1#! /usr/bin/env bash 2 3# all.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 7# 8# Licensed under the Apache License, Version 2.0 (the "License"); you may 9# not use this file except in compliance with the License. 10# You may obtain a copy of the License at 11# 12# http://www.apache.org/licenses/LICENSE-2.0 13# 14# Unless required by applicable law or agreed to in writing, software 15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17# See the License for the specific language governing permissions and 18# limitations under the License. 19 20 21 22################################################################ 23#### Documentation 24################################################################ 25 26# Purpose 27# ------- 28# 29# To run all tests possible or available on the platform. 30# 31# Notes for users 32# --------------- 33# 34# Warning: the test is destructive. It includes various build modes and 35# configurations, and can and will arbitrarily change the current CMake 36# configuration. The following files must be committed into git: 37# * include/mbedtls/config.h 38# * Makefile, library/Makefile, programs/Makefile, tests/Makefile, 39# programs/fuzz/Makefile 40# After running this script, the CMake cache will be lost and CMake 41# will no longer be initialised. 42# 43# The script assumes the presence of a number of tools: 44# * Basic Unix tools (Windows users note: a Unix-style find must be before 45# the Windows find in the PATH) 46# * Perl 47# * GNU Make 48# * CMake 49# * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind) 50# * G++ 51# * arm-gcc and mingw-gcc 52# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc 53# * OpenSSL and GnuTLS command line tools, recent enough for the 54# interoperability tests. If they don't support SSLv3 then a legacy 55# version of these tools must be present as well (search for LEGACY 56# below). 57# See the invocation of check_tools below for details. 58# 59# This script must be invoked from the toplevel directory of a git 60# working copy of Mbed TLS. 61# 62# The behavior on an error depends on whether --keep-going (alias -k) 63# is in effect. 64# * Without --keep-going: the script stops on the first error without 65# cleaning up. This lets you work in the configuration of the failing 66# component. 67# * With --keep-going: the script runs all requested components and 68# reports failures at the end. In particular the script always cleans 69# up on exit. 70# 71# Note that the output is not saved. You may want to run 72# script -c tests/scripts/all.sh 73# or 74# tests/scripts/all.sh >all.log 2>&1 75# 76# Notes for maintainers 77# --------------------- 78# 79# The bulk of the code is organized into functions that follow one of the 80# following naming conventions: 81# * pre_XXX: things to do before running the tests, in order. 82# * component_XXX: independent components. They can be run in any order. 83# * component_check_XXX: quick tests that aren't worth parallelizing. 84# * component_build_XXX: build things but don't run them. 85# * component_test_XXX: build and test. 86# * support_XXX: if support_XXX exists and returns false then 87# component_XXX is not run by default. 88# * post_XXX: things to do after running the tests. 89# * other: miscellaneous support functions. 90# 91# Each component must start by invoking `msg` with a short informative message. 92# 93# Warning: due to the way bash detects errors, the failure of a command 94# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'. 95# 96# Each component is executed in a separate shell process. The component 97# fails if any command in it returns a non-zero status. 98# 99# The framework performs some cleanup tasks after each component. This 100# means that components can assume that the working directory is in a 101# cleaned-up state, and don't need to perform the cleanup themselves. 102# * Run `make clean`. 103# * Restore `include/mbedtks/config.h` from a backup made before running 104# the component. 105# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`, 106# `tests/Makefile` and `programs/fuzz/Makefile` from git. 107# This cleans up after an in-tree use of CMake. 108# 109# The tests are roughly in order from fastest to slowest. This doesn't 110# have to be exact, but in general you should add slower tests towards 111# the end and fast checks near the beginning. 112 113 114 115################################################################ 116#### Initialization and command line parsing 117################################################################ 118 119# Abort on errors (even on the left-hand side of a pipe). 120# Treat uninitialised variables as errors. 121set -e -o pipefail -u 122 123pre_check_environment () { 124 if [ -d library -a -d include -a -d tests ]; then :; else 125 echo "Must be run from mbed TLS root" >&2 126 exit 1 127 fi 128} 129 130pre_initialize_variables () { 131 CONFIG_H='include/mbedtls/config.h' 132 CRYPTO_CONFIG_H='include/psa/crypto_config.h' 133 134 # Files that are clobbered by some jobs will be backed up. Use a different 135 # suffix from auxiliary scripts so that all.sh and auxiliary scripts can 136 # independently decide when to remove the backup file. 137 backup_suffix='.all.bak' 138 # Files clobbered by config.py 139 files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H" 140 # Files clobbered by in-tree cmake 141 files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile" 142 143 append_outcome=0 144 MEMORY=0 145 FORCE=0 146 QUIET=0 147 KEEP_GOING=0 148 149 # Seed value used with the --release-test option. 150 # 151 # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if 152 # both values are kept in sync. If you change the value here because it 153 # breaks some tests, you'll definitely want to change it in 154 # basic-build-test.sh as well. 155 RELEASE_SEED=1 156 157 : ${MBEDTLS_TEST_OUTCOME_FILE=} 158 : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} 159 export MBEDTLS_TEST_OUTCOME_FILE 160 export MBEDTLS_TEST_PLATFORM 161 162 # Default commands, can be overridden by the environment 163 : ${OPENSSL:="openssl"} 164 : ${OPENSSL_LEGACY:="$OPENSSL"} 165 : ${OPENSSL_NEXT:="$OPENSSL"} 166 : ${GNUTLS_CLI:="gnutls-cli"} 167 : ${GNUTLS_SERV:="gnutls-serv"} 168 : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} 169 : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} 170 : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} 171 : ${ARMC5_BIN_DIR:=/usr/bin} 172 : ${ARMC6_BIN_DIR:=/usr/bin} 173 : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-} 174 : ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-} 175 176 # if MAKEFLAGS is not set add the -j option to speed up invocations of make 177 if [ -z "${MAKEFLAGS+set}" ]; then 178 export MAKEFLAGS="-j$(all_sh_nproc)" 179 fi 180 181 # Include more verbose output for failing tests run by CMake or make 182 export CTEST_OUTPUT_ON_FAILURE=1 183 184 # CFLAGS and LDFLAGS for Asan builds that don't use CMake 185 ASAN_CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all' 186 187 # Gather the list of available components. These are the functions 188 # defined in this script whose name starts with "component_". 189 # Parse the script with sed. This way we get the functions in the order 190 # they are defined. 191 ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0") 192 193 # Exclude components that are not supported on this platform. 194 SUPPORTED_COMPONENTS= 195 for component in $ALL_COMPONENTS; do 196 case $(type "support_$component" 2>&1) in 197 *' function'*) 198 if ! support_$component; then continue; fi;; 199 esac 200 SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component" 201 done 202} 203 204# Test whether the component $1 is included in the command line patterns. 205is_component_included() 206{ 207 # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS 208 # only does word splitting. 209 set -f 210 for pattern in $COMMAND_LINE_COMPONENTS; do 211 set +f 212 case ${1#component_} in $pattern) return 0;; esac 213 done 214 set +f 215 return 1 216} 217 218usage() 219{ 220 cat <<EOF 221Usage: $0 [OPTION]... [COMPONENT]... 222Run mbedtls release validation tests. 223By default, run all tests. With one or more COMPONENT, run only those. 224COMPONENT can be the name of a component or a shell wildcard pattern. 225 226Examples: 227 $0 "check_*" 228 Run all sanity checks. 229 $0 --no-armcc --except test_memsan 230 Run everything except builds that require armcc and MemSan. 231 232Special options: 233 -h|--help Print this help and exit. 234 --list-all-components List all available test components and exit. 235 --list-components List components supported on this platform and exit. 236 237General options: 238 -q|--quiet Only output component names, and errors if any. 239 -f|--force Force the tests to overwrite any modified files. 240 -k|--keep-going Run all tests and report errors at the end. 241 -m|--memory Additional optional memory tests. 242 --append-outcome Append to the outcome file (if used). 243 --arm-none-eabi-gcc-prefix=<string> 244 Prefix for a cross-compiler for arm-none-eabi 245 (default: "${ARM_NONE_EABI_GCC_PREFIX}") 246 --arm-linux-gnueabi-gcc-prefix=<string> 247 Prefix for a cross-compiler for arm-linux-gnueabi 248 (default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}") 249 --armcc Run ARM Compiler builds (on by default). 250 --restore First clean up the build tree, restoring backed up 251 files. Do not run any components unless they are 252 explicitly specified. 253 --error-test Error test mode: run a failing function in addition 254 to any specified component. May be repeated. 255 --except Exclude the COMPONENTs listed on the command line, 256 instead of running only those. 257 --no-append-outcome Write a new outcome file and analyze it (default). 258 --no-armcc Skip ARM Compiler builds. 259 --no-force Refuse to overwrite modified files (default). 260 --no-keep-going Stop at the first error (default). 261 --no-memory No additional memory tests (default). 262 --no-quiet Print full ouput from components. 263 --out-of-source-dir=<path> Directory used for CMake out-of-source build tests. 264 --outcome-file=<path> File where test outcomes are written (not done if 265 empty; default: \$MBEDTLS_TEST_OUTCOME_FILE). 266 --random-seed Use a random seed value for randomized tests (default). 267 -r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}. 268 -s|--seed Integer seed value to use for this test run. 269 270Tool path options: 271 --armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory. 272 --armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory. 273 --gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests. 274 --gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests. 275 --gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests. 276 --gnutls-legacy-serv=<GnuTLS_serv_path> GnuTLS server executable to use for legacy tests. 277 --openssl=<OpenSSL_path> OpenSSL executable to use for most tests. 278 --openssl-legacy=<OpenSSL_path> OpenSSL executable to use for legacy tests e.g. SSLv3. 279 --openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA 280EOF 281} 282 283# Cleanup before/after running a component. 284# Remove built files as well as the cmake cache/config. 285# Does not remove generated source files. 286cleanup() 287{ 288 command make clean 289 290 # Remove CMake artefacts 291 find . -name .git -prune -o \ 292 -iname CMakeFiles -exec rm -rf {} \+ -o \ 293 \( -iname cmake_install.cmake -o \ 294 -iname CTestTestfile.cmake -o \ 295 -iname CMakeCache.txt \) -exec rm {} \+ 296 # Recover files overwritten by in-tree CMake builds 297 rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile 298 299 # Remove any artifacts from the component_test_cmake_as_subdirectory test. 300 rm -rf programs/test/cmake_subproject/build 301 rm -f programs/test/cmake_subproject/Makefile 302 rm -f programs/test/cmake_subproject/cmake_subproject 303 304 # Restore files that may have been clobbered by the job 305 for x in $files_to_back_up; do 306 cp -p "$x$backup_suffix" "$x" 307 done 308} 309 310# Final cleanup when this script exits (except when exiting on a failure 311# in non-keep-going mode). 312final_cleanup () { 313 cleanup 314 315 for x in $files_to_back_up; do 316 rm -f "$x$backup_suffix" 317 done 318} 319 320# Executed on exit. May be redefined depending on command line options. 321final_report () { 322 : 323} 324 325fatal_signal () { 326 final_cleanup 327 final_report $1 328 trap - $1 329 kill -$1 $$ 330} 331 332trap 'fatal_signal HUP' HUP 333trap 'fatal_signal INT' INT 334trap 'fatal_signal TERM' TERM 335 336# Number of processors on this machine. Used as the default setting 337# for parallel make. 338all_sh_nproc () 339{ 340 { 341 nproc || # Linux 342 sysctl -n hw.ncpuonline || # NetBSD, OpenBSD 343 sysctl -n hw.ncpu || # FreeBSD 344 echo 1 345 } 2>/dev/null 346} 347 348msg() 349{ 350 if [ -n "${current_component:-}" ]; then 351 current_section="${current_component#component_}: $1" 352 else 353 current_section="$1" 354 fi 355 356 if [ $QUIET -eq 1 ]; then 357 return 358 fi 359 360 echo "" 361 echo "******************************************************************" 362 echo "* $current_section " 363 printf "* "; date 364 echo "******************************************************************" 365} 366 367armc6_build_test() 368{ 369 FLAGS="$1" 370 371 msg "build: ARM Compiler 6 ($FLAGS)" 372 ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ 373 WARNING_CFLAGS='-xc -std=c99' make lib 374 375 msg "size: ARM Compiler 6 ($FLAGS)" 376 "$ARMC6_FROMELF" -z library/*.o 377 378 make clean 379} 380 381err_msg() 382{ 383 echo "$1" >&2 384} 385 386check_tools() 387{ 388 for TOOL in "$@"; do 389 if ! `type "$TOOL" >/dev/null 2>&1`; then 390 err_msg "$TOOL not found!" 391 exit 1 392 fi 393 done 394} 395 396pre_parse_command_line () { 397 COMMAND_LINE_COMPONENTS= 398 all_except=0 399 error_test=0 400 restore_first=0 401 no_armcc= 402 403 # Note that legacy options are ignored instead of being omitted from this 404 # list of options, so invocations that worked with previous version of 405 # all.sh will still run and work properly. 406 while [ $# -gt 0 ]; do 407 case "$1" in 408 --append-outcome) append_outcome=1;; 409 --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";; 410 --arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";; 411 --armcc) no_armcc=;; 412 --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; 413 --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; 414 --error-test) error_test=$((error_test + 1));; 415 --except) all_except=1;; 416 --force|-f) FORCE=1;; 417 --gnutls-cli) shift; GNUTLS_CLI="$1";; 418 --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; 419 --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; 420 --gnutls-serv) shift; GNUTLS_SERV="$1";; 421 --help|-h) usage; exit;; 422 --keep-going|-k) KEEP_GOING=1;; 423 --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;; 424 --list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;; 425 --memory|-m) MEMORY=1;; 426 --no-append-outcome) append_outcome=0;; 427 --no-armcc) no_armcc=1;; 428 --no-force) FORCE=0;; 429 --no-keep-going) KEEP_GOING=0;; 430 --no-memory) MEMORY=0;; 431 --no-quiet) QUIET=0;; 432 --openssl) shift; OPENSSL="$1";; 433 --openssl-legacy) shift; OPENSSL_LEGACY="$1";; 434 --openssl-next) shift; OPENSSL_NEXT="$1";; 435 --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";; 436 --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; 437 --quiet|-q) QUIET=1;; 438 --random-seed) unset SEED;; 439 --release-test|-r) SEED=$RELEASE_SEED;; 440 --restore) restore_first=1;; 441 --seed|-s) shift; SEED="$1";; 442 -*) 443 echo >&2 "Unknown option: $1" 444 echo >&2 "Run $0 --help for usage." 