1#! /usr/bin/env bash 2 3# all.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 7# 8# Licensed under the Apache License, Version 2.0 (the "License"); you may 9# not use this file except in compliance with the License. 10# You may obtain a copy of the License at 11# 12# http://www.apache.org/licenses/LICENSE-2.0 13# 14# Unless required by applicable law or agreed to in writing, software 15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17# See the License for the specific language governing permissions and 18# limitations under the License. 19 20 21 22################################################################ 23#### Documentation 24################################################################ 25 26# Purpose 27# ------- 28# 29# To run all tests possible or available on the platform. 30# 31# Notes for users 32# --------------- 33# 34# Warning: the test is destructive. It includes various build modes and 35# configurations, and can and will arbitrarily change the current CMake 36# configuration. The following files must be committed into git: 37# * include/mbedtls/mbedtls_config.h 38# * Makefile, library/Makefile, programs/Makefile, tests/Makefile, 39# programs/fuzz/Makefile 40# After running this script, the CMake cache will be lost and CMake 41# will no longer be initialised. 42# 43# The script assumes the presence of a number of tools: 44# * Basic Unix tools (Windows users note: a Unix-style find must be before 45# the Windows find in the PATH) 46# * Perl 47# * GNU Make 48# * CMake 49# * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind) 50# * G++ 51# * arm-gcc and mingw-gcc 52# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc 53# * OpenSSL and GnuTLS command line tools, recent enough for the 54# interoperability tests. If they don't support old features which we want 55# to test, then a legacy version of these tools must be present as well 56# (search for LEGACY below). 57# See the invocation of check_tools below for details. 58# 59# This script must be invoked from the toplevel directory of a git 60# working copy of Mbed TLS. 61# 62# The behavior on an error depends on whether --keep-going (alias -k) 63# is in effect. 64# * Without --keep-going: the script stops on the first error without 65# cleaning up. This lets you work in the configuration of the failing 66# component. 67# * With --keep-going: the script runs all requested components and 68# reports failures at the end. In particular the script always cleans 69# up on exit. 70# 71# Note that the output is not saved. You may want to run 72# script -c tests/scripts/all.sh 73# or 74# tests/scripts/all.sh >all.log 2>&1 75# 76# Notes for maintainers 77# --------------------- 78# 79# The bulk of the code is organized into functions that follow one of the 80# following naming conventions: 81# * pre_XXX: things to do before running the tests, in order. 82# * component_XXX: independent components. They can be run in any order. 83# * component_check_XXX: quick tests that aren't worth parallelizing. 84# * component_build_XXX: build things but don't run them. 85# * component_test_XXX: build and test. 86# * support_XXX: if support_XXX exists and returns false then 87# component_XXX is not run by default. 88# * post_XXX: things to do after running the tests. 89# * other: miscellaneous support functions. 90# 91# Each component must start by invoking `msg` with a short informative message. 92# 93# Warning: due to the way bash detects errors, the failure of a command 94# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'. 95# 96# Each component is executed in a separate shell process. The component 97# fails if any command in it returns a non-zero status. 98# 99# The framework performs some cleanup tasks after each component. This 100# means that components can assume that the working directory is in a 101# cleaned-up state, and don't need to perform the cleanup themselves. 102# * Run `make clean`. 103# * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running 104# the component. 105# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`, 106# `tests/Makefile` and `programs/fuzz/Makefile` from git. 107# This cleans up after an in-tree use of CMake. 108# 109# The tests are roughly in order from fastest to slowest. This doesn't 110# have to be exact, but in general you should add slower tests towards 111# the end and fast checks near the beginning. 112 113 114 115################################################################ 116#### Initialization and command line parsing 117################################################################ 118 119# Abort on errors (even on the left-hand side of a pipe). 120# Treat uninitialised variables as errors. 121set -e -o pipefail -u 122 123# Enable ksh/bash extended file matching patterns 124shopt -s extglob 125 126pre_check_environment () { 127 if [ -d library -a -d include -a -d tests ]; then :; else 128 echo "Must be run from mbed TLS root" >&2 129 exit 1 130 fi 131} 132 133pre_initialize_variables () { 134 CONFIG_H='include/mbedtls/mbedtls_config.h' 135 CRYPTO_CONFIG_H='include/psa/crypto_config.h' 136 CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h' 137 138 # Files that are clobbered by some jobs will be backed up. Use a different 139 # suffix from auxiliary scripts so that all.sh and auxiliary scripts can 140 # independently decide when to remove the backup file. 141 backup_suffix='.all.bak' 142 # Files clobbered by config.py 143 files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H" 144 # Files clobbered by in-tree cmake 145 files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile" 146 147 append_outcome=0 148 MEMORY=0 149 FORCE=0 150 QUIET=0 151 KEEP_GOING=0 152 153 # Seed value used with the --release-test option. 154 # 155 # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if 156 # both values are kept in sync. If you change the value here because it 157 # breaks some tests, you'll definitely want to change it in 158 # basic-build-test.sh as well. 159 RELEASE_SEED=1 160 161 : ${MBEDTLS_TEST_OUTCOME_FILE=} 162 : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} 163 export MBEDTLS_TEST_OUTCOME_FILE 164 export MBEDTLS_TEST_PLATFORM 165 166 # Default commands, can be overridden by the environment 167 : ${OPENSSL:="openssl"} 168 : ${OPENSSL_LEGACY:="$OPENSSL"} 169 : ${OPENSSL_NEXT:="$OPENSSL"} 170 : ${GNUTLS_CLI:="gnutls-cli"} 171 : ${GNUTLS_SERV:="gnutls-serv"} 172 : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} 173 : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} 174 : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} 175 : ${ARMC5_BIN_DIR:=/usr/bin} 176 : ${ARMC6_BIN_DIR:=/usr/bin} 177 : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-} 178 : ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-} 179 180 # if MAKEFLAGS is not set add the -j option to speed up invocations of make 181 if [ -z "${MAKEFLAGS+set}" ]; then 182 export MAKEFLAGS="-j$(all_sh_nproc)" 183 fi 184 185 # Include more verbose output for failing tests run by CMake or make 186 export CTEST_OUTPUT_ON_FAILURE=1 187 188 # CFLAGS and LDFLAGS for Asan builds that don't use CMake 189 # default to -O2, use -Ox _after_ this if you want another level 190 ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' 191 192 # Gather the list of available components. These are the functions 193 # defined in this script whose name starts with "component_". 194 # Parse the script with sed. This way we get the functions in the order 195 # they are defined. 196 ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0") 197 198 # Exclude components that are not supported on this platform. 199 SUPPORTED_COMPONENTS= 200 for component in $ALL_COMPONENTS; do 201 case $(type "support_$component" 2>&1) in 202 *' function'*) 203 if ! support_$component; then continue; fi;; 204 esac 205 SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component" 206 done 207} 208 209# Test whether the component $1 is included in the command line patterns. 210is_component_included() 211{ 212 # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS 213 # only does word splitting. 214 set -f 215 for pattern in $COMMAND_LINE_COMPONENTS; do 216 set +f 217 case ${1#component_} in $pattern) return 0;; esac 218 done 219 set +f 220 return 1 221} 222 223usage() 224{ 225 cat <<EOF 226Usage: $0 [OPTION]... [COMPONENT]... 227Run mbedtls release validation tests. 228By default, run all tests. With one or more COMPONENT, run only those. 229COMPONENT can be the name of a component or a shell wildcard pattern. 230 231Examples: 232 $0 "check_*" 233 Run all sanity checks. 234 $0 --no-armcc --except test_memsan 235 Run everything except builds that require armcc and MemSan. 236 237Special options: 238 -h|--help Print this help and exit. 239 --list-all-components List all available test components and exit. 240 --list-components List components supported on this platform and exit. 241 242General options: 243 -q|--quiet Only output component names, and errors if any. 244 -f|--force Force the tests to overwrite any modified files. 245 -k|--keep-going Run all tests and report errors at the end. 246 -m|--memory Additional optional memory tests. 247 --append-outcome Append to the outcome file (if used). 248 --arm-none-eabi-gcc-prefix=<string> 249 Prefix for a cross-compiler for arm-none-eabi 250 (default: "${ARM_NONE_EABI_GCC_PREFIX}") 251 --arm-linux-gnueabi-gcc-prefix=<string> 252 Prefix for a cross-compiler for arm-linux-gnueabi 253 (default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}") 254 --armcc Run ARM Compiler builds (on by default). 255 --restore First clean up the build tree, restoring backed up 256 files. Do not run any components unless they are 257 explicitly specified. 258 --error-test Error test mode: run a failing function in addition 259 to any specified component. May be repeated. 260 --except Exclude the COMPONENTs listed on the command line, 261 instead of running only those. 262 --no-append-outcome Write a new outcome file and analyze it (default). 263 --no-armcc Skip ARM Compiler builds. 264 --no-force Refuse to overwrite modified files (default). 265 --no-keep-going Stop at the first error (default). 266 --no-memory No additional memory tests (default). 267 --no-quiet Print full output from components. 268 --out-of-source-dir=<path> Directory used for CMake out-of-source build tests. 269 --outcome-file=<path> File where test outcomes are written (not done if 270 empty; default: \$MBEDTLS_TEST_OUTCOME_FILE). 271 --random-seed Use a random seed value for randomized tests (default). 272 -r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}. 273 -s|--seed Integer seed value to use for this test run. 274 275Tool path options: 276 --armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory. 277 --armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory. 278 --gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests. 279 --gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests. 280 --gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests. 281 --gnutls-legacy-serv=<GnuTLS_serv_path> GnuTLS server executable to use for legacy tests. 282 --openssl=<OpenSSL_path> OpenSSL executable to use for most tests. 283 --openssl-legacy=<OpenSSL_path> OpenSSL executable to use for legacy tests.. 284 --openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA 285EOF 286} 287 288# Cleanup before/after running a component. 289# Remove built files as well as the cmake cache/config. 290# Does not remove generated source files. 291cleanup() 292{ 293 command make clean 294 295 # Remove CMake artefacts 296 find . -name .git -prune -o \ 297 -iname CMakeFiles -exec rm -rf {} \+ -o \ 298 \( -iname cmake_install.cmake -o \ 299 -iname CTestTestfile.cmake -o \ 300 -iname CMakeCache.txt -o \ 301 -path './cmake/*.cmake' \) -exec rm -f {} \+ 302 # Recover files overwritten by in-tree CMake builds 303 rm -f include/Makefile include/mbedtls/Makefile programs/!(fuzz)/Makefile 304 305 # Remove any artifacts from the component_test_cmake_as_subdirectory test. 306 rm -rf programs/test/cmake_subproject/build 307 rm -f programs/test/cmake_subproject/Makefile 308 rm -f programs/test/cmake_subproject/cmake_subproject 309 310 # Remove any artifacts from the component_test_cmake_as_package test. 311 rm -rf programs/test/cmake_package/build 312 rm -f programs/test/cmake_package/Makefile 313 rm -f programs/test/cmake_package/cmake_package 314 315 # Remove any artifacts from the component_test_cmake_as_installed_package test. 316 rm -rf programs/test/cmake_package_install/build 317 rm -f programs/test/cmake_package_install/Makefile 318 rm -f programs/test/cmake_package_install/cmake_package_install 319 320 # Restore files that may have been clobbered by the job 321 for x in $files_to_back_up; do 322 if [[ -e "$x$backup_suffix" ]]; then 323 cp -p "$x$backup_suffix" "$x" 324 fi 325 done 326} 327 328# Final cleanup when this script exits (except when exiting on a failure 329# in non-keep-going mode). 330final_cleanup () { 331 cleanup 332 333 for x in $files_to_back_up; do 334 rm -f "$x$backup_suffix" 335 done 336} 337 338# Executed on exit. May be redefined depending on command line options. 339final_report () { 340 : 341} 342 343fatal_signal () { 344 final_cleanup 345 final_report $1 346 trap - $1 347 kill -$1 $$ 348} 349 350trap 'fatal_signal HUP' HUP 351trap 'fatal_signal INT' INT 352trap 'fatal_signal TERM' TERM 353 354# Number of processors on this machine. Used as the default setting 355# for parallel make. 356all_sh_nproc () 357{ 358 { 359 nproc || # Linux 360 sysctl -n hw.ncpuonline || # NetBSD, OpenBSD 361 sysctl -n hw.ncpu || # FreeBSD 362 echo 1 363 } 2>/dev/null 364} 365 366msg() 367{ 368 if [ -n "${current_component:-}" ]; then 369 current_section="${current_component#component_}: $1" 370 else 371 current_section="$1" 372 fi 373 374 if [ $QUIET -eq 1 ]; then 375 return 376 fi 377 378 echo "" 379 echo "******************************************************************" 380 echo "* $current_section " 381 printf "* "; date 382 echo "******************************************************************" 383} 384 385armc6_build_test() 386{ 387 FLAGS="$1" 388 389 msg "build: ARM Compiler 6 ($FLAGS)" 390 ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ 391 WARNING_CFLAGS='-Werror -xc -std=c99' make lib 392 393 msg "size: ARM Compiler 6 ($FLAGS)" 394 "$ARMC6_FROMELF" -z library/*.o 395 396 make clean 397} 398 399err_msg() 400{ 401 echo "$1" >&2 402} 403 404check_tools() 405{ 406 for TOOL in "$@"; do 407 if ! `type "$TOOL" >/dev/null 2>&1`; then 408 err_msg "$TOOL not found!" 409 exit 1 410 fi 411 done 412} 413 414pre_parse_command_line () { 415 COMMAND_LINE_COMPONENTS= 416 all_except=0 417 error_test=0 418 restore_first=0 419 no_armcc= 420 421 # Note that legacy options are ignored instead of being omitted from this 422 # list of options, so invocations that worked with previous version of 423 # all.sh will still run and work properly. 424 while [ $# -gt 0 ]; do 425 case "$1" in 426 --append-outcome) append_outcome=1;; 427 --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";; 428 --arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";; 429 --armcc) no_armcc=;; 430 --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; 431 --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; 432 --error-test) error_test=$((error_test + 1));; 433 --except) all_except=1;; 434 --force|-f) FORCE=1;; 435 --gnutls-cli) shift; GNUTLS_CLI="$1";; 436 --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; 437 --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; 438 --gnutls-serv) shift; GNUTLS_SERV="$1";; 439 --help|-h) usage; exit;; 440 --keep-going|-k) KEEP_GOING=1;; 441 --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;; 442 --list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;; 443 --memory|-m) MEMORY=1;; 444 --no-append-outcome) append_outcome=0;; 445 --no-armcc) no_armcc=1;; 446 --no-force) FORCE=0;; 447 --no-keep-going) KEEP_GOING=0;; 448 --no-memory) MEMORY=0;; 449 --no-quiet) QUIET=0;; 450 --openssl) shift; OPENSSL="$1";; 451 --openssl-legacy) shift; OPENSSL_LEGACY="$1";; 452 --openssl-next) shift; OPENSSL_NEXT="$1";; 453 --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";; 454 --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; 455 --quiet|-q) QUIET=1;; 456 --random-seed) unset SEED;; 457 --release-test|-r) SEED=$RELEASE_SEED;; 458 --restore) restore_first=1;; 459 --seed|-s) shift; SEED="$1";; 460 -*) 461 echo >&2 "Unknown option: $1" 462 echo >&2 "Run $0 --help for usage." 463 exit 120 464 ;; 465 *) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";; 466 esac 467 shift 468 done 469 470 # With no list of components, run everything. 471 if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then 472 all_except=1 473 fi 474 475 # --no-armcc is a legacy option. The modern way is --except '*_armcc*'. 476 # Ignore it if components are listed explicitly on the command line. 477 if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then 478 COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*" 479 fi 480 481 # Error out if an explicitly requested component doesn't exist. 482 if [ $all_except -eq 0 ]; then 483 unsupported=0 484 # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS 485 # only does word splitting. 486 set -f 487 for component in $COMMAND_LINE_COMPONENTS; do 488 set +f 489 # If the requested name includes a wildcard character, don't 490 # check it. Accept wildcard patterns that don't match anything. 491 case $component in 492 *[*?\[]*) continue;; 493 esac 494 case " $SUPPORTED_COMPONENTS " in 495 *" $component "*) :;; 496 *) 497 echo >&2 "Component $component was explicitly requested, but is not known or not supported." 498 unsupported=$((unsupported + 1));; 499 esac 500 done 501 set +f 502 if [ $unsupported -ne 0 ]; then 503 exit 2 504 fi 505 fi 506 507 # Build the list of components to run. 508 RUN_COMPONENTS= 509 for component in $SUPPORTED_COMPONENTS; do 510 if is_component_included "$component"; [ $? -eq $all_except ]; then 511 RUN_COMPONENTS="$RUN_COMPONENTS $component" 512 fi 513 done 514 515 unset all_except 516 unset no_armcc 517} 518 519pre_check_git () { 520 if [ $FORCE -eq 1 ]; then 521 rm -rf "$OUT_OF_SOURCE_DIR" 522 git checkout-index -f -q $CONFIG_H 523 cleanup 524 else 525 526 if [ -d "$OUT_OF_SOURCE_DIR" ]; then 527 echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2 528 echo "You can either delete this directory manually, or force the test by rerunning" 529 echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR" 530 exit 1 531 fi 532 533 if ! git diff --quiet include/mbedtls/mbedtls_config.h; then 534 err_msg "Warning - the configuration file 'include/mbedtls/mbedtls_config.h' has been edited. " 535 echo "You can either delete or preserve your work, or force the test by rerunning the" 536 echo "script as: $0 --force" 537 exit 1 538 fi 539 fi 540} 541 542pre_restore_files () { 543 # If the makefiles have been generated by a framework such as cmake, 544 # restore them from git. If the makefiles look like modifications from 545 # the ones checked into git, take care not to modify them. Whatever 546 # this function leaves behind is what the script will restore before 547 # each component. 548 case "$(head -n1 Makefile)" in 549 *[Gg]enerated*) 550 git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile 551 git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile 552 ;; 553 esac 554} 555 556pre_back_up () { 557 for x in $files_to_back_up; do 558 cp -p "$x" "$x$backup_suffix" 559 done 560} 561 562pre_setup_keep_going () { 563 failure_count=0 # Number of failed components 564 last_failure_status=0 # Last failure status in this component 565 566 # See err_trap 567 previous_failure_status=0 568 previous_failed_command= 569 previous_failure_funcall_depth=0 570 unset report_failed_command 571 572 start_red= 573 end_color= 574 if [ -t 1 ]; then 575 case "${TERM:-}" in 576 *color*|cygwin|linux|rxvt*|screen|[Eex]term*) 577 start_red=$(printf '\033[31m') 578 end_color=$(printf '\033[0m') 579 ;; 580 esac 581 fi 582 583 # Keep a summary of failures in a file. We'll print it out at the end. 584 failure_summary_file=$PWD/all-sh-failures-$$.log 585 : >"$failure_summary_file" 586 587 # Whether it makes sense to keep a component going after the specified 588 # command fails (test command) or not (configure or build). 589 # This function normally receives the failing simple command 590 # ($BASH_COMMAND) as an argument, but if $report_failed_command is set, 591 # this is passed instead. 592 # This doesn't have to be 100% accurate: all failures are recorded anyway. 593 # False positives result in running things that can't be expected to 594 # work. False negatives result in things not running after something else 595 # failed even though they might have given useful feedback. 596 can_keep_going_after_failure () { 597 case "$1" in 598 "msg "*) false;; 599 "cd "*) false;; 600 *make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ... 601 *test*) true;; # make test, tests/stuff, env V=v tests/stuff, ... 602 *make*check*) true;; 603 "grep "*) true;; 604 "[ "*) true;; 605 "! "*) true;; 606 *) false;; 607 esac 608 } 609 610 # This function runs if there is any error in a component. 611 # It must either exit with a nonzero status, or set 612 # last_failure_status to a nonzero value. 613 err_trap () { 614 # Save $? (status of the failing command). This must be the very 615 # first thing, before $? is overridden. 616 last_failure_status=$? 