *_doxygen[_\ ]*) check_tools "doxygen" "dot";; 737 esac 738 739 case " $RUN_COMPONENTS " in 740 *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";; 741 esac 742 743 case " $RUN_COMPONENTS " in 744 *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";; 745 esac 746 747 case " $RUN_COMPONENTS " in 748 *" test_zeroize "*) check_tools "gdb";; 749 esac 750 751 case " $RUN_COMPONENTS " in 752 *_armcc*) 753 ARMC5_CC="$ARMC5_BIN_DIR/armcc" 754 ARMC5_AR="$ARMC5_BIN_DIR/armar" 755 ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf" 756 ARMC6_CC="$ARMC6_BIN_DIR/armclang" 757 ARMC6_AR="$ARMC6_BIN_DIR/armar" 758 ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf" 759 check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \ 760 "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";; 761 esac 762 763 # past this point, no call to check_tool, only printing output 764 if [ $QUIET -eq 1 ]; then 765 return 766 fi 767 768 msg "info: output_env.sh" 769 case $RUN_COMPONENTS in 770 *_armcc*) 771 set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;; 772 *) set "$@" RUN_ARMCC=0;; 773 esac 774 "$@" scripts/output_env.sh 775} 776 777 778 779################################################################ 780#### Basic checks 781################################################################ 782 783# 784# Test Suites to be executed 785# 786# The test ordering tries to optimize for the following criteria: 787# 1. Catch possible problems early, by running first tests that run quickly 788# and/or are more likely to fail than others (eg I use Clang most of the 789# time, so start with a GCC build). 790# 2. Minimize total running time, by avoiding useless rebuilds 791# 792# Indicative running times are given for reference. 793 794component_check_recursion () { 795 msg "Check: recursion.pl" # < 1s 796 tests/scripts/recursion.pl library/*.c 797} 798 799component_check_generated_files () { 800 msg "Check: freshness of generated source files" # < 1s 801 tests/scripts/check-generated-files.sh 802} 803 804component_check_doxy_blocks () { 805 msg "Check: doxygen markup outside doxygen blocks" # < 1s 806 tests/scripts/check-doxy-blocks.pl 807} 808 809component_check_files () { 810 msg "Check: file sanity checks (permissions, encodings)" # < 1s 811 tests/scripts/check_files.py 812} 813 814component_check_changelog () { 815 msg "Check: changelog entries" # < 1s 816 rm -f ChangeLog.new 817 scripts/assemble_changelog.py -o ChangeLog.new 818 if [ -e ChangeLog.new ]; then 819 # Show the diff for information. It isn't an error if the diff is 820 # non-empty. 821 diff -u ChangeLog ChangeLog.new || true 822 rm ChangeLog.new 823 fi 824} 825 826component_check_names () { 827 msg "Check: declared and exported names (builds the library)" # < 3s 828 tests/scripts/check_names.py -v 829} 830 831component_check_test_cases () { 832 msg "Check: test case descriptions" # < 1s 833 if [ $QUIET -eq 1 ]; then 834 opt='--quiet' 835 else 836 opt='' 837 fi 838 tests/scripts/check_test_cases.py -q $opt 839 unset opt 840} 841 842component_check_doxygen_warnings () { 843 msg "Check: doxygen warnings (builds the documentation)" # ~ 3s 844 tests/scripts/doxygen.sh 845} 846 847 848 849################################################################ 850#### Build and test many configurations and targets 851################################################################ 852 853component_test_default_out_of_box () { 854 msg "build: make, default config (out-of-box)" # ~1min 855 make 856 # Disable fancy stuff 857 unset MBEDTLS_TEST_OUTCOME_FILE 858 859 msg "test: main suites make, default config (out-of-box)" # ~10s 860 make test 861 862 msg "selftest: make, default config (out-of-box)" # ~10s 863 programs/test/selftest 864} 865 866component_test_default_cmake_gcc_asan () { 867 msg "build: cmake, gcc, ASan" # ~ 1 min 50s 868 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 869 make 870 871 msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s 872 make test 873 874 msg "test: selftest (ASan build)" # ~ 10s 875 programs/test/selftest 876 877 msg "test: ssl-opt.sh (ASan build)" # ~ 1 min 878 tests/ssl-opt.sh 879 880 msg "test: compat.sh (ASan build)" # ~ 6 min 881 tests/compat.sh 882 883 msg "test: context-info.sh (ASan build)" # ~ 15 sec 884 tests/context-info.sh 885} 886 887component_test_full_cmake_gcc_asan () { 888 msg "build: full config, cmake, gcc, ASan" 889 scripts/config.py full 890 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 891 make 892 893 msg "test: main suites (inc. selftests) (full config, ASan build)" 894 make test 895 896 msg "test: selftest (ASan build)" # ~ 10s 897 programs/test/selftest 898 899 msg "test: ssl-opt.sh (full config, ASan build)" 900 tests/ssl-opt.sh 901 902 msg "test: compat.sh (full config, ASan build)" 903 tests/compat.sh 904 905 msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec 906 tests/context-info.sh 907} 908 909component_test_psa_crypto_key_id_encodes_owner () { 910 msg "build: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" 911 scripts/config.py full 912 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 913 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 914 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 915 make 916 917 msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" 918 make test 919} 920 921# check_renamed_symbols HEADER LIB 922# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol 923# name is LIB. 924check_renamed_symbols () { 925 ! nm "$2" | sed 's/.* //' | 926 grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")" 927} 928 929component_build_psa_crypto_spm () { 930 msg "build: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc" 931 scripts/config.py full 932 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 933 scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS 934 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 935 scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM 936 # We can only compile, not link, since our test and sample programs 937 # aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM 938 # is active. 939 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib 940 941 # Check that if a symbol is renamed by crypto_spe.h, the non-renamed 942 # version is not present. 943 echo "Checking for renamed symbols in the library" 944 check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a 945} 946 947component_test_psa_crypto_client () { 948 msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make" 949 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C 950 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 951 scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT 952 make 953 954 msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make" 955 make test 956} 957 958component_test_zlib_make() { 959 msg "build: zlib enabled, make" 960 scripts/config.py set MBEDTLS_ZLIB_SUPPORT 961 make ZLIB=1 CFLAGS='-Werror -O2' 962 963 msg "test: main suites (zlib, make)" 964 make test 965 966 msg "test: ssl-opt.sh (zlib, make)" 967 tests/ssl-opt.sh 968} 969support_test_zlib_make () { 970 base=support_test_zlib_$$ 971 cat <<'EOF' > ${base}.c 972#include "zlib.h" 973int main(void) { return 0; } 974EOF 975 gcc -o ${base}.exe ${base}.c -lz 2>/dev/null 976 ret=$? 977 rm -f ${base}.* 978 return $ret 979} 980 981component_test_zlib_cmake() { 982 msg "build: zlib enabled, cmake" 983 scripts/config.py set MBEDTLS_ZLIB_SUPPORT 984 cmake -D ENABLE_ZLIB_SUPPORT=On -D CMAKE_BUILD_TYPE:String=Release . 985 make 986 987 msg "test: main suites (zlib, cmake)" 988 make test 989 990 msg "test: ssl-opt.sh (zlib, cmake)" 991 tests/ssl-opt.sh 992} 993support_test_zlib_cmake () { 994 support_test_zlib_make "$@" 995} 996 997component_test_psa_crypto_rsa_no_genprime() { 998 msg "build: default config minus MBEDTLS_GENPRIME" 999 scripts/config.py unset MBEDTLS_GENPRIME 1000 make 1001 1002 msg "test: default config minus MBEDTLS_GENPRIME" 1003 make test 1004} 1005 1006component_test_ref_configs () { 1007 msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s 1008 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1009 tests/scripts/test-ref-configs.pl 1010} 1011 1012component_test_sslv3 () { 1013 msg "build: Default + SSLv3 (ASan build)" # ~ 6 min 1014 scripts/config.py set MBEDTLS_SSL_PROTO_SSL3 1015 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1016 make 1017 1018 msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s 1019 make test 1020 1021 msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min 1022 tests/compat.sh -m 'tls1 tls1_1 tls12 dtls1 dtls12' 1023 env OPENSSL="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' 1024 1025 msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min 1026 tests/ssl-opt.sh 1027 1028 msg "build: SSLv3 - context-info.sh (ASan build)" # ~ 15 sec 1029 tests/context-info.sh 1030} 1031 1032component_test_no_renegotiation () { 1033 msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min 1034 scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION 1035 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1036 make 1037 1038 msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s 1039 make test 1040 1041 msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min 1042 tests/ssl-opt.sh 1043} 1044 1045component_test_no_certs () { 1046 msg "build: full minus MBEDTLS_CERTS_C" 1047 scripts/config.py full 1048 scripts/config.py unset MBEDTLS_CERTS_C 1049 # Quick build+test (we're checking for stray uses of the test certs, 1050 # not expecting their absence to lead to subtle problems). 1051 make 1052 1053 msg "test: full minus MBEDTLS_CERTS_C - main suites" 1054 make test 1055} 1056 1057component_test_no_pem_no_fs () { 1058 msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)" 1059 scripts/config.py unset MBEDTLS_PEM_PARSE_C 1060 scripts/config.py unset MBEDTLS_FS_IO 1061 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem 1062 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS 1063 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1064 make 1065 1066 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s 1067 make test 1068 1069 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min 1070 tests/ssl-opt.sh 1071} 1072 1073component_test_rsa_no_crt () { 1074 msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min 1075 scripts/config.py set MBEDTLS_RSA_NO_CRT 1076 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1077 make 1078 1079 msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s 1080 make test 1081 1082 msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s 1083 tests/ssl-opt.sh -f RSA 1084 1085 msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min 1086 tests/compat.sh -t RSA 1087 1088 msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec 1089 tests/context-info.sh 1090} 1091 1092component_test_no_ctr_drbg_classic () { 1093 msg "build: Full minus CTR_DRBG, classic crypto in TLS" 1094 scripts/config.py full 1095 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1096 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1097 1098 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1099 make 1100 1101 msg "test: Full minus CTR_DRBG, classic crypto - main suites" 1102 make test 1103 1104 # In this configuration, the TLS test programs use HMAC_DRBG. 1105 # The SSL tests are slow, so run a small subset, just enough to get 1106 # confidence that the SSL code copes with HMAC_DRBG. 1107 msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)" 1108 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' 1109 1110 msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)" 1111 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL 1112} 1113 1114component_test_no_ctr_drbg_use_psa () { 1115 msg "build: Full minus CTR_DRBG, PSA crypto in TLS" 1116 scripts/config.py full 1117 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1118 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1119 1120 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1121 make 1122 1123 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites" 1124 make test 1125 1126 # In this configuration, the TLS test programs use HMAC_DRBG. 1127 # The SSL tests are slow, so run a small subset, just enough to get 1128 # confidence that the SSL code copes with HMAC_DRBG. 1129 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" 1130 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' 1131 1132 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)" 1133 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL 1134} 1135 1136component_test_no_hmac_drbg_classic () { 1137 msg "build: Full minus HMAC_DRBG, classic crypto in TLS" 1138 scripts/config.py full 1139 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1140 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1141 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1142 1143 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1144 make 1145 1146 msg "test: Full minus HMAC_DRBG, classic crypto - main suites" 1147 make test 1148 1149 # Normally our ECDSA implementation uses deterministic ECDSA. But since 1150 # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used 1151 # instead. 1152 # Test SSL with non-deterministic ECDSA. Only test features that 1153 # might be affected by how ECDSA signature is performed. 1154 msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)" 1155 tests/ssl-opt.sh -f 'Default\|SSL async private: sign' 1156 1157 # To save time, only test one protocol version, since this part of 1158 # the protocol is identical in (D)TLS up to 1.2. 1159 msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)" 1160 tests/compat.sh -m tls12 -t 'ECDSA' 1161} 1162 1163component_test_no_hmac_drbg_use_psa () { 1164 msg "build: Full minus HMAC_DRBG, PSA crypto in TLS" 1165 scripts/config.py full 1166 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1167 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1168 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1169 1170 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1171 make 1172 1173 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites" 1174 make test 1175 1176 # Normally our ECDSA implementation uses deterministic ECDSA. But since 1177 # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used 1178 # instead. 1179 # Test SSL with non-deterministic ECDSA. Only test features that 1180 # might be affected by how ECDSA signature is performed. 