445 exit 120 446 ;; 447 *) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";; 448 esac 449 shift 450 done 451 452 # With no list of components, run everything. 453 if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then 454 all_except=1 455 fi 456 457 # --no-armcc is a legacy option. The modern way is --except '*_armcc*'. 458 # Ignore it if components are listed explicitly on the command line. 459 if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then 460 COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*" 461 fi 462 463 # Error out if an explicitly requested component doesn't exist. 464 if [ $all_except -eq 0 ]; then 465 unsupported=0 466 # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS 467 # only does word splitting. 468 set -f 469 for component in $COMMAND_LINE_COMPONENTS; do 470 set +f 471 # If the requested name includes a wildcard character, don't 472 # check it. Accept wildcard patterns that don't match anything. 473 case $component in 474 *[*?\[]*) continue;; 475 esac 476 case " $SUPPORTED_COMPONENTS " in 477 *" $component "*) :;; 478 *) 479 echo >&2 "Component $component was explicitly requested, but is not known or not supported." 480 unsupported=$((unsupported + 1));; 481 esac 482 done 483 set +f 484 if [ $unsupported -ne 0 ]; then 485 exit 2 486 fi 487 fi 488 489 # Build the list of components to run. 490 RUN_COMPONENTS= 491 for component in $SUPPORTED_COMPONENTS; do 492 if is_component_included "$component"; [ $? -eq $all_except ]; then 493 RUN_COMPONENTS="$RUN_COMPONENTS $component" 494 fi 495 done 496 497 unset all_except 498 unset no_armcc 499} 500 501pre_check_git () { 502 if [ $FORCE -eq 1 ]; then 503 rm -rf "$OUT_OF_SOURCE_DIR" 504 git checkout-index -f -q $CONFIG_H 505 cleanup 506 else 507 508 if [ -d "$OUT_OF_SOURCE_DIR" ]; then 509 echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2 510 echo "You can either delete this directory manually, or force the test by rerunning" 511 echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR" 512 exit 1 513 fi 514 515 if ! git diff --quiet include/mbedtls/config.h; then 516 err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " 517 echo "You can either delete or preserve your work, or force the test by rerunning the" 518 echo "script as: $0 --force" 519 exit 1 520 fi 521 fi 522} 523 524pre_restore_files () { 525 # If the makefiles have been generated by a framework such as cmake, 526 # restore them from git. If the makefiles look like modifications from 527 # the ones checked into git, take care not to modify them. Whatever 528 # this function leaves behind is what the script will restore before 529 # each component. 530 case "$(head -n1 Makefile)" in 531 *[Gg]enerated*) 532 git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile 533 git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile 534 ;; 535 esac 536} 537 538pre_back_up () { 539 for x in $files_to_back_up; do 540 cp -p "$x" "$x$backup_suffix" 541 done 542} 543 544pre_setup_keep_going () { 545 failure_count=0 # Number of failed components 546 last_failure_status=0 # Last failure status in this component 547 548 # See err_trap 549 previous_failure_status=0 550 previous_failed_command= 551 previous_failure_funcall_depth=0 552 unset report_failed_command 553 554 start_red= 555 end_color= 556 if [ -t 1 ]; then 557 case "${TERM:-}" in 558 *color*|cygwin|linux|rxvt*|screen|[Eex]term*) 559 start_red=$(printf '\033[31m') 560 end_color=$(printf '\033[0m') 561 ;; 562 esac 563 fi 564 565 # Keep a summary of failures in a file. We'll print it out at the end. 566 failure_summary_file=$PWD/all-sh-failures-$$.log 567 : >"$failure_summary_file" 568 569 # Whether it makes sense to keep a component going after the specified 570 # command fails (test command) or not (configure or build). 571 # This function normally receives the failing simple command 572 # ($BASH_COMMAND) as an argument, but if $report_failed_command is set, 573 # this is passed instead. 574 # This doesn't have to be 100% accurate: all failures are recorded anyway. 575 # False positives result in running things that can't be expected to 576 # work. False negatives result in things not running after something else 577 # failed even though they might have given useful feedback. 578 can_keep_going_after_failure () { 579 case "$1" in 580 "msg "*) false;; 581 "cd "*) false;; 582 *make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ... 583 *test*) true;; # make test, tests/stuff, env V=v tests/stuff, ... 584 *make*check*) true;; 585 "grep "*) true;; 586 "[ "*) true;; 587 "! "*) true;; 588 *) false;; 589 esac 590 } 591 592 # This function runs if there is any error in a component. 593 # It must either exit with a nonzero status, or set 594 # last_failure_status to a nonzero value. 595 err_trap () { 596 # Save $? (status of the failing command). This must be the very 597 # first thing, before $? is overridden. 598 last_failure_status=$? 599 failed_command=${report_failed_command-$BASH_COMMAND} 600 601 if [[ $last_failure_status -eq $previous_failure_status && 602 "$failed_command" == "$previous_failed_command" && 603 ${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]] 604 then 605 # The same command failed twice in a row, but this time one level 606 # less deep in the function call stack. This happens when the last 607 # command of a function returns a nonzero status, and the function 608 # returns that same status. Ignore the second failure. 609 previous_failure_funcall_depth=${#FUNCNAME[@]} 610 return 611 fi 612 previous_failure_status=$last_failure_status 613 previous_failed_command=$failed_command 614 previous_failure_funcall_depth=${#FUNCNAME[@]} 615 616 text="$current_section: $failed_command -> $last_failure_status" 617 echo "${start_red}^^^^$text^^^^${end_color}" >&2 618 echo "$text" >>"$failure_summary_file" 619 620 # If the command is fatal (configure or build command), stop this 621 # component. Otherwise (test command) keep the component running 622 # (run more tests from the same build). 623 if ! can_keep_going_after_failure "$failed_command"; then 624 exit $last_failure_status 625 fi 626 } 627 628 final_report () { 629 if [ $failure_count -gt 0 ]; then 630 echo 631 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" 632 echo "${start_red}FAILED: $failure_count components${end_color}" 633 cat "$failure_summary_file" 634 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" 635 elif [ -z "${1-}" ]; then 636 echo "SUCCESS :)" 637 fi 638 if [ -n "${1-}" ]; then 639 echo "Killed by SIG$1." 640 fi 641 rm -f "$failure_summary_file" 642 if [ $failure_count -gt 0 ]; then 643 exit 1 644 fi 645 } 646} 647 648# record_status() and if_build_succeeded() are kept temporarily for backward 649# compatibility. Don't use them in new components. 650record_status () { 651 "$@" 652} 653if_build_succeeded () { 654 "$@" 655} 656 657# '! true' does not trigger the ERR trap. Arrange to trigger it, with 658# a reasonably informative error message (not just "$@"). 659not () { 660 if "$@"; then 661 report_failed_command="! $*" 662 false 663 unset report_failed_command 664 fi 665} 666 667pre_prepare_outcome_file () { 668 case "$MBEDTLS_TEST_OUTCOME_FILE" in 669 [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";; 670 esac 671 if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then 672 rm -f "$MBEDTLS_TEST_OUTCOME_FILE" 673 fi 674} 675 676pre_print_configuration () { 677 if [ $QUIET -eq 1 ]; then 678 return 679 fi 680 681 msg "info: $0 configuration" 682 echo "MEMORY: $MEMORY" 683 echo "FORCE: $FORCE" 684 echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}" 685 echo "SEED: ${SEED-"UNSET"}" 686 echo 687 echo "OPENSSL: $OPENSSL" 688 echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" 689 echo "OPENSSL_NEXT: $OPENSSL_NEXT" 690 echo "GNUTLS_CLI: $GNUTLS_CLI" 691 echo "GNUTLS_SERV: $GNUTLS_SERV" 692 echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" 693 echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" 694 echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR" 695 echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR" 696} 697 698# Make sure the tools we need are available. 699pre_check_tools () { 700 # Build the list of variables to pass to output_env.sh. 701 set env 702 703 case " $RUN_COMPONENTS " in 704 # Require OpenSSL and GnuTLS if running any tests (as opposed to 705 # only doing builds). Not all tests run OpenSSL and GnuTLS, but this 706 # is a good enough approximation in practice. 707 *" test_"*) 708 # To avoid setting OpenSSL and GnuTLS for each call to compat.sh 709 # and ssl-opt.sh, we just export the variables they require. 710 export OPENSSL_CMD="$OPENSSL" 711 export GNUTLS_CLI="$GNUTLS_CLI" 712 export GNUTLS_SERV="$GNUTLS_SERV" 713 # Avoid passing --seed flag in every call to ssl-opt.sh 714 if [ -n "${SEED-}" ]; then 715 export SEED 716 fi 717 set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" 718 set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV" 719 set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" 720 set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" 721 check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ 722 "$GNUTLS_CLI" "$GNUTLS_SERV" \ 723 "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" 724 ;; 725 esac 726 727 case " $RUN_COMPONENTS " in 728 *_doxygen[_\ ]*) check_tools "doxygen" "dot";; 729 esac 730 731 case " $RUN_COMPONENTS " in 732 *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";; 733 esac 734 735 case " $RUN_COMPONENTS " in 736 *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";; 737 esac 738 739 case " $RUN_COMPONENTS " in 740 *" test_zeroize "*) check_tools "gdb";; 741 esac 742 743 case " $RUN_COMPONENTS " in 744 *_armcc*) 745 ARMC5_CC="$ARMC5_BIN_DIR/armcc" 746 ARMC5_AR="$ARMC5_BIN_DIR/armar" 747 ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf" 748 ARMC6_CC="$ARMC6_BIN_DIR/armclang" 749 ARMC6_AR="$ARMC6_BIN_DIR/armar" 750 ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf" 751 check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \ 752 "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";; 753 esac 754 755 # past this point, no call to check_tool, only printing output 756 if [ $QUIET -eq 1 ]; then 757 return 758 fi 759 760 msg "info: output_env.sh" 761 case $RUN_COMPONENTS in 762 *_armcc*) 763 set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;; 764 *) set "$@" RUN_ARMCC=0;; 765 esac 766 "$@" scripts/output_env.sh 767} 768 769 770 771################################################################ 772#### Basic checks 773################################################################ 774 775# 776# Test Suites to be executed 777# 778# The test ordering tries to optimize for the following criteria: 779# 1. Catch possible problems early, by running first tests that run quickly 780# and/or are more likely to fail than others (eg I use Clang most of the 781# time, so start with a GCC build). 782# 2. Minimize total running time, by avoiding useless rebuilds 783# 784# Indicative running times are given for reference. 785 786component_check_recursion () { 787 msg "Check: recursion.pl" # < 1s 788 tests/scripts/recursion.pl library/*.c 789} 790 791component_check_generated_files () { 792 msg "Check: freshness of generated source files" # < 1s 793 tests/scripts/check-generated-files.sh 794} 795 796component_check_doxy_blocks () { 797 msg "Check: doxygen markup outside doxygen blocks" # < 1s 798 tests/scripts/check-doxy-blocks.pl 799} 800 801component_check_files () { 802 msg "Check: file sanity checks (permissions, encodings)" # < 1s 803 tests/scripts/check_files.py 804} 805 806component_check_changelog () { 807 msg "Check: changelog entries" # < 1s 808 rm -f ChangeLog.new 809 scripts/assemble_changelog.py -o ChangeLog.new 810 if [ -e ChangeLog.new ]; then 811 # Show the diff for information. It isn't an error if the diff is 812 # non-empty. 813 diff -u ChangeLog ChangeLog.new || true 814 rm ChangeLog.new 815 fi 816} 817 818component_check_names () { 819 msg "Check: declared and exported names (builds the library)" # < 3s 820 tests/scripts/check_names.py -v 821} 822 823component_check_test_cases () { 824 msg "Check: test case descriptions" # < 1s 825 if [ $QUIET -eq 1 ]; then 826 opt='--quiet' 827 else 828 opt='' 829 fi 830 tests/scripts/check_test_cases.py $opt 831 unset opt 832} 833 834component_check_doxygen_warnings () { 835 msg "Check: doxygen warnings (builds the documentation)" # ~ 3s 836 tests/scripts/doxygen.sh 837} 838 839 840 841################################################################ 842#### Build and test many configurations and targets 843################################################################ 844 845component_test_default_out_of_box () { 846 msg "build: make, default config (out-of-box)" # ~1min 847 make 848 # Disable fancy stuff 849 SAVE_MBEDTLS_TEST_OUTCOME_FILE="$MBEDTLS_TEST_OUTCOME_FILE" 850 unset MBEDTLS_TEST_OUTCOME_FILE 851 852 msg "test: main suites make, default config (out-of-box)" # ~10s 853 make test 854 855 msg "selftest: make, default config (out-of-box)" # ~10s 856 programs/test/selftest 857 858 export MBEDTLS_TEST_OUTCOME_FILE="$SAVE_MBEDTLS_TEST_OUTCOME_FILE" 859 unset SAVE_MBEDTLS_TEST_OUTCOME_FILE 860} 861 862component_test_default_cmake_gcc_asan () { 863 msg "build: cmake, gcc, ASan" # ~ 1 min 50s 864 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 865 make 866 867 msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s 868 make test 869 870 msg "test: selftest (ASan build)" # ~ 10s 871 programs/test/selftest 872 873 msg "test: ssl-opt.sh (ASan build)" # ~ 1 min 874 tests/ssl-opt.sh 875 876 msg "test: compat.sh (ASan build)" # ~ 6 min 877 tests/compat.sh 878 879 msg "test: context-info.sh (ASan build)" # ~ 15 sec 880 tests/context-info.sh 881} 882 883component_test_full_cmake_gcc_asan () { 884 msg "build: full config, cmake, gcc, ASan" 885 scripts/config.py full 886 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 887 make 888 889 msg "test: main suites (inc. selftests) (full config, ASan build)" 890 make test 891 892 msg "test: selftest (ASan build)" # ~ 10s 893 programs/test/selftest 894 895 msg "test: ssl-opt.sh (full config, ASan build)" 896 tests/ssl-opt.sh 897 898 msg "test: compat.sh (full config, ASan build)" 899 tests/compat.sh 900 901 msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec 902 tests/context-info.sh 903} 904 905component_test_psa_crypto_key_id_encodes_owner () { 906 msg "build: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" 907 scripts/config.py full 908 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 909 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 910 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 911 make 912 913 msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" 914 make test 915} 916 917# check_renamed_symbols HEADER LIB 918# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol 919# name is LIB. 920check_renamed_symbols () { 921 ! nm "$2" | sed 's/.