617 failed_command=${report_failed_command-$BASH_COMMAND} 618 619 if [[ $last_failure_status -eq $previous_failure_status && 620 "$failed_command" == "$previous_failed_command" && 621 ${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]] 622 then 623 # The same command failed twice in a row, but this time one level 624 # less deep in the function call stack. This happens when the last 625 # command of a function returns a nonzero status, and the function 626 # returns that same status. Ignore the second failure. 627 previous_failure_funcall_depth=${#FUNCNAME[@]} 628 return 629 fi 630 previous_failure_status=$last_failure_status 631 previous_failed_command=$failed_command 632 previous_failure_funcall_depth=${#FUNCNAME[@]} 633 634 text="$current_section: $failed_command -> $last_failure_status" 635 echo "${start_red}^^^^$text^^^^${end_color}" >&2 636 echo "$text" >>"$failure_summary_file" 637 638 # If the command is fatal (configure or build command), stop this 639 # component. Otherwise (test command) keep the component running 640 # (run more tests from the same build). 641 if ! can_keep_going_after_failure "$failed_command"; then 642 exit $last_failure_status 643 fi 644 } 645 646 final_report () { 647 if [ $failure_count -gt 0 ]; then 648 echo 649 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" 650 echo "${start_red}FAILED: $failure_count components${end_color}" 651 cat "$failure_summary_file" 652 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" 653 elif [ -z "${1-}" ]; then 654 echo "SUCCESS :)" 655 fi 656 if [ -n "${1-}" ]; then 657 echo "Killed by SIG$1." 658 fi 659 rm -f "$failure_summary_file" 660 if [ $failure_count -gt 0 ]; then 661 exit 1 662 fi 663 } 664} 665 666# record_status() and if_build_succeeded() are kept temporarily for backward 667# compatibility. Don't use them in new components. 668record_status () { 669 "$@" 670} 671if_build_succeeded () { 672 "$@" 673} 674 675# '! true' does not trigger the ERR trap. Arrange to trigger it, with 676# a reasonably informative error message (not just "$@"). 677not () { 678 if "$@"; then 679 report_failed_command="! $*" 680 false 681 unset report_failed_command 682 fi 683} 684 685pre_prepare_outcome_file () { 686 case "$MBEDTLS_TEST_OUTCOME_FILE" in 687 [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";; 688 esac 689 if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then 690 rm -f "$MBEDTLS_TEST_OUTCOME_FILE" 691 fi 692} 693 694pre_print_configuration () { 695 if [ $QUIET -eq 1 ]; then 696 return 697 fi 698 699 msg "info: $0 configuration" 700 echo "MEMORY: $MEMORY" 701 echo "FORCE: $FORCE" 702 echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}" 703 echo "SEED: ${SEED-"UNSET"}" 704 echo 705 echo "OPENSSL: $OPENSSL" 706 echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" 707 echo "OPENSSL_NEXT: $OPENSSL_NEXT" 708 echo "GNUTLS_CLI: $GNUTLS_CLI" 709 echo "GNUTLS_SERV: $GNUTLS_SERV" 710 echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" 711 echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" 712 echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR" 713 echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR" 714} 715 716# Make sure the tools we need are available. 717pre_check_tools () { 718 # Build the list of variables to pass to output_env.sh. 719 set env 720 721 case " $RUN_COMPONENTS " in 722 # Require OpenSSL and GnuTLS if running any tests (as opposed to 723 # only doing builds). Not all tests run OpenSSL and GnuTLS, but this 724 # is a good enough approximation in practice. 725 *" test_"*) 726 # To avoid setting OpenSSL and GnuTLS for each call to compat.sh 727 # and ssl-opt.sh, we just export the variables they require. 728 export OPENSSL="$OPENSSL" 729 export GNUTLS_CLI="$GNUTLS_CLI" 730 export GNUTLS_SERV="$GNUTLS_SERV" 731 # Avoid passing --seed flag in every call to ssl-opt.sh 732 if [ -n "${SEED-}" ]; then 733 export SEED 734 fi 735 set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" 736 set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV" 737 set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" 738 set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" 739 check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ 740 "$GNUTLS_CLI" "$GNUTLS_SERV" \ 741 "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" 742 ;; 743 esac 744 745 case " $RUN_COMPONENTS " in 746 *_doxygen[_\ ]*) check_tools "doxygen" "dot";; 747 esac 748 749 case " $RUN_COMPONENTS " in 750 *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";; 751 esac 752 753 case " $RUN_COMPONENTS " in 754 *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";; 755 esac 756 757 case " $RUN_COMPONENTS " in 758 *" test_zeroize "*) check_tools "gdb";; 759 esac 760 761 case " $RUN_COMPONENTS " in 762 *_armcc*) 763 ARMC5_CC="$ARMC5_BIN_DIR/armcc" 764 ARMC5_AR="$ARMC5_BIN_DIR/armar" 765 ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf" 766 ARMC6_CC="$ARMC6_BIN_DIR/armclang" 767 ARMC6_AR="$ARMC6_BIN_DIR/armar" 768 ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf" 769 check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \ 770 "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";; 771 esac 772 773 # past this point, no call to check_tool, only printing output 774 if [ $QUIET -eq 1 ]; then 775 return 776 fi 777 778 msg "info: output_env.sh" 779 case $RUN_COMPONENTS in 780 *_armcc*) 781 set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;; 782 *) set "$@" RUN_ARMCC=0;; 783 esac 784 "$@" scripts/output_env.sh 785} 786 787pre_generate_files() { 788 # since make doesn't have proper dependencies, remove any possibly outdate 789 # file that might be around before generating fresh ones 790 make neat 791 if [ $QUIET -eq 1 ]; then 792 make generated_files >/dev/null 793 else 794 make generated_files 795 fi 796} 797 798 799 800################################################################ 801#### Basic checks 802################################################################ 803 804# 805# Test Suites to be executed 806# 807# The test ordering tries to optimize for the following criteria: 808# 1. Catch possible problems early, by running first tests that run quickly 809# and/or are more likely to fail than others (eg I use Clang most of the 810# time, so start with a GCC build). 811# 2. Minimize total running time, by avoiding useless rebuilds 812# 813# Indicative running times are given for reference. 814 815component_check_recursion () { 816 msg "Check: recursion.pl" # < 1s 817 tests/scripts/recursion.pl library/*.c 818} 819 820component_check_generated_files () { 821 msg "Check: check-generated-files, files generated with make" # 2s 822 make generated_files 823 tests/scripts/check-generated-files.sh 824 825 msg "Check: check-generated-files -u, files present" # 2s 826 tests/scripts/check-generated-files.sh -u 827 # Check that the generated files are considered up to date. 828 tests/scripts/check-generated-files.sh 829 830 msg "Check: check-generated-files -u, files absent" # 2s 831 command make neat 832 tests/scripts/check-generated-files.sh -u 833 # Check that the generated files are considered up to date. 834 tests/scripts/check-generated-files.sh 835 836 # This component ends with the generated files present in the source tree. 837 # This is necessary for subsequent components! 838} 839 840component_check_doxy_blocks () { 841 msg "Check: doxygen markup outside doxygen blocks" # < 1s 842 tests/scripts/check-doxy-blocks.pl 843} 844 845component_check_files () { 846 msg "Check: file sanity checks (permissions, encodings)" # < 1s 847 tests/scripts/check_files.py 848} 849 850component_check_changelog () { 851 msg "Check: changelog entries" # < 1s 852 rm -f ChangeLog.new 853 scripts/assemble_changelog.py -o ChangeLog.new 854 if [ -e ChangeLog.new ]; then 855 # Show the diff for information. It isn't an error if the diff is 856 # non-empty. 857 diff -u ChangeLog ChangeLog.new || true 858 rm ChangeLog.new 859 fi 860} 861 862component_check_names () { 863 msg "Check: declared and exported names (builds the library)" # < 3s 864 tests/scripts/check_names.py -v 865} 866 867component_check_test_cases () { 868 msg "Check: test case descriptions" # < 1s 869 if [ $QUIET -eq 1 ]; then 870 opt='--quiet' 871 else 872 opt='' 873 fi 874 tests/scripts/check_test_cases.py -q $opt 875 unset opt 876} 877 878component_check_doxygen_warnings () { 879 msg "Check: doxygen warnings (builds the documentation)" # ~ 3s 880 tests/scripts/doxygen.sh 881} 882 883 884 885################################################################ 886#### Build and test many configurations and targets 887################################################################ 888 889component_test_default_out_of_box () { 890 msg "build: make, default config (out-of-box)" # ~1min 891 make 892 # Disable fancy stuff 893 unset MBEDTLS_TEST_OUTCOME_FILE 894 895 msg "test: main suites make, default config (out-of-box)" # ~10s 896 make test 897 898 msg "selftest: make, default config (out-of-box)" # ~10s 899 programs/test/selftest 900} 901 902component_test_default_cmake_gcc_asan () { 903 msg "build: cmake, gcc, ASan" # ~ 1 min 50s 904 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 905 make 906 907 msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s 908 make test 909 910 msg "test: selftest (ASan build)" # ~ 10s 911 programs/test/selftest 912 913 msg "test: ssl-opt.sh (ASan build)" # ~ 1 min 914 tests/ssl-opt.sh 915 916 msg "test: compat.sh (ASan build)" # ~ 6 min 917 tests/compat.sh 918 919 msg "test: context-info.sh (ASan build)" # ~ 15 sec 920 tests/context-info.sh 921} 922 923component_test_full_cmake_gcc_asan () { 924 msg "build: full config, cmake, gcc, ASan" 925 scripts/config.py full 926 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 927 make 928 929 msg "test: main suites (inc. selftests) (full config, ASan build)" 930 make test 931 932 msg "test: selftest (ASan build)" # ~ 10s 933 programs/test/selftest 934 935 msg "test: ssl-opt.sh (full config, ASan build)" 936 tests/ssl-opt.sh 937 938 msg "test: compat.sh (full config, ASan build)" 939 tests/compat.sh 940 941 msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec 942 tests/context-info.sh 943 944 msg "test: check direct ECP dependencies in TLS and X.509" 945 docs/architecture/psa-migration/syms.sh full 946 947 # TODO: replace "mbedtls_ecp_curve" with "mbedtls_ecp" also for 948 # "full-tls-external" once Issue6839 is completed 949 not grep mbedtls_ecp_curve full-tls-external 950 not grep mbedtls_ecp full-x509-external 951 952 rm full-tls-external \ 953 full-tls-modules \ 954 full-x509-external \ 955 full-x509-modules 956} 957 958component_test_psa_crypto_key_id_encodes_owner () { 959 msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" 960 scripts/config.py full 961 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 962 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 963 make 964 965 msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" 966 make test 967} 968 969# check_renamed_symbols HEADER LIB 970# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol 971# name is LIB. 972check_renamed_symbols () { 973 ! nm "$2" | sed 's/.* //' | 974 grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")" 975} 976 977component_build_psa_crypto_spm () { 978 msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc" 979 scripts/config.py full 980 scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS 981 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 982 scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM 983 # We can only compile, not link, since our test and sample programs 984 # aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM 985 # is active. 986 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib 987 988 # Check that if a symbol is renamed by crypto_spe.h, the non-renamed 989 # version is not present. 990 echo "Checking for renamed symbols in the library" 991 check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a 992} 993 994component_test_psa_crypto_client () { 995 msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make" 996 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C 997 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 998 scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT 999 scripts/config.py unset MBEDTLS_LMS_C 1000 scripts/config.py unset MBEDTLS_LMS_PRIVATE 1001 make 1002 1003 msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make" 1004 make test 1005} 1006 1007component_test_psa_crypto_rsa_no_genprime() { 1008 msg "build: default config minus MBEDTLS_GENPRIME" 1009 scripts/config.py unset MBEDTLS_GENPRIME 1010 make 1011 1012 msg "test: default config minus MBEDTLS_GENPRIME" 1013 make test 1014} 1015 1016component_test_ref_configs () { 1017 msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s 1018 # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake 1019 # want to re-generate generated files that depend on it, quite correctly. 1020 # However this doesn't work as the generation script expects a specific 1021 # format for mbedtls_config.h, which the other files don't follow. Also, 1022 # cmake can't know this, but re-generation is actually not necessary as 1023 # the generated files only depend on the list of available options, not 1024 # whether they're on or off. So, disable cmake's (over-sensitive here) 1025 # dependency resolution for generated files and just rely on them being 1026 # present (thanks to pre_generate_files) by turning GEN_FILES off. 1027 CC=gcc cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan . 1028 tests/scripts/test-ref-configs.pl 1029} 1030 1031component_test_no_renegotiation () { 1032 msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min 1033 scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION 1034 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1035 make 1036 1037 msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s 1038 make test 1039 1040 msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min 1041 tests/ssl-opt.sh 1042} 1043 1044component_test_no_pem_no_fs () { 1045 msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)" 1046 scripts/config.py unset MBEDTLS_PEM_PARSE_C 1047 scripts/config.py unset MBEDTLS_FS_IO 1048 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem 1049 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS 1050 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1051 make 1052 1053 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s 1054 make test 1055 1056 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min 1057 tests/ssl-opt.sh 1058} 1059 1060component_test_rsa_no_crt () { 1061 msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min 1062 scripts/config.py set MBEDTLS_RSA_NO_CRT 1063 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1064 make 1065 1066 msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s 1067 make test 1068 1069 msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s 1070 tests/ssl-opt.sh -f RSA 1071 1072 msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min 1073 tests/compat.sh -t RSA 1074 1075 msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec 1076 tests/context-info.sh 1077} 1078 1079component_test_no_ctr_drbg_classic () { 1080 msg "build: Full minus CTR_DRBG, classic crypto in TLS" 1081 scripts/config.py full 1082 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1083 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1084 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 1085 1086 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1087 make 1088 1089 msg "test: Full minus CTR_DRBG, classic crypto - main suites" 1090 make test 1091 1092 # In this configuration, the TLS test programs use HMAC_DRBG. 1093 # The SSL tests are slow, so run a small subset, just enough to get 1094 # confidence that the SSL code copes with HMAC_DRBG. 1095 msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)" 1096 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' 1097 1098 msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)" 1099 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL 1100} 1101 1102component_test_no_ctr_drbg_use_psa () { 1103 msg "build: Full minus CTR_DRBG, PSA crypto in TLS" 1104 scripts/config.py full 1105 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1106 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1107 1108 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1109 make 1110 1111 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites" 1112 make test 1113 1114 # In this configuration, the TLS test programs use HMAC_DRBG. 1115 # The SSL tests are slow, so run a small subset, just enough to get 1116 # confidence that the SSL code copes with HMAC_DRBG. 1117 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" 1118 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' 1119 1120 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)" 1121 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL 1122} 1123 1124component_test_no_hmac_drbg_classic () { 1125 msg "build: Full minus HMAC_DRBG, classic crypto in TLS" 1126 scripts/config.py full 1127 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1128 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1129 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1130 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 1131 1132 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1133 make 1134 1135 msg "test: Full minus HMAC_DRBG, classic crypto - main suites" 1136 make test 1137 1138 # Normally our ECDSA implementation uses deterministic ECDSA. But since 1139 # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used 1140 # instead. 1141 # Test SSL with non-deterministic ECDSA. Only test features that 1142 # might be affected by how ECDSA signature is performed. 1143 msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)" 1144 tests/ssl-opt.sh -f 'Default\|SSL async private: sign' 1145 1146 # To save time, only test one protocol version, since this part of 1147 # the protocol is identical in (D)TLS up to 1.2. 1148 msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)" 1149 tests/compat.sh -m tls12 -t 'ECDSA' 1150} 1151 1152component_test_no_hmac_drbg_use_psa () { 1153 msg "build: Full minus HMAC_DRBG, PSA crypto in TLS" 1154 scripts/config.py full 1155 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1156 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1157 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1158 1159 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1160 make 1161 1162 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites" 1163 make test 1164 1165 # Normally our ECDSA implementation uses deterministic ECDSA. But since 1166 # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used 1167 # instead. 1168 # Test SSL with non-deterministic ECDSA. Only test features that 1169 # might be affected by how ECDSA signature is performed. 1170 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" 1171 tests/ssl-opt.sh -f 'Default\|SSL async private: sign' 1172 1173 # To save time, only test one protocol version, since this part of 1174 # the protocol is identical in (D)TLS up to 1.2. 