1181 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" 1182 tests/ssl-opt.sh -f 'Default\|SSL async private: sign' 1183 1184 # To save time, only test one protocol version, since this part of 1185 # the protocol is identical in (D)TLS up to 1.2. 1186 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)" 1187 tests/compat.sh -m tls12 -t 'ECDSA' 1188} 1189 1190component_test_psa_external_rng_no_drbg_classic () { 1191 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS" 1192 scripts/config.py full 1193 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1194 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 1195 scripts/config.py unset MBEDTLS_ENTROPY_C 1196 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 1197 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 1198 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1199 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1200 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1201 scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG 1202 # When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG, 1203 # the SSL test programs don't have an RNG and can't work. Explicitly 1204 # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG. 1205 make CFLAGS="$ASAN_CFLAGS -O2 -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS" 1206 1207 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites" 1208 make test 1209 1210 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)" 1211 tests/ssl-opt.sh -f 'Default' 1212} 1213 1214component_test_psa_external_rng_no_drbg_use_psa () { 1215 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS" 1216 scripts/config.py full 1217 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 1218 scripts/config.py unset MBEDTLS_ENTROPY_C 1219 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 1220 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 1221 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1222 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1223 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1224 scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG 1225 make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1226 1227 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" 1228 make test 1229 1230 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)" 1231 tests/ssl-opt.sh -f 'Default\|opaque' 1232} 1233 1234component_test_psa_external_rng_use_psa_crypto () { 1235 msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" 1236 scripts/config.py full 1237 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 1238 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1239 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1240 make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1241 1242 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" 1243 make test 1244 1245 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" 1246 tests/ssl-opt.sh -f 'Default\|opaque' 1247} 1248 1249component_test_psa_inject_entropy () { 1250 msg "build: full + MBEDTLS_PSA_INJECT_ENTROPY" 1251 scripts/config.py full 1252 scripts/config.py set MBEDTLS_PSA_INJECT_ENTROPY 1253 scripts/config.py set MBEDTLS_ENTROPY_NV_SEED 1254 scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 1255 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 1256 scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_READ 1257 scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_WRITE 1258 make CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS" 1259 1260 msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY" 1261 make test 1262} 1263 1264component_test_ecp_no_internal_rng () { 1265 msg "build: Default plus ECP_NO_INTERNAL_RNG minus DRBG modules" 1266 scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG 1267 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1268 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1269 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1270 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG 1271 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto 1272 1273 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1274 make 1275 1276 msg "test: ECP_NO_INTERNAL_RNG, no DRBG module" 1277 make test 1278 1279 # no SSL tests as they all depend on having a DRBG 1280} 1281 1282component_test_ecp_restartable_no_internal_rng () { 1283 msg "build: Default plus ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG" 1284 scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG 1285 scripts/config.py set MBEDTLS_ECP_RESTARTABLE 1286 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1287 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1288 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1289 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # requires CTR_DRBG 1290 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto 1291 1292 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1293 make 1294 1295 msg "test: ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG module" 1296 make test 1297 1298 # no SSL tests as they all depend on having a DRBG 1299} 1300 1301component_test_tls1_2_default_stream_cipher_only () { 1302 msg "build: default with only stream cipher" 1303 1304 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C 1305 scripts/config.py unset MBEDTLS_GCM_C 1306 scripts/config.py unset MBEDTLS_CCM_C 1307 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 1308 # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 1309 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC 1310 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 1311 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC 1312 # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 1313 scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER 1314 # Modules that depend on AEAD 1315 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 1316 scripts/config.py unset MBEDTLS_SSL_TICKET_C 1317 1318 make 1319 1320 msg "test: default with only stream cipher" 1321 make test 1322 1323 # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. 1324} 1325 1326component_test_tls1_2_default_stream_cipher_only_use_psa () { 1327 msg "build: default with only stream cipher use psa" 1328 1329 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1330 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 1331 scripts/config.py unset MBEDTLS_GCM_C 1332 scripts/config.py unset MBEDTLS_CCM_C 1333 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 1334 # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 1335 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC 1336 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 1337 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC 1338 # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 1339 scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER 1340 # Modules that depend on AEAD 1341 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 1342 scripts/config.py unset MBEDTLS_SSL_TICKET_C 1343 1344 make 1345 1346 msg "test: default with only stream cipher use psa" 1347 make test 1348 1349 # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. 1350} 1351 1352component_test_tls1_2_default_cbc_legacy_cipher_only () { 1353 msg "build: default with only CBC-legacy cipher" 1354 1355 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 1356 scripts/config.py unset MBEDTLS_GCM_C 1357 scripts/config.py unset MBEDTLS_CCM_C 1358 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 1359 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 1360 scripts/config.py set MBEDTLS_CIPHER_MODE_CBC 1361 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 1362 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC 1363 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 1364 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 1365 # Modules that depend on AEAD 1366 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 1367 scripts/config.py unset MBEDTLS_SSL_TICKET_C 1368 1369 make 1370 1371 msg "test: default with only CBC-legacy cipher" 1372 make test 1373 1374 msg "test: default with only CBC-legacy cipher - ssl-opt.sh (subset)" 1375 tests/ssl-opt.sh -f "TLS 1.2" 1376} 1377 1378component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () { 1379 msg "build: default with only CBC-legacy cipher use psa" 1380 1381 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1382 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 1383 scripts/config.py unset MBEDTLS_GCM_C 1384 scripts/config.py unset MBEDTLS_CCM_C 1385 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 1386 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 1387 scripts/config.py set MBEDTLS_CIPHER_MODE_CBC 1388 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 1389 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC 1390 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 1391 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 1392 # Modules that depend on AEAD 1393 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 1394 scripts/config.py unset MBEDTLS_SSL_TICKET_C 1395 1396 make 1397 1398 msg "test: default with only CBC-legacy cipher use psa" 1399 make test 1400 1401 msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)" 1402 tests/ssl-opt.sh -f "TLS 1.2" 1403} 1404 1405component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { 1406 msg "build: default with only CBC-legacy and CBC-EtM ciphers" 1407 1408 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 1409 scripts/config.py unset MBEDTLS_GCM_C 1410 scripts/config.py unset MBEDTLS_CCM_C 1411 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 1412 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 1413 scripts/config.py set MBEDTLS_CIPHER_MODE_CBC 1414 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 1415 scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC 1416 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 1417 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 1418 # Modules that depend on AEAD 1419 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 1420 scripts/config.py unset MBEDTLS_SSL_TICKET_C 1421 1422 make 1423 1424 msg "test: default with only CBC-legacy and CBC-EtM ciphers" 1425 make test 1426 1427 msg "test: default with only CBC-legacy and CBC-EtM ciphers - ssl-opt.sh (subset)" 1428 tests/ssl-opt.sh -f "TLS 1.2" 1429} 1430 1431component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () { 1432 msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa" 1433 1434 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1435 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 1436 scripts/config.py unset MBEDTLS_GCM_C 1437 scripts/config.py unset MBEDTLS_CCM_C 1438 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 1439 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 1440 scripts/config.py set MBEDTLS_CIPHER_MODE_CBC 1441 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 1442 scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC 1443 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 1444 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 1445 # Modules that depend on AEAD 1446 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 1447 scripts/config.py unset MBEDTLS_SSL_TICKET_C 1448 1449 make 1450 1451 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa" 1452 make test 1453 1454 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)" 1455 tests/ssl-opt.sh -f "TLS 1.2" 1456} 1457 1458component_test_new_ecdh_context () { 1459 msg "build: new ECDH context (ASan build)" # ~ 6 min 1460 scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT 1461 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1462 make 1463 1464 msg "test: new ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s 1465 make test 1466 1467 msg "test: new ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s 1468 tests/ssl-opt.sh -f ECDH 1469 1470 msg "test: new ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min 1471 # Exclude some symmetric ciphers that are redundant here to gain time. 1472 tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4' 1473} 1474 1475component_test_everest () { 1476 msg "build: Everest ECDH context (ASan build)" # ~ 6 min 1477 scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT 1478 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 1479 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan . 1480 make 1481 1482 msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s 1483 make test 1484 1485 msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s 1486 tests/ssl-opt.sh -f ECDH 1487 1488 msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min 1489 # Exclude some symmetric ciphers that are redundant here to gain time. 1490 tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4' 1491} 1492 1493component_test_everest_curve25519_only () { 1494 msg "build: Everest ECDH context, only Curve25519" # ~ 6 min 1495 scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT 1496 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 1497 scripts/config.py unset MBEDTLS_ECDSA_C 1498 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1499 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1500 # Disable all curves 1501 for c in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do 1502 scripts/config.py unset "$c" 1503 done 1504 scripts/config.py set MBEDTLS_ECP_DP_CURVE25519_ENABLED 1505 1506 make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1507 1508 msg "test: Everest ECDH context, only Curve25519" # ~ 50s 1509 make test 1510} 1511 1512component_test_small_ssl_out_content_len () { 1513 msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" 1514 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 1515 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 1516 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1517 make 1518 1519 msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" 1520 tests/ssl-opt.sh -f "Max fragment\|Large packet" 1521} 1522 1523component_test_small_ssl_in_content_len () { 1524 msg "build: small SSL_IN_CONTENT_LEN (ASan build)" 1525 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 4096 1526 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 1527 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1528 make 1529 1530 msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" 1531 tests/ssl-opt.sh -f "Max fragment" 1532} 1533 1534component_test_small_ssl_dtls_max_buffering () { 1535 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" 1536 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 1537 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1538 make 1539 1540 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" 1541 tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" 1542} 1543 1544component_test_small_mbedtls_ssl_dtls_max_buffering () { 1545 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" 1546 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190 1547 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1548 make 1549 1550 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" 1551 tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" 1552} 1553 1554component_test_psa_collect_statuses () { 1555 msg "build+test: psa_collect_statuses" # ~30s 1556 scripts/config.py full 1557 tests/scripts/psa_collect_statuses.py 1558 # Check that psa_crypto_init() succeeded at least once 1559 grep -q '^0:psa_crypto_init:' tests/statuses.log 1560 rm -f tests/statuses.log 1561} 1562 1563component_test_full_cmake_clang () { 1564 msg "build: cmake, full config, clang" # ~ 50s 1565 scripts/config.py full 1566 CC=clang CXX=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On -D TEST_CPP=1 . 