* //' | 922 grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")" 923} 924 925component_build_psa_crypto_spm () { 926 msg "build: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc" 927 scripts/config.py full 928 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 929 scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS 930 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 931 scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM 932 # We can only compile, not link, since our test and sample programs 933 # aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM 934 # is active. 935 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib 936 937 # Check that if a symbol is renamed by crypto_spe.h, the non-renamed 938 # version is not present. 939 echo "Checking for renamed symbols in the library" 940 check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a 941} 942 943component_test_psa_crypto_client () { 944 msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make" 945 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C 946 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 947 scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT 948 make 949 950 msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make" 951 make test 952} 953 954component_test_zlib_make() { 955 msg "build: zlib enabled, make" 956 scripts/config.py set MBEDTLS_ZLIB_SUPPORT 957 make ZLIB=1 CFLAGS='-Werror -O2' 958 959 msg "test: main suites (zlib, make)" 960 make test 961 962 msg "test: ssl-opt.sh (zlib, make)" 963 tests/ssl-opt.sh 964} 965support_test_zlib_make () { 966 base=support_test_zlib_$$ 967 cat <<'EOF' > ${base}.c 968#include "zlib.h" 969int main(void) { return 0; } 970EOF 971 gcc -o ${base}.exe ${base}.c -lz 2>/dev/null 972 ret=$? 973 rm -f ${base}.* 974 return $ret 975} 976 977component_test_zlib_cmake() { 978 msg "build: zlib enabled, cmake" 979 scripts/config.py set MBEDTLS_ZLIB_SUPPORT 980 cmake -D ENABLE_ZLIB_SUPPORT=On -D CMAKE_BUILD_TYPE:String=Release . 981 make 982 983 msg "test: main suites (zlib, cmake)" 984 make test 985 986 msg "test: ssl-opt.sh (zlib, cmake)" 987 tests/ssl-opt.sh 988} 989support_test_zlib_cmake () { 990 support_test_zlib_make "$@" 991} 992 993component_test_psa_crypto_rsa_no_genprime() { 994 msg "build: default config minus MBEDTLS_GENPRIME" 995 scripts/config.py unset MBEDTLS_GENPRIME 996 make 997 998 msg "test: default config minus MBEDTLS_GENPRIME" 999 make test 1000} 1001 1002component_test_ref_configs () { 1003 msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s 1004 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1005 tests/scripts/test-ref-configs.pl 1006} 1007 1008component_test_sslv3 () { 1009 msg "build: Default + SSLv3 (ASan build)" # ~ 6 min 1010 scripts/config.py set MBEDTLS_SSL_PROTO_SSL3 1011 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1012 make 1013 1014 msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s 1015 make test 1016 1017 msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min 1018 tests/compat.sh -m 'tls1 tls1_1 tls12 dtls1 dtls12' 1019 env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' 1020 1021 msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min 1022 tests/ssl-opt.sh 1023 1024 msg "build: SSLv3 - context-info.sh (ASan build)" # ~ 15 sec 1025 tests/context-info.sh 1026} 1027 1028component_test_no_renegotiation () { 1029 msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min 1030 scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION 1031 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1032 make 1033 1034 msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s 1035 make test 1036 1037 msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min 1038 tests/ssl-opt.sh 1039} 1040 1041component_test_no_pem_no_fs () { 1042 msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)" 1043 scripts/config.py unset MBEDTLS_PEM_PARSE_C 1044 scripts/config.py unset MBEDTLS_FS_IO 1045 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem 1046 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS 1047 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1048 make 1049 1050 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s 1051 make test 1052 1053 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min 1054 tests/ssl-opt.sh 1055} 1056 1057component_test_rsa_no_crt () { 1058 msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min 1059 scripts/config.py set MBEDTLS_RSA_NO_CRT 1060 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1061 make 1062 1063 msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s 1064 make test 1065 1066 msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s 1067 tests/ssl-opt.sh -f RSA 1068 1069 msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min 1070 tests/compat.sh -t RSA 1071 1072 msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec 1073 tests/context-info.sh 1074} 1075 1076component_test_no_ctr_drbg_classic () { 1077 msg "build: Full minus CTR_DRBG, classic crypto in TLS" 1078 scripts/config.py full 1079 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1080 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1081 1082 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1083 make 1084 1085 msg "test: Full minus CTR_DRBG, classic crypto - main suites" 1086 make test 1087 1088 # In this configuration, the TLS test programs use HMAC_DRBG. 1089 # The SSL tests are slow, so run a small subset, just enough to get 1090 # confidence that the SSL code copes with HMAC_DRBG. 1091 msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)" 1092 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' 1093 1094 msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)" 1095 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL 1096} 1097 1098component_test_no_ctr_drbg_use_psa () { 1099 msg "build: Full minus CTR_DRBG, PSA crypto in TLS" 1100 scripts/config.py full 1101 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1102 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1103 1104 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1105 make 1106 1107 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites" 1108 make test 1109 1110 # In this configuration, the TLS test programs use HMAC_DRBG. 1111 # The SSL tests are slow, so run a small subset, just enough to get 1112 # confidence that the SSL code copes with HMAC_DRBG. 1113 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" 1114 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' 1115 1116 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)" 1117 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL 1118} 1119 1120component_test_no_hmac_drbg_classic () { 1121 msg "build: Full minus HMAC_DRBG, classic crypto in TLS" 1122 scripts/config.py full 1123 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1124 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1125 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1126 1127 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1128 make 1129 1130 msg "test: Full minus HMAC_DRBG, classic crypto - main suites" 1131 make test 1132 1133 # Normally our ECDSA implementation uses deterministic ECDSA. But since 1134 # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used 1135 # instead. 1136 # Test SSL with non-deterministic ECDSA. Only test features that 1137 # might be affected by how ECDSA signature is performed. 1138 msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)" 1139 tests/ssl-opt.sh -f 'Default\|SSL async private: sign' 1140 1141 # To save time, only test one protocol version, since this part of 1142 # the protocol is identical in (D)TLS up to 1.2. 1143 msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)" 1144 tests/compat.sh -m tls12 -t 'ECDSA' 1145} 1146 1147component_test_no_hmac_drbg_use_psa () { 1148 msg "build: Full minus HMAC_DRBG, PSA crypto in TLS" 1149 scripts/config.py full 1150 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1151 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1152 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1153 1154 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1155 make 1156 1157 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites" 1158 make test 1159 1160 # Normally our ECDSA implementation uses deterministic ECDSA. But since 1161 # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used 1162 # instead. 1163 # Test SSL with non-deterministic ECDSA. Only test features that 1164 # might be affected by how ECDSA signature is performed. 1165 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" 1166 tests/ssl-opt.sh -f 'Default\|SSL async private: sign' 1167 1168 # To save time, only test one protocol version, since this part of 1169 # the protocol is identical in (D)TLS up to 1.2. 1170 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)" 1171 tests/compat.sh -m tls12 -t 'ECDSA' 1172} 1173 1174component_test_psa_external_rng_no_drbg_classic () { 1175 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS" 1176 scripts/config.py full 1177 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1178 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 1179 scripts/config.py unset MBEDTLS_ENTROPY_C 1180 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 1181 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 1182 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1183 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1184 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1185 scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG 1186 # When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG, 1187 # the SSL test programs don't have an RNG and can't work. Explicitly 1188 # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG. 1189 make CFLAGS="$ASAN_CFLAGS -O2 -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS" 1190 1191 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites" 1192 make test 1193 1194 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)" 1195 tests/ssl-opt.sh -f 'Default' 1196} 1197 1198component_test_psa_external_rng_no_drbg_use_psa () { 1199 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS" 1200 scripts/config.py full 1201 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 1202 scripts/config.py unset MBEDTLS_ENTROPY_C 1203 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 1204 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 1205 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1206 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1207 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1208 scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG 1209 make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1210 1211 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" 1212 make test 1213 1214 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)" 1215 tests/ssl-opt.sh -f 'Default\|opaque' 1216} 1217 1218component_test_psa_external_rng_use_psa_crypto () { 1219 msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" 1220 scripts/config.py full 1221 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 1222 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1223 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1224 make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1225 1226 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" 1227 make test 1228 1229 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" 1230 tests/ssl-opt.sh -f 'Default\|opaque' 1231} 1232 1233component_test_ecp_no_internal_rng () { 1234 msg "build: Default plus ECP_NO_INTERNAL_RNG minus DRBG modules" 1235 scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG 1236 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1237 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1238 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1239 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG 1240 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto 1241 1242 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1243 make 1244 1245 msg "test: ECP_NO_INTERNAL_RNG, no DRBG module" 1246 make test 1247 1248 # no SSL tests as they all depend on having a DRBG 1249} 1250 1251component_test_ecp_restartable_no_internal_rng () { 1252 msg "build: Default plus ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG" 1253 scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG 1254 scripts/config.py set MBEDTLS_ECP_RESTARTABLE 1255 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1256 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1257 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1258 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # requires CTR_DRBG 1259 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto 1260 1261 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1262 make 1263 1264 msg "test: ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG module" 1265 make test 1266 1267 # no SSL tests as they all depend on having a DRBG 1268} 1269 1270component_test_new_ecdh_context () { 1271 msg "build: new ECDH context (ASan build)" # ~ 6 min 1272 scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT 1273 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1274 make 1275 1276 msg "test: new ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s 1277 make test 1278 1279 msg "test: new ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s 1280 tests/ssl-opt.sh -f ECDH 1281 1282 msg "test: new ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min 1283 # Exclude some symmetric ciphers that are redundant here to gain time. 1284 tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4' 1285} 1286 1287component_test_everest () { 1288 msg "build: Everest ECDH context (ASan build)" # ~ 6 min 1289 scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT 1290 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 1291 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan . 1292 make 1293 1294 msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s 1295 make test 1296 1297 msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s 1298 tests/ssl-opt.sh -f ECDH 1299 1300 msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min 1301 # Exclude some symmetric ciphers that are redundant here to gain time. 1302 tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4' 1303} 1304 1305component_test_everest_curve25519_only () { 1306 msg "build: Everest ECDH context, only Curve25519" # ~ 6 min 1307 scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT 1308 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 1309 scripts/config.py unset MBEDTLS_ECDSA_C 1310 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1311 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1312 # Disable all curves 1313 for c in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do 1314 scripts/config.py unset "$c" 1315 done 1316 scripts/config.py set MBEDTLS_ECP_DP_CURVE25519_ENABLED 1317 1318 make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1319 1320 msg "test: Everest ECDH context, only Curve25519" # ~ 50s 1321 make test 1322} 1323 1324component_test_small_ssl_out_content_len () { 1325 msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" 1326 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 1327 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 1328 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1329 make 1330 1331 msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" 1332 tests/ssl-opt.sh -f "Max fragment\|Large packet" 1333} 1334 1335component_test_small_ssl_in_content_len () { 1336 msg "build: small SSL_IN_CONTENT_LEN (ASan build)" 1337 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 4096 1338 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 1339 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1340 make 1341 1342 msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" 1343 tests/ssl-opt.sh -f "Max fragment" 1344} 1345 1346component_test_small_ssl_dtls_max_buffering () { 1347 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" 1348 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 1349 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1350 make 1351 1352 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" 1353 tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" 1354} 1355 1356component_test_small_mbedtls_ssl_dtls_max_buffering () { 1357 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" 1358 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190 1359 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1360 make 1361 1362 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" 1363 tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" 1364} 1365 1366component_test_psa_collect_statuses () { 1367 msg "build+test: psa_collect_statuses" # ~30s 1368 scripts/config.py full 1369 tests/scripts/psa_collect_statuses.py 1370 # Check that psa_crypto_init() succeeded at least once 1371 grep -q '^0:psa_crypto_init:' tests/statuses.log 1372 rm -f tests/statuses.log 1373} 1374 1375component_test_full_cmake_clang () { 1376 msg "build: cmake, full config, clang" # ~ 50s 1377 scripts/config.py full 1378 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On . 1379 make 1380 1381 msg "test: main suites (full config, clang)" # ~ 5s 1382 make test 1383 1384 msg "test: psa_constant_names (full config, clang)" # ~ 1s 1385 tests/scripts/test_psa_constant_names.py 1386 1387 msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s 1388 tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' 1389 1390 msg "test: compat.sh RC4, DES, 3DES & NULL (full config)" # ~ 2 min 1391 env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' 1392 1393 msg "test: compat.sh ARIA + ChachaPoly" 1394 env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' 1395} 1396 1397component_test_memsan_constant_flow () { 1398 # This tests both (1) accesses to undefined memory, and (2) branches or 1399 # memory access depending on secret values. To distinguish between those: 1400 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist? 1401 # - or alternatively, change the build type to MemSanDbg, which enables 1402 # origin tracking and nicer stack traces (which are useful for debugging 1403 # anyway), and check if the origin was TEST_CF_SECRET() or something else. 1404 msg "build: cmake MSan (clang), full config with constant flow testing" 1405 scripts/config.py full 1406 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN 1407 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm 1408 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . 1409 make 1410 1411 msg "test: main suites (Msan + constant flow)" 1412 make test 1413} 1414 1415component_test_valgrind_constant_flow () { 1416 # This tests both (1) everything that valgrind's memcheck usually checks 1417 # (heap buffer overflows, use of uninitialized memory, use-after-free, 1418 # etc.) and (2) branches or memory access depending on secret values, 1419 # which will be reported as uninitialized memory. To distinguish between 1420 # secret and actually uninitialized: 1421 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? 1422 # - or alternatively, build with debug info and manually run the offending 1423 # test suite with valgrind --track-origins=yes, then check if the origin 1424 # was TEST_CF_SECRET() or something else. 1425 msg "build: cmake release GCC, full config with constant flow testing" 1426 scripts/config.py full 1427 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND 1428 cmake -D CMAKE_BUILD_TYPE:String=Release . 1429 make 1430 1431 # this only shows a summary of the results (how many of each type) 1432 # details are left in Testing/<date>/DynamicAnalysis.xml 1433 msg "test: main suites (valgrind + constant flow)" 1434 make memcheck 1435} 1436 1437component_test_default_no_deprecated () { 1438 # Test that removing the deprecated features from the default 1439 # configuration leaves something consistent. 1440 msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s 1441 scripts/config.py set MBEDTLS_DEPRECATED_REMOVED 1442 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1443 1444 msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s 1445 make test 1446} 1447 1448component_test_full_no_deprecated () { 1449 msg "build: make, full_no_deprecated config" # ~ 30s 1450 scripts/config.py full_no_deprecated 1451 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1452 1453 msg "test: make, full_no_deprecated config" # ~ 5s 1454 make test 1455} 1456 1457component_test_full_no_deprecated_deprecated_warning () { 1458 # Test that there is nothing deprecated in "full_no_deprecated". 1459 # A deprecated feature would trigger a warning (made fatal) from 1460 # MBEDTLS_DEPRECATED_WARNING. 1461 msg "build: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 30s 1462 scripts/config.py full_no_deprecated 1463 scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED 1464 scripts/config.py set MBEDTLS_DEPRECATED_WARNING 1465 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1466 1467 msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s 1468 make test 1469} 1470 1471component_test_full_deprecated_warning () { 1472 # Test that when MBEDTLS_DEPRECATED_WARNING is enabled, the build passes 1473 # with only certain whitelisted types of warnings. 1474 msg "build: make, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s 1475 scripts/config.py full 1476 scripts/config.py set MBEDTLS_DEPRECATED_WARNING 1477 # Expect warnings from '#warning' directives in check_config.h. 1478 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs 1479 1480 msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s 1481 # Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features. 1482 # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set. 1483 # Expect warnings from '#warning' directives in check_config.h and 1484 # from the use of deprecated functions in test suites. 1485 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests 1486 1487 msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s 1488 make test 1489} 1490 1491# Check that the specified libraries exist and are empty. 1492are_empty_libraries () { 1493 nm "$@" >/dev/null 2>/dev/null 1494 ! nm "$@" 2>/dev/null | grep -v ':$' | grep . 1495} 1496 1497component_build_crypto_default () { 1498 msg "build: make, crypto only" 1499 scripts/config.py crypto 1500 make CFLAGS='-O1 -Werror' 1501 are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1502} 1503 1504component_build_crypto_full () { 1505 msg "build: make, crypto only, full config" 1506 scripts/config.py crypto_full 1507 make CFLAGS='-O1 -Werror' 1508 are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1509} 1510 1511component_build_crypto_baremetal () { 1512 msg "build: make, crypto only, baremetal config" 1513 scripts/config.py crypto_baremetal 1514 make CFLAGS='-O1 -Werror' 1515 are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1516} 1517 1518component_test_depends_curves () { 1519 msg "test/build: curves.pl (gcc)" # ~ 4 min 1520 tests/scripts/curves.pl 1521} 1522 1523component_test_depends_curves_psa () { 1524 msg "test/build: curves.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" 1525 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1526 tests/scripts/curves.pl 1527} 1528 1529component_test_depends_hashes () { 1530 msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min 1531 tests/scripts/depends-hashes.pl 1532} 1533 1534component_test_depends_hashes_psa () { 1535 msg "test/build: depends-hashes.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" 1536 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1537 tests/scripts/depends-hashes.pl 1538} 1539 1540component_test_depends_pkalgs () { 1541 msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min 1542 tests/scripts/depends-pkalgs.pl 1543} 1544 1545component_test_depends_pkalgs_psa () { 1546 msg "test/build: depends-pkalgs.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" 1547 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1548 tests/scripts/depends-pkalgs.pl 1549} 1550 1551component_build_key_exchanges () { 1552 msg "test/build: key-exchanges (gcc)" # ~ 1 min 1553 tests/scripts/key-exchanges.pl 1554} 1555 1556component_test_make_cxx () { 1557 msg "build: Unix make, full, gcc + g++" 1558 scripts/config.py full 1559 make TEST_CPP=1 lib programs 1560 1561 msg "test: cpp_dummy_build" 1562 programs/test/cpp_dummy_build 1563} 1564 1565component_test_no_use_psa_crypto_full_cmake_asan() { 1566 # full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh 1567 msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan" 1568 scripts/config.py full 1569 scripts/config.py set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC 1570 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C 1571 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1572 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C 1573 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 1574 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 1575 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1576 make 1577 1578 msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)" 1579 make test 1580 1581 msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)" 1582 tests/ssl-opt.sh 1583 1584 msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)" 1585 tests/compat.sh 1586 1587 msg "test: compat.sh RC4, DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)" 1588 env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' 1589 1590 msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)" 1591 env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' 1592} 1593 1594component_test_psa_crypto_config_accel_ecdsa () { 1595 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA" 1596 1597 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 1598 # partial support for cipher operations in the driver test library. 1599 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 1600 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 1601 1602 # SHA384 needed for some ECDSA signature tests. 1603 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C 1604 1605 loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" 1606 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 1607 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 1608 1609 # Restore test driver base configuration 1610 scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C 1611 1612 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1613 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1614 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1615 scripts/config.py unset MBEDTLS_ECDSA_C 1616 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1617 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1618 1619 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 1620 make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 1621 1622 unset loc_accel_flags 1623 unset loc_accel_list 1624 1625 if_build_succeeded not grep mbedtls_ecdsa_ library/ecdsa.o 1626 1627 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA" 1628 make test 1629} 1630 1631component_test_psa_crypto_config_accel_rsa_signature () { 1632 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" 1633 1634 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 1635 # partial support for cipher operations in the driver test library. 1636 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 1637 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 1638 1639 # It seems it is not possible to remove only the support for RSA signature 1640 # in the library. Thus we have to remove all RSA support (signature and 1641 # encryption/decryption). AS there is no driver support for asymmetric 1642 # encryption/decryption so far remove RSA encryption/decryption from the 1643 # application algorithm list. 1644 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 1645 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1646 1647 # Make sure both the library and the test library support the SHA hash 1648 # algorithms and only those ones (SHA256 is included by default). That way: 1649 # - the test library can compute the RSA signatures even in the case of a 1650 # composite RSA signature algorithm based on a SHA hash (no other hash 1651 # used in the unit tests). 1652 # - the dependency of RSA signature tests on PSA_WANT_ALG_SHA_xyz is 1653 # fulfilled as the hash SHA algorithm is supported by the library, and 1654 # thus the tests are run, not skipped. 1655 # - when testing a signature key with an algorithm wildcard built from 1656 # PSA_ALG_ANY_HASH as algorithm to test with the key, the chosen hash 1657 # algorithm based on the hashes supported by the library is also 1658 # supported by the test library. 