1175 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)" 1176 tests/compat.sh -m tls12 -t 'ECDSA' 1177} 1178 1179component_test_psa_external_rng_no_drbg_classic () { 1180 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS" 1181 scripts/config.py full 1182 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1183 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 1184 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 1185 scripts/config.py unset MBEDTLS_ENTROPY_C 1186 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 1187 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 1188 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1189 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1190 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1191 # When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG, 1192 # the SSL test programs don't have an RNG and can't work. Explicitly 1193 # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG. 1194 make CFLAGS="$ASAN_CFLAGS -O2 -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS" 1195 1196 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites" 1197 make test 1198 1199 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)" 1200 tests/ssl-opt.sh -f 'Default' 1201} 1202 1203component_test_psa_external_rng_no_drbg_use_psa () { 1204 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS" 1205 scripts/config.py full 1206 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 1207 scripts/config.py unset MBEDTLS_ENTROPY_C 1208 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 1209 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 1210 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1211 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1212 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1213 make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1214 1215 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" 1216 make test 1217 1218 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)" 1219 tests/ssl-opt.sh -f 'Default\|opaque' 1220} 1221 1222component_test_crypto_full_md_light_only () { 1223 msg "build: crypto_full with only the light subset of MD" 1224 scripts/config.py crypto_full 1225 # Disable MD 1226 scripts/config.py unset MBEDTLS_MD_C 1227 # Disable direct dependencies of MD 1228 scripts/config.py unset MBEDTLS_HKDF_C 1229 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1230 scripts/config.py unset MBEDTLS_PKCS7_C 1231 # Disable indirect dependencies of MD 1232 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG 1233 # Note: MD-light is auto-enabled in build_info.h by modules that need it, 1234 # which we haven't disabled, so no need to explicitly enable it. 1235 make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" 1236 1237 # Make sure we don't have the HMAC functions, but the hashing functions 1238 not grep mbedtls_md_hmac library/md.o 1239 grep mbedtls_md library/md.o 1240 1241 msg "test: crypto_full with only the light subset of MD" 1242 make test 1243} 1244 1245component_test_full_no_cipher () { 1246 msg "build: full minus CIPHER" 1247 scripts/config.py full 1248 scripts/config.py unset MBEDTLS_CIPHER_C 1249 # Direct dependencies 1250 scripts/config.py unset MBEDTLS_CCM_C 1251 scripts/config.py unset MBEDTLS_CMAC_C 1252 scripts/config.py unset MBEDTLS_GCM_C 1253 scripts/config.py unset MBEDTLS_NIST_KW_C 1254 scripts/config.py unset MBEDTLS_PKCS12_C 1255 scripts/config.py unset MBEDTLS_PKCS5_C 1256 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C 1257 scripts/config.py unset MBEDTLS_SSL_TLS_C 1258 scripts/config.py unset MBEDTLS_SSL_TICKET_C 1259 # Indirect dependencies 1260 scripts/config.py unset MBEDTLS_SSL_CLI_C 1261 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 1262 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 1263 scripts/config.py unset MBEDTLS_SSL_DTLS_ANTI_REPLAY 1264 scripts/config.py unset MBEDTLS_SSL_DTLS_CONNECTION_ID 1265 scripts/config.py unset MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 1266 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 1267 scripts/config.py unset MBEDTLS_SSL_SRV_C 1268 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1269 scripts/config.py unset MBEDTLS_LMS_C 1270 scripts/config.py unset MBEDTLS_LMS_PRIVATE 1271 make 1272 1273 msg "test: full minus CIPHER" 1274 make test 1275} 1276 1277component_test_crypto_full_no_cipher () { 1278 msg "build: crypto_full minus CIPHER" 1279 scripts/config.py crypto_full 1280 scripts/config.py unset MBEDTLS_CIPHER_C 1281 # Direct dependencies 1282 scripts/config.py unset MBEDTLS_CCM_C 1283 scripts/config.py unset MBEDTLS_CMAC_C 1284 scripts/config.py unset MBEDTLS_GCM_C 1285 scripts/config.py unset MBEDTLS_NIST_KW_C 1286 scripts/config.py unset MBEDTLS_PKCS12_C 1287 scripts/config.py unset MBEDTLS_PKCS5_C 1288 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C 1289 # Indirect dependencies 1290 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 1291 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 1292 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1293 scripts/config.py unset MBEDTLS_LMS_C 1294 scripts/config.py unset MBEDTLS_LMS_PRIVATE 1295 make 1296 1297 msg "test: crypto_full minus CIPHER" 1298 make test 1299} 1300 1301component_test_full_no_bignum () { 1302 msg "build: full minus bignum" 1303 scripts/config.py full 1304 scripts/config.py unset MBEDTLS_BIGNUM_C 1305 # Direct dependencies of bignum 1306 scripts/config.py unset MBEDTLS_ECP_C 1307 scripts/config.py unset MBEDTLS_RSA_C 1308 scripts/config.py unset MBEDTLS_DHM_C 1309 # Direct dependencies of ECP 1310 scripts/config.py unset MBEDTLS_ECDH_C 1311 scripts/config.py unset MBEDTLS_ECDSA_C 1312 scripts/config.py unset MBEDTLS_ECJPAKE_C 1313 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE 1314 # Indirect dependencies of ECP 1315 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1316 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 1317 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 1318 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 1319 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1320 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 1321 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1322 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1323 # Direct dependencies of DHM 1324 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 1325 # Direct dependencies of RSA 1326 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 1327 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 1328 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 1329 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT 1330 # PK and its dependencies 1331 scripts/config.py unset MBEDTLS_PK_C 1332 scripts/config.py unset MBEDTLS_PK_PARSE_C 1333 scripts/config.py unset MBEDTLS_PK_WRITE_C 1334 scripts/config.py unset MBEDTLS_X509_USE_C 1335 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C 1336 scripts/config.py unset MBEDTLS_X509_CRL_PARSE_C 1337 scripts/config.py unset MBEDTLS_X509_CSR_PARSE_C 1338 scripts/config.py unset MBEDTLS_X509_CREATE_C 1339 scripts/config.py unset MBEDTLS_X509_CRT_WRITE_C 1340 scripts/config.py unset MBEDTLS_X509_CSR_WRITE_C 1341 scripts/config.py unset MBEDTLS_PKCS7_C 1342 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION 1343 scripts/config.py unset MBEDTLS_SSL_ASYNC_PRIVATE 1344 scripts/config.py unset MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 1345 1346 make 1347 1348 msg "test: full minus bignum" 1349 make test 1350} 1351 1352component_test_tls1_2_default_stream_cipher_only () { 1353 msg "build: default with only stream cipher" 1354 1355 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C 1356 scripts/config.py unset MBEDTLS_GCM_C 1357 scripts/config.py unset MBEDTLS_CCM_C 1358 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 1359 # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 1360 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC 1361 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 1362 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC 1363 # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 1364 scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER 1365 # Modules that depend on AEAD 1366 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 1367 scripts/config.py unset MBEDTLS_SSL_TICKET_C 1368 1369 make 1370 1371 msg "test: default with only stream cipher" 1372 make test 1373 1374 # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. 1375} 1376 1377component_test_tls1_2_default_stream_cipher_only_use_psa () { 1378 msg "build: default with only stream cipher use psa" 1379 1380 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1381 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 1382 scripts/config.py unset MBEDTLS_GCM_C 1383 scripts/config.py unset MBEDTLS_CCM_C 1384 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 1385 # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 1386 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC 1387 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 1388 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC 1389 # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 1390 scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER 1391 # Modules that depend on AEAD 1392 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 1393 scripts/config.py unset MBEDTLS_SSL_TICKET_C 1394 1395 make 1396 1397 msg "test: default with only stream cipher use psa" 1398 make test 1399 1400 # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. 1401} 1402 1403component_test_tls1_2_default_cbc_legacy_cipher_only () { 1404 msg "build: default with only CBC-legacy cipher" 1405 1406 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 1407 scripts/config.py unset MBEDTLS_GCM_C 1408 scripts/config.py unset MBEDTLS_CCM_C 1409 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 1410 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 1411 scripts/config.py set MBEDTLS_CIPHER_MODE_CBC 1412 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 1413 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC 1414 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 1415 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 1416 # Modules that depend on AEAD 1417 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 1418 scripts/config.py unset MBEDTLS_SSL_TICKET_C 1419 1420 make 1421 1422 msg "test: default with only CBC-legacy cipher" 1423 make test 1424 1425 msg "test: default with only CBC-legacy cipher - ssl-opt.sh (subset)" 1426 tests/ssl-opt.sh -f "TLS 1.2" 1427} 1428 1429component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () { 1430 msg "build: default with only CBC-legacy cipher use psa" 1431 1432 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1433 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 1434 scripts/config.py unset MBEDTLS_GCM_C 1435 scripts/config.py unset MBEDTLS_CCM_C 1436 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 1437 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 1438 scripts/config.py set MBEDTLS_CIPHER_MODE_CBC 1439 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 1440 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC 1441 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 1442 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 1443 # Modules that depend on AEAD 1444 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 1445 scripts/config.py unset MBEDTLS_SSL_TICKET_C 1446 1447 make 1448 1449 msg "test: default with only CBC-legacy cipher use psa" 1450 make test 1451 1452 msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)" 1453 tests/ssl-opt.sh -f "TLS 1.2" 1454} 1455 1456component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { 1457 msg "build: default with only CBC-legacy and CBC-EtM ciphers" 1458 1459 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 1460 scripts/config.py unset MBEDTLS_GCM_C 1461 scripts/config.py unset MBEDTLS_CCM_C 1462 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 1463 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 1464 scripts/config.py set MBEDTLS_CIPHER_MODE_CBC 1465 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 1466 scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC 1467 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 1468 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 1469 # Modules that depend on AEAD 1470 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 1471 scripts/config.py unset MBEDTLS_SSL_TICKET_C 1472 1473 make 1474 1475 msg "test: default with only CBC-legacy and CBC-EtM ciphers" 1476 make test 1477 1478 msg "test: default with only CBC-legacy and CBC-EtM ciphers - ssl-opt.sh (subset)" 1479 tests/ssl-opt.sh -f "TLS 1.2" 1480} 1481 1482component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () { 1483 msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa" 1484 1485 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1486 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 1487 scripts/config.py unset MBEDTLS_GCM_C 1488 scripts/config.py unset MBEDTLS_CCM_C 1489 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 1490 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 1491 scripts/config.py set MBEDTLS_CIPHER_MODE_CBC 1492 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 1493 scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC 1494 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 1495 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 1496 # Modules that depend on AEAD 1497 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 1498 scripts/config.py unset MBEDTLS_SSL_TICKET_C 1499 1500 make 1501 1502 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa" 1503 make test 1504 1505 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)" 1506 tests/ssl-opt.sh -f "TLS 1.2" 1507} 1508 1509# We're not aware of any other (open source) implementation of EC J-PAKE in TLS 1510# that we could use for interop testing. However, we now have sort of two 1511# implementations ourselves: one using PSA, the other not. At least test that 1512# these two interoperate with each other. 1513component_test_tls1_2_ecjpake_compatibility() { 1514 msg "build: TLS1.2 server+client w/ EC-JPAKE w/o USE_PSA" 1515 scripts/config.py set MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 1516 make -C programs ssl/ssl_server2 ssl/ssl_client2 1517 cp programs/ssl/ssl_server2 s2_no_use_psa 1518 cp programs/ssl/ssl_client2 c2_no_use_psa 1519 1520 msg "build: TLS1.2 server+client w/ EC-JPAKE w/ USE_PSA" 1521 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1522 make clean 1523 make -C programs ssl/ssl_server2 ssl/ssl_client2 1524 make -C programs test/udp_proxy test/query_compile_time_config 1525 1526 msg "test: server w/o USE_PSA - client w/ USE_PSA, text password" 1527 P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS" 1528 msg "test: server w/o USE_PSA - client w/ USE_PSA, opaque password" 1529 P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password client only, working, TLS" 1530 msg "test: client w/o USE_PSA - server w/ USE_PSA, text password" 1531 P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS" 1532 msg "test: client w/o USE_PSA - server w/ USE_PSA, opaque password" 1533 P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password server only, working, TLS" 1534 1535 rm s2_no_use_psa c2_no_use_psa 1536} 1537 1538component_test_psa_external_rng_use_psa_crypto () { 1539 msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" 1540 scripts/config.py full 1541 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 1542 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1543 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1544 make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1545 1546 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" 1547 make test 1548 1549 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" 1550 tests/ssl-opt.sh -f 'Default\|opaque' 1551} 1552 1553component_test_everest () { 1554 msg "build: Everest ECDH context (ASan build)" # ~ 6 min 1555 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 1556 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan . 1557 make 1558 1559 msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s 1560 make test 1561 1562 msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s 1563 tests/ssl-opt.sh -f ECDH 1564 1565 msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min 1566 # Exclude some symmetric ciphers that are redundant here to gain time. 1567 tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA' 1568} 1569 1570component_test_everest_curve25519_only () { 1571 msg "build: Everest ECDH context, only Curve25519" # ~ 6 min 1572 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 1573 scripts/config.py unset MBEDTLS_ECDSA_C 1574 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1575 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1576 scripts/config.py unset MBEDTLS_ECJPAKE_C 1577 # Disable all curves 1578 for c in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do 1579 scripts/config.py unset "$c" 1580 done 1581 scripts/config.py set MBEDTLS_ECP_DP_CURVE25519_ENABLED 1582 1583 make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1584 1585 msg "test: Everest ECDH context, only Curve25519" # ~ 50s 1586 make test 1587} 1588 1589component_test_small_ssl_out_content_len () { 1590 msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" 1591 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 1592 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 1593 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1594 make 1595 1596 msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" 1597 tests/ssl-opt.sh -f "Max fragment\|Large packet" 1598} 1599 1600component_test_small_ssl_in_content_len () { 1601 msg "build: small SSL_IN_CONTENT_LEN (ASan build)" 1602 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 4096 1603 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 1604 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1605 make 1606 1607 msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" 1608 tests/ssl-opt.sh -f "Max fragment" 1609} 1610 1611component_test_small_ssl_dtls_max_buffering () { 1612 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" 1613 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 1614 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1615 make 1616 1617 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" 1618 tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" 1619} 1620 1621component_test_small_mbedtls_ssl_dtls_max_buffering () { 1622 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" 1623 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190 1624 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1625 make 1626 1627 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" 1628 tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" 1629} 1630 1631component_test_psa_collect_statuses () { 1632 msg "build+test: psa_collect_statuses" # ~30s 1633 scripts/config.py full 1634 tests/scripts/psa_collect_statuses.py 1635 # Check that psa_crypto_init() succeeded at least once 1636 grep -q '^0:psa_crypto_init:' tests/statuses.log 1637 rm -f tests/statuses.log 1638} 1639 1640component_test_full_cmake_clang () { 1641 msg "build: cmake, full config, clang" # ~ 50s 1642 scripts/config.py full 1643 CC=clang CXX=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On -D TEST_CPP=1 . 1644 make 1645 1646 msg "test: main suites (full config, clang)" # ~ 5s 1647 make test 1648 1649 msg "test: cpp_dummy_build (full config, clang)" # ~ 1s 1650 programs/test/cpp_dummy_build 1651 1652 msg "test: psa_constant_names (full config, clang)" # ~ 1s 1653 tests/scripts/test_psa_constant_names.py 1654 1655 msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s 1656 tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' 1657 1658 msg "test: compat.sh NULL (full config)" # ~ 2 min 1659 env OPENSSL="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL' 1660 1661 msg "test: compat.sh ARIA + ChachaPoly" 1662 env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' 1663} 1664 1665skip_suites_without_constant_flow () { 1666 # Skip the test suites that don't have any constant-flow annotations. 1667 # This will need to be adjusted if we ever start declaring things as 1668 # secret from macros or functions inside tests/include or tests/src. 1669 SKIP_TEST_SUITES=$( 1670 git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' | 1671 sed 's/test_suite_//; s/\.function$//' | 1672 tr '\n' ,) 1673 export SKIP_TEST_SUITES 1674} 1675 1676component_test_memsan_constant_flow () { 1677 # This tests both (1) accesses to undefined memory, and (2) branches or 1678 # memory access depending on secret values. To distinguish between those: 1679 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist? 1680 # - or alternatively, change the build type to MemSanDbg, which enables 1681 # origin tracking and nicer stack traces (which are useful for debugging 1682 # anyway), and check if the origin was TEST_CF_SECRET() or something else. 1683 msg "build: cmake MSan (clang), full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing" 1684 scripts/config.py full 1685 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN 1686 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1687 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm 1688 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . 1689 make 1690 1691 msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, Msan + constant flow)" 1692 make test 1693} 1694 1695component_test_memsan_constant_flow_psa () { 1696 # This tests both (1) accesses to undefined memory, and (2) branches or 1697 # memory access depending on secret values. To distinguish between those: 1698 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist? 1699 # - or alternatively, change the build type to MemSanDbg, which enables 1700 # origin tracking and nicer stack traces (which are useful for debugging 1701 # anyway), and check if the origin was TEST_CF_SECRET() or something else. 1702 msg "build: cmake MSan (clang), full config with constant flow testing" 1703 scripts/config.py full 1704 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN 1705 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm 1706 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . 1707 make 1708 1709 msg "test: main suites (Msan + constant flow)" 1710 make test 1711} 1712 1713component_test_valgrind_constant_flow () { 1714 # This tests both (1) everything that valgrind's memcheck usually checks 1715 # (heap buffer overflows, use of uninitialized memory, use-after-free, 1716 # etc.) and (2) branches or memory access depending on secret values, 1717 # which will be reported as uninitialized memory. To distinguish between 1718 # secret and actually uninitialized: 1719 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? 1720 # - or alternatively, build with debug info and manually run the offending 1721 # test suite with valgrind --track-origins=yes, then check if the origin 1722 # was TEST_CF_SECRET() or something else. 1723 msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing" 1724 scripts/config.py full 1725 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND 1726 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1727 skip_suites_without_constant_flow 1728 cmake -D CMAKE_BUILD_TYPE:String=Release . 1729 make 1730 1731 # this only shows a summary of the results (how many of each type) 1732 # details are left in Testing/<date>/DynamicAnalysis.xml 1733 msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)" 1734 make memcheck 1735} 1736 1737component_test_valgrind_constant_flow_psa () { 1738 # This tests both (1) everything that valgrind's memcheck usually checks 1739 # (heap buffer overflows, use of uninitialized memory, use-after-free, 1740 # etc.) and (2) branches or memory access depending on secret values, 1741 # which will be reported as uninitialized memory. To distinguish between 1742 # secret and actually uninitialized: 1743 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? 