1567 make 1568 1569 msg "test: main suites (full config, clang)" # ~ 5s 1570 make test 1571 1572 msg "test: cpp_dummy_build (full config, clang)" # ~ 1s 1573 programs/test/cpp_dummy_build 1574 1575 msg "test: psa_constant_names (full config, clang)" # ~ 1s 1576 tests/scripts/test_psa_constant_names.py 1577 1578 msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s 1579 tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' 1580 1581 msg "test: compat.sh RC4, DES, 3DES & NULL (full config)" # ~ 2 min 1582 env OPENSSL="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' 1583 1584 msg "test: compat.sh ARIA + ChachaPoly" 1585 env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' 1586} 1587 1588skip_suites_without_constant_flow () { 1589 # Skip the test suites that don't have any constant-flow annotations. 1590 # This will need to be adjusted if we ever start declaring things as 1591 # secret from macros or functions inside tests/include or tests/src. 1592 SKIP_TEST_SUITES=$( 1593 git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' | 1594 sed 's/test_suite_//; s/\.function$//' | 1595 tr '\n' ,) 1596 export SKIP_TEST_SUITES 1597} 1598 1599component_test_memsan_constant_flow () { 1600 # This tests both (1) accesses to undefined memory, and (2) branches or 1601 # memory access depending on secret values. To distinguish between those: 1602 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist? 1603 # - or alternatively, change the build type to MemSanDbg, which enables 1604 # origin tracking and nicer stack traces (which are useful for debugging 1605 # anyway), and check if the origin was TEST_CF_SECRET() or something else. 1606 msg "build: cmake MSan (clang), full config with constant flow testing" 1607 scripts/config.py full 1608 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN 1609 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm 1610 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . 1611 make 1612 1613 msg "test: main suites (Msan + constant flow)" 1614 make test 1615} 1616 1617component_test_valgrind_constant_flow () { 1618 # This tests both (1) everything that valgrind's memcheck usually checks 1619 # (heap buffer overflows, use of uninitialized memory, use-after-free, 1620 # etc.) and (2) branches or memory access depending on secret values, 1621 # which will be reported as uninitialized memory. To distinguish between 1622 # secret and actually uninitialized: 1623 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? 1624 # - or alternatively, build with debug info and manually run the offending 1625 # test suite with valgrind --track-origins=yes, then check if the origin 1626 # was TEST_CF_SECRET() or something else. 1627 msg "build: cmake release GCC, full config with constant flow testing" 1628 scripts/config.py full 1629 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND 1630 skip_suites_without_constant_flow 1631 cmake -D CMAKE_BUILD_TYPE:String=Release . 1632 make 1633 1634 # this only shows a summary of the results (how many of each type) 1635 # details are left in Testing/<date>/DynamicAnalysis.xml 1636 msg "test: some suites (valgrind + constant flow)" 1637 make memcheck 1638} 1639 1640component_test_default_no_deprecated () { 1641 # Test that removing the deprecated features from the default 1642 # configuration leaves something consistent. 1643 msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s 1644 scripts/config.py set MBEDTLS_DEPRECATED_REMOVED 1645 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1646 1647 msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s 1648 make test 1649} 1650 1651component_test_full_no_deprecated () { 1652 msg "build: make, full_no_deprecated config" # ~ 30s 1653 scripts/config.py full_no_deprecated 1654 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1655 1656 msg "test: make, full_no_deprecated config" # ~ 5s 1657 make test 1658} 1659 1660component_test_full_no_deprecated_deprecated_warning () { 1661 # Test that there is nothing deprecated in "full_no_deprecated". 1662 # A deprecated feature would trigger a warning (made fatal) from 1663 # MBEDTLS_DEPRECATED_WARNING. 1664 msg "build: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 30s 1665 scripts/config.py full_no_deprecated 1666 scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED 1667 scripts/config.py set MBEDTLS_DEPRECATED_WARNING 1668 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1669 1670 msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s 1671 make test 1672} 1673 1674component_test_full_deprecated_warning () { 1675 # Test that when MBEDTLS_DEPRECATED_WARNING is enabled, the build passes 1676 # with only certain whitelisted types of warnings. 1677 msg "build: make, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s 1678 scripts/config.py full 1679 scripts/config.py set MBEDTLS_DEPRECATED_WARNING 1680 # Expect warnings from '#warning' directives in check_config.h. 1681 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs 1682 1683 msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s 1684 # Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features. 1685 # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set. 1686 # Expect warnings from '#warning' directives in check_config.h and 1687 # from the use of deprecated functions in test suites. 1688 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests 1689 1690 msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s 1691 make test 1692} 1693 1694# Check that the specified libraries exist and are empty. 1695are_empty_libraries () { 1696 nm "$@" >/dev/null 2>/dev/null 1697 ! nm "$@" 2>/dev/null | grep -v ':$' | grep . 1698} 1699 1700component_build_crypto_default () { 1701 msg "build: make, crypto only" 1702 scripts/config.py crypto 1703 make CFLAGS='-O1 -Werror' 1704 are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1705} 1706 1707component_build_crypto_full () { 1708 msg "build: make, crypto only, full config" 1709 scripts/config.py crypto_full 1710 make CFLAGS='-O1 -Werror' 1711 are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1712} 1713 1714component_test_crypto_for_psa_service () { 1715 msg "build: make, config for PSA crypto service" 1716 scripts/config.py crypto 1717 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 1718 # Disable things that are not needed for just cryptography, to 1719 # reach a configuration that would be typical for a PSA cryptography 1720 # service providing all implemented PSA algorithms. 1721 # System stuff 1722 scripts/config.py unset MBEDTLS_ERROR_C 1723 scripts/config.py unset MBEDTLS_TIMING_C 1724 scripts/config.py unset MBEDTLS_VERSION_FEATURES 1725 # Crypto stuff with no PSA interface 1726 scripts/config.py unset MBEDTLS_BASE64_C 1727 scripts/config.py unset MBEDTLS_BLOWFISH_C 1728 # Keep MBEDTLS_CIPHER_C because psa_crypto_cipher, CCM and GCM need it. 1729 # Keep MBEDTLS_MD_C because RSA and ECDSA need it, also HMAC_DRBG which 1730 # is needed for deterministic ECDSA. 1731 scripts/config.py unset MBEDTLS_ECJPAKE_C 1732 scripts/config.py unset MBEDTLS_HKDF_C # PSA's HKDF is independent 1733 scripts/config.py unset MBEDTLS_NIST_KW_C 1734 scripts/config.py unset MBEDTLS_PEM_PARSE_C 1735 scripts/config.py unset MBEDTLS_PEM_WRITE_C 1736 scripts/config.py unset MBEDTLS_PKCS12_C 1737 scripts/config.py unset MBEDTLS_PKCS5_C 1738 # We keep MBEDTLS_PK_{,PARSE,WRITE}_C because PSA with RSA needs it. 1739 scripts/config.py unset MBEDTLS_XTEA_C 1740 make CFLAGS='-O1 -Werror' all test 1741 are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1742} 1743 1744component_build_crypto_baremetal () { 1745 msg "build: make, crypto only, baremetal config" 1746 scripts/config.py crypto_baremetal 1747 make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/" 1748 are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1749} 1750support_build_crypto_baremetal () { 1751 support_build_baremetal "$@" 1752} 1753 1754component_build_baremetal () { 1755 msg "build: make, baremetal config" 1756 scripts/config.py baremetal 1757 make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/" 1758} 1759support_build_baremetal () { 1760 # Older Glibc versions include time.h from other headers such as stdlib.h, 1761 # which makes the no-time.h-in-baremetal check fail. Ubuntu 16.04 has this 1762 # problem, Ubuntu 18.04 is ok. 1763 ! grep -q -F time.h /usr/include/x86_64-linux-gnu/sys/types.h 1764} 1765 1766# depends.py family of tests 1767component_test_depends_py_cipher_id () { 1768 msg "test/build: depends.py cipher_id (gcc)" 1769 tests/scripts/depends.py cipher_id --unset-use-psa 1770} 1771 1772component_test_depends_py_cipher_chaining () { 1773 msg "test/build: depends.py cipher_chaining (gcc)" 1774 tests/scripts/depends.py cipher_chaining --unset-use-psa 1775} 1776 1777component_test_depends_py_cipher_padding () { 1778 msg "test/build: depends.py cipher_padding (gcc)" 1779 tests/scripts/depends.py cipher_padding --unset-use-psa 1780} 1781 1782component_test_depends_py_curves () { 1783 msg "test/build: depends.py curves (gcc)" 1784 tests/scripts/depends.py curves --unset-use-psa 1785} 1786 1787component_test_depends_py_hashes () { 1788 msg "test/build: depends.py hashes (gcc)" 1789 tests/scripts/depends.py hashes --unset-use-psa 1790} 1791 1792component_test_depends_py_kex () { 1793 msg "test/build: depends.py kex (gcc)" 1794 tests/scripts/depends.py kex --unset-use-psa 1795} 1796 1797component_test_depends_py_pkalgs () { 1798 msg "test/build: depends.py pkalgs (gcc)" 1799 tests/scripts/depends.py pkalgs --unset-use-psa 1800} 1801 1802# PSA equivalents of the depends.py tests 1803component_test_depends_py_cipher_id_psa () { 1804 msg "test/build: depends.py cipher_id (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" 1805 tests/scripts/depends.py cipher_id 1806} 1807 1808component_test_depends_py_cipher_chaining_psa () { 1809 msg "test/build: depends.py cipher_chaining (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" 1810 tests/scripts/depends.py cipher_chaining 1811} 1812 1813component_test_depends_py_cipher_padding_psa () { 1814 msg "test/build: depends.py cipher_padding (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" 1815 tests/scripts/depends.py cipher_padding 1816} 1817 1818component_test_depends_py_curves_psa () { 1819 msg "test/build: depends.py curves (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" 1820 tests/scripts/depends.py curves 1821} 1822 1823component_test_depends_py_hashes_psa () { 1824 msg "test/build: depends.py hashes (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" 1825 tests/scripts/depends.py hashes 1826} 1827 1828component_test_depends_py_kex_psa () { 1829 msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" 1830 tests/scripts/depends.py kex 1831} 1832 1833component_test_depends_py_pkalgs_psa () { 1834 msg "test/build: depends.py pkalgs (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" 1835 tests/scripts/depends.py pkalgs 1836} 1837 1838component_build_no_pk_rsa_alt_support () { 1839 msg "build: !MBEDTLS_PK_RSA_ALT_SUPPORT" # ~30s 1840 1841 scripts/config.py full 1842 scripts/config.py unset MBEDTLS_PK_RSA_ALT_SUPPORT 1843 scripts/config.py set MBEDTLS_RSA_C 1844 scripts/config.py set MBEDTLS_X509_CRT_WRITE_C 1845 1846 # Only compile - this is primarily to test for compile issues 1847 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' 1848} 1849 1850component_test_no_use_psa_crypto_full_cmake_asan() { 1851 # full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh 1852 msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan" 1853 scripts/config.py full 1854 scripts/config.py set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC 1855 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C 1856 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1857 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C 1858 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 1859 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 1860 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1861 make 1862 1863 msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)" 1864 make test 1865 1866 msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)" 1867 tests/ssl-opt.sh 1868 1869 msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)" 1870 tests/compat.sh 1871 1872 msg "test: compat.sh RC4, DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)" 1873 env OPENSSL="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' 1874 1875 msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)" 1876 env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' 1877} 1878 1879component_test_psa_crypto_config_accel_ecdsa () { 1880 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA" 1881 1882 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 1883 # partial support for cipher operations in the driver test library. 1884 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 1885 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 1886 # Disable obsolete hashes (alternatively we could enable support for them 1887 # in the driver test library). 1888 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 1889 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 1890 1891 # SHA384 needed for some ECDSA signature tests. 