1659 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 1660 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 1661 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1662 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160_C 1663 1664 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA1_C 1665 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C 1666 # We need PEM parsing in the test library as well to support the import 1667 # of PEM encoded RSA keys. 1668 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_PEM_PARSE_C 1669 scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_BASE64_C 1670 1671 loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY" 1672 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 1673 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 1674 1675 # Restore test driver base configuration 1676 scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA1_C 1677 scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C 1678 scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_PEM_PARSE_C 1679 scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_BASE64_C 1680 1681 1682 # Mbed TLS library build 1683 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1684 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1685 1686 # Remove RSA support and its dependencies 1687 scripts/config.py unset MBEDTLS_PKCS1_V15 1688 scripts/config.py unset MBEDTLS_PKCS1_V21 1689 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 1690 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 1691 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 1692 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 1693 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 1694 scripts/config.py unset MBEDTLS_RSA_C 1695 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT 1696 1697 scripts/config.py unset MBEDTLS_MD2_C 1698 scripts/config.py unset MBEDTLS_MD4_C 1699 scripts/config.py unset MBEDTLS_MD5_C 1700 scripts/config.py unset MBEDTLS_RIPEMD160_C 1701 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1 1702 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_1 1703 scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING 1704 1705 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 1706 make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 1707 1708 unset loc_accel_flags 1709 unset loc_accel_list 1710 1711 if_build_succeeded not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o 1712 if_build_succeeded not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o 1713 1714 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" 1715 make test 1716} 1717 1718component_test_psa_crypto_config_accel_hash () { 1719 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" 1720 1721 # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having 1722 # partial support for cipher operations in the driver test library. 1723 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 1724 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 1725 1726 loc_accel_list="ALG_MD4 ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" 1727 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 1728 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 1729 1730 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1731 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1732 scripts/config.py unset MBEDTLS_MD2_C 1733 scripts/config.py unset MBEDTLS_MD4_C 1734 scripts/config.py unset MBEDTLS_MD5_C 1735 scripts/config.py unset MBEDTLS_RIPEMD160_C 1736 scripts/config.py unset MBEDTLS_SHA1_C 1737 # Don't unset MBEDTLS_SHA256_C as it is needed by PSA crypto core. 1738 scripts/config.py unset MBEDTLS_SHA512_C 1739 # Unset MBEDTLS_SSL_PROTO_SSL3, MBEDTLS_SSL_PROTO_TLS1 and MBEDTLS_SSL_PROTO_TLS1_1 as they depend on MBEDTLS_SHA1_C 1740 scripts/config.py unset MBEDTLS_SSL_PROTO_SSL3 1741 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1 1742 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_1 1743 # Unset MBEDTLS_SSL_CBC_RECORD_SPLITTING as it depends on MBEDTLS_SSL_PROTO_TLS1 in the default configuration. 1744 scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING 1745 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 1746 make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 1747 1748 unset loc_accel_flags 1749 unset loc_accel_list 1750 1751 if_build_succeeded not grep mbedtls_sha512_init library/sha512.o 1752 if_build_succeeded not grep mbedtls_sha1_init library/sha1.o 1753 1754 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" 1755 make test 1756} 1757 1758component_test_psa_crypto_config_accel_cipher () { 1759 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher" 1760 1761 loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES" 1762 loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) 1763 make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" 1764 1765 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1766 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1767 1768 # There is no intended accelerator support for ALG STREAM_CIPHER and 1769 # ALG_ECB_NO_PADDING. Therefore, asking for them in the build implies the 1770 # inclusion of the Mbed TLS cipher operations. As we want to test here with 1771 # cipher operations solely supported by accelerators, disabled those 1772 # PSA configuration options. 1773 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 1774 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 1775 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CMAC 1776 1777 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC 1778 scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7 1779 scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR 1780 scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB 1781 scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB 1782 scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS 1783 scripts/config.py unset MBEDTLS_DES_C 1784 1785 loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" 1786 make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" 1787 1788 unset loc_accel_flags 1789 unset loc_accel_list 1790 1791 if_build_succeeded not grep mbedtls_des* library/des.o 1792 1793 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" 1794 make test 1795} 1796 1797component_test_psa_crypto_config_no_driver() { 1798 # full plus MBEDTLS_PSA_CRYPTO_CONFIG 1799 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" 1800 scripts/config.py full 1801 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1802 scripts/config.py unset MBEDTLS_PSA_CRYPTO_DRIVERS 1803 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1804 make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1805 1806 msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" 1807 make test 1808} 1809 1810component_test_psa_crypto_config_chachapoly_disabled() { 1811 # full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305 1812 msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305" 1813 scripts/config.py full 1814 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 1815 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_GCM 1816 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CHACHA20_POLY1305 1817 make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1818 1819 msg "test: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305" 1820 make test 1821} 1822 1823# This should be renamed to test and updated once the accelerator ECDSA code is in place and ready to test. 1824component_build_psa_accel_alg_ecdsa() { 1825 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA 1826 # without MBEDTLS_ECDSA_C 1827 # PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_DETERMINISTIC_ECDSA are already 1828 # set in include/psa/crypto_config.h 1829 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDSA without MBEDTLS_ECDSA_C" 1830 scripts/config.py full 1831 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1832 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1833 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1834 scripts/config.py unset MBEDTLS_ECDSA_C 1835 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1836 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1837 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1838 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDSA -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1839} 1840 1841# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test. 1842component_build_psa_accel_alg_ecdh() { 1843 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH 1844 # without MBEDTLS_ECDH_C 1845 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C" 1846 scripts/config.py full 1847 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1848 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1849 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1850 scripts/config.py unset MBEDTLS_ECDH_C 1851 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 1852 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1853 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1854 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 1855 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 1856 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1857 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1858} 1859 1860# This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test. 1861component_build_psa_accel_key_type_ecc_key_pair() { 1862 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1863 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR" 1864 scripts/config.py full 1865 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1866 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1867 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1868 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 1869 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 1870 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1871 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1872} 1873 1874# This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test. 1875component_build_psa_accel_key_type_ecc_public_key() { 1876 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1877 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY" 1878 scripts/config.py full 1879 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1880 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1881 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1882 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 1883 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1884 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1885 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1886} 1887 1888# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. 1889component_build_psa_accel_alg_hmac() { 1890 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC 1891 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC" 1892 scripts/config.py full 1893 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1894 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1895 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1896 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1897 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1898} 1899 1900# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. 1901component_build_psa_accel_alg_hkdf() { 1902 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HKDF 1903 # without MBEDTLS_HKDF_C 1904 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C" 1905 scripts/config.py full 1906 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1907 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1908 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1909 scripts/config.py unset MBEDTLS_HKDF_C 1910 # Make sure to unset TLS1_3_EXPERIMENTAL since it requires HKDF_C and will not build properly without it. 1911 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL 1912 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1913 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1914} 1915 1916# This should be renamed to test and updated once the accelerator MD2 code is in place and ready to test. 1917component_build_psa_accel_alg_md2() { 1918 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD2 without other hashes 1919 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD2 - other hashes" 1920 scripts/config.py full 1921 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1922 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1923 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1924 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 1925 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1926 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1927 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1928 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1929 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1930 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1931 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1932 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1933 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD2 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1934} 1935 1936# This should be renamed to test and updated once the accelerator MD4 code is in place and ready to test. 1937component_build_psa_accel_alg_md4() { 1938 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD4 without other hashes 1939 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD4 - other hashes" 1940 scripts/config.py full 1941 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1942 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1943 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1944 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 1945 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1946 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1947 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1948 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1949 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1950 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1951 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1952 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1953 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD4 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1954} 1955 1956# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test. 1957component_build_psa_accel_alg_md5() { 1958 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD5 without other hashes 1959 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD5 - other hashes" 1960 scripts/config.py full 1961 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1962 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1963 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1964 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 1965 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 1966 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1967 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1968 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1969 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1970 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1971 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1972 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1973 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1974} 1975 1976# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test. 1977component_build_psa_accel_alg_ripemd160() { 1978 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RIPEMD160 without other hashes 1979 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RIPEMD160 - other hashes" 1980 scripts/config.py full 1981 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1982 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1983 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1984 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 1985 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 1986 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1987 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1988 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1989 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1990 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1991 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1992 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1993 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1994} 1995 1996# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test. 1997component_build_psa_accel_alg_sha1() { 