1744 # - or alternatively, build with debug info and manually run the offending 1745 # test suite with valgrind --track-origins=yes, then check if the origin 1746 # was TEST_CF_SECRET() or something else. 1747 msg "build: cmake release GCC, full config with constant flow testing" 1748 scripts/config.py full 1749 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND 1750 skip_suites_without_constant_flow 1751 cmake -D CMAKE_BUILD_TYPE:String=Release . 1752 make 1753 1754 # this only shows a summary of the results (how many of each type) 1755 # details are left in Testing/<date>/DynamicAnalysis.xml 1756 msg "test: some suites (valgrind + constant flow)" 1757 make memcheck 1758} 1759 1760component_test_default_no_deprecated () { 1761 # Test that removing the deprecated features from the default 1762 # configuration leaves something consistent. 1763 msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s 1764 scripts/config.py set MBEDTLS_DEPRECATED_REMOVED 1765 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1766 1767 msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s 1768 make test 1769} 1770 1771component_test_full_no_deprecated () { 1772 msg "build: make, full_no_deprecated config" # ~ 30s 1773 scripts/config.py full_no_deprecated 1774 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1775 1776 msg "test: make, full_no_deprecated config" # ~ 5s 1777 make test 1778 1779 msg "test: ensure that X509 has no direct dependency on BIGNUM_C" 1780 not grep mbedtls_mpi library/libmbedx509.a 1781} 1782 1783component_test_full_no_deprecated_deprecated_warning () { 1784 # Test that there is nothing deprecated in "full_no_deprecated". 1785 # A deprecated feature would trigger a warning (made fatal) from 1786 # MBEDTLS_DEPRECATED_WARNING. 1787 msg "build: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 30s 1788 scripts/config.py full_no_deprecated 1789 scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED 1790 scripts/config.py set MBEDTLS_DEPRECATED_WARNING 1791 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1792 1793 msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s 1794 make test 1795} 1796 1797component_test_full_deprecated_warning () { 1798 # Test that when MBEDTLS_DEPRECATED_WARNING is enabled, the build passes 1799 # with only certain whitelisted types of warnings. 1800 msg "build: make, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s 1801 scripts/config.py full 1802 scripts/config.py set MBEDTLS_DEPRECATED_WARNING 1803 # Expect warnings from '#warning' directives in check_config.h. 1804 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs 1805 1806 msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s 1807 # Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features. 1808 # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set. 1809 # Expect warnings from '#warning' directives in check_config.h and 1810 # from the use of deprecated functions in test suites. 1811 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests 1812 1813 msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s 1814 make test 1815} 1816 1817# Check that the specified libraries exist and are empty. 1818are_empty_libraries () { 1819 nm "$@" >/dev/null 2>/dev/null 1820 ! nm "$@" 2>/dev/null | grep -v ':$' | grep . 1821} 1822 1823component_build_crypto_default () { 1824 msg "build: make, crypto only" 1825 scripts/config.py crypto 1826 make CFLAGS='-O1 -Werror' 1827 are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1828} 1829 1830component_build_crypto_full () { 1831 msg "build: make, crypto only, full config" 1832 scripts/config.py crypto_full 1833 make CFLAGS='-O1 -Werror' 1834 are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1835} 1836 1837component_test_crypto_for_psa_service () { 1838 msg "build: make, config for PSA crypto service" 1839 scripts/config.py crypto 1840 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 1841 # Disable things that are not needed for just cryptography, to 1842 # reach a configuration that would be typical for a PSA cryptography 1843 # service providing all implemented PSA algorithms. 1844 # System stuff 1845 scripts/config.py unset MBEDTLS_ERROR_C 1846 scripts/config.py unset MBEDTLS_TIMING_C 1847 scripts/config.py unset MBEDTLS_VERSION_FEATURES 1848 # Crypto stuff with no PSA interface 1849 scripts/config.py unset MBEDTLS_BASE64_C 1850 # Keep MBEDTLS_CIPHER_C because psa_crypto_cipher, CCM and GCM need it. 1851 scripts/config.py unset MBEDTLS_HKDF_C # PSA's HKDF is independent 1852 # Keep MBEDTLS_MD_C because deterministic ECDSA needs it for HMAC_DRBG. 1853 scripts/config.py unset MBEDTLS_NIST_KW_C 1854 scripts/config.py unset MBEDTLS_PEM_PARSE_C 1855 scripts/config.py unset MBEDTLS_PEM_WRITE_C 1856 scripts/config.py unset MBEDTLS_PKCS12_C 1857 scripts/config.py unset MBEDTLS_PKCS5_C 1858 # MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C are actually currently needed 1859 # in PSA code to work with RSA keys. We don't require users to set those: 1860 # they will be reenabled in build_info.h. 1861 scripts/config.py unset MBEDTLS_PK_C 1862 scripts/config.py unset MBEDTLS_PK_PARSE_C 1863 scripts/config.py unset MBEDTLS_PK_WRITE_C 1864 make CFLAGS='-O1 -Werror' all test 1865 are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1866} 1867 1868component_build_crypto_baremetal () { 1869 msg "build: make, crypto only, baremetal config" 1870 scripts/config.py crypto_baremetal 1871 make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/" 1872 are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1873} 1874support_build_crypto_baremetal () { 1875 support_build_baremetal "$@" 1876} 1877 1878component_build_baremetal () { 1879 msg "build: make, baremetal config" 1880 scripts/config.py baremetal 1881 make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/" 1882} 1883support_build_baremetal () { 1884 # Older Glibc versions include time.h from other headers such as stdlib.h, 1885 # which makes the no-time.h-in-baremetal check fail. Ubuntu 16.04 has this 1886 # problem, Ubuntu 18.04 is ok. 1887 ! grep -q -F time.h /usr/include/x86_64-linux-gnu/sys/types.h 1888} 1889 1890# depends.py family of tests 1891component_test_depends_py_cipher_id () { 1892 msg "test/build: depends.py cipher_id (gcc)" 1893 tests/scripts/depends.py cipher_id --unset-use-psa 1894} 1895 1896component_test_depends_py_cipher_chaining () { 1897 msg "test/build: depends.py cipher_chaining (gcc)" 1898 tests/scripts/depends.py cipher_chaining --unset-use-psa 1899} 1900 1901component_test_depends_py_cipher_padding () { 1902 msg "test/build: depends.py cipher_padding (gcc)" 1903 tests/scripts/depends.py cipher_padding --unset-use-psa 1904} 1905 1906component_test_depends_py_curves () { 1907 msg "test/build: depends.py curves (gcc)" 1908 tests/scripts/depends.py curves --unset-use-psa 1909} 1910 1911component_test_depends_py_hashes () { 1912 msg "test/build: depends.py hashes (gcc)" 1913 tests/scripts/depends.py hashes --unset-use-psa 1914} 1915 1916component_test_depends_py_kex () { 1917 msg "test/build: depends.py kex (gcc)" 1918 tests/scripts/depends.py kex --unset-use-psa 1919} 1920 1921component_test_depends_py_pkalgs () { 1922 msg "test/build: depends.py pkalgs (gcc)" 1923 tests/scripts/depends.py pkalgs --unset-use-psa 1924} 1925 1926# PSA equivalents of the depends.py tests 1927component_test_depends_py_cipher_id_psa () { 1928 msg "test/build: depends.py cipher_id (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" 1929 tests/scripts/depends.py cipher_id 1930} 1931 1932component_test_depends_py_cipher_chaining_psa () { 1933 msg "test/build: depends.py cipher_chaining (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" 1934 tests/scripts/depends.py cipher_chaining 1935} 1936 1937component_test_depends_py_cipher_padding_psa () { 1938 msg "test/build: depends.py cipher_padding (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" 1939 tests/scripts/depends.py cipher_padding 1940} 1941 1942component_test_depends_py_curves_psa () { 1943 msg "test/build: depends.py curves (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" 1944 tests/scripts/depends.py curves 1945} 1946 1947component_test_depends_py_hashes_psa () { 1948 msg "test/build: depends.py hashes (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" 1949 tests/scripts/depends.py hashes 1950} 1951 1952component_test_depends_py_kex_psa () { 1953 msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" 1954 tests/scripts/depends.py kex 1955} 1956 1957component_test_depends_py_pkalgs_psa () { 1958 msg "test/build: depends.py pkalgs (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" 1959 tests/scripts/depends.py pkalgs 1960} 1961 1962component_build_no_pk_rsa_alt_support () { 1963 msg "build: !MBEDTLS_PK_RSA_ALT_SUPPORT" # ~30s 1964 1965 scripts/config.py full 1966 scripts/config.py unset MBEDTLS_PK_RSA_ALT_SUPPORT 1967 scripts/config.py set MBEDTLS_RSA_C 1968 scripts/config.py set MBEDTLS_X509_CRT_WRITE_C 1969 1970 # Only compile - this is primarily to test for compile issues 1971 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' 1972} 1973 1974component_build_module_alt () { 1975 msg "build: MBEDTLS_XXX_ALT" # ~30s 1976 scripts/config.py full 1977 1978 # Disable options that are incompatible with some ALT implementations: 1979 # aesni.c and padlock.c reference mbedtls_aes_context fields directly. 1980 scripts/config.py unset MBEDTLS_AESNI_C 1981 scripts/config.py unset MBEDTLS_PADLOCK_C 1982 scripts/config.py unset MBEDTLS_AESCE_C 1983 # MBEDTLS_ECP_RESTARTABLE is documented as incompatible. 1984 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE 1985 # You can only have one threading implementation: alt or pthread, not both. 1986 scripts/config.py unset MBEDTLS_THREADING_PTHREAD 1987 # The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields 1988 # directly and assumes the implementation works with partial groups. 1989 scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED 1990 # MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_A64_CRYPTO_* 1991 scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT 1992 scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY 1993 # MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_* 1994 scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT 1995 scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY 1996 1997 # Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable 1998 # MBEDTLS_XXX_YYY_ALT which are for single functions. 1999 scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT' 2000 scripts/config.py unset MBEDTLS_DHM_ALT #incompatible with MBEDTLS_DEBUG_C 2001 2002 # We can only compile, not link, since we don't have any implementations 2003 # suitable for testing with the dummy alt headers. 2004 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib 2005} 2006 2007component_build_dhm_alt () { 2008 msg "build: MBEDTLS_DHM_ALT" # ~30s 2009 scripts/config.py full 2010 scripts/config.py set MBEDTLS_DHM_ALT 2011 # debug.c currently references mbedtls_dhm_context fields directly. 2012 scripts/config.py unset MBEDTLS_DEBUG_C 2013 # We can only compile, not link, since we don't have any implementations 2014 # suitable for testing with the dummy alt headers. 2015 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib 2016} 2017 2018component_test_no_use_psa_crypto_full_cmake_asan() { 2019 # full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh 2020 msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan" 2021 scripts/config.py full 2022 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C 2023 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2024 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 2025 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C 2026 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 2027 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 2028 scripts/config.py unset MBEDTLS_LMS_C 2029 scripts/config.py unset MBEDTLS_LMS_PRIVATE 2030 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2031 make 2032 2033 msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)" 2034 make test 2035 2036 # Note: ssl-opt.sh has some test cases that depend on 2037 # MBEDTLS_ECP_RESTARTABLE && !MBEDTLS_USE_PSA_CRYPTO 2038 # This is the only component where those tests are not skipped. 2039 msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)" 2040 tests/ssl-opt.sh 2041 2042 msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)" 2043 tests/compat.sh 2044 2045 msg "test: compat.sh NULL (full minus MBEDTLS_USE_PSA_CRYPTO)" 2046 env OPENSSL="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -f 'NULL' 2047 2048 msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)" 2049 env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' 2050} 2051 2052component_test_psa_crypto_config_accel_ecdsa () { 2053 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA" 2054 2055 # Algorithms and key types to accelerate 2056 loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" 2057 2058 # Configure and build the test driver library 2059 # ------------------------------------------- 2060 2061 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 2062 # partial support for cipher operations in the driver test library. 2063 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2064 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2065 2066 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 2067 # These hashes are needed for some ECDSA signature tests. 2068 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224" 2069 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256" 2070 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384" 2071 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512" 2072 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 2073 2074 # Configure and build the main libraries 2075 # -------------------------------------- 2076 2077 # Start from default config (no USE_PSA) + driver support + TLS 1.3 2078 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2079 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2080 scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 2081 2082 # Disable the module that's accelerated 2083 scripts/config.py unset MBEDTLS_ECDSA_C 2084 2085 # Disable things that depend on it 2086 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 2087 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 2088 2089 # Build the library 2090 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 2091 make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 2092 2093 # Make sure this was not re-enabled by accident (additive config) 2094 not grep mbedtls_ecdsa_ library/ecdsa.o 2095 2096 # Run the tests 2097 # ------------- 2098 2099 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA" 2100 make test 2101} 2102 2103# Auxiliary function to build config for ECDSA with and without drivers 2104config_psa_crypto_config_ecdsa_use_psa () { 2105 DRIVER_ONLY="$1" 2106 # start with config full for maximum coverage (also enables USE_PSA) 2107 scripts/config.py full 2108 # enable support for drivers and configuring PSA-only algorithms 2109 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2110 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2111 if [ "$DRIVER_ONLY" -eq 1 ]; then 2112 # Disable the module that's accelerated 2113 scripts/config.py unset MBEDTLS_ECDSA_C 2114 fi 2115 # Restartable feature is not yet supported by PSA. Once it will in 2116 # the future, the following line could be removed (see issues 2117 # 6061, 6332 and following ones) 2118 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE 2119 # Dynamic secure element support is a deprecated feature and needs to be disabled here. 2120 # This is done to have the same form of psa_key_attributes_s for libdriver and library. 2121 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 2122} 2123 2124# Keep in sync with component_test_psa_crypto_config_reference_ecdsa_use_psa 2125component_test_psa_crypto_config_accel_ecdsa_use_psa () { 2126 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA + USE_PSA" 2127 2128 # Algorithms and key types to accelerate 2129 loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" 2130 2131 # Configure and build the test driver library 2132 # ------------------------------------------- 2133 2134 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 2135 # partial support for cipher operations in the driver test library. 2136 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2137 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2138 2139 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 2140 # SHA-1 and all variants of SHA-2 are needed for ECDSA and X.509 tests 2141 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_1" 2142 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224" 2143 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256" 2144 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384" 2145 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512" 2146 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 2147 2148 # Configure and build the main libraries with drivers enabled 2149 # ----------------------------------------------------------- 2150 2151 # Use the same config as reference, only without built-in ECDSA 2152 config_psa_crypto_config_ecdsa_use_psa 1 2153 2154 # Build the library 2155 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 2156 make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 2157 2158 # Make sure ECDSA was not re-enabled by accident (additive config) 2159 not grep mbedtls_ecdsa_ library/ecdsa.o 2160 2161 # Run the tests 2162 # ------------- 2163 2164 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA + USE_PSA" 2165 make test 2166 2167 msg "test: ssl-opt.sh" 2168 tests/ssl-opt.sh 2169} 2170 2171# Keep in sync with component_test_psa_crypto_config_accel_ecdsa_use_psa. 2172# Used by tests/scripts/analyze_outcomes.py for comparison purposes. 2173component_test_psa_crypto_config_reference_ecdsa_use_psa () { 2174 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA + USE_PSA" 2175 2176 # To be aligned with the accel component that needs this 2177 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2178 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2179 2180 config_psa_crypto_config_ecdsa_use_psa 0 2181 2182 make 2183 2184 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA + USE_PSA" 2185 make test 2186 2187 msg "test: ssl-opt.sh" 2188 tests/ssl-opt.sh 2189} 2190 2191component_test_psa_crypto_config_accel_ecdh () { 2192 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH" 2193 2194 # Algorithms and key types to accelerate 2195 loc_accel_list="ALG_ECDH KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" 2196 2197 # Configure and build the test driver library 2198 # ------------------------------------------- 2199 2200 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 2201 # partial support for cipher operations in the driver test library. 2202 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2203 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2204 2205 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 2206 make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 2207 2208 # Configure and build the main libraries 2209 # -------------------------------------- 2210 2211 # Start from default config (no USE_PSA or TLS 1.3) + driver support 2212 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2213 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2214 2215 # Disable the module that's accelerated 2216 scripts/config.py unset MBEDTLS_ECDH_C 2217 2218 # Disable things that depend on it 2219 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 2220 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 2221 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 2222 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 2223 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 2224 2225 # Build the main library 2226 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 2227 make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 2228 2229 # Make sure this was not re-enabled by accident (additive config) 2230 not grep mbedtls_ecdh_ library/ecdh.o 2231 2232 # Run the tests 2233 # ------------- 2234 2235 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH" 2236 make test 2237} 2238 2239# Auxiliary function to build config for ECDH with and without drivers. 2240# 2241# This is used by the two following components to ensure they always use the 2242# same config, except for the use of driver or built-in ECDH: 2243# - component_test_psa_crypto_config_accel_ecdh_use_psa; 2244# - component_test_psa_crypto_config_reference_ecdh_use_psa. 2245# This support comparing their test coverage with analyze_outcomes.py. 2246config_psa_crypto_config_ecdh_use_psa () { 2247 DRIVER_ONLY="$1" 2248 # start with config full for maximum coverage (also enables USE_PSA) 2249 scripts/config.py full 2250 # enable support for drivers and configuring PSA-only algorithms 2251 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2252 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2253 if [ "$DRIVER_ONLY" -eq 1 ]; then 2254 # Disable the module that's accelerated 2255 scripts/config.py unset MBEDTLS_ECDH_C 2256 fi 2257 # Disable things that depend on it (regardless of driver or built-in) 2258 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 2259 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 2260 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 2261 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 2262 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 2263 2264 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2265 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2266 # Note: the above two lines should be enough, but currently there's a bug 2267 # that prevents tests from passing TLS 1.3 with only PSK (no ephemeral) 2268 # when TLS 1.2 is also enabled, see #6848. 