1892 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C 1893 1894 loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" 1895 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 1896 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 1897 1898 # Restore test driver base configuration 1899 scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C 1900 1901 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1902 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1903 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1904 scripts/config.py unset MBEDTLS_ECDSA_C 1905 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1906 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1907 1908 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 1909 make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 1910 1911 not grep mbedtls_ecdsa_ library/ecdsa.o 1912 1913 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA" 1914 make test 1915} 1916 1917component_test_psa_crypto_config_accel_rsa_signature () { 1918 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" 1919 1920 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 1921 # partial support for cipher operations in the driver test library. 1922 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 1923 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 1924 1925 # It seems it is not possible to remove only the support for RSA signature 1926 # in the library. Thus we have to remove all RSA support (signature and 1927 # encryption/decryption). AS there is no driver support for asymmetric 1928 # encryption/decryption so far remove RSA encryption/decryption from the 1929 # application algorithm list. 1930 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 1931 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1932 1933 # Make sure both the library and the test library support the SHA hash 1934 # algorithms and only those ones (SHA256 is included by default). That way: 1935 # - the test library can compute the RSA signatures even in the case of a 1936 # composite RSA signature algorithm based on a SHA hash (no other hash 1937 # used in the unit tests). 1938 # - the dependency of RSA signature tests on PSA_WANT_ALG_SHA_xyz is 1939 # fulfilled as the hash SHA algorithm is supported by the library, and 1940 # thus the tests are run, not skipped. 1941 # - when testing a signature key with an algorithm wildcard built from 1942 # PSA_ALG_ANY_HASH as algorithm to test with the key, the chosen hash 1943 # algorithm based on the hashes supported by the library is also 1944 # supported by the test library. 1945 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 1946 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 1947 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1948 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160_C 1949 1950 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA1_C 1951 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C 1952 # We need PEM parsing in the test library as well to support the import 1953 # of PEM encoded RSA keys. 1954 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_PEM_PARSE_C 1955 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_BASE64_C 1956 1957 loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY" 1958 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 1959 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 1960 1961 # Restore test driver base configuration 1962 scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA1_C 1963 scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C 1964 scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_PEM_PARSE_C 1965 scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_BASE64_C 1966 1967 1968 # Mbed TLS library build 1969 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1970 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1971 1972 # Remove RSA support and its dependencies 1973 scripts/config.py unset MBEDTLS_PKCS1_V15 1974 scripts/config.py unset MBEDTLS_PKCS1_V21 1975 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 1976 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 1977 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 1978 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 1979 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 1980 scripts/config.py unset MBEDTLS_RSA_C 1981 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT 1982 1983 scripts/config.py unset MBEDTLS_MD2_C 1984 scripts/config.py unset MBEDTLS_MD4_C 1985 scripts/config.py unset MBEDTLS_MD5_C 1986 scripts/config.py unset MBEDTLS_RIPEMD160_C 1987 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1 1988 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_1 1989 scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING 1990 1991 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 1992 make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 1993 1994 not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o 1995 not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o 1996 1997 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" 1998 make test 1999} 2000 2001component_test_psa_crypto_config_accel_hash () { 2002 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" 2003 2004 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 2005 # partial support for cipher operations in the driver test library. 2006 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2007 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2008 2009 loc_accel_list="ALG_MD4 ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" 2010 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 2011 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 2012 2013 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2014 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2015 scripts/config.py unset MBEDTLS_MD2_C 2016 scripts/config.py unset MBEDTLS_MD4_C 2017 scripts/config.py unset MBEDTLS_MD5_C 2018 scripts/config.py unset MBEDTLS_RIPEMD160_C 2019 scripts/config.py unset MBEDTLS_SHA1_C 2020 # Don't unset MBEDTLS_SHA256_C as it is needed by PSA crypto core. 2021 scripts/config.py unset MBEDTLS_SHA512_C 2022 # Unset MBEDTLS_SSL_PROTO_SSL3, MBEDTLS_SSL_PROTO_TLS1 and MBEDTLS_SSL_PROTO_TLS1_1 as they depend on MBEDTLS_SHA1_C 2023 scripts/config.py unset MBEDTLS_SSL_PROTO_SSL3 2024 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1 2025 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_1 2026 # Unset MBEDTLS_SSL_CBC_RECORD_SPLITTING as it depends on MBEDTLS_SSL_PROTO_TLS1 in the default configuration. 2027 scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING 2028 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 2029 make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 2030 2031 not grep mbedtls_sha512_init library/sha512.o 2032 not grep mbedtls_sha1_init library/sha1.o 2033 2034 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" 2035 make test 2036} 2037 2038component_test_psa_crypto_config_accel_cipher () { 2039 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher" 2040 2041 # This test case focuses on cipher+AEAD. We don't yet support all 2042 # combinations of configurations, so deactivate block-cipher-based MACs. 2043 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CMAC 2044 2045 loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES" 2046 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 2047 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 2048 2049 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2050 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2051 2052 # There is no intended accelerator support for ALG STREAM_CIPHER and 2053 # ALG_ECB_NO_PADDING. Therefore, asking for them in the build implies the 2054 # inclusion of the Mbed TLS cipher operations. As we want to test here with 2055 # cipher operations solely supported by accelerators, disabled those 2056 # PSA configuration options. 2057 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2058 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2059 2060 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC 2061 scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7 2062 scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR 2063 scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB 2064 scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB 2065 scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS 2066 scripts/config.py unset MBEDTLS_DES_C 2067 2068 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 2069 make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 2070 2071 not grep mbedtls_des* library/des.o 2072 2073 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" 2074 make test 2075} 2076 2077component_test_psa_crypto_config_accel_aead () { 2078 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD" 2079 2080 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 2081 # partial support for cipher operations in the driver test library. 2082 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2083 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2084 2085 loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" 2086 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 2087 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 2088 2089 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2090 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2091 2092 scripts/config.py unset MBEDTLS_GCM_C 2093 scripts/config.py unset MBEDTLS_CCM_C 2094 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 2095 # Features that depend on AEAD 2096 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 2097 scripts/config.py unset MBEDTLS_SSL_TICKET_C 2098 2099 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 2100 make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 2101 2102 # There's a risk of something getting re-enabled via config_psa.h 2103 # make sure it did not happen. 2104 not grep mbedtls_ccm library/ccm.o 2105 not grep mbedtls_gcm library/gcm.o 2106 not grep mbedtls_chachapoly library/chachapoly.o 2107 2108 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD" 2109 make test 2110} 2111 2112component_test_psa_crypto_config_no_driver() { 2113 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" 2114 scripts/config.py full 2115 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2116 scripts/config.py unset MBEDTLS_PSA_CRYPTO_DRIVERS 2117 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2118 make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 2119 2120 msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" 2121 make test 2122} 2123 2124component_test_aead_chachapoly_disabled() { 2125 msg "build: full minus CHACHAPOLY" 2126 scripts/config.py full 2127 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 2128 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 2129 make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 2130 2131 msg "test: full minus CHACHAPOLY" 2132 make test 2133} 2134 2135component_test_aead_only_ccm() { 2136 msg "build: full minus CHACHAPOLY and GCM" 2137 scripts/config.py full 2138 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 2139 scripts/config.py unset MBEDTLS_GCM_C 2140 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 2141 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM 2142 make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 2143 2144 msg "test: full minus CHACHAPOLY and GCM" 2145 make test 2146} 2147 2148# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test. 2149component_build_psa_accel_alg_ecdh() { 2150 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C" 2151 scripts/config.py full 2152 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2153 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2154 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2155 scripts/config.py unset MBEDTLS_ECDH_C 2156 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 2157 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 2158 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 2159 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 2160 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 2161 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2162 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2163} 2164 2165# This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test. 2166component_build_psa_accel_key_type_ecc_key_pair() { 2167 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR" 2168 scripts/config.py full 2169 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2170 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2171 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2172 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 2173 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 2174 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2175 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2176} 2177 2178# This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test. 2179component_build_psa_accel_key_type_ecc_public_key() { 2180 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY" 2181 scripts/config.py full 2182 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2183 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2184 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2185 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 2186 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 2187 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2188 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2189} 2190 2191# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. 2192component_build_psa_accel_alg_hmac() { 2193 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC" 2194 scripts/config.py full 2195 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2196 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2197 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2198 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2199 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2200} 2201 2202# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. 