1998 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_1 without other hashes 1999 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_1 - other hashes" 2000 scripts/config.py full 2001 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2002 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2003 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2004 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 2005 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 2006 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 2007 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 2008 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 2009 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 2010 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 2011 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 2012 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2013 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2014} 2015 2016# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test. 2017component_build_psa_accel_alg_sha224() { 2018 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_224 without other hashes 2019 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_224 - other hashes" 2020 scripts/config.py full 2021 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2022 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2023 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2024 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 2025 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 2026 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 2027 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 2028 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 2029 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 2030 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 2031 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2032 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2033} 2034 2035# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test. 2036component_build_psa_accel_alg_sha256() { 2037 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_256 without other hashes 2038 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_256 - other hashes" 2039 scripts/config.py full 2040 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2041 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2042 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2043 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 2044 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 2045 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 2046 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 2047 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 2048 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 2049 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 2050 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 2051 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2052 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2053} 2054 2055# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test. 2056component_build_psa_accel_alg_sha384() { 2057 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_384 without other hashes 2058 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_384 - other hashes" 2059 scripts/config.py full 2060 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2061 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2062 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2063 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 2064 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 2065 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 2066 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 2067 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 2068 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 2069 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 2070 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2071 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2072} 2073 2074# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test. 2075component_build_psa_accel_alg_sha512() { 2076 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_512 without other hashes 2077 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_512 - other hashes" 2078 scripts/config.py full 2079 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2080 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2081 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2082 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 2083 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 2084 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 2085 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 2086 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 2087 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 2088 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 2089 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 2090 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2091 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2092} 2093 2094# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2095component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { 2096 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 2097 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 2098 scripts/config.py full 2099 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2100 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2101 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2102 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 2103 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 2104 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 2105 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 2106 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2107 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2108} 2109 2110# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2111component_build_psa_accel_alg_rsa_pkcs1v15_sign() { 2112 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_SIGN and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 2113 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 2114 scripts/config.py full 2115 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2116 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2117 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2118 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 2119 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 2120 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 2121 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 2122 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2123 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2124} 2125 2126# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2127component_build_psa_accel_alg_rsa_oaep() { 2128 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_OAEP and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 2129 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 2130 scripts/config.py full 2131 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2132 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2133 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2134 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_OAEP 1 2135 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 2136 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 2137 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 2138 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2139 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2140} 2141 2142# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2143component_build_psa_accel_alg_rsa_pss() { 2144 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PSS and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 2145 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 2146 scripts/config.py full 2147 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2148 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2149 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2150 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 2151 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 2152 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 2153 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 2154 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2155 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2156} 2157 2158# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2159component_build_psa_accel_key_type_rsa_key_pair() { 2160 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR and PSA_WANT_ALG_RSA_PSS 2161 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR + PSA_WANT_ALG_RSA_PSS" 2162 scripts/config.py full 2163 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2164 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2165 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2166 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 2167 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 2168 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2169 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2170} 2171 2172# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 2173component_build_psa_accel_key_type_rsa_public_key() { 2174 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY and PSA_WANT_ALG_RSA_PSS 2175 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS" 2176 scripts/config.py full 2177 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 2178 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2179 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 2180 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 2181 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 2182 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2183 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2184} 2185 2186component_test_check_params_functionality () { 2187 msg "build+test: MBEDTLS_CHECK_PARAMS functionality" 2188 scripts/config.py full # includes CHECK_PARAMS 2189 # Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed(). 2190 scripts/config.py unset MBEDTLS_CHECK_PARAMS_ASSERT 2191 make CC=gcc CFLAGS='-Werror -O1' all test 2192} 2193 2194component_test_check_params_without_platform () { 2195 msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C" 2196 scripts/config.py full # includes CHECK_PARAMS 2197 # Keep MBEDTLS_PARAM_FAILED as assert. 2198 scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT 2199 scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT 2200 scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT 2201 scripts/config.py unset MBEDTLS_PLATFORM_MEMORY 2202 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 2203 scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT 2204 scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT 2205 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 2206 scripts/config.py unset MBEDTLS_PLATFORM_C 2207 make CC=gcc CFLAGS='-Werror -O1' all test 2208} 2209 2210component_test_check_params_silent () { 2211 msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()" 2212 scripts/config.py full # includes CHECK_PARAMS 2213 # Set MBEDTLS_PARAM_FAILED to nothing. 2214 sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H" 2215 make CC=gcc CFLAGS='-Werror -O1' all test 2216} 2217 2218component_test_no_platform () { 2219 # Full configuration build, without platform support, file IO and net sockets. 2220 # This should catch missing mbedtls_printf definitions, and by disabling file 2221 # IO, it should catch missing '#include <stdio.h>' 2222 msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s 2223 scripts/config.py full 2224 scripts/config.py unset MBEDTLS_PLATFORM_C 2225 scripts/config.py unset MBEDTLS_NET_C 2226 scripts/config.py unset MBEDTLS_PLATFORM_MEMORY 2227 scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT 2228 scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT 2229 scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT 2230 scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT 2231 scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT 2232 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 2233 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 2234 scripts/config.py unset MBEDTLS_FS_IO 2235 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 2236 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 2237 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C 2238 # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, 2239 # to re-enable platform integration features otherwise disabled in C99 builds 2240 make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs 2241 make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test 2242} 2243 2244component_build_no_std_function () { 2245 # catch compile bugs in _uninit functions 2246 msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s 2247 scripts/config.py full 2248 scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 2249 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 2250 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 2251 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check . 2252 make 2253} 2254 2255component_build_no_ssl_srv () { 2256 msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s 2257 scripts/config.py full 2258 scripts/config.py unset MBEDTLS_SSL_SRV_C 2259 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' 2260} 2261 2262component_build_no_ssl_cli () { 2263 msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s 2264 scripts/config.py full 2265 scripts/config.py unset MBEDTLS_SSL_CLI_C 2266 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' 2267} 2268 2269component_build_no_sockets () { 2270 # Note, C99 compliance can also be tested with the sockets support disabled, 2271 # as that requires a POSIX platform (which isn't the same as C99). 2272 msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s 2273 scripts/config.py full 2274 scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. 2275 scripts/config.py set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux 2276 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib 2277} 2278 2279component_test_memory_buffer_allocator_backtrace () { 2280 msg "build: default config with memory buffer allocator and backtrace enabled" 2281 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 2282 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 2283 scripts/config.py set MBEDTLS_MEMORY_BACKTRACE 2284 scripts/config.py set MBEDTLS_MEMORY_DEBUG 2285 CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . 2286 make 2287 2288 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE" 2289 make test 2290} 2291 2292component_test_memory_buffer_allocator () { 2293 msg "build: default config with memory buffer allocator" 2294 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 2295 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 2296 CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . 2297 make 2298 2299 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C" 2300 make test 2301 2302 msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C" 2303 # MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out. 2304 tests/ssl-opt.sh -e '^DTLS proxy' 2305} 2306 2307component_test_no_max_fragment_length () { 2308 # Run max fragment length tests with MFL disabled 2309 msg "build: default config except MFL extension (ASan build)" # ~ 30s 2310 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2311 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2312 make 2313 2314 msg "test: ssl-opt.sh, MFL-related tests" 2315 tests/ssl-opt.sh -f "Max fragment length" 2316} 2317 2318component_test_asan_remove_peer_certificate () { 2319 msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)" 2320 scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 2321 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2322 make 2323 2324 msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 2325 make test 2326 2327 msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 2328 tests/ssl-opt.sh 2329 2330 msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 2331 tests/compat.sh 2332 2333 msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 2334 tests/context-info.sh 2335} 2336 2337component_test_no_max_fragment_length_small_ssl_out_content_len () { 2338 msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" 2339 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2340 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 2341 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 2342 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2343 make 2344 2345 msg "test: MFL tests (disabled MFL extension case) & large packet tests" 2346 tests/ssl-opt.sh -f "Max fragment length\|Large buffer" 2347 2348 msg "test: context-info.sh (disabled MFL extension case)" 2349 tests/context-info.sh 2350} 2351 2352component_test_variable_ssl_in_out_buffer_len () { 2353 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)" 2354 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 2355 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2356 make 2357 2358 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 2359 make test 2360 2361 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 2362 tests/ssl-opt.sh 2363 2364 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 2365 tests/compat.sh 2366} 2367 2368component_test_variable_ssl_in_out_buffer_len_CID () { 2369 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled (ASan build)" 2370 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 2371 scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID 2372 2373 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2374 make 2375 2376 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID" 2377 make test 2378 2379 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled" 2380 tests/ssl-opt.sh 2381 2382 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled" 2383 tests/compat.sh 2384} 2385 2386component_test_variable_ssl_in_out_buffer_len_record_splitting () { 2387 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled (ASan build)" 2388 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 2389 scripts/config.py set MBEDTLS_SSL_CBC_RECORD_SPLITTING 2390 2391 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2392 make 2393 2394 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING" 2395 make test 2396 2397 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled" 2398 tests/ssl-opt.sh 2399 2400 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled" 2401 tests/compat.sh 2402} 2403 2404component_test_ssl_alloc_buffer_and_mfl () { 2405 msg "build: default config with memory buffer allocator and MFL extension" 2406 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 2407 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 2408 scripts/config.py set MBEDTLS_MEMORY_DEBUG 2409 scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2410 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 2411 CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . 2412 make 2413 2414 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 2415 make test 2416 2417 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 2418 tests/ssl-opt.sh -f "Handshake memory usage" 2419} 2420 2421component_test_when_no_ciphersuites_have_mac () { 2422 msg "build: when no ciphersuites have MAC" 2423 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 2424 scripts/config.py unset MBEDTLS_ARC4_C 2425 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC 2426 make 2427 2428 msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC" 2429 make test 2430 2431 msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC" 2432 tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM' 2433} 2434 2435component_test_null_entropy () { 2436 msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" 2437 scripts/config.py set MBEDTLS_TEST_NULL_ENTROPY 2438 scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 2439 scripts/config.py set MBEDTLS_ENTROPY_C 2440 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 2441 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 2442 scripts/config.py unset MBEDTLS_ENTROPY_HARDWARE_ALT 2443 scripts/config.py unset MBEDTLS_HAVEGE_C 2444 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON . 2445 make 2446 2447 msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)" 2448 make test 2449} 2450 2451component_test_no_date_time () { 2452 msg "build: default config without MBEDTLS_HAVE_TIME_DATE" 2453 scripts/config.py unset MBEDTLS_HAVE_TIME_DATE 2454 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check . 2455 make 2456 2457 msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites" 2458 make test 2459} 2460 2461component_test_platform_calloc_macro () { 2462 msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" 2463 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 2464 scripts/config.py set MBEDTLS_PLATFORM_CALLOC_MACRO calloc 2465 scripts/config.py set MBEDTLS_PLATFORM_FREE_MACRO free 2466 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2467 make 2468 2469 msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" 2470 make test 2471} 2472 2473component_test_malloc_0_null () { 2474 msg "build: malloc(0) returns NULL (ASan+UBSan build)" 2475 scripts/config.py full 2476 make CC=gcc CFLAGS="'-DMBEDTLS_CONFIG_FILE=\"$PWD/tests/configs/config-wrapper-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS" 2477 2478 msg "test: malloc(0) returns NULL (ASan+UBSan build)" 2479 make test 2480 2481 msg "selftest: malloc(0) returns NULL (ASan+UBSan build)" 2482 # Just the calloc selftest. "make test" ran the others as part of the 2483 # test suites. 2484 programs/test/selftest calloc 2485 2486 msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)" 2487 # Run a subset of the tests. The choice is a balance between coverage 2488 # and time (including time indirectly wasted due to flaky tests). 2489 # The current choice is to skip tests whose description includes 2490 # "proxy", which is an approximation of skipping tests that use the 2491 # UDP proxy, which tend to be slower and flakier. 2492 tests/ssl-opt.sh -e 'proxy' 2493} 2494 2495component_test_aes_fewer_tables () { 2496 msg "build: default config with AES_FEWER_TABLES enabled" 2497 scripts/config.py set MBEDTLS_AES_FEWER_TABLES 2498 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 2499 2500 msg "test: AES_FEWER_TABLES" 2501 make test 2502} 2503 2504component_test_aes_rom_tables () { 2505 msg "build: default config with AES_ROM_TABLES enabled" 2506 scripts/config.py set MBEDTLS_AES_ROM_TABLES 2507 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 2508 2509 msg "test: AES_ROM_TABLES" 2510 make test 2511} 2512 2513component_test_aes_fewer_tables_and_rom_tables () { 2514 msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" 2515 scripts/config.py set MBEDTLS_AES_FEWER_TABLES 2516 scripts/config.py set MBEDTLS_AES_ROM_TABLES 2517 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 2518 2519 msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" 2520 make test 2521} 2522 2523component_test_ctr_drbg_aes_256_sha_256 () { 2524 msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2525 scripts/config.py full 2526 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 2527 scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 2528 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2529 make 2530 2531 msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2532 make test 2533} 2534 2535component_test_ctr_drbg_aes_128_sha_512 () { 2536 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" 2537 scripts/config.py full 2538 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 2539 scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY 2540 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2541 make 2542 2543 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" 2544 make test 2545} 2546 2547component_test_ctr_drbg_aes_128_sha_256 () { 2548 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2549 scripts/config.py full 2550 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 2551 scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY 2552 scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 2553 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2554 make 2555 2556 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2557 make test 2558} 2559 2560component_test_se_default () { 2561 msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C" 2562 scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C 2563 make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" 2564 2565 msg "test: default config + MBEDTLS_PSA_CRYPTO_SE_C" 2566 make test 2567} 2568 2569component_test_psa_crypto_drivers () { 2570 msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks" 2571 scripts/config.py full 2572 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2573 scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS 2574 loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL" 2575 loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" 2576 loc_cflags="${loc_cflags} -I../tests/include -O2" 2577 2578 make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" 2579 unset loc_cflags 2580 2581 msg "test: full + MBEDTLS_PSA_CRYPTO_DRIVERS" 2582 make test 2583} 2584 2585component_test_make_shared () { 2586 msg "build/test: make shared" # ~ 40s 2587 make SHARED=1 all check 2588 ldd programs/util/strerror | grep libmbedcrypto 2589 programs/test/dlopen_demo.sh 2590} 2591 2592component_test_cmake_shared () { 2593 msg "build/test: cmake shared" # ~ 2min 2594 cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On . 2595 make 2596 ldd programs/util/strerror | grep libmbedcrypto 2597 make test 2598 programs/test/dlopen_demo.sh 2599} 2600 2601test_build_opt () { 2602 info=$1 cc=$2; shift 2 2603 for opt in "$@"; do 2604 msg "build/test: $cc $opt, $info" # ~ 30s 2605 make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" 2606 # We're confident enough in compilers to not run _all_ the tests, 2607 # but at least run the unit tests. In particular, runs with 2608 # optimizations use inline assembly whereas runs with -O0 2609 # skip inline assembly. 2610 make test # ~30s 2611 make clean 2612 done 2613} 2614 2615component_test_clang_opt () { 2616 scripts/config.py full 2617 test_build_opt 'full config' clang -O0 -Os -O2 2618} 2619 2620component_test_gcc_opt () { 2621 scripts/config.py full 2622 test_build_opt 'full config' gcc -O0 -Os -O2 2623} 2624 2625component_build_mbedtls_config_file () { 2626 msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s 2627 # Use the full config so as to catch a maximum of places where 2628 # the check of MBEDTLS_CONFIG_FILE might be missing. 2629 scripts/config.py full 2630 sed 's!"check_config.h"!"mbedtls/check_config.h"!' <"$CONFIG_H" >full_config.h 2631 echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H" 2632 make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" 2633 rm -f full_config.h 2634} 2635 2636component_test_m32_o0 () { 2637 # Build without optimization, so as to use portable C code (in a 32-bit 2638 # build) and not the i386-specific inline assembly. 2639 msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s 2640 scripts/config.py full 2641 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS" 2642 2643 msg "test: i386, make, gcc -O0 (ASan build)" 2644 make test 2645} 2646support_test_m32_o0 () { 2647 case $(uname -m) in 2648 *64*) true;; 2649 *) false;; 2650 esac 2651} 2652 2653component_test_m32_o2 () { 2654 # Build with optimization, to use the i386 specific inline assembly 2655 # and go faster for tests. 2656 msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s 2657 scripts/config.py full 2658 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS" 2659 2660 msg "test: i386, make, gcc -O2 (ASan build)" 2661 make test 2662 2663 msg "test ssl-opt.sh, i386, make, gcc-O2" 2664 tests/ssl-opt.sh 2665} 2666support_test_m32_o2 () { 2667 support_test_m32_o0 "$@" 2668} 2669 2670component_test_m32_everest () { 2671 msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min 2672 scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT 2673 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 2674 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS" 2675 2676 msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s 2677 make test 2678 2679 msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s 2680 tests/ssl-opt.sh -f ECDH 2681 2682 msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min 2683 # Exclude some symmetric ciphers that are redundant here to gain time. 2684 tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4' 2685} 2686support_test_m32_everest () { 2687 support_test_m32_o0 "$@" 2688} 2689 2690component_test_mx32 () { 2691 msg "build: 64-bit ILP32, make, gcc" # ~ 30s 2692 scripts/config.py full 2693 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' 2694 2695 msg "test: 64-bit ILP32, make, gcc" 2696 make test 2697} 2698support_test_mx32 () { 2699 case $(uname -m) in 2700 amd64|x86_64) true;; 2701 *) false;; 2702 esac 2703} 2704 2705component_test_min_mpi_window_size () { 2706 msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s 2707 scripts/config.py set MBEDTLS_MPI_WINDOW_SIZE 1 2708 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2709 make 2710 2711 msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s 2712 make test 2713} 2714 2715component_test_have_int32 () { 2716 msg "build: gcc, force 32-bit bignum limbs" 2717 scripts/config.py unset MBEDTLS_HAVE_ASM 2718 scripts/config.py unset MBEDTLS_AESNI_C 2719 scripts/config.py unset MBEDTLS_PADLOCK_C 2720 make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' 2721 2722 msg "test: gcc, force 32-bit bignum limbs" 2723 make test 2724} 2725 2726component_test_have_int64 () { 2727 msg "build: gcc, force 64-bit bignum limbs" 2728 scripts/config.py unset MBEDTLS_HAVE_ASM 2729 scripts/config.py unset MBEDTLS_AESNI_C 2730 scripts/config.py unset MBEDTLS_PADLOCK_C 2731 make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' 2732 2733 msg "test: gcc, force 64-bit bignum limbs" 2734 make test 2735} 2736 2737component_test_no_udbl_division () { 2738 msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s 2739 scripts/config.py full 2740 scripts/config.py set MBEDTLS_NO_UDBL_DIVISION 2741 make CFLAGS='-Werror -O1' 2742 2743 msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s 2744 make test 2745} 2746 2747component_test_no_64bit_multiplication () { 2748 msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s 2749 scripts/config.py full 2750 scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION 2751 make CFLAGS='-Werror -O1' 2752 2753 msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s 2754 make test 2755} 2756 2757component_test_no_strings () { 2758 msg "build: no strings" # ~10s 2759 scripts/config.py full 2760 # Disable options that activate a large amount of string constants. 