2269 # So, as a temporary measure disable all of TLS 1.3. 2270 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 2271 2272 # Restartable feature is not yet supported by PSA. Once it will in 2273 # the future, the following line could be removed (see issues 2274 # 6061, 6332 and following ones) 2275 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE 2276} 2277 2278# Keep in sync with component_test_psa_crypto_config_reference_ecdh_use_psa 2279component_test_psa_crypto_config_accel_ecdh_use_psa () { 2280 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" 2281 2282 # Algorithms and key types to accelerate 2283 loc_accel_list="ALG_ECDH KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" 2284 2285 # Configure and build the test driver library 2286 # ------------------------------------------- 2287 2288 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 2289 # partial support for cipher operations in the driver test library. 2290 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2291 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2292 2293 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 2294 make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 2295 2296 # Configure and build the main libraries 2297 # -------------------------------------- 2298 2299 # Use the same config as reference, only without built-in ECDH 2300 config_psa_crypto_config_ecdh_use_psa 1 2301 2302 # Build the main library 2303 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 2304 make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 2305 2306 # Make sure this was not re-enabled by accident (additive config) 2307 not grep mbedtls_ecdh_ library/ecdh.o 2308 2309 # Run the tests 2310 # ------------- 2311 2312 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" 2313 make test 2314 2315 msg "test: ssl-opt.sh" 2316 tests/ssl-opt.sh 2317} 2318 2319# Keep in sync with component_test_psa_crypto_config_accel_ecdh_use_psa. 2320# Used by tests/scripts/analyze_outcomes.py for comparison purposes. 2321component_test_psa_crypto_config_reference_ecdh_use_psa () { 2322 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with reference ECDH + USE_PSA" 2323 2324 # To be aligned with the accel component that needs this 2325 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2326 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2327 2328 config_psa_crypto_config_ecdh_use_psa 0 2329 2330 make 2331 2332 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with reference ECDH + USE_PSA" 2333 make test 2334 2335 msg "test: ssl-opt.sh" 2336 tests/ssl-opt.sh 2337} 2338 2339# Auxiliary function to build config for EC JPAKE with and without drivers. 2340# 2341# This is used by the two following components to ensure they always use the 2342# same config, except for the use of driver or built-in ECJPAKE: 2343# - component_test_psa_crypto_config_accel_ecjpake_use_psa; 2344# - component_test_psa_crypto_config_reference_ecjpake_use_psa. 2345# This support comparing their test coverage with analyze_outcomes.py. 2346config_psa_crypto_config_ecjpake_use_psa () { 2347 DRIVER_ONLY="$1" 2348 # start with config full for maximum coverage (also enables USE_PSA) 2349 scripts/config.py full 2350 # enable support for drivers and configuring PSA-only algorithms 2351 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2352 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2353 if [ "$DRIVER_ONLY" -eq 1 ]; then 2354 # Disable the module that's accelerated 2355 scripts/config.py unset MBEDTLS_ECJPAKE_C 2356 fi 2357 2358 # Dynamic secure element support is a deprecated feature and needs to be disabled here. 2359 # This is done to have the same form of psa_key_attributes_s for libdriver and library. 2360 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 2361} 2362 2363# Keep in sync with component_test_psa_crypto_config_reference_ecjpake_use_psa 2364component_test_psa_crypto_config_accel_ecjpake_use_psa () { 2365 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECJPAKE + USE_PSA" 2366 2367 # Algorithms and key types to accelerate 2368 loc_accel_list="ALG_JPAKE KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" 2369 2370 # Configure and build the test driver library 2371 # ------------------------------------------- 2372 2373 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 2374 # partial support for cipher operations in the driver test library. 2375 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2376 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2377 2378 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 2379 make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 2380 2381 # Configure and build the main libraries 2382 # -------------------------------------- 2383 2384 # Use the same config as reference, only without built-in JPAKE 2385 config_psa_crypto_config_ecjpake_use_psa 1 2386 2387 # Build the main library 2388 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 2389 make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 2390 2391 # Make sure this was not re-enabled by accident (additive config) 2392 not grep mbedtls_ecjpake_ library/ecjpake.o 2393 2394 # Run the tests 2395 # ------------- 2396 2397 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated JPAKE + USE_PSA" 2398 make test 2399 2400 msg "test: ssl-opt.sh" 2401 tests/ssl-opt.sh 2402} 2403 2404# Keep in sync with component_test_psa_crypto_config_accel_ecjpake_use_psa. 2405# Used by tests/scripts/analyze_outcomes.py for comparison purposes. 2406component_test_psa_crypto_config_reference_ecjpake_use_psa () { 2407 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with reference ECJPAKE + USE_PSA" 2408 2409 # To be aligned with the accel component that needs this 2410 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2411 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2412 2413 config_psa_crypto_config_ecjpake_use_psa 0 2414 2415 make 2416 2417 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with reference ECJPAKE + USE_PSA" 2418 make test 2419 2420 msg "test: ssl-opt.sh" 2421 tests/ssl-opt.sh 2422} 2423 2424component_test_psa_crypto_config_accel_ecc () { 2425 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECC" 2426 2427 # Algorithms and key types to accelerate 2428 loc_accel_list="ALG_ECDH ALG_ECDSA ALG_DETERMINISTIC_ECDSA ALG_JPAKE KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" 2429 2430 # Configure and build the test driver library 2431 # -------------------------------------------- 2432 2433 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 2434 # partial support for cipher operations in the driver test library. 2435 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2436 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2437 2438 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 2439 # These hashes are needed for some ECDSA signature tests. 2440 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224" 2441 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256" 2442 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384" 2443 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512" 2444 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 2445 2446 # Configure and build the main libraries 2447 # --------------------------------------- 2448 2449 # start with default + driver support 2450 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2451 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2452 2453 # disable modules for which we have drivers 2454 scripts/config.py unset MBEDTLS_ECDSA_C 2455 scripts/config.py unset MBEDTLS_ECDH_C 2456 scripts/config.py unset MBEDTLS_ECJPAKE_C 2457 2458 # dependencies 2459 #scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # not in default anyway 2460 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 2461 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 2462 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 2463 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 2464 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 2465 2466 # build and link with test drivers 2467 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 2468 make CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 2469 2470 # make sure these were not auto-re-enabled by accident 2471 not grep mbedtls_ecdh_ library/ecdh.o 2472 not grep mbedtls_ecdsa_ library/ecdsa.o 2473 not grep mbedtls_ecjpake_ library/ecjpake.o 2474 2475 # Run the tests 2476 # ------------- 2477 2478 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECC" 2479 make test 2480} 2481 2482component_test_psa_crypto_config_accel_rsa_signature () { 2483 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" 2484 2485 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 2486 # partial support for cipher operations in the driver test library. 2487 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2488 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2489 2490 # It seems it is not possible to remove only the support for RSA signature 2491 # in the library. Thus we have to remove all RSA support (signature and 2492 # encryption/decryption). AS there is no driver support for asymmetric 2493 # encryption/decryption so far remove RSA encryption/decryption from the 2494 # application algorithm list. 2495 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 2496 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 2497 2498 # Make sure both the library and the test library support the SHA hash 2499 # algorithms and only those ones (SHA256 is included by default). That way: 2500 # - the test library can compute the RSA signatures even in the case of a 2501 # composite RSA signature algorithm based on a SHA hash (no other hash 2502 # used in the unit tests). 2503 # - the dependency of RSA signature tests on PSA_WANT_ALG_SHA_xyz is 2504 # fulfilled as the hash SHA algorithm is supported by the library, and 2505 # thus the tests are run, not skipped. 2506 # - when testing a signature key with an algorithm wildcard built from 2507 # PSA_ALG_ANY_HASH as algorithm to test with the key, the chosen hash 2508 # algorithm based on the hashes supported by the library is also 2509 # supported by the test library. 2510 # Disabled unwanted hashes here, we'll enable hashes we want in loc_accel_flags. 2511 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 2512 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160_C 2513 2514 # We need PEM parsing in the test library as well to support the import 2515 # of PEM encoded RSA keys. 2516 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_PEM_PARSE_C 2517 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_BASE64_C 2518 2519 loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY" 2520 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 2521 # These hashes are needed for some RSA-PSS signature tests. 2522 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_1" 2523 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224" 2524 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256" 2525 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384" 2526 loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512" 2527 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 2528 2529 # Mbed TLS library build 2530 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2531 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2532 2533 # Remove RSA support and its dependencies 2534 scripts/config.py unset MBEDTLS_PKCS1_V15 2535 scripts/config.py unset MBEDTLS_PKCS1_V21 2536 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 2537 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 2538 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 2539 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 2540 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 2541 scripts/config.py unset MBEDTLS_RSA_C 2542 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT 2543 2544 scripts/config.py unset MBEDTLS_MD5_C 2545 scripts/config.py unset MBEDTLS_RIPEMD160_C 2546 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1 2547 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_1 2548 scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING 2549 2550 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 2551 make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 2552 2553 not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o 2554 not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o 2555 2556 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" 2557 make test 2558} 2559 2560component_test_psa_crypto_config_accel_hash () { 2561 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" 2562 2563 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 2564 # partial support for cipher operations in the driver test library. 2565 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2566 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2567 2568 loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" 2569 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 2570 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 2571 2572 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2573 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2574 scripts/config.py unset MBEDTLS_MD5_C 2575 scripts/config.py unset MBEDTLS_RIPEMD160_C 2576 scripts/config.py unset MBEDTLS_SHA1_C 2577 # Don't unset MBEDTLS_SHA256_C as it is needed by PSA crypto core. 2578 scripts/config.py unset MBEDTLS_SHA384_C 2579 scripts/config.py unset MBEDTLS_SHA512_C 2580 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 2581 make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 2582 2583 not grep mbedtls_sha512_init library/sha512.o 2584 not grep mbedtls_sha1_init library/sha1.o 2585 2586 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" 2587 make test 2588} 2589 2590component_test_psa_crypto_config_accel_hash_keep_builtins () { 2591 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash" 2592 # This component ensures that all the test cases for 2593 # md_psa_dynamic_dispatch with legacy+driver in test_suite_md are run. 2594 2595 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 2596 # partial support for cipher operations in the driver test library. 2597 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2598 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2599 2600 loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" 2601 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 2602 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 2603 2604 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2605 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2606 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 2607 make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 2608 2609 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash" 2610 make test 2611} 2612 2613# Auxiliary function to build config for hashes with and without drivers 2614config_psa_crypto_hash_use_psa () { 2615 DRIVER_ONLY="$1" 2616 # start with config full for maximum coverage (also enables USE_PSA) 2617 scripts/config.py full 2618 # enable support for drivers and configuring PSA-only algorithms 2619 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2620 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2621 if [ "$DRIVER_ONLY" -eq 1 ]; then 2622 # disable the built-in implementation of hashes 2623 scripts/config.py unset MBEDTLS_MD5_C 2624 scripts/config.py unset MBEDTLS_RIPEMD160_C 2625 scripts/config.py unset MBEDTLS_SHA1_C 2626 scripts/config.py unset MBEDTLS_SHA224_C 2627 scripts/config.py unset MBEDTLS_SHA256_C # see external RNG below 2628 scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT 2629 scripts/config.py unset MBEDTLS_SHA384_C 2630 scripts/config.py unset MBEDTLS_SHA512_C 2631 scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT 2632 fi 2633 # Use an external RNG as currently internal RNGs depend on entropy.c 2634 # which in turn hard-depends on SHA256_C (or SHA512_C). 2635 # See component_test_psa_external_rng_no_drbg_use_psa. 2636 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 2637 scripts/config.py unset MBEDTLS_ENTROPY_C 2638 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED # depends on ENTROPY_C 2639 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT # depends on former 2640 # Also unset MD_C and things that depend on it. 2641 if [ "$DRIVER_ONLY" -eq 1 ]; then 2642 scripts/config.py unset MBEDTLS_MD_C 2643 fi 2644 scripts/config.py unset MBEDTLS_HKDF_C # has independent PSA implementation 2645 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 2646 scripts/config.py unset MBEDTLS_PKCS7_C 2647 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC 2648 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_DETERMINISTIC_ECDSA 2649 2650 # Dynamic secure element support is a deprecated feature and needs to be disabled here. 2651 # This is done to have the same form of psa_key_attributes_s for libdriver and library. 2652 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 2653} 2654 2655# Note that component_test_psa_crypto_config_reference_hash_use_psa 2656# is related to this component and both components need to be kept in sync. 2657# For details please see comments for component_test_psa_crypto_config_reference_hash_use_psa. 2658component_test_psa_crypto_config_accel_hash_use_psa () { 2659 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA" 2660 2661 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 2662 # partial support for cipher operations in the driver test library. 2663 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2664 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2665 2666 loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" 2667 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 2668 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 2669 2670 config_psa_crypto_hash_use_psa 1 2671 2672 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 2673 make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" all 2674 2675 # There's a risk of something getting re-enabled via config_psa.h; 2676 # make sure it did not happen. Note: it's OK for MD_LIGHT to be enabled, 2677 # but not the full MD_C (for now), so check mbedtls_md_hmac for that. 2678 not grep mbedtls_md_hmac library/md.o 2679 not grep mbedtls_md5 library/md5.o 2680 not grep mbedtls_sha1 library/sha1.o 2681 not grep mbedtls_sha256 library/sha256.o 2682 not grep mbedtls_sha512 library/sha512.o 2683 not grep mbedtls_ripemd160 library/ripemd160.o 2684 2685 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA" 2686 make test 2687 2688 # This is mostly useful so that we can later compare outcome files with 2689 # the reference config in analyze_outcomes.py, to check that the 2690 # dependency declarations in ssl-opt.sh and in TLS code are correct. 2691 msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA" 2692 tests/ssl-opt.sh 2693 2694 # This is to make sure all ciphersuites are exercised, but we don't need 2695 # interop testing (besides, we already got some from ssl-opt.sh). 2696 msg "test: compat.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA" 2697 tests/compat.sh -p mbedTLS -V YES 2698} 2699 2700# This component provides reference configuration for test_psa_crypto_config_accel_hash_use_psa 2701# without accelerated hash. The outcome from both components are used by the analyze_outcomes.py 2702# script to find regression in test coverage when accelerated hash is used (tests and ssl-opt). 2703# Both components need to be kept in sync. 2704component_test_psa_crypto_config_reference_hash_use_psa() { 2705 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA" 2706 2707 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2708 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2709 2710 config_psa_crypto_hash_use_psa 0 2711 2712 make 2713 2714 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA" 2715 make test 2716 2717 msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA" 2718 tests/ssl-opt.sh 2719} 2720 2721component_test_psa_crypto_config_accel_cipher () { 2722 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher" 2723 2724 loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES" 2725 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 2726 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 2727 2728 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2729 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2730 2731 # There is no intended accelerator support for ALG STREAM_CIPHER and 2732 # ALG_ECB_NO_PADDING. Therefore, asking for them in the build implies the 2733 # inclusion of the Mbed TLS cipher operations. As we want to test here with 2734 # cipher operations solely supported by accelerators, disabled those 2735 # PSA configuration options. 2736 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2737 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2738 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CMAC 2739 2740 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC 2741 scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7 2742 scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR 2743 scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB 2744 scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB 2745 scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS 2746 scripts/config.py unset MBEDTLS_DES_C 2747 2748 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 2749 make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 2750 2751 not grep mbedtls_des* library/des.o 2752 2753 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher" 2754 make test 2755} 2756 2757component_test_psa_crypto_config_accel_aead () { 2758 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD" 2759 2760 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 2761 # partial support for cipher operations in the driver test library. 