2203component_build_psa_accel_alg_hkdf() { 2204 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C" 2205 scripts/config.py full 2206 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2207 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2208 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2209 scripts/config.py unset MBEDTLS_HKDF_C 2210 # Make sure to unset TLS1_3_EXPERIMENTAL since it requires HKDF_C and will not build properly without it. 2211 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL 2212 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2213 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2214} 2215 2216# This should be renamed to test and updated once the accelerator MD2 code is in place and ready to test. 2217component_build_psa_accel_alg_md2() { 2218 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD2 - other hashes" 2219 scripts/config.py full 2220 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2221 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2222 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2223 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 2224 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 2225 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 2226 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 2227 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 2228 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 2229 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 2230 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 2231 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2232 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD2 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2233} 2234 2235# This should be renamed to test and updated once the accelerator MD4 code is in place and ready to test. 2236component_build_psa_accel_alg_md4() { 2237 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD4 - other hashes" 2238 scripts/config.py full 2239 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2240 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2241 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2242 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 2243 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 2244 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 2245 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 2246 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 2247 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 2248 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 2249 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 2250 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2251 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD4 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2252} 2253 2254# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test. 2255component_build_psa_accel_alg_md5() { 2256 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD5 - other hashes" 2257 scripts/config.py full 2258 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2259 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2260 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2261 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 2262 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 2263 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 2264 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 2265 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 2266 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 2267 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 2268 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 2269 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2270 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2271} 2272 2273# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test. 2274component_build_psa_accel_alg_ripemd160() { 2275 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RIPEMD160 - other hashes" 2276 scripts/config.py full 2277 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2278 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2279 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2280 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 2281 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 2282 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 2283 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 2284 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 2285 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 2286 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 2287 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 2288 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2289 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2290} 2291 2292# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test. 2293component_build_psa_accel_alg_sha1() { 2294 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_1 - other hashes" 2295 scripts/config.py full 2296 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2297 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2298 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2299 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 2300 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 2301 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 2302 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 2303 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 2304 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 2305 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 2306 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 2307 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2308 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2309} 2310 2311# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test. 2312component_build_psa_accel_alg_sha224() { 2313 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_224 - other hashes" 2314 scripts/config.py full 2315 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2316 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2317 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2318 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 2319 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 2320 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 2321 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 2322 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 2323 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 2324 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 2325 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2326 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2327} 2328 2329# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test. 2330component_build_psa_accel_alg_sha256() { 2331 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_256 - other hashes" 2332 scripts/config.py full 2333 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2334 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2335 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2336 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 2337 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 2338 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 2339 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 2340 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 2341 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 2342 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 2343 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 2344 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2345 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2346} 2347 2348# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test. 2349component_build_psa_accel_alg_sha384() { 2350 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_384 - other hashes" 2351 scripts/config.py full 2352 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2353 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2354 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2355 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 2356 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 2357 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 2358 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 2359 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 2360 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 2361 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 2362 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2363 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2364} 2365 2366# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test. 2367component_build_psa_accel_alg_sha512() { 2368 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_512 - other hashes" 2369 scripts/config.py full 2370 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2371 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2372 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2373 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 2374 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 2375 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 2376 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 2377 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 2378 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 2379 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 2380 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 2381 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2382 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2383} 2384 2385# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2386component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { 2387 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 2388 scripts/config.py full 2389 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2390 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2391 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2392 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 2393 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 2394 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 2395 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 2396 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2397 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2398} 2399 2400# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2401component_build_psa_accel_alg_rsa_pkcs1v15_sign() { 2402 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 2403 scripts/config.py full 2404 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2405 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2406 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2407 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 2408 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 2409 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 2410 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 2411 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2412 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2413} 2414 2415# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2416component_build_psa_accel_alg_rsa_oaep() { 2417 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 2418 scripts/config.py full 2419 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2420 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2421 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2422 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_OAEP 1 2423 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 2424 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 2425 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 2426 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2427 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2428} 2429 2430# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2431component_build_psa_accel_alg_rsa_pss() { 2432 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 2433 scripts/config.py full 2434 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2435 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2436 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2437 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 2438 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 2439 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 2440 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 2441 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2442 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2443} 2444 2445# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2446component_build_psa_accel_key_type_rsa_key_pair() { 2447 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR + PSA_WANT_ALG_RSA_PSS" 2448 scripts/config.py full 2449 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2450 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2451 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2452 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 2453 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 2454 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2455 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2456} 2457 2458# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2459component_build_psa_accel_key_type_rsa_public_key() { 2460 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS" 2461 scripts/config.py full 2462 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2463 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2464 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2465 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 2466 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 2467 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2468 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2469} 2470 2471component_test_check_params_functionality () { 2472 msg "build+test: MBEDTLS_CHECK_PARAMS functionality" 2473 scripts/config.py full # includes CHECK_PARAMS 2474 # Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed(). 2475 scripts/config.py unset MBEDTLS_CHECK_PARAMS_ASSERT 2476 make CC=gcc CFLAGS='-Werror -O1' all test 2477} 2478 2479component_test_check_params_without_platform () { 2480 msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C" 2481 scripts/config.py full # includes CHECK_PARAMS 2482 # Keep MBEDTLS_PARAM_FAILED as assert. 2483 scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT 2484 scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT 2485 scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT 2486 scripts/config.py unset MBEDTLS_PLATFORM_MEMORY 2487 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 2488 scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT 2489 scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT 2490 scripts/config.py unset MBEDTLS_PLATFORM_VSNPRINTF_ALT 2491 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 2492 scripts/config.py unset MBEDTLS_PLATFORM_C 2493 make CC=gcc CFLAGS='-Werror -O1' all test 2494} 2495 2496component_test_check_params_silent () { 2497 msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()" 2498 scripts/config.py full # includes CHECK_PARAMS 2499 # Set MBEDTLS_PARAM_FAILED to nothing. 