2761 scripts/config.py unset MBEDTLS_DEBUG_C 2762 scripts/config.py unset MBEDTLS_ERROR_C 2763 scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY 2764 scripts/config.py unset MBEDTLS_VERSION_FEATURES 2765 make CFLAGS='-Werror -Os' 2766 2767 msg "test: no strings" # ~ 10s 2768 make test 2769} 2770 2771component_build_arm_none_eabi_gcc () { 2772 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s 2773 scripts/config.py baremetal 2774 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib 2775 2776 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" 2777 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 2778} 2779 2780component_build_arm_linux_gnueabi_gcc_arm5vte () { 2781 msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s 2782 scripts/config.py baremetal 2783 # Build for a target platform that's close to what Debian uses 2784 # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). 2785 # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments. 2786 # Build everything including programs, see for example 2787 # https://github.com/ARMmbed/mbedtls/pull/3449#issuecomment-675313720 2788 make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' 2789 2790 msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1" 2791 ${ARM_LINUX_GNUEABI_GCC_PREFIX}size library/*.o 2792} 2793support_build_arm_linux_gnueabi_gcc_arm5vte () { 2794 type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1 2795} 2796 2797component_build_arm_none_eabi_gcc_arm5vte () { 2798 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s 2799 scripts/config.py baremetal 2800 # This is an imperfect substitute for 2801 # component_build_arm_linux_gnueabi_gcc_arm5vte 2802 # in case the gcc-arm-linux-gnueabi toolchain is not available 2803 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib 2804 2805 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1" 2806 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 2807} 2808 2809component_build_arm_none_eabi_gcc_m0plus () { 2810 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s 2811 scripts/config.py baremetal 2812 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib 2813 2814 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os" 2815 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 2816} 2817 2818component_build_arm_none_eabi_gcc_no_udbl_division () { 2819 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s 2820 scripts/config.py baremetal 2821 scripts/config.py set MBEDTLS_NO_UDBL_DIVISION 2822 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib 2823 echo "Checking that software 64-bit division is not required" 2824 not grep __aeabi_uldiv library/*.o 2825} 2826 2827component_build_arm_none_eabi_gcc_no_64bit_multiplication () { 2828 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s 2829 scripts/config.py baremetal 2830 scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION 2831 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib 2832 echo "Checking that software 64-bit multiplication is not required" 2833 not grep __aeabi_lmul library/*.o 2834} 2835 2836component_build_armcc () { 2837 msg "build: ARM Compiler 5" 2838 scripts/config.py baremetal 2839 make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib 2840 2841 msg "size: ARM Compiler 5" 2842 "$ARMC5_FROMELF" -z library/*.o 2843 2844 make clean 2845 2846 # ARM Compiler 6 - Target ARMv7-A 2847 armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" 2848 2849 # ARM Compiler 6 - Target ARMv7-M 2850 armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" 2851 2852 # ARM Compiler 6 - Target ARMv8-A - AArch32 2853 armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" 2854 2855 # ARM Compiler 6 - Target ARMv8-M 2856 armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" 2857 2858 # ARM Compiler 6 - Target ARMv8-A - AArch64 2859 armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" 2860} 2861 2862component_build_ssl_hw_record_accel() { 2863 msg "build: default config with MBEDTLS_SSL_HW_RECORD_ACCEL enabled" 2864 scripts/config.pl set MBEDTLS_SSL_HW_RECORD_ACCEL 2865 make CFLAGS='-Werror -O1' 2866} 2867 2868component_test_tls13_experimental () { 2869 msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled" 2870 scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL 2871 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2872 make 2873 msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled" 2874 make test 2875} 2876 2877component_build_mingw () { 2878 msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s 2879 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs 2880 2881 # note Make tests only builds the tests, but doesn't run them 2882 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests 2883 make WINDOWS_BUILD=1 clean 2884 2885 msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s 2886 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs 2887 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests 2888 make WINDOWS_BUILD=1 clean 2889} 2890support_build_mingw() { 2891 case $(i686-w64-mingw32-gcc -dumpversion) in 2892 [0-5]*) false;; 2893 *) true;; 2894 esac 2895} 2896 2897component_test_memsan () { 2898 msg "build: MSan (clang)" # ~ 1 min 20s 2899 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm 2900 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . 2901 make 2902 2903 msg "test: main suites (MSan)" # ~ 10s 2904 make test 2905 2906 msg "test: ssl-opt.sh (MSan)" # ~ 1 min 2907 tests/ssl-opt.sh 2908 2909 # Optional part(s) 2910 2911 if [ "$MEMORY" -gt 0 ]; then 2912 msg "test: compat.sh (MSan)" # ~ 6 min 20s 2913 tests/compat.sh 2914 fi 2915} 2916 2917component_test_valgrind () { 2918 msg "build: Release (clang)" 2919 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . 2920 make 2921 2922 msg "test: main suites valgrind (Release)" 2923 make memcheck 2924 2925 # Optional parts (slow; currently broken on OS X because programs don't 2926 # seem to receive signals under valgrind on OS X). 2927 if [ "$MEMORY" -gt 0 ]; then 2928 msg "test: ssl-opt.sh --memcheck (Release)" 2929 tests/ssl-opt.sh --memcheck 2930 fi 2931 2932 if [ "$MEMORY" -gt 1 ]; then 2933 msg "test: compat.sh --memcheck (Release)" 2934 tests/compat.sh --memcheck 2935 fi 2936 2937 if [ "$MEMORY" -gt 0 ]; then 2938 msg "test: context-info.sh --memcheck (Release)" 2939 tests/context-info.sh --memcheck 2940 fi 2941} 2942 2943support_test_cmake_out_of_source () { 2944 distrib_id="" 2945 distrib_ver="" 2946 distrib_ver_minor="" 2947 distrib_ver_major="" 2948 2949 # Attempt to parse lsb-release to find out distribution and version. If not 2950 # found this should fail safe (test is supported). 2951 if [[ -f /etc/lsb-release ]]; then 2952 2953 while read -r lsb_line; do 2954 case "$lsb_line" in 2955 "DISTRIB_ID"*) distrib_id=${lsb_line/#DISTRIB_ID=};; 2956 "DISTRIB_RELEASE"*) distrib_ver=${lsb_line/#DISTRIB_RELEASE=};; 2957 esac 2958 done < /etc/lsb-release 2959 2960 distrib_ver_major="${distrib_ver%%.*}" 2961 distrib_ver="${distrib_ver#*.}" 2962 distrib_ver_minor="${distrib_ver%%.*}" 2963 fi 2964 2965 # Running the out of source CMake test on Ubuntu 16.04 using more than one 2966 # processor (as the CI does) can create a race condition whereby the build 2967 # fails to see a generated file, despite that file actually having been 2968 # generated. This problem appears to go away with 18.04 or newer, so make 2969 # the out of source tests unsupported on Ubuntu 16.04. 2970 [ "$distrib_id" != "Ubuntu" ] || [ "$distrib_ver_major" -gt 16 ] 2971} 2972 2973component_test_cmake_out_of_source () { 2974 msg "build: cmake 'out-of-source' build" 2975 MBEDTLS_ROOT_DIR="$PWD" 2976 mkdir "$OUT_OF_SOURCE_DIR" 2977 cd "$OUT_OF_SOURCE_DIR" 2978 cmake -D CMAKE_BUILD_TYPE:String=Check "$MBEDTLS_ROOT_DIR" 2979 make 2980 2981 msg "test: cmake 'out-of-source' build" 2982 make test 2983 # Test an SSL option that requires an auxiliary script in test/scripts/. 2984 # Also ensure that there are no error messages such as 2985 # "No such file or directory", which would indicate that some required 2986 # file is missing (ssl-opt.sh tolerates the absence of some files so 2987 # may exit with status 0 but emit errors). 2988 ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err 2989 cat ssl-opt.err >&2 2990 # If ssl-opt.err is non-empty, record an error and keep going. 2991 [ ! -s ssl-opt.err ] 2992 rm ssl-opt.err 2993 cd "$MBEDTLS_ROOT_DIR" 2994 rm -rf "$OUT_OF_SOURCE_DIR" 2995} 2996 2997component_test_cmake_as_subdirectory () { 2998 msg "build: cmake 'as-subdirectory' build" 2999 MBEDTLS_ROOT_DIR="$PWD" 3000 3001 cd programs/test/cmake_subproject 3002 cmake . 3003 make 3004 ./cmake_subproject 3005 3006 cd "$MBEDTLS_ROOT_DIR" 3007 unset MBEDTLS_ROOT_DIR 3008} 3009 3010component_test_zeroize () { 3011 # Test that the function mbedtls_platform_zeroize() is not optimized away by 3012 # different combinations of compilers and optimization flags by using an 3013 # auxiliary GDB script. Unfortunately, GDB does not return error values to the 3014 # system in all cases that the script fails, so we must manually search the 3015 # output to check whether the pass string is present and no failure strings 3016 # were printed. 3017 3018 # Don't try to disable ASLR. We don't care about ASLR here. We do care 3019 # about a spurious message if Gdb tries and fails, so suppress that. 3020 gdb_disable_aslr= 3021 if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then 3022 gdb_disable_aslr='set disable-randomization off' 3023 fi 3024 3025 for optimization_flag in -O2 -O3 -Ofast -Os; do 3026 for compiler in clang gcc; do 3027 msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" 3028 make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" 3029 gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log 3030 grep "The buffer was correctly zeroized" test_zeroize.log 3031 not grep -i "error" test_zeroize.log 3032 rm -f test_zeroize.log 3033 make clean 3034 done 3035 done 3036 3037 unset gdb_disable_aslr 3038} 3039 3040component_test_psa_compliance () { 3041 msg "build: make, default config + CMAC, libmbedcrypto.a only" 3042 scripts/config.py set MBEDTLS_CMAC_C 3043 make -C library libmbedcrypto.a 3044 3045 msg "unit test: test_psa_compliance.py" 3046 ./tests/scripts/test_psa_compliance.py 3047} 3048 3049support_test_psa_compliance () { 3050 # psa-compliance-tests only supports CMake >= 3.10.0 3051 ver="$(cmake --version)" 3052 ver="${ver#cmake version }" 3053 ver_major="${ver%%.*}" 3054 3055 ver="${ver#*.}" 3056 ver_minor="${ver%%.*}" 3057 3058 [ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ] 3059} 3060 3061component_check_python_files () { 3062 msg "Lint: Python scripts" 3063 tests/scripts/check-python-files.sh 3064} 3065 3066component_check_generate_test_code () { 3067 msg "uint test: generate_test_code.py" 3068 # unittest writes out mundane stuff like number or tests run on stderr. 3069 # Our convention is to reserve stderr for actual errors, and write 3070 # harmless info on stdout so it can be suppress with --quiet. 3071 ./tests/scripts/test_generate_test_code.py 2>&1 3072} 3073 3074################################################################ 3075#### Termination 3076################################################################ 3077 3078post_report () { 3079 msg "Done, cleaning up" 3080 final_cleanup 3081 3082 final_report 3083} 3084 3085 3086 3087################################################################ 3088#### Run all the things 3089################################################################ 3090 3091# Function invoked by --error-test to test error reporting. 3092pseudo_component_error_test () { 3093 msg "Testing error reporting $error_test_i" 3094 if [ $KEEP_GOING -ne 0 ]; then 3095 echo "Expect three failing commands." 3096 fi 3097 # If the component doesn't run in a subshell, changing error_test_i to an 3098 # invalid integer will cause an error in the loop that runs this function. 3099 error_test_i=this_should_not_be_used_since_the_component_runs_in_a_subshell 3100 # Expected error: 'grep non_existent /dev/null -> 1' 3101 grep non_existent /dev/null 3102 # Expected error: '! grep -q . tests/scripts/all.sh -> 1' 3103 not grep -q . "$0" 3104 # Expected error: 'make unknown_target -> 2' 3105 make unknown_target 3106 false "this should not be executed" 3107} 3108 3109# Run one component and clean up afterwards. 3110run_component () { 3111 current_component="$1" 3112 export MBEDTLS_TEST_CONFIGURATION="$current_component" 3113 3114 # Unconditionally create a seedfile that's sufficiently long. 3115 # Do this before each component, because a previous component may 3116 # have messed it up or shortened it. 3117 local dd_cmd 3118 dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1) 3119 case $OSTYPE in 3120 linux*|freebsd*|openbsd*|darwin*) dd_cmd+=(status=none) 3121 esac 3122 "${dd_cmd[@]}" 3123 3124 # Run the component in a subshell, with error trapping and output 3125 # redirection set up based on the relevant options. 3126 if [ $KEEP_GOING -eq 1 ]; then 3127 # We want to keep running if the subshell fails, so 'set -e' must 3128 # be off when the subshell runs. 3129 set +e 3130 fi 3131 ( 3132 if [ $QUIET -eq 1 ]; then 3133 # msg() will be silenced, so just print the component name here. 3134 echo "${current_component#component_}" 3135 exec >/dev/null 3136 fi 3137 if [ $KEEP_GOING -eq 1 ]; then 3138 # Keep "set -e" off, and run an ERR trap instead to record failures. 3139 set -E 3140 trap err_trap ERR 3141 fi 3142 # The next line is what runs the component 3143 "$@" 3144 if [ $KEEP_GOING -eq 1 ]; then 3145 trap - ERR 3146 exit $last_failure_status 3147 fi 3148 ) 3149 component_status=$? 3150 if [ $KEEP_GOING -eq 1 ]; then 3151 set -e 3152 if [ $component_status -ne 0 ]; then 3153 failure_count=$((failure_count + 1)) 3154 fi 3155 fi 3156 3157 # Restore the build tree to a clean state. 3158 cleanup 3159 unset current_component 3160} 3161 3162# Preliminary setup 3163pre_check_environment 3164pre_initialize_variables 3165pre_parse_command_line "$@" 3166 3167pre_check_git 3168pre_restore_files 3169pre_back_up 3170 3171build_status=0 3172if [ $KEEP_GOING -eq 1 ]; then 3173 pre_setup_keep_going 3174fi 3175pre_prepare_outcome_file 3176pre_print_configuration 3177pre_check_tools 3178cleanup 3179 3180# Run the requested tests. 3181for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do 3182 run_component pseudo_component_error_test 3183done 3184unset error_test_i 3185for component in $RUN_COMPONENTS; do 3186 run_component "component_$component" 3187done 3188 3189# We're done. 3190post_report 3191