2762 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2763 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2764 2765 loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" 2766 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 2767 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 2768 2769 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2770 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2771 2772 scripts/config.py unset MBEDTLS_GCM_C 2773 scripts/config.py unset MBEDTLS_CCM_C 2774 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 2775 # Features that depend on AEAD 2776 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 2777 scripts/config.py unset MBEDTLS_SSL_TICKET_C 2778 2779 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 2780 make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 2781 2782 # There's a risk of something getting re-enabled via config_psa.h 2783 # make sure it did not happen. 2784 not grep mbedtls_ccm library/ccm.o 2785 not grep mbedtls_gcm library/gcm.o 2786 not grep mbedtls_chachapoly library/chachapoly.o 2787 2788 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD" 2789 make test 2790} 2791 2792component_test_psa_crypto_config_accel_pake() { 2793 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" 2794 2795 # Start with full 2796 scripts/config.py full 2797 2798 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 2799 # partial support for cipher operations in the driver test library. 2800 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 2801 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 2802 2803 loc_accel_list="ALG_JPAKE" 2804 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 2805 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 2806 2807 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2808 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2809 2810 # Make build-in fallback not available 2811 scripts/config.py unset MBEDTLS_ECJPAKE_C 2812 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 2813 2814 # Dynamic secure element support is a deprecated feature and needs to be disabled here. 2815 # This is done to have the same form of psa_key_attributes_s for libdriver and library. 2816 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 2817 2818 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 2819 make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 2820 2821 not grep mbedtls_ecjpake_init library/ecjpake.o 2822 2823 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" 2824 make test 2825} 2826 2827component_test_psa_crypto_config_no_driver() { 2828 # full plus MBEDTLS_PSA_CRYPTO_CONFIG 2829 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" 2830 scripts/config.py full 2831 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2832 scripts/config.py unset MBEDTLS_PSA_CRYPTO_DRIVERS 2833 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2834 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 2835 make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 2836 2837 msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" 2838 make test 2839} 2840 2841component_test_psa_crypto_config_chachapoly_disabled() { 2842 # full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305 2843 msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305" 2844 scripts/config.py full 2845 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 2846 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_GCM 2847 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CHACHA20_POLY1305 2848 make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 2849 2850 msg "test: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305" 2851 make test 2852} 2853 2854# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test. 2855component_build_psa_accel_alg_ecdh() { 2856 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH 2857 # without MBEDTLS_ECDH_C 2858 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C" 2859 scripts/config.py full 2860 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2861 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2862 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2863 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 2864 scripts/config.py unset MBEDTLS_ECDH_C 2865 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 2866 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 2867 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 2868 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 2869 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 2870 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2871 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2872} 2873 2874# This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test. 2875component_build_psa_accel_key_type_ecc_key_pair() { 2876 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 2877 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR" 2878 scripts/config.py full 2879 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2880 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2881 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2882 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 2883 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 2884 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 2885 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2886 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2887} 2888 2889# This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test. 2890component_build_psa_accel_key_type_ecc_public_key() { 2891 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 2892 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY" 2893 scripts/config.py full 2894 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2895 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2896 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2897 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 2898 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 2899 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 2900 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2901 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2902} 2903 2904# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. 2905component_build_psa_accel_alg_hmac() { 2906 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC 2907 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC" 2908 scripts/config.py full 2909 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2910 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2911 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2912 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 2913 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2914 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2915} 2916 2917# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. 2918component_build_psa_accel_alg_hkdf() { 2919 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HKDF 2920 # without MBEDTLS_HKDF_C 2921 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C" 2922 scripts/config.py full 2923 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2924 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2925 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2926 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 2927 scripts/config.py unset MBEDTLS_HKDF_C 2928 # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it. 2929 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 2930 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2931 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2932} 2933 2934# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test. 2935component_build_psa_accel_alg_md5() { 2936 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD5 without other hashes 2937 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD5 - other hashes" 2938 scripts/config.py full 2939 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2940 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2941 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2942 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 2943 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 2944 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 2945 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 2946 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 2947 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 2948 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 2949 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 2950 scripts/config.py unset MBEDTLS_LMS_C 2951 scripts/config.py unset MBEDTLS_LMS_PRIVATE 2952 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2953 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2954} 2955 2956# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test. 2957component_build_psa_accel_alg_ripemd160() { 2958 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RIPEMD160 without other hashes 2959 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RIPEMD160 - other hashes" 2960 scripts/config.py full 2961 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2962 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2963 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2964 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 2965 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 2966 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 2967 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 2968 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 2969 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 2970 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 2971 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 2972 scripts/config.py unset MBEDTLS_LMS_C 2973 scripts/config.py unset MBEDTLS_LMS_PRIVATE 2974 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2975 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2976} 2977 2978# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test. 2979component_build_psa_accel_alg_sha1() { 2980 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_1 without other hashes 2981 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_1 - other hashes" 2982 scripts/config.py full 2983 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2984 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2985 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2986 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 2987 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 2988 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 2989 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 2990 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 2991 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 2992 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 2993 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 2994 scripts/config.py unset MBEDTLS_LMS_C 2995 scripts/config.py unset MBEDTLS_LMS_PRIVATE 2996 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2997 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2998} 2999 3000# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test. 3001component_build_psa_accel_alg_sha224() { 3002 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_224 without other hashes 3003 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_224 - other hashes" 3004 scripts/config.py full 3005 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 3006 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 3007 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 3008 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 3009 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 3010 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 3011 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 3012 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 3013 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 3014 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 3015 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 3016 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 3017} 3018 3019# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test. 3020component_build_psa_accel_alg_sha256() { 3021 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_256 without other hashes 3022 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_256 - other hashes" 3023 scripts/config.py full 3024 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 3025 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 3026 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 3027 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 3028 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 3029 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 3030 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 3031 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 3032 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 3033 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 3034 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 3035 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 3036} 3037 3038# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test. 3039component_build_psa_accel_alg_sha384() { 3040 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_384 without other hashes 3041 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_384 - other hashes" 3042 scripts/config.py full 3043 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 3044 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 3045 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 3046 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 3047 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 3048 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 3049 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 3050 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 3051 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 3052 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 3053 scripts/config.py unset MBEDTLS_LMS_C 3054 scripts/config.py unset MBEDTLS_LMS_PRIVATE 3055 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 3056 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 3057} 3058 3059# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test. 3060component_build_psa_accel_alg_sha512() { 3061 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_512 without other hashes 3062 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_512 - other hashes" 3063 scripts/config.py full 3064 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 3065 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 3066 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 3067 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 3068 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 3069 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 3070 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 3071 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 3072 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 3073 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 3074 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 3075 scripts/config.py unset MBEDTLS_LMS_C 3076 scripts/config.py unset MBEDTLS_LMS_PRIVATE 3077 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 3078 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 3079} 3080 3081# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 3082component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { 3083 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 3084 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 3085 scripts/config.py full 3086 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 3087 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 3088 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 3089 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 3090 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 3091 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 3092 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 3093 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 3094 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 3095 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 3096} 3097 3098# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 3099component_build_psa_accel_alg_rsa_pkcs1v15_sign() { 3100 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_SIGN and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 3101 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 3102 scripts/config.py full 3103 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 3104 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 3105 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 3106 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 3107 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 3108 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 3109 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 3110 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 3111 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 3112 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 3113} 3114 3115# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 3116component_build_psa_accel_alg_rsa_oaep() { 3117 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_OAEP and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 3118 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 3119 scripts/config.py full 3120 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 3121 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 3122 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 3123 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 3124 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_OAEP 1 3125 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 3126 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 3127 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 3128 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 3129 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 3130} 3131 3132# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 3133component_build_psa_accel_alg_rsa_pss() { 3134 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PSS and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 3135 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 3136 scripts/config.py full 3137 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 3138 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 3139 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 3140 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 3141 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 3142 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 3143 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 3144 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 3145 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 3146 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 3147} 3148 3149# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 3150component_build_psa_accel_key_type_rsa_key_pair() { 3151 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR and PSA_WANT_ALG_RSA_PSS 3152 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR + PSA_WANT_ALG_RSA_PSS" 3153 scripts/config.py full 3154 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 3155 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 3156 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 3157 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 3158 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 3159 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 3160 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 3161 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 3162} 3163 3164# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 3165component_build_psa_accel_key_type_rsa_public_key() { 3166 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY and PSA_WANT_ALG_RSA_PSS 3167 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS" 3168 scripts/config.py full 3169 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 3170 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 3171 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 3172 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 3173 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 3174 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 3175 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 3176 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 3177} 3178 3179component_test_no_platform () { 3180 # Full configuration build, without platform support, file IO and net sockets. 