2500 sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H" 2501 make CC=gcc CFLAGS='-Werror -O1' all test 2502} 2503 2504component_build_aes_variations() { # ~45s 2505 msg "build: aes.o for all combinations of relevant config options" 2506 2507 for a in set unset; do 2508 for b in set unset; do 2509 for c in set unset; do 2510 for d in set unset; do 2511 for e in set unset; do 2512 for f in set unset; do 2513 for g in set unset; do 2514 echo ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT 2515 echo ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT 2516 echo ./scripts/config.py $c MBEDTLS_AES_ROM_TABLES 2517 echo ./scripts/config.py $d MBEDTLS_AES_ENCRYPT_ALT 2518 echo ./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT 2519 echo ./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES 2520 echo ./scripts/config.py $g MBEDTLS_PADLOCK_C 2521 2522 ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT 2523 ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT 2524 ./scripts/config.py $c MBEDTLS_AES_ROM_TABLES 2525 ./scripts/config.py $d MBEDTLS_AES_ENCRYPT_ALT 2526 ./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT 2527 ./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES 2528 ./scripts/config.py $g MBEDTLS_PADLOCK_C 2529 2530 rm -f library/aes.o 2531 make -C library aes.o CC="clang" CFLAGS="-O0 -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" 2532 done 2533 done 2534 done 2535 done 2536 done 2537 done 2538 done 2539} 2540 2541component_test_no_platform () { 2542 # Full configuration build, without platform support, file IO and net sockets. 2543 # This should catch missing mbedtls_printf definitions, and by disabling file 2544 # IO, it should catch missing '#include <stdio.h>' 2545 msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s 2546 scripts/config.py full 2547 scripts/config.py unset MBEDTLS_PLATFORM_C 2548 scripts/config.py unset MBEDTLS_NET_C 2549 scripts/config.py unset MBEDTLS_PLATFORM_MEMORY 2550 scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT 2551 scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT 2552 scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT 2553 scripts/config.py unset MBEDTLS_PLATFORM_VSNPRINTF_ALT 2554 scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT 2555 scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT 2556 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 2557 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 2558 scripts/config.py unset MBEDTLS_FS_IO 2559 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 2560 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 2561 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C 2562 # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, 2563 # to re-enable platform integration features otherwise disabled in C99 builds 2564 make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs 2565 make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test 2566} 2567 2568component_build_no_std_function () { 2569 # catch compile bugs in _uninit functions 2570 msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s 2571 scripts/config.py full 2572 scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 2573 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 2574 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 2575 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check . 2576 make 2577} 2578 2579component_build_no_ssl_srv () { 2580 msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s 2581 scripts/config.py full 2582 scripts/config.py unset MBEDTLS_SSL_SRV_C 2583 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' 2584} 2585 2586component_build_no_ssl_cli () { 2587 msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s 2588 scripts/config.py full 2589 scripts/config.py unset MBEDTLS_SSL_CLI_C 2590 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' 2591} 2592 2593component_build_no_sockets () { 2594 # Note, C99 compliance can also be tested with the sockets support disabled, 2595 # as that requires a POSIX platform (which isn't the same as C99). 2596 msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s 2597 scripts/config.py full 2598 scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. 2599 scripts/config.py set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux 2600 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib 2601} 2602 2603component_test_memory_buffer_allocator_backtrace () { 2604 msg "build: default config with memory buffer allocator and backtrace enabled" 2605 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 2606 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 2607 scripts/config.py set MBEDTLS_MEMORY_BACKTRACE 2608 scripts/config.py set MBEDTLS_MEMORY_DEBUG 2609 CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . 2610 make 2611 2612 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE" 2613 make test 2614} 2615 2616component_test_memory_buffer_allocator () { 2617 msg "build: default config with memory buffer allocator" 2618 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 2619 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 2620 CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . 2621 make 2622 2623 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C" 2624 make test 2625 2626 msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C" 2627 # MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out. 2628 tests/ssl-opt.sh -e '^DTLS proxy' 2629} 2630 2631component_test_no_max_fragment_length () { 2632 # Run max fragment length tests with MFL disabled 2633 msg "build: default config except MFL extension (ASan build)" # ~ 30s 2634 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2635 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2636 make 2637 2638 msg "test: ssl-opt.sh, MFL-related tests" 2639 tests/ssl-opt.sh -f "Max fragment length" 2640} 2641 2642component_test_asan_remove_peer_certificate () { 2643 msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)" 2644 scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 2645 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2646 make 2647 2648 msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 2649 make test 2650 2651 msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 2652 tests/ssl-opt.sh 2653 2654 msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 2655 tests/compat.sh 2656 2657 msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 2658 tests/context-info.sh 2659} 2660 2661component_test_no_max_fragment_length_small_ssl_out_content_len () { 2662 msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" 2663 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2664 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 2665 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 2666 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2667 make 2668 2669 msg "test: MFL tests (disabled MFL extension case) & large packet tests" 2670 tests/ssl-opt.sh -f "Max fragment length\|Large buffer" 2671 2672 msg "test: context-info.sh (disabled MFL extension case)" 2673 tests/context-info.sh 2674} 2675 2676component_test_variable_ssl_in_out_buffer_len () { 2677 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)" 2678 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 2679 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2680 make 2681 2682 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 2683 make test 2684 2685 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 2686 tests/ssl-opt.sh 2687 2688 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 2689 tests/compat.sh 2690} 2691 2692component_test_variable_ssl_in_out_buffer_len_CID () { 2693 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled (ASan build)" 2694 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 2695 scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID 2696 2697 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2698 make 2699 2700 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID" 2701 make test 2702 2703 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled" 2704 tests/ssl-opt.sh 2705 2706 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled" 2707 tests/compat.sh 2708} 2709 2710component_test_variable_ssl_in_out_buffer_len_record_splitting () { 2711 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled (ASan build)" 2712 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 2713 scripts/config.py set MBEDTLS_SSL_CBC_RECORD_SPLITTING 2714 2715 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2716 make 2717 2718 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING" 2719 make test 2720 2721 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled" 2722 tests/ssl-opt.sh 2723 2724 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled" 2725 tests/compat.sh 2726} 2727 2728component_test_ssl_alloc_buffer_and_mfl () { 2729 msg "build: default config with memory buffer allocator and MFL extension" 2730 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 2731 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 2732 scripts/config.py set MBEDTLS_MEMORY_DEBUG 2733 scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2734 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 2735 CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . 2736 make 2737 2738 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 2739 make test 2740 2741 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 2742 tests/ssl-opt.sh -f "Handshake memory usage" 2743} 2744 2745component_test_when_no_ciphersuites_have_mac () { 2746 msg "build: when no ciphersuites have MAC" 2747 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 2748 scripts/config.py unset MBEDTLS_ARC4_C 2749 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC 2750 make 2751 2752 msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC" 2753 make test 2754 2755 msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC" 2756 tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM' 2757} 2758 2759component_test_null_entropy () { 2760 msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" 2761 scripts/config.py set MBEDTLS_TEST_NULL_ENTROPY 2762 scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 2763 scripts/config.py set MBEDTLS_ENTROPY_C 2764 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 2765 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 2766 scripts/config.py unset MBEDTLS_ENTROPY_HARDWARE_ALT 2767 scripts/config.py unset MBEDTLS_HAVEGE_C 2768 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON . 2769 make 2770 2771 msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)" 2772 make test 2773} 2774 2775component_test_no_date_time () { 2776 msg "build: default config without MBEDTLS_HAVE_TIME_DATE" 2777 scripts/config.py unset MBEDTLS_HAVE_TIME_DATE 2778 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check . 2779 make 2780 2781 msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites" 2782 make test 2783} 2784 2785component_test_alt_timing() { 2786 msg "build: alternate timing implementation" 2787 scripts/config.py set MBEDTLS_TIMING_ALT 2788 make lib TEST_TIMING_ALT_IMPL=1 CFLAGS="-I../tests/src/external_timing" 2789 2790 msg "test: MBEDTLS_TIMING_ALT - test suites" 2791 make test TEST_TIMING_ALT_IMPL=1 CFLAGS="-I../tests/src/external_timing" 2792 2793 msg "selftest - MBEDTLS-TIMING_ALT" 2794 make programs TEST_TIMING_ALT_IMPL=1 CFLAGS="-I../../tests/src/external_timing -I../tests/src/external_timing" 2795 programs/test/selftest 2796} 2797 2798component_test_platform_calloc_macro () { 2799 msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" 2800 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 2801 scripts/config.py set MBEDTLS_PLATFORM_CALLOC_MACRO calloc 2802 scripts/config.py set MBEDTLS_PLATFORM_FREE_MACRO free 2803 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2804 make 2805 2806 msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" 2807 make test 2808} 2809 2810component_test_malloc_0_null () { 2811 msg "build: malloc(0) returns NULL (ASan+UBSan build)" 2812 scripts/config.py full 2813 make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS" 2814 2815 msg "test: malloc(0) returns NULL (ASan+UBSan build)" 2816 make test 2817 2818 msg "selftest: malloc(0) returns NULL (ASan+UBSan build)" 2819 # Just the calloc selftest. "make test" ran the others as part of the 2820 # test suites. 2821 programs/test/selftest calloc 2822 2823 msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)" 2824 # Run a subset of the tests. The choice is a balance between coverage 2825 # and time (including time indirectly wasted due to flaky tests). 2826 # The current choice is to skip tests whose description includes 2827 # "proxy", which is an approximation of skipping tests that use the 2828 # UDP proxy, which tend to be slower and flakier. 