3181 # This should catch missing mbedtls_printf definitions, and by disabling file 3182 # IO, it should catch missing '#include <stdio.h>' 3183 msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s 3184 scripts/config.py full 3185 scripts/config.py unset MBEDTLS_PLATFORM_C 3186 scripts/config.py unset MBEDTLS_NET_C 3187 scripts/config.py unset MBEDTLS_PLATFORM_MEMORY 3188 scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT 3189 scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT 3190 scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT 3191 scripts/config.py unset MBEDTLS_PLATFORM_VSNPRINTF_ALT 3192 scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT 3193 scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT 3194 scripts/config.py unset MBEDTLS_PLATFORM_SETBUF_ALT 3195 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 3196 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 3197 scripts/config.py unset MBEDTLS_FS_IO 3198 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 3199 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 3200 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C 3201 # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, 3202 # to re-enable platform integration features otherwise disabled in C99 builds 3203 make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs 3204 make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test 3205} 3206 3207component_build_no_std_function () { 3208 # catch compile bugs in _uninit functions 3209 msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s 3210 scripts/config.py full 3211 scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 3212 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 3213 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 3214 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check . 3215 make 3216} 3217 3218component_build_no_ssl_srv () { 3219 msg "build: full config except SSL server, make, gcc" # ~ 30s 3220 scripts/config.py full 3221 scripts/config.py unset MBEDTLS_SSL_SRV_C 3222 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' 3223} 3224 3225component_build_no_ssl_cli () { 3226 msg "build: full config except SSL client, make, gcc" # ~ 30s 3227 scripts/config.py full 3228 scripts/config.py unset MBEDTLS_SSL_CLI_C 3229 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' 3230} 3231 3232component_build_no_sockets () { 3233 # Note, C99 compliance can also be tested with the sockets support disabled, 3234 # as that requires a POSIX platform (which isn't the same as C99). 3235 msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s 3236 scripts/config.py full 3237 scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. 3238 scripts/config.py set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux 3239 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib 3240} 3241 3242component_test_memory_buffer_allocator_backtrace () { 3243 msg "build: default config with memory buffer allocator and backtrace enabled" 3244 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 3245 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 3246 scripts/config.py set MBEDTLS_MEMORY_BACKTRACE 3247 scripts/config.py set MBEDTLS_MEMORY_DEBUG 3248 CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . 3249 make 3250 3251 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE" 3252 make test 3253} 3254 3255component_test_memory_buffer_allocator () { 3256 msg "build: default config with memory buffer allocator" 3257 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 3258 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 3259 CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . 3260 make 3261 3262 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C" 3263 make test 3264 3265 msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C" 3266 # MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out. 3267 tests/ssl-opt.sh -e '^DTLS proxy' 3268} 3269 3270component_test_no_max_fragment_length () { 3271 # Run max fragment length tests with MFL disabled 3272 msg "build: default config except MFL extension (ASan build)" # ~ 30s 3273 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3274 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 3275 make 3276 3277 msg "test: ssl-opt.sh, MFL-related tests" 3278 tests/ssl-opt.sh -f "Max fragment length" 3279} 3280 3281component_test_asan_remove_peer_certificate () { 3282 msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)" 3283 scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 3284 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 3285 make 3286 3287 msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 3288 make test 3289 3290 msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 3291 tests/ssl-opt.sh 3292 3293 msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 3294 tests/compat.sh 3295 3296 msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 3297 tests/context-info.sh 3298} 3299 3300component_test_no_max_fragment_length_small_ssl_out_content_len () { 3301 msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" 3302 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3303 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 3304 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 3305 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 3306 make 3307 3308 msg "test: MFL tests (disabled MFL extension case) & large packet tests" 3309 tests/ssl-opt.sh -f "Max fragment length\|Large buffer" 3310 3311 msg "test: context-info.sh (disabled MFL extension case)" 3312 tests/context-info.sh 3313} 3314 3315component_test_variable_ssl_in_out_buffer_len () { 3316 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)" 3317 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 3318 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 3319 make 3320 3321 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 3322 make test 3323 3324 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 3325 tests/ssl-opt.sh 3326 3327 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 3328 tests/compat.sh 3329} 3330 3331component_test_dtls_cid_legacy () { 3332 msg "build: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled (ASan build)" 3333 scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 1 3334 3335 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 3336 make 3337 3338 msg "test: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy)" 3339 make test 3340 3341 msg "test: ssl-opt.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled" 3342 tests/ssl-opt.sh 3343 3344 msg "test: compat.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled" 3345 tests/compat.sh 3346} 3347 3348component_test_ssl_alloc_buffer_and_mfl () { 3349 msg "build: default config with memory buffer allocator and MFL extension" 3350 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 3351 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 3352 scripts/config.py set MBEDTLS_MEMORY_DEBUG 3353 scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3354 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 3355 CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . 3356 make 3357 3358 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 3359 make test 3360 3361 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 3362 tests/ssl-opt.sh -f "Handshake memory usage" 3363} 3364 3365component_test_when_no_ciphersuites_have_mac () { 3366 msg "build: when no ciphersuites have MAC" 3367 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 3368 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC 3369 scripts/config.py unset MBEDTLS_CMAC_C 3370 make 3371 3372 msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC" 3373 make test 3374 3375 msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC" 3376 tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM' 3377} 3378 3379component_test_no_date_time () { 3380 msg "build: default config without MBEDTLS_HAVE_TIME_DATE" 3381 scripts/config.py unset MBEDTLS_HAVE_TIME_DATE 3382 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check . 3383 make 3384 3385 msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites" 3386 make test 3387} 3388 3389component_test_platform_calloc_macro () { 3390 msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" 3391 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 3392 scripts/config.py set MBEDTLS_PLATFORM_CALLOC_MACRO calloc 3393 scripts/config.py set MBEDTLS_PLATFORM_FREE_MACRO free 3394 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 3395 make 3396 3397 msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" 3398 make test 3399} 3400 3401component_test_malloc_0_null () { 3402 msg "build: malloc(0) returns NULL (ASan+UBSan build)" 3403 scripts/config.py full 3404 make CC=gcc CFLAGS="'-DMBEDTLS_CONFIG_FILE=\"$PWD/tests/configs/config-wrapper-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS" 3405 3406 msg "test: malloc(0) returns NULL (ASan+UBSan build)" 3407 make test 3408 3409 msg "selftest: malloc(0) returns NULL (ASan+UBSan build)" 3410 # Just the calloc selftest. "make test" ran the others as part of the 3411 # test suites. 3412 programs/test/selftest calloc 3413 3414 msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)" 3415 # Run a subset of the tests. The choice is a balance between coverage 3416 # and time (including time indirectly wasted due to flaky tests). 3417 # The current choice is to skip tests whose description includes 3418 # "proxy", which is an approximation of skipping tests that use the 3419 # UDP proxy, which tend to be slower and flakier. 3420 tests/ssl-opt.sh -e 'proxy' 3421} 3422 3423component_test_aes_fewer_tables () { 3424 msg "build: default config with AES_FEWER_TABLES enabled" 3425 scripts/config.py set MBEDTLS_AES_FEWER_TABLES 3426 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 3427 3428 msg "test: AES_FEWER_TABLES" 3429 make test 3430} 3431 3432component_test_aes_rom_tables () { 3433 msg "build: default config with AES_ROM_TABLES enabled" 3434 scripts/config.py set MBEDTLS_AES_ROM_TABLES 3435 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 3436 3437 msg "test: AES_ROM_TABLES" 3438 make test 3439} 3440 3441component_test_aes_fewer_tables_and_rom_tables () { 3442 msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" 3443 scripts/config.py set MBEDTLS_AES_FEWER_TABLES 3444 scripts/config.py set MBEDTLS_AES_ROM_TABLES 3445 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 3446 3447 msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" 3448 make test 3449} 3450 3451component_test_ctr_drbg_aes_256_sha_256 () { 3452 msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 3453 scripts/config.py full 3454 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 3455 scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 3456 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 3457 make 3458 3459 msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 3460 make test 3461} 3462 3463component_test_ctr_drbg_aes_128_sha_512 () { 3464 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" 3465 scripts/config.py full 3466 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 3467 scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY 3468 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 3469 make 3470 3471 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" 3472 make test 3473} 3474 3475component_test_ctr_drbg_aes_128_sha_256 () { 3476 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 3477 scripts/config.py full 3478 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 3479 scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY 3480 scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 3481 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 3482 make 3483 3484 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 3485 make test 3486} 3487 3488component_test_se_default () { 3489 msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C" 3490 scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C 3491 make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" 3492 3493 msg "test: default config + MBEDTLS_PSA_CRYPTO_SE_C" 3494 make test 3495} 3496 3497component_test_psa_crypto_drivers () { 3498 msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks" 3499 scripts/config.py full 3500 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 3501 scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS 3502 loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL" 3503 loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" 3504 loc_cflags="${loc_cflags} -I../tests/include -O2" 3505 3506 make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" 3507 3508 msg "test: full + MBEDTLS_PSA_CRYPTO_DRIVERS" 3509 make test 3510} 3511 3512component_test_make_shared () { 3513 msg "build/test: make shared" # ~ 40s 3514 make SHARED=1 all check 3515 ldd programs/util/strerror | grep libmbedcrypto 3516 programs/test/dlopen_demo.sh 3517} 3518 3519component_test_cmake_shared () { 3520 msg "build/test: cmake shared" # ~ 2min 3521 cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On . 3522 make 3523 ldd programs/util/strerror | grep libmbedcrypto 3524 make test 3525 programs/test/dlopen_demo.sh 3526} 3527 3528test_build_opt () { 3529 info=$1 cc=$2; shift 2 3530 for opt in "$@"; do 3531 msg "build/test: $cc $opt, $info" # ~ 30s 3532 make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" 3533 # We're confident enough in compilers to not run _all_ the tests, 3534 # but at least run the unit tests. In particular, runs with 3535 # optimizations use inline assembly whereas runs with -O0 3536 # skip inline assembly. 3537 make test # ~30s 3538 make clean 3539 done 3540} 3541 3542component_test_clang_opt () { 3543 scripts/config.py full 3544 test_build_opt 'full config' clang -O0 -Os -O2 3545} 3546 3547component_test_gcc_opt () { 3548 scripts/config.py full 3549 test_build_opt 'full config' gcc -O0 -Os -O2 3550} 3551 3552component_build_mbedtls_config_file () { 3553 msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s 3554 scripts/config.py -w full_config.h full 3555 echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H" 3556 make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" 3557 # Make sure this feature is enabled. We'll disable it in the next phase. 3558 programs/test/query_compile_time_config MBEDTLS_NIST_KW_C 3559 make clean 3560 3561 msg "build: make with MBEDTLS_CONFIG_FILE + MBEDTLS_USER_CONFIG_FILE" 3562 # In the user config, disable one feature (for simplicity, pick a feature 3563 # that nothing else depends on). 3564 echo '#undef MBEDTLS_NIST_KW_C' >user_config.h 3565 make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'" 3566 not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C 3567 3568 rm -f user_config.h full_config.h 3569} 3570 3571component_build_psa_config_file () { 3572 msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE" # ~40s 3573 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 3574 cp "$CRYPTO_CONFIG_H" psa_test_config.h 3575 echo '#error "MBEDTLS_PSA_CRYPTO_CONFIG_FILE is not working"' >"$CRYPTO_CONFIG_H" 3576 make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'" 3577 # Make sure this feature is enabled. We'll disable it in the next phase. 3578 programs/test/query_compile_time_config MBEDTLS_CMAC_C 3579 make clean 3580 3581 msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE + MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s 3582 # In the user config, disable one feature, which will reflect on the 3583 # mbedtls configuration so we can query it with query_compile_time_config. 3584 echo '#undef PSA_WANT_ALG_CMAC' >psa_user_config.h 3585 scripts/config.py unset MBEDTLS_CMAC_C 3586 make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'" 3587 not programs/test/query_compile_time_config MBEDTLS_CMAC_C 3588 3589 rm -f psa_test_config.h psa_user_config.h 3590} 3591 3592component_build_psa_alt_headers () { 3593 msg "build: make with PSA alt headers" # ~20s 3594 3595 # Generate alternative versions of the substitutable headers with the 3596 # same content except different include guards. 3597 make -C tests include/alt-extra/psa/crypto_platform_alt.h include/alt-extra/psa/crypto_struct_alt.h 3598 3599 # Build the library and some programs. 3600 # Don't build the fuzzers to avoid having to go through hoops to set 3601 # a correct include path for programs/fuzz/Makefile. 3602 make CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib 3603 make -C programs -o fuzz CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" 3604 3605 # Check that we're getting the alternative include guards and not the 3606 # original include guards. 3607 programs/test/query_included_headers | grep -x PSA_CRYPTO_PLATFORM_ALT_H 3608 programs/test/query_included_headers | grep -x PSA_CRYPTO_STRUCT_ALT_H 3609 programs/test/query_included_headers | not grep -x PSA_CRYPTO_PLATFORM_H 3610 programs/test/query_included_headers | not grep -x PSA_CRYPTO_STRUCT_H 3611} 3612 3613component_test_m32_o0 () { 3614 # Build without optimization, so as to use portable C code (in a 32-bit 3615 # build) and not the i386-specific inline assembly. 3616 msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s 3617 scripts/config.py full 3618 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS" 3619 3620 msg "test: i386, make, gcc -O0 (ASan build)" 3621 make test 3622} 3623support_test_m32_o0 () { 3624 case $(uname -m) in 3625 amd64|x86_64) true;; 3626 *) false;; 3627 esac 3628} 3629 3630component_test_m32_o2 () { 3631 # Build with optimization, to use the i386 specific inline assembly 3632 # and go faster for tests. 3633 msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s 3634 scripts/config.py full 3635 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS" 3636 3637 msg "test: i386, make, gcc -O2 (ASan build)" 3638 make test 3639 3640 msg "test ssl-opt.sh, i386, make, gcc-O2" 3641 tests/ssl-opt.sh 3642} 3643support_test_m32_o2 () { 3644 support_test_m32_o0 "$@" 3645} 3646 3647component_test_m32_everest () { 3648 msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min 3649 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 3650 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS" 3651 3652 msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s 3653 make test 3654 3655 msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s 3656 tests/ssl-opt.sh -f ECDH 3657 3658 msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min 3659 # Exclude some symmetric ciphers that are redundant here to gain time. 3660 tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA' 3661} 3662support_test_m32_everest () { 3663 support_test_m32_o0 "$@" 3664} 3665 3666component_test_mx32 () { 3667 msg "build: 64-bit ILP32, make, gcc" # ~ 30s 3668 scripts/config.py full 3669 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' 3670 3671 msg "test: 64-bit ILP32, make, gcc" 3672 make test 3673} 3674support_test_mx32 () { 3675 case $(uname -m) in 3676 amd64|x86_64) true;; 3677 *) false;; 3678 esac 3679} 3680 3681component_test_min_mpi_window_size () { 3682 msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s 3683 scripts/config.py set MBEDTLS_MPI_WINDOW_SIZE 1 3684 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 3685 make 3686 3687 msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s 3688 make test 3689} 3690 3691component_test_have_int32 () { 3692 msg "build: gcc, force 32-bit bignum limbs" 3693 scripts/config.py unset MBEDTLS_HAVE_ASM 3694 scripts/config.py unset MBEDTLS_AESNI_C 3695 scripts/config.py unset MBEDTLS_PADLOCK_C 3696 scripts/config.py unset MBEDTLS_AESCE_C 3697 make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' 3698 3699 msg "test: gcc, force 32-bit bignum limbs" 3700 make test 3701} 3702 3703component_test_have_int64 () { 3704 msg "build: gcc, force 64-bit bignum limbs" 3705 scripts/config.py unset MBEDTLS_HAVE_ASM 3706 scripts/config.py unset MBEDTLS_AESNI_C 3707 scripts/config.py unset MBEDTLS_PADLOCK_C 3708 scripts/config.py unset MBEDTLS_AESCE_C 3709 make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' 3710 3711 msg "test: gcc, force 64-bit bignum limbs" 3712 make test 3713} 3714 3715component_test_no_udbl_division () { 3716 msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s 3717 scripts/config.py full 3718 scripts/config.py set MBEDTLS_NO_UDBL_DIVISION 3719 make CFLAGS='-Werror -O1' 3720 3721 msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s 3722 make test 3723} 3724 3725component_test_no_64bit_multiplication () { 3726 msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s 3727 scripts/config.py full 3728 scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION 3729 make CFLAGS='-Werror -O1' 3730 3731 msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s 3732 make test 3733} 3734 3735component_test_no_strings () { 3736 msg "build: no strings" # ~10s 3737 scripts/config.py full 3738 # Disable options that activate a large amount of string constants. 3739 scripts/config.py unset MBEDTLS_DEBUG_C 3740 scripts/config.py unset MBEDTLS_ERROR_C 3741 scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY 3742 scripts/config.py unset MBEDTLS_VERSION_FEATURES 3743 make CFLAGS='-Werror -Os' 3744 3745 msg "test: no strings" # ~ 10s 3746 make test 3747} 3748 3749component_test_no_x509_info () { 3750 msg "build: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s 3751 scripts/config.pl full 3752 scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests 3753 scripts/config.pl set MBEDTLS_X509_REMOVE_INFO 3754 make CFLAGS='-Werror -O2' 3755 3756 msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s 3757 make test 3758 3759 msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_INFO" # ~ 1 min 3760 tests/ssl-opt.sh 3761} 3762 3763component_build_arm_none_eabi_gcc () { 3764 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" # ~ 10s 3765 scripts/config.py baremetal 3766 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib 3767 3768 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" 3769 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 3770} 3771 3772component_build_arm_linux_gnueabi_gcc_arm5vte () { 3773 msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s 3774 scripts/config.py baremetal 3775 # Build for a target platform that's close to what Debian uses 3776 # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). 