2829 tests/ssl-opt.sh -e 'proxy' 2830} 2831 2832component_test_aes_fewer_tables () { 2833 msg "build: default config with AES_FEWER_TABLES enabled" 2834 scripts/config.py set MBEDTLS_AES_FEWER_TABLES 2835 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 2836 2837 msg "test: AES_FEWER_TABLES" 2838 make test 2839} 2840 2841component_test_aes_rom_tables () { 2842 msg "build: default config with AES_ROM_TABLES enabled" 2843 scripts/config.py set MBEDTLS_AES_ROM_TABLES 2844 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 2845 2846 msg "test: AES_ROM_TABLES" 2847 make test 2848} 2849 2850component_test_aes_fewer_tables_and_rom_tables () { 2851 msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" 2852 scripts/config.py set MBEDTLS_AES_FEWER_TABLES 2853 scripts/config.py set MBEDTLS_AES_ROM_TABLES 2854 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 2855 2856 msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" 2857 make test 2858} 2859 2860component_test_ctr_drbg_aes_256_sha_256 () { 2861 msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2862 scripts/config.py full 2863 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 2864 scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 2865 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2866 make 2867 2868 msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2869 make test 2870} 2871 2872component_test_ctr_drbg_aes_128_sha_512 () { 2873 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" 2874 scripts/config.py full 2875 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 2876 scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY 2877 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2878 make 2879 2880 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" 2881 make test 2882} 2883 2884component_test_ctr_drbg_aes_128_sha_256 () { 2885 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2886 scripts/config.py full 2887 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 2888 scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY 2889 scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 2890 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2891 make 2892 2893 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2894 make test 2895} 2896 2897component_test_se_default () { 2898 msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C" 2899 scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C 2900 make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" 2901 2902 msg "test: default config + MBEDTLS_PSA_CRYPTO_SE_C" 2903 make test 2904} 2905 2906component_test_psa_crypto_drivers () { 2907 msg "build: full + test drivers dispatching to builtins" 2908 scripts/config.py full 2909 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2910 loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL" 2911 loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" 2912 loc_cflags="${loc_cflags} -I../tests/include -O2" 2913 2914 make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" 2915 2916 msg "test: full + test drivers dispatching to builtins" 2917 make test 2918} 2919 2920component_test_make_shared () { 2921 msg "build/test: make shared" # ~ 40s 2922 make SHARED=1 all check 2923 ldd programs/util/strerror | grep libmbedcrypto 2924 programs/test/dlopen_demo.sh 2925} 2926 2927component_test_cmake_shared () { 2928 msg "build/test: cmake shared" # ~ 2min 2929 cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On . 2930 make 2931 ldd programs/util/strerror | grep libmbedcrypto 2932 make test 2933 programs/test/dlopen_demo.sh 2934} 2935 2936test_build_opt () { 2937 info=$1 cc=$2; shift 2 2938 $cc --version 2939 for opt in "$@"; do 2940 msg "build/test: $cc $opt, $info" # ~ 30s 2941 make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" 2942 # We're confident enough in compilers to not run _all_ the tests, 2943 # but at least run the unit tests. In particular, runs with 2944 # optimizations use inline assembly whereas runs with -O0 2945 # skip inline assembly. 2946 make test # ~30s 2947 make clean 2948 done 2949} 2950 2951# For FreeBSD we invoke the function by name so this condition is added 2952# to disable the existing test_clang_opt function for linux. 2953if [[ $(uname) != "Linux" ]]; then 2954 component_test_clang_opt () { 2955 scripts/config.py full 2956 test_build_opt 'full config' clang -O0 -Os -O2 2957 } 2958fi 2959 2960component_test_clang_latest_opt () { 2961 scripts/config.py full 2962 test_build_opt 'full config' "$CLANG_LATEST" -O0 -Os -O2 2963} 2964support_test_clang_latest_opt () { 2965 type "$CLANG_LATEST" >/dev/null 2>/dev/null 2966} 2967 2968component_test_clang_earliest_opt () { 2969 scripts/config.py full 2970 test_build_opt 'full config' "$CLANG_EARLIEST" -O0 2971} 2972support_test_clang_earliest_opt () { 2973 type "$CLANG_EARLIEST" >/dev/null 2>/dev/null 2974} 2975 2976component_test_gcc_latest_opt () { 2977 scripts/config.py full 2978 test_build_opt 'full config' "$GCC_LATEST" -O0 -Os -O2 2979} 2980support_test_gcc_latest_opt () { 2981 type "$GCC_LATEST" >/dev/null 2>/dev/null 2982} 2983 2984component_test_gcc_earliest_opt () { 2985 scripts/config.py full 2986 test_build_opt 'full config' "$GCC_EARLIEST" -O0 2987} 2988support_test_gcc_earliest_opt () { 2989 type "$GCC_EARLIEST" >/dev/null 2>/dev/null 2990} 2991 2992component_build_mbedtls_config_file () { 2993 msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s 2994 scripts/config.py -w full_config.h full 2995 echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H" 2996 make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" 2997 # Make sure this feature is enabled. We'll disable it in the next phase. 2998 programs/test/query_compile_time_config MBEDTLS_NIST_KW_C 2999 make clean 3000 3001 msg "build: make with MBEDTLS_CONFIG_FILE + MBEDTLS_USER_CONFIG_FILE" 3002 # In the user config, disable one feature (for simplicity, pick a feature 3003 # that nothing else depends on). 3004 echo '#undef MBEDTLS_NIST_KW_C' >user_config.h 3005 make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'" 3006 not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C 3007 3008 rm -f user_config.h full_config.h 3009} 3010 3011component_build_psa_config_file () { 3012 msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE" # ~40s 3013 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 3014 cp "$CRYPTO_CONFIG_H" psa_test_config.h 3015 echo '#error "MBEDTLS_PSA_CRYPTO_CONFIG_FILE is not working"' >"$CRYPTO_CONFIG_H" 3016 make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'" 3017 # Make sure this feature is enabled. We'll disable it in the next phase. 3018 programs/test/query_compile_time_config MBEDTLS_CMAC_C 3019 make clean 3020 3021 msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE + MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s 3022 # In the user config, disable one feature, which will reflect on the 3023 # mbedtls configuration so we can query it with query_compile_time_config. 3024 echo '#undef PSA_WANT_ALG_CMAC' >psa_user_config.h 3025 scripts/config.py unset MBEDTLS_CMAC_C 3026 make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'" 3027 not programs/test/query_compile_time_config MBEDTLS_CMAC_C 3028 3029 rm -f psa_test_config.h psa_user_config.h 3030} 3031 3032component_test_m32_o0 () { 3033 # Build without optimization, so as to use portable C code (in a 32-bit 3034 # build) and not the i386-specific inline assembly. 3035 msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s 3036 scripts/config.py full 3037 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS" 3038 3039 msg "test: i386, make, gcc -O0 (ASan build)" 3040 make test 3041} 3042support_test_m32_o0 () { 3043 case $(uname -m) in 3044 amd64|x86_64) true;; 3045 *) false;; 3046 esac 3047} 3048 3049component_test_m32_o2 () { 3050 # Build with optimization, to use the i386 specific inline assembly 3051 # and go faster for tests. 3052 msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s 3053 scripts/config.py full 3054 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS" 3055 3056 msg "test: i386, make, gcc -O2 (ASan build)" 3057 make test 3058 3059 msg "test ssl-opt.sh, i386, make, gcc-O2" 3060 tests/ssl-opt.sh 3061} 3062support_test_m32_o2 () { 3063 support_test_m32_o0 "$@" 3064} 3065 3066component_test_m32_everest () { 3067 msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min 3068 scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT 3069 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 3070 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS" 3071 3072 msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s 3073 make test 3074 3075 msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s 3076 tests/ssl-opt.sh -f ECDH 3077 3078 msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min 3079 # Exclude some symmetric ciphers that are redundant here to gain time. 3080 tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4' 3081} 3082support_test_m32_everest () { 3083 support_test_m32_o0 "$@" 3084} 3085 3086component_test_mx32 () { 3087 msg "build: 64-bit ILP32, make, gcc" # ~ 30s 3088 scripts/config.py full 3089 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' 3090 3091 msg "test: 64-bit ILP32, make, gcc" 3092 make test 3093} 3094support_test_mx32 () { 3095 case $(uname -m) in 3096 amd64|x86_64) true;; 3097 *) false;; 3098 esac 3099} 3100 3101component_test_min_mpi_window_size () { 3102 msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s 3103 scripts/config.py set MBEDTLS_MPI_WINDOW_SIZE 1 3104 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 3105 make 3106 3107 msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s 3108 make test 3109} 3110 3111component_test_have_int32 () { 3112 msg "build: gcc, force 32-bit bignum limbs" 3113 scripts/config.py unset MBEDTLS_HAVE_ASM 3114 scripts/config.py unset MBEDTLS_AESNI_C 3115 scripts/config.py unset MBEDTLS_PADLOCK_C 3116 make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' 3117 3118 msg "test: gcc, force 32-bit bignum limbs" 3119 make test 3120} 3121 3122component_test_have_int64 () { 3123 msg "build: gcc, force 64-bit bignum limbs" 3124 scripts/config.py unset MBEDTLS_HAVE_ASM 3125 scripts/config.py unset MBEDTLS_AESNI_C 3126 scripts/config.py unset MBEDTLS_PADLOCK_C 3127 make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' 3128 3129 msg "test: gcc, force 64-bit bignum limbs" 3130 make test 3131} 3132 3133component_test_no_udbl_division () { 3134 msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s 3135 scripts/config.py full 3136 scripts/config.py set MBEDTLS_NO_UDBL_DIVISION 3137 make CFLAGS='-Werror -O1' 3138 3139 msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s 3140 make test 3141} 3142 3143component_test_no_64bit_multiplication () { 3144 msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s 3145 scripts/config.py full 3146 scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION 3147 make CFLAGS='-Werror -O1' 3148 3149 msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s 3150 make test 3151} 3152 3153component_test_no_strings () { 3154 msg "build: no strings" # ~10s 3155 scripts/config.py full 3156 # Disable options that activate a large amount of string constants. 3157 scripts/config.py unset MBEDTLS_DEBUG_C 3158 scripts/config.py unset MBEDTLS_ERROR_C 3159 scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY 3160 scripts/config.py unset MBEDTLS_VERSION_FEATURES 3161 make CFLAGS='-Werror -Os' 3162 3163 msg "test: no strings" # ~ 10s 3164 make test 3165} 3166 3167component_build_arm_none_eabi_gcc () { 3168 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" # ~ 10s 3169 scripts/config.py baremetal 3170 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib 3171 3172 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" 3173 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 3174} 3175 3176component_build_arm_linux_gnueabi_gcc_arm5vte () { 3177 msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s 3178 scripts/config.py baremetal 3179 # Build for a target platform that's close to what Debian uses 3180 # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). 3181 # See https://github.com/Mbed-TLS/mbedtls/pull/2169 and comments. 3182 # Build everything including programs, see for example 3183 # https://github.com/Mbed-TLS/mbedtls/pull/3449#issuecomment-675313720 3184 make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' 3185 3186 msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" 3187 ${ARM_LINUX_GNUEABI_GCC_PREFIX}size library/*.o 3188} 3189support_build_arm_linux_gnueabi_gcc_arm5vte () { 3190 type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1 3191} 3192 3193component_build_arm_none_eabi_gcc_arm5vte () { 3194 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s 3195 scripts/config.py baremetal 3196 # This is an imperfect substitute for 3197 # component_build_arm_linux_gnueabi_gcc_arm5vte 3198 # in case the gcc-arm-linux-gnueabi toolchain is not available 3199 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib 3200 3201 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" 3202 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 3203} 3204 3205component_build_arm_none_eabi_gcc_m0plus () { 3206 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus, baremetal_size" # ~ 10s 3207 scripts/config.py baremetal_size 3208 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib 3209 3210 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size" 3211 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 3212} 3213 3214component_build_arm_none_eabi_gcc_no_udbl_division () { 3215 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s 3216 scripts/config.py baremetal 3217 scripts/config.py set MBEDTLS_NO_UDBL_DIVISION 3218 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib 3219 echo "Checking that software 64-bit division is not required" 3220 not grep __aeabi_uldiv library/*.o 3221} 3222 3223component_build_arm_none_eabi_gcc_no_64bit_multiplication () { 3224 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s 3225 scripts/config.py baremetal 3226 scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION 3227 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib 3228 echo "Checking that software 64-bit multiplication is not required" 3229 not grep __aeabi_lmul library/*.o 3230} 3231 3232component_build_arm_clang_thumb () { 3233 # ~ 30s 3234 3235 scripts/config.py baremetal 3236 3237 msg "build: clang thumb 2, make" 3238 make clean 3239 make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -march=armv7-m -mthumb' lib 3240 3241 # Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os 3242 msg "build: clang thumb 1 -O0, make" 3243 make clean 3244 make CC="clang" CFLAGS='-std=c99 -Werror -O0 --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib 3245 3246 msg "build: clang thumb 1 -Os, make" 3247 make clean 3248 make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib 3249} 3250 3251component_build_armcc () { 3252 msg "build: ARM Compiler 5" 3253 scripts/config.py baremetal 3254 make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib 3255 3256 msg "size: ARM Compiler 5" 3257 "$ARMC5_FROMELF" -z library/*.o 3258 3259 make clean 3260 3261 # Compile mostly with -O1 since some Arm inline assembly is disabled for -O0. 