3777 # See https://github.com/Mbed-TLS/mbedtls/pull/2169 and comments. 3778 # Build everything including programs, see for example 3779 # https://github.com/Mbed-TLS/mbedtls/pull/3449#issuecomment-675313720 3780 make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' 3781 3782 msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" 3783 ${ARM_LINUX_GNUEABI_GCC_PREFIX}size library/*.o 3784} 3785support_build_arm_linux_gnueabi_gcc_arm5vte () { 3786 type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1 3787} 3788 3789component_build_arm_none_eabi_gcc_arm5vte () { 3790 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s 3791 scripts/config.py baremetal 3792 # This is an imperfect substitute for 3793 # component_build_arm_linux_gnueabi_gcc_arm5vte 3794 # in case the gcc-arm-linux-gnueabi toolchain is not available 3795 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib 3796 3797 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" 3798 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 3799} 3800 3801component_build_arm_none_eabi_gcc_m0plus () { 3802 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus, baremetal_size" # ~ 10s 3803 scripts/config.py baremetal_size 3804 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib 3805 3806 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size" 3807 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 3808} 3809 3810component_build_arm_none_eabi_gcc_no_udbl_division () { 3811 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s 3812 scripts/config.py baremetal 3813 scripts/config.py set MBEDTLS_NO_UDBL_DIVISION 3814 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib 3815 echo "Checking that software 64-bit division is not required" 3816 not grep __aeabi_uldiv library/*.o 3817} 3818 3819component_build_arm_none_eabi_gcc_no_64bit_multiplication () { 3820 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s 3821 scripts/config.py baremetal 3822 scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION 3823 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib 3824 echo "Checking that software 64-bit multiplication is not required" 3825 not grep __aeabi_lmul library/*.o 3826} 3827 3828component_build_armcc () { 3829 msg "build: ARM Compiler 5" 3830 scripts/config.py baremetal 3831 # armc[56] don't support SHA-512 intrinsics 3832 scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT 3833 3834 # Stop armclang warning about feature detection for A64_CRYPTO. 3835 # With this enabled, the library does build correctly under armclang, 3836 # but in baremetal builds (as tested here), feature detection is 3837 # unavailable, and the user is notified via a #warning. So enabling 3838 # this feature would prevent us from building with -Werror on 3839 # armclang. Tracked in #7198. 3840 scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT 3841 3842 scripts/config.py set MBEDTLS_HAVE_ASM 3843 3844 make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib 3845 3846 msg "size: ARM Compiler 5" 3847 "$ARMC5_FROMELF" -z library/*.o 3848 3849 make clean 3850 3851 # Compile with -O1 since some Arm inline assembly is disabled for -O0. 3852 3853 # ARM Compiler 6 - Target ARMv7-A 3854 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a" 3855 3856 # ARM Compiler 6 - Target ARMv7-M 3857 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m" 3858 3859 # ARM Compiler 6 - Target ARMv7-M+DSP 3860 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m+dsp" 3861 3862 # ARM Compiler 6 - Target ARMv8-A - AArch32 3863 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8.2-a" 3864 3865 # ARM Compiler 6 - Target ARMv8-M 3866 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main" 3867 3868 # ARM Compiler 6 - Target ARMv8.2-A - AArch64 3869 armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto" 3870} 3871support_build_armcc () { 3872 armc5_cc="$ARMC5_BIN_DIR/armcc" 3873 armc6_cc="$ARMC6_BIN_DIR/armclang" 3874 (check_tools "$armc5_cc" "$armc6_cc" > /dev/null 2>&1) 3875} 3876 3877component_test_tls13_only () { 3878 msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2" 3879 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 3880 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 3881 3882 msg "test: TLS 1.3 only, all key exchange modes enabled" 3883 make test 3884 3885 msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled" 3886 tests/ssl-opt.sh 3887} 3888 3889component_test_tls13_only_psk () { 3890 msg "build: TLS 1.3 only from default, only PSK key exchange mode" 3891 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3892 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3893 scripts/config.py unset MBEDTLS_ECDH_C 3894 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C 3895 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT 3896 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION 3897 scripts/config.py unset MBEDTLS_ECDSA_C 3898 scripts/config.py unset MBEDTLS_PKCS1_V21 3899 scripts/config.py unset MBEDTLS_PKCS7_C 3900 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 3901 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 3902 3903 msg "test_suite_ssl: TLS 1.3 only, only PSK key exchange mode enabled" 3904 cd tests; ./test_suite_ssl; cd .. 3905 3906 msg "ssl-opt.sh: TLS 1.3 only, only PSK key exchange mode enabled" 3907 tests/ssl-opt.sh 3908} 3909 3910component_test_tls13_only_ephemeral () { 3911 msg "build: TLS 1.3 only from default, only ephemeral key exchange mode" 3912 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3913 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3914 scripts/config.py unset MBEDTLS_SSL_EARLY_DATA 3915 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 3916 3917 msg "test_suite_ssl: TLS 1.3 only, only ephemeral key exchange mode" 3918 cd tests; ./test_suite_ssl; cd .. 3919 3920 msg "ssl-opt.sh: TLS 1.3 only, only ephemeral key exchange mode" 3921 tests/ssl-opt.sh 3922} 3923 3924component_test_tls13_only_psk_ephemeral () { 3925 msg "build: TLS 1.3 only from default, only PSK ephemeral key exchange mode" 3926 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3927 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3928 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C 3929 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT 3930 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION 3931 scripts/config.py unset MBEDTLS_ECDSA_C 3932 scripts/config.py unset MBEDTLS_PKCS1_V21 3933 scripts/config.py unset MBEDTLS_PKCS7_C 3934 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 3935 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 3936 3937 msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral key exchange mode" 3938 cd tests; ./test_suite_ssl; cd .. 3939 3940 msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral key exchange mode" 3941 tests/ssl-opt.sh 3942} 3943 3944component_test_tls13_only_psk_all () { 3945 msg "build: TLS 1.3 only from default, without ephemeral key exchange mode" 3946 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3947 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C 3948 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT 3949 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION 3950 scripts/config.py unset MBEDTLS_ECDSA_C 3951 scripts/config.py unset MBEDTLS_PKCS1_V21 3952 scripts/config.py unset MBEDTLS_PKCS7_C 3953 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 3954 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 3955 3956 msg "test_suite_ssl: TLS 1.3 only, PSK and PSK ephemeral key exchange modes" 3957 cd tests; ./test_suite_ssl; cd .. 3958 3959 msg "ssl-opt.sh: TLS 1.3 only, PSK and PSK ephemeral key exchange modes" 3960 tests/ssl-opt.sh 3961} 3962 3963component_test_tls13_only_ephemeral_all () { 3964 msg "build: TLS 1.3 only from default, without PSK key exchange mode" 3965 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3966 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 3967 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 3968 3969 msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes" 3970 cd tests; ./test_suite_ssl; cd .. 3971 3972 msg "ssl-opt.sh: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes" 3973 tests/ssl-opt.sh 3974} 3975 3976component_test_tls13 () { 3977 msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" 3978 scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 3979 scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3980 scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 3981 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 3982 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 3983 make 3984 msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" 3985 make test 3986 msg "ssl-opt.sh (TLS 1.3)" 3987 tests/ssl-opt.sh 3988} 3989 3990component_test_tls13_no_compatibility_mode () { 3991 msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" 3992 scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 3993 scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3994 scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 3995 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 3996 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 3997 make 3998 msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" 3999 make test 4000 msg "ssl-opt.sh (TLS 1.3 no compatibility mode)" 4001 tests/ssl-opt.sh 4002} 4003 4004component_test_tls13_only_record_size_limit () { 4005 msg "build: TLS 1.3 only from default, record size limit extension enabled" 4006 scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT 4007 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 4008 4009 msg "test_suite_ssl: TLS 1.3 only, record size limit extension enabled" 4010 cd tests; ./test_suite_ssl; cd .. 4011 4012 msg "ssl-opt.sh: (TLS 1.3 only, record size limit extension tests only)" 4013 # Both the server and the client will currently abort the handshake when they encounter the 4014 # record size limit extension. There is no way to prevent gnutls-cli from sending the extension 4015 # which makes all G_NEXT_CLI + P_SRV tests fail. Thus, run only the tests for the this extension. 4016 tests/ssl-opt.sh -f "Record Size Limit" 4017} 4018 4019component_build_mingw () { 4020 msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s 4021 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs 4022 4023 # note Make tests only builds the tests, but doesn't run them 4024 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests 4025 make WINDOWS_BUILD=1 clean 4026 4027 msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s 4028 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs 4029 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests 4030 make WINDOWS_BUILD=1 clean 4031} 4032support_build_mingw() { 4033 case $(i686-w64-mingw32-gcc -dumpversion 2>/dev/null) in 4034 [0-5]*|"") false;; 4035 *) true;; 4036 esac 4037} 4038 4039component_test_memsan () { 4040 msg "build: MSan (clang)" # ~ 1 min 20s 4041 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm 4042 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . 4043 make 4044 4045 msg "test: main suites (MSan)" # ~ 10s 4046 make test 4047 4048 msg "test: ssl-opt.sh (MSan)" # ~ 1 min 4049 tests/ssl-opt.sh 4050 4051 # Optional part(s) 4052 4053 if [ "$MEMORY" -gt 0 ]; then 4054 msg "test: compat.sh (MSan)" # ~ 6 min 20s 4055 tests/compat.sh 4056 fi 4057} 4058 4059component_test_valgrind () { 4060 msg "build: Release (clang)" 4061 # default config, in particular without MBEDTLS_USE_PSA_CRYPTO 4062 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . 4063 make 4064 4065 msg "test: main suites, Valgrind (default config)" 4066 make memcheck 4067 4068 # Optional parts (slow; currently broken on OS X because programs don't 4069 # seem to receive signals under valgrind on OS X). 4070 # These optional parts don't run on the CI. 4071 if [ "$MEMORY" -gt 0 ]; then 4072 msg "test: ssl-opt.sh --memcheck (default config)" 4073 tests/ssl-opt.sh --memcheck 4074 fi 4075 4076 if [ "$MEMORY" -gt 1 ]; then 4077 msg "test: compat.sh --memcheck (default config)" 4078 tests/compat.sh --memcheck 4079 fi 4080 4081 if [ "$MEMORY" -gt 0 ]; then 4082 msg "test: context-info.sh --memcheck (default config)" 4083 tests/context-info.sh --memcheck 4084 fi 4085} 4086 4087component_test_valgrind_psa () { 4088 msg "build: Release, full (clang)" 4089 # full config, in particular with MBEDTLS_USE_PSA_CRYPTO 4090 scripts/config.py full 4091 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . 4092 make 4093 4094 msg "test: main suites, Valgrind (full config)" 4095 make memcheck 4096} 4097 4098support_test_cmake_out_of_source () { 4099 distrib_id="" 4100 distrib_ver="" 4101 distrib_ver_minor="" 4102 distrib_ver_major="" 4103 4104 # Attempt to parse lsb-release to find out distribution and version. If not 4105 # found this should fail safe (test is supported). 4106 if [[ -f /etc/lsb-release ]]; then 4107 4108 while read -r lsb_line; do 4109 case "$lsb_line" in 4110 "DISTRIB_ID"*) distrib_id=${lsb_line/#DISTRIB_ID=};; 4111 "DISTRIB_RELEASE"*) distrib_ver=${lsb_line/#DISTRIB_RELEASE=};; 4112 esac 4113 done < /etc/lsb-release 4114 4115 distrib_ver_major="${distrib_ver%%.*}" 4116 distrib_ver="${distrib_ver#*.}" 4117 distrib_ver_minor="${distrib_ver%%.*}" 4118 fi 4119 4120 # Running the out of source CMake test on Ubuntu 16.04 using more than one 4121 # processor (as the CI does) can create a race condition whereby the build 4122 # fails to see a generated file, despite that file actually having been 4123 # generated. This problem appears to go away with 18.04 or newer, so make 4124 # the out of source tests unsupported on Ubuntu 16.04. 4125 [ "$distrib_id" != "Ubuntu" ] || [ "$distrib_ver_major" -gt 16 ] 4126} 4127 4128component_test_cmake_out_of_source () { 4129 msg "build: cmake 'out-of-source' build" 4130 MBEDTLS_ROOT_DIR="$PWD" 4131 mkdir "$OUT_OF_SOURCE_DIR" 4132 cd "$OUT_OF_SOURCE_DIR" 4133 cmake -D CMAKE_BUILD_TYPE:String=Check "$MBEDTLS_ROOT_DIR" 4134 make 4135 4136 msg "test: cmake 'out-of-source' build" 4137 make test 4138 # Check that ssl-opt.sh can find the test programs. 4139 # Also ensure that there are no error messages such as 4140 # "No such file or directory", which would indicate that some required 4141 # file is missing (ssl-opt.sh tolerates the absence of some files so 4142 # may exit with status 0 but emit errors). 4143 ./tests/ssl-opt.sh -f 'Default' >ssl-opt.out 2>ssl-opt.err 4144 grep PASS ssl-opt.out 4145 cat ssl-opt.err >&2 4146 # If ssl-opt.err is non-empty, record an error and keep going. 4147 [ ! -s ssl-opt.err ] 4148 rm ssl-opt.out ssl-opt.err 4149 cd "$MBEDTLS_ROOT_DIR" 4150 rm -rf "$OUT_OF_SOURCE_DIR" 4151} 4152 4153component_test_cmake_as_subdirectory () { 4154 msg "build: cmake 'as-subdirectory' build" 4155 cd programs/test/cmake_subproject 4156 cmake . 4157 make 4158 ./cmake_subproject 4159} 4160support_test_cmake_as_subdirectory () { 4161 support_test_cmake_out_of_source 4162} 4163 4164component_test_cmake_as_package () { 4165 msg "build: cmake 'as-package' build" 4166 cd programs/test/cmake_package 4167 cmake . 4168 make 4169 ./cmake_package 4170} 4171support_test_cmake_as_package () { 4172 support_test_cmake_out_of_source 4173} 4174 4175component_test_cmake_as_package_install () { 4176 msg "build: cmake 'as-installed-package' build" 4177 cd programs/test/cmake_package_install 4178 cmake . 4179 make 4180 ./cmake_package_install 4181} 4182support_test_cmake_as_package_install () { 4183 support_test_cmake_out_of_source 4184} 4185 4186component_test_zeroize () { 4187 # Test that the function mbedtls_platform_zeroize() is not optimized away by 4188 # different combinations of compilers and optimization flags by using an 4189 # auxiliary GDB script. Unfortunately, GDB does not return error values to the 4190 # system in all cases that the script fails, so we must manually search the 4191 # output to check whether the pass string is present and no failure strings 4192 # were printed. 4193 4194 # Don't try to disable ASLR. We don't care about ASLR here. We do care 4195 # about a spurious message if Gdb tries and fails, so suppress that. 4196 gdb_disable_aslr= 4197 if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then 4198 gdb_disable_aslr='set disable-randomization off' 4199 fi 4200 4201 for optimization_flag in -O2 -O3 -Ofast -Os; do 4202 for compiler in clang gcc; do 4203 msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" 4204 make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" 4205 gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log 4206 grep "The buffer was correctly zeroized" test_zeroize.log 4207 not grep -i "error" test_zeroize.log 4208 rm -f test_zeroize.log 4209 make clean 4210 done 4211 done 4212} 4213 4214component_test_psa_compliance () { 4215 msg "build: make, default config (out-of-box), libmbedcrypto.a only" 4216 make -C library libmbedcrypto.a 4217 4218 msg "unit test: test_psa_compliance.py" 4219 ./tests/scripts/test_psa_compliance.py 4220} 4221 4222support_test_psa_compliance () { 4223 # psa-compliance-tests only supports CMake >= 3.10.0 4224 ver="$(cmake --version)" 4225 ver="${ver#cmake version }" 4226 ver_major="${ver%%.*}" 4227 4228 ver="${ver#*.}" 4229 ver_minor="${ver%%.*}" 4230 4231 [ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ] 4232} 4233 4234component_check_code_style () { 4235 msg "Check C code style" 4236 ./scripts/code_style.py 4237} 4238 4239support_check_code_style() { 4240 case $(uncrustify --version) in 4241 *0.75.1*) true;; 4242 *) false;; 4243 esac 4244} 4245 4246component_check_python_files () { 4247 msg "Lint: Python scripts" 4248 tests/scripts/check-python-files.sh 4249} 4250 4251component_check_test_helpers () { 4252 msg "unit test: generate_test_code.py" 4253 # unittest writes out mundane stuff like number or tests run on stderr. 4254 # Our convention is to reserve stderr for actual errors, and write 4255 # harmless info on stdout so it can be suppress with --quiet. 4256 ./tests/scripts/test_generate_test_code.py 2>&1 4257 4258 msg "unit test: translate_ciphers.py" 4259 python3 -m unittest tests/scripts/translate_ciphers.py 2>&1 4260} 4261 4262################################################################ 4263#### Termination 4264################################################################ 4265 4266post_report () { 4267 msg "Done, cleaning up" 4268 final_cleanup 4269 4270 final_report 4271} 4272 4273 4274 4275################################################################ 4276#### Run all the things 4277################################################################ 4278 4279# Function invoked by --error-test to test error reporting. 4280pseudo_component_error_test () { 4281 msg "Testing error reporting $error_test_i" 4282 if [ $KEEP_GOING -ne 0 ]; then 4283 echo "Expect three failing commands." 4284 fi 4285 # If the component doesn't run in a subshell, changing error_test_i to an 4286 # invalid integer will cause an error in the loop that runs this function. 4287 error_test_i=this_should_not_be_used_since_the_component_runs_in_a_subshell 4288 # Expected error: 'grep non_existent /dev/null -> 1' 4289 grep non_existent /dev/null 4290 # Expected error: '! grep -q . tests/scripts/all.sh -> 1' 4291 not grep -q . "$0" 4292 # Expected error: 'make unknown_target -> 2' 4293 make unknown_target 4294 false "this should not be executed" 4295} 4296 4297# Run one component and clean up afterwards. 4298run_component () { 4299 current_component="$1" 4300 export MBEDTLS_TEST_CONFIGURATION="$current_component" 4301 4302 # Unconditionally create a seedfile that's sufficiently long. 4303 # Do this before each component, because a previous component may 4304 # have messed it up or shortened it. 4305 local dd_cmd 4306 dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1) 4307 case $OSTYPE in 4308 linux*|freebsd*|openbsd*) dd_cmd+=(status=none) 4309 esac 4310 "${dd_cmd[@]}" 4311 4312 # Run the component in a subshell, with error trapping and output 4313 # redirection set up based on the relevant options. 4314 if [ $KEEP_GOING -eq 1 ]; then 4315 # We want to keep running if the subshell fails, so 'set -e' must 4316 # be off when the subshell runs. 4317 set +e 4318 fi 4319 ( 4320 if [ $QUIET -eq 1 ]; then 4321 # msg() will be silenced, so just print the component name here. 4322 echo "${current_component#component_}" 4323 exec >/dev/null 4324 fi 4325 if [ $KEEP_GOING -eq 1 ]; then 4326 # Keep "set -e" off, and run an ERR trap instead to record failures. 4327 set -E 4328 trap err_trap ERR 4329 fi 4330 # The next line is what runs the component 4331 "$@" 4332 if [ $KEEP_GOING -eq 1 ]; then 4333 trap - ERR 4334 exit $last_failure_status 4335 fi 4336 ) 4337 component_status=$? 4338 if [ $KEEP_GOING -eq 1 ]; then 4339 set -e 4340 if [ $component_status -ne 0 ]; then 4341 failure_count=$((failure_count + 1)) 4342 fi 4343 fi 4344 4345 # Restore the build tree to a clean state. 4346 cleanup 4347 unset current_component 4348} 4349 4350# Preliminary setup 4351pre_check_environment 4352pre_initialize_variables 4353pre_parse_command_line "$@" 4354 4355pre_check_git 4356pre_restore_files 4357pre_back_up 4358 4359build_status=0 4360if [ $KEEP_GOING -eq 1 ]; then 4361 pre_setup_keep_going 4362fi 4363pre_prepare_outcome_file 4364pre_print_configuration 4365pre_check_tools 4366cleanup 4367pre_generate_files 4368 4369# Run the requested tests. 4370for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do 4371 run_component pseudo_component_error_test 4372done 4373unset error_test_i 4374for component in $RUN_COMPONENTS; do 4375 run_component "component_$component" 4376done 4377 4378# We're done. 4379post_report 4380