3262 3263 # ARM Compiler 6 - Target ARMv7-A 3264 armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" 3265 3266 # ARM Compiler 6 - Target ARMv7-M 3267 armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" 3268 3269 # ARM Compiler 6 - Target ARMv8-A - AArch32 3270 armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" 3271 3272 # ARM Compiler 6 - Target ARMv8-M 3273 armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" 3274 3275 # ARM Compiler 6 - Target ARMv8-A - AArch64 3276 armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" 3277 3278 # ARM Compiler 6 - Target Cortex-M0 - no optimisation 3279 armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0" 3280 3281 # ARM Compiler 6 - Target Cortex-M0 3282 armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0" 3283} 3284 3285support_build_armcc () { 3286 armc5_cc="$ARMC5_BIN_DIR/armcc" 3287 armc6_cc="$ARMC6_BIN_DIR/armclang" 3288 (check_tools "$armc5_cc" "$armc6_cc" > /dev/null 2>&1) 3289} 3290 3291component_build_ssl_hw_record_accel() { 3292 msg "build: default config with MBEDTLS_SSL_HW_RECORD_ACCEL enabled" 3293 scripts/config.pl set MBEDTLS_SSL_HW_RECORD_ACCEL 3294 make CFLAGS='-Werror -O1' 3295} 3296 3297component_test_tls13_experimental () { 3298 msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled" 3299 scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL 3300 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 3301 make 3302 msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled" 3303 make test 3304} 3305 3306component_build_mingw () { 3307 msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s 3308 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs 3309 3310 # note Make tests only builds the tests, but doesn't run them 3311 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests 3312 make WINDOWS_BUILD=1 clean 3313 3314 msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s 3315 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs 3316 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests 3317 make WINDOWS_BUILD=1 clean 3318} 3319support_build_mingw() { 3320 case $(i686-w64-mingw32-gcc -dumpversion 2>/dev/null) in 3321 [0-5]*|"") false;; 3322 *) true;; 3323 esac 3324} 3325 3326component_test_memsan () { 3327 msg "build: MSan (clang)" # ~ 1 min 20s 3328 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm 3329 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . 3330 make 3331 3332 msg "test: main suites (MSan)" # ~ 10s 3333 make test 3334 3335 msg "test: ssl-opt.sh (MSan)" # ~ 1 min 3336 tests/ssl-opt.sh 3337 3338 # Optional part(s) 3339 3340 if [ "$MEMORY" -gt 0 ]; then 3341 msg "test: compat.sh (MSan)" # ~ 6 min 20s 3342 tests/compat.sh 3343 fi 3344} 3345 3346component_test_valgrind () { 3347 msg "build: Release (clang)" 3348 # default config, in particular without MBEDTLS_USE_PSA_CRYPTO 3349 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . 3350 make 3351 3352 msg "test: main suites, Valgrind (default config)" 3353 make memcheck 3354 3355 # Optional parts (slow; currently broken on OS X because programs don't 3356 # seem to receive signals under valgrind on OS X). 3357 # These optional parts don't run on the CI. 3358 if [ "$MEMORY" -gt 0 ]; then 3359 msg "test: ssl-opt.sh --memcheck (default config)" 3360 tests/ssl-opt.sh --memcheck 3361 fi 3362 3363 if [ "$MEMORY" -gt 1 ]; then 3364 msg "test: compat.sh --memcheck (default config)" 3365 tests/compat.sh --memcheck 3366 fi 3367 3368 if [ "$MEMORY" -gt 0 ]; then 3369 msg "test: context-info.sh --memcheck (default config)" 3370 tests/context-info.sh --memcheck 3371 fi 3372} 3373 3374component_test_valgrind_psa () { 3375 msg "build: Release, full (clang)" 3376 # full config, in particular with MBEDTLS_USE_PSA_CRYPTO 3377 scripts/config.py full 3378 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . 3379 make 3380 3381 msg "test: main suites, Valgrind (full config)" 3382 make memcheck 3383} 3384 3385support_test_cmake_out_of_source () { 3386 distrib_id="" 3387 distrib_ver="" 3388 distrib_ver_minor="" 3389 distrib_ver_major="" 3390 3391 # Attempt to parse lsb-release to find out distribution and version. If not 3392 # found this should fail safe (test is supported). 3393 if [[ -f /etc/lsb-release ]]; then 3394 3395 while read -r lsb_line; do 3396 case "$lsb_line" in 3397 "DISTRIB_ID"*) distrib_id=${lsb_line/#DISTRIB_ID=};; 3398 "DISTRIB_RELEASE"*) distrib_ver=${lsb_line/#DISTRIB_RELEASE=};; 3399 esac 3400 done < /etc/lsb-release 3401 3402 distrib_ver_major="${distrib_ver%%.*}" 3403 distrib_ver="${distrib_ver#*.}" 3404 distrib_ver_minor="${distrib_ver%%.*}" 3405 fi 3406 3407 # Running the out of source CMake test on Ubuntu 16.04 using more than one 3408 # processor (as the CI does) can create a race condition whereby the build 3409 # fails to see a generated file, despite that file actually having been 3410 # generated. This problem appears to go away with 18.04 or newer, so make 3411 # the out of source tests unsupported on Ubuntu 16.04. 3412 [ "$distrib_id" != "Ubuntu" ] || [ "$distrib_ver_major" -gt 16 ] 3413} 3414 3415component_test_cmake_out_of_source () { 3416 msg "build: cmake 'out-of-source' build" 3417 MBEDTLS_ROOT_DIR="$PWD" 3418 mkdir "$OUT_OF_SOURCE_DIR" 3419 cd "$OUT_OF_SOURCE_DIR" 3420 cmake -D CMAKE_BUILD_TYPE:String=Check "$MBEDTLS_ROOT_DIR" 3421 make 3422 3423 msg "test: cmake 'out-of-source' build" 3424 make test 3425 # Test an SSL option that requires an auxiliary script in test/scripts/. 3426 # Also ensure that there are no error messages such as 3427 # "No such file or directory", which would indicate that some required 3428 # file is missing (ssl-opt.sh tolerates the absence of some files so 3429 # may exit with status 0 but emit errors). 3430 ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' >ssl-opt.out 2>ssl-opt.err 3431 grep PASS ssl-opt.out 3432 cat ssl-opt.err >&2 3433 # If ssl-opt.err is non-empty, record an error and keep going. 3434 [ ! -s ssl-opt.err ] 3435 rm ssl-opt.out ssl-opt.err 3436 cd "$MBEDTLS_ROOT_DIR" 3437 rm -rf "$OUT_OF_SOURCE_DIR" 3438} 3439 3440component_test_cmake_as_subdirectory () { 3441 msg "build: cmake 'as-subdirectory' build" 3442 cd programs/test/cmake_subproject 3443 cmake . 3444 make 3445 ./cmake_subproject 3446} 3447support_test_cmake_as_subdirectory () { 3448 support_test_cmake_out_of_source 3449} 3450 3451component_build_cmake_custom_config_file () { 3452 # Make a copy of config file to use for the in-tree test 3453 cp "$CONFIG_H" include/mbedtls_config_in_tree_copy.h 3454 3455 MBEDTLS_ROOT_DIR="$PWD" 3456 mkdir "$OUT_OF_SOURCE_DIR" 3457 cd "$OUT_OF_SOURCE_DIR" 3458 3459 # Build once to get the generated files (which need an intact config file) 3460 cmake "$MBEDTLS_ROOT_DIR" 3461 make 3462 3463 msg "build: cmake with -DMBEDTLS_CONFIG_FILE" 3464 scripts/config.py -w full_config.h full 3465 echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H" 3466 cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h "$MBEDTLS_ROOT_DIR" 3467 make 3468 3469 msg "build: cmake with -DMBEDTLS_CONFIG_FILE + -DMBEDTLS_USER_CONFIG_FILE" 3470 # In the user config, disable one feature (for simplicity, pick a feature 3471 # that nothing else depends on). 3472 echo '#undef MBEDTLS_NIST_KW_C' >user_config.h 3473 3474 cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h "$MBEDTLS_ROOT_DIR" 3475 make 3476 not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C 3477 3478 rm -f user_config.h full_config.h 3479 3480 cd "$MBEDTLS_ROOT_DIR" 3481 rm -rf "$OUT_OF_SOURCE_DIR" 3482 3483 # Now repeat the test for an in-tree build: 3484 3485 # Restore config for the in-tree test 3486 mv include/mbedtls_config_in_tree_copy.h "$CONFIG_H" 3487 3488 # Build once to get the generated files (which need an intact config) 3489 cmake . 3490 make 3491 3492 msg "build: cmake (in-tree) with -DMBEDTLS_CONFIG_FILE" 3493 scripts/config.py -w full_config.h full 3494 echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H" 3495 cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h . 3496 make 3497 3498 msg "build: cmake (in-tree) with -DMBEDTLS_CONFIG_FILE + -DMBEDTLS_USER_CONFIG_FILE" 3499 # In the user config, disable one feature (for simplicity, pick a feature 3500 # that nothing else depends on). 3501 echo '#undef MBEDTLS_NIST_KW_C' >user_config.h 3502 3503 cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h . 3504 make 3505 not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C 3506 3507 rm -f user_config.h full_config.h 3508} 3509support_build_cmake_custom_config_file () { 3510 support_test_cmake_out_of_source 3511} 3512 3513 3514component_build_zeroize_checks () { 3515 msg "build: check for obviously wrong calls to mbedtls_platform_zeroize()" 3516 3517 scripts/config.py full 3518 3519 # Only compile - we're looking for sizeof-pointer-memaccess warnings 3520 make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" 3521} 3522 3523 3524component_test_zeroize () { 3525 # Test that the function mbedtls_platform_zeroize() is not optimized away by 3526 # different combinations of compilers and optimization flags by using an 3527 # auxiliary GDB script. Unfortunately, GDB does not return error values to the 3528 # system in all cases that the script fails, so we must manually search the 3529 # output to check whether the pass string is present and no failure strings 3530 # were printed. 3531 3532 # Don't try to disable ASLR. We don't care about ASLR here. We do care 3533 # about a spurious message if Gdb tries and fails, so suppress that. 3534 gdb_disable_aslr= 3535 if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then 3536 gdb_disable_aslr='set disable-randomization off' 3537 fi 3538 3539 for optimization_flag in -O2 -O3 -Ofast -Os; do 3540 for compiler in clang gcc; do 3541 msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" 3542 make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" 3543 gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log 3544 grep "The buffer was correctly zeroized" test_zeroize.log 3545 not grep -i "error" test_zeroize.log 3546 rm -f test_zeroize.log 3547 make clean 3548 done 3549 done 3550} 3551 3552component_test_psa_compliance () { 3553 msg "build: make, default config + CMAC, libmbedcrypto.a only" 3554 scripts/config.py set MBEDTLS_CMAC_C 3555 make -C library libmbedcrypto.a 3556 3557 msg "unit test: test_psa_compliance.py" 3558 ./tests/scripts/test_psa_compliance.py 3559} 3560 3561support_test_psa_compliance () { 3562 # psa-compliance-tests only supports CMake >= 3.10.0 3563 ver="$(cmake --version)" 3564 ver="${ver#cmake version }" 3565 ver_major="${ver%%.*}" 3566 3567 ver="${ver#*.}" 3568 ver_minor="${ver%%.*}" 3569 3570 [ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ] 3571} 3572 3573component_check_code_style () { 3574 msg "Check C code style" 3575 ./scripts/code_style.py 3576} 3577 3578support_check_code_style() { 3579 case $(uncrustify --version) in 3580 *0.75.1*) true;; 3581 *) false;; 3582 esac 3583} 3584 3585component_check_python_files () { 3586 msg "Lint: Python scripts" 3587 tests/scripts/check-python-files.sh 3588} 3589 3590component_check_generate_test_code () { 3591 msg "uint test: generate_test_code.py" 3592 # unittest writes out mundane stuff like number or tests run on stderr. 3593 # Our convention is to reserve stderr for actual errors, and write 3594 # harmless info on stdout so it can be suppress with --quiet. 3595 ./tests/scripts/test_generate_test_code.py 2>&1 3596} 3597 3598################################################################ 3599#### Termination 3600################################################################ 3601 3602post_report () { 3603 msg "Done, cleaning up" 3604 final_cleanup 3605 3606 final_report 3607} 3608 3609 3610 3611################################################################ 3612#### Run all the things 3613################################################################ 3614 3615# Function invoked by --error-test to test error reporting. 3616pseudo_component_error_test () { 3617 msg "Testing error reporting $error_test_i" 3618 if [ $KEEP_GOING -ne 0 ]; then 3619 echo "Expect three failing commands." 3620 fi 3621 # If the component doesn't run in a subshell, changing error_test_i to an 3622 # invalid integer will cause an error in the loop that runs this function. 3623 error_test_i=this_should_not_be_used_since_the_component_runs_in_a_subshell 3624 # Expected error: 'grep non_existent /dev/null -> 1' 3625 grep non_existent /dev/null 3626 # Expected error: '! grep -q . tests/scripts/all.sh -> 1' 3627 not grep -q . "$0" 3628 # Expected error: 'make unknown_target -> 2' 3629 make unknown_target 3630 false "this should not be executed" 3631} 3632 3633# Run one component and clean up afterwards. 3634run_component () { 3635 current_component="$1" 3636 export MBEDTLS_TEST_CONFIGURATION="$current_component" 3637 3638 # Unconditionally create a seedfile that's sufficiently long. 3639 # Do this before each component, because a previous component may 3640 # have messed it up or shortened it. 3641 local dd_cmd 3642 dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1) 3643 case $OSTYPE in 3644 linux*|freebsd*|openbsd*|darwin*) dd_cmd+=(status=none) 3645 esac 3646 "${dd_cmd[@]}" 3647 3648 # Run the component in a subshell, with error trapping and output 3649 # redirection set up based on the relevant options. 3650 if [ $KEEP_GOING -eq 1 ]; then 3651 # We want to keep running if the subshell fails, so 'set -e' must 3652 # be off when the subshell runs. 3653 set +e 3654 fi 3655 ( 3656 if [ $QUIET -eq 1 ]; then 3657 # msg() will be silenced, so just print the component name here. 3658 echo "${current_component#component_}" 3659 exec >/dev/null 3660 fi 3661 if [ $KEEP_GOING -eq 1 ]; then 3662 # Keep "set -e" off, and run an ERR trap instead to record failures. 3663 set -E 3664 trap err_trap ERR 3665 fi 3666 # The next line is what runs the component 3667 "$@" 3668 if [ $KEEP_GOING -eq 1 ]; then 3669 trap - ERR 3670 exit $last_failure_status 3671 fi 3672 ) 3673 component_status=$? 3674 if [ $KEEP_GOING -eq 1 ]; then 3675 set -e 3676 if [ $component_status -ne 0 ]; then 3677 failure_count=$((failure_count + 1)) 3678 fi 3679 fi 3680 3681 # Restore the build tree to a clean state. 3682 cleanup 3683 unset current_component 3684} 3685 3686# Preliminary setup 3687pre_check_environment 3688pre_initialize_variables 3689pre_parse_command_line "$@" 3690 3691pre_check_git 3692pre_restore_files 3693pre_back_up 3694 3695build_status=0 3696if [ $KEEP_GOING -eq 1 ]; then 3697 pre_setup_keep_going 3698fi 3699pre_prepare_outcome_file 3700pre_print_configuration 3701pre_check_tools 3702cleanup 3703 3704# Run the requested tests. 3705for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do 3706 run_component pseudo_component_error_test 3707done 3708unset error_test_i 3709for component in $RUN_COMPONENTS; do 3710 run_component "component_$component" 3711done 3712 3713# We're done. 3714post_report 3715