1#! /usr/bin/env bash 2 3# all.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 7# 8# Licensed under the Apache License, Version 2.0 (the "License"); you may 9# not use this file except in compliance with the License. 10# You may obtain a copy of the License at 11# 12# http://www.apache.org/licenses/LICENSE-2.0 13# 14# Unless required by applicable law or agreed to in writing, software 15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17# See the License for the specific language governing permissions and 18# limitations under the License. 19 20 21 22################################################################ 23#### Documentation 24################################################################ 25 26# Purpose 27# ------- 28# 29# To run all tests possible or available on the platform. 30# 31# Notes for users 32# --------------- 33# 34# Warning: the test is destructive. It includes various build modes and 35# configurations, and can and will arbitrarily change the current CMake 36# configuration. The following files must be committed into git: 37# * include/mbedtls/mbedtls_config.h 38# * Makefile, library/Makefile, programs/Makefile, tests/Makefile, 39# programs/fuzz/Makefile 40# After running this script, the CMake cache will be lost and CMake 41# will no longer be initialised. 42# 43# The script assumes the presence of a number of tools: 44# * Basic Unix tools (Windows users note: a Unix-style find must be before 45# the Windows find in the PATH) 46# * Perl 47# * GNU Make 48# * CMake 49# * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind) 50# * G++ 51# * arm-gcc and mingw-gcc 52# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc 53# * OpenSSL and GnuTLS command line tools, recent enough for the 54# interoperability tests. If they don't support old features which we want 55# to test, then a legacy version of these tools must be present as well 56# (search for LEGACY below). 57# See the invocation of check_tools below for details. 58# 59# This script must be invoked from the toplevel directory of a git 60# working copy of Mbed TLS. 61# 62# The behavior on an error depends on whether --keep-going (alias -k) 63# is in effect. 64# * Without --keep-going: the script stops on the first error without 65# cleaning up. This lets you work in the configuration of the failing 66# component. 67# * With --keep-going: the script runs all requested components and 68# reports failures at the end. In particular the script always cleans 69# up on exit. 70# 71# Note that the output is not saved. You may want to run 72# script -c tests/scripts/all.sh 73# or 74# tests/scripts/all.sh >all.log 2>&1 75# 76# Notes for maintainers 77# --------------------- 78# 79# The bulk of the code is organized into functions that follow one of the 80# following naming conventions: 81# * pre_XXX: things to do before running the tests, in order. 82# * component_XXX: independent components. They can be run in any order. 83# * component_check_XXX: quick tests that aren't worth parallelizing. 84# * component_build_XXX: build things but don't run them. 85# * component_test_XXX: build and test. 86# * support_XXX: if support_XXX exists and returns false then 87# component_XXX is not run by default. 88# * post_XXX: things to do after running the tests. 89# * other: miscellaneous support functions. 90# 91# Each component must start by invoking `msg` with a short informative message. 92# 93# Warning: due to the way bash detects errors, the failure of a command 94# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'. 95# 96# Each component is executed in a separate shell process. The component 97# fails if any command in it returns a non-zero status. 98# 99# The framework performs some cleanup tasks after each component. This 100# means that components can assume that the working directory is in a 101# cleaned-up state, and don't need to perform the cleanup themselves. 102# * Run `make clean`. 103# * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running 104# the component. 105# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`, 106# `tests/Makefile` and `programs/fuzz/Makefile` from git. 107# This cleans up after an in-tree use of CMake. 108# 109# The tests are roughly in order from fastest to slowest. This doesn't 110# have to be exact, but in general you should add slower tests towards 111# the end and fast checks near the beginning. 112 113 114 115################################################################ 116#### Initialization and command line parsing 117################################################################ 118 119# Abort on errors (even on the left-hand side of a pipe). 120# Treat uninitialised variables as errors. 121set -e -o pipefail -u 122 123pre_check_environment () { 124 if [ -d library -a -d include -a -d tests ]; then :; else 125 echo "Must be run from mbed TLS root" >&2 126 exit 1 127 fi 128} 129 130pre_initialize_variables () { 131 CONFIG_H='include/mbedtls/mbedtls_config.h' 132 CRYPTO_CONFIG_H='include/psa/crypto_config.h' 133 134 # Files that are clobbered by some jobs will be backed up. Use a different 135 # suffix from auxiliary scripts so that all.sh and auxiliary scripts can 136 # independently decide when to remove the backup file. 137 backup_suffix='.all.bak' 138 # Files clobbered by config.py 139 files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H" 140 # Files clobbered by in-tree cmake 141 files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile" 142 143 append_outcome=0 144 MEMORY=0 145 FORCE=0 146 QUIET=0 147 KEEP_GOING=0 148 149 # Seed value used with the --release-test option. 150 # 151 # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if 152 # both values are kept in sync. If you change the value here because it 153 # breaks some tests, you'll definitely want to change it in 154 # basic-build-test.sh as well. 155 RELEASE_SEED=1 156 157 : ${MBEDTLS_TEST_OUTCOME_FILE=} 158 : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} 159 export MBEDTLS_TEST_OUTCOME_FILE 160 export MBEDTLS_TEST_PLATFORM 161 162 # Default commands, can be overridden by the environment 163 : ${OPENSSL:="openssl"} 164 : ${OPENSSL_LEGACY:="$OPENSSL"} 165 : ${OPENSSL_NEXT:="$OPENSSL"} 166 : ${GNUTLS_CLI:="gnutls-cli"} 167 : ${GNUTLS_SERV:="gnutls-serv"} 168 : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} 169 : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} 170 : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} 171 : ${ARMC5_BIN_DIR:=/usr/bin} 172 : ${ARMC6_BIN_DIR:=/usr/bin} 173 : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-} 174 : ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-} 175 176 # if MAKEFLAGS is not set add the -j option to speed up invocations of make 177 if [ -z "${MAKEFLAGS+set}" ]; then 178 export MAKEFLAGS="-j$(all_sh_nproc)" 179 fi 180 181 # Include more verbose output for failing tests run by CMake or make 182 export CTEST_OUTPUT_ON_FAILURE=1 183 184 # CFLAGS and LDFLAGS for Asan builds that don't use CMake 185 ASAN_CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all' 186 187 # Gather the list of available components. These are the functions 188 # defined in this script whose name starts with "component_". 189 # Parse the script with sed. This way we get the functions in the order 190 # they are defined. 191 ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0") 192 193 # Exclude components that are not supported on this platform. 194 SUPPORTED_COMPONENTS= 195 for component in $ALL_COMPONENTS; do 196 case $(type "support_$component" 2>&1) in 197 *' function'*) 198 if ! support_$component; then continue; fi;; 199 esac 200 SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component" 201 done 202} 203 204# Test whether the component $1 is included in the command line patterns. 205is_component_included() 206{ 207 # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS 208 # only does word splitting. 209 set -f 210 for pattern in $COMMAND_LINE_COMPONENTS; do 211 set +f 212 case ${1#component_} in $pattern) return 0;; esac 213 done 214 set +f 215 return 1 216} 217 218usage() 219{ 220 cat <<EOF 221Usage: $0 [OPTION]... [COMPONENT]... 222Run mbedtls release validation tests. 223By default, run all tests. With one or more COMPONENT, run only those. 224COMPONENT can be the name of a component or a shell wildcard pattern. 225 226Examples: 227 $0 "check_*" 228 Run all sanity checks. 229 $0 --no-armcc --except test_memsan 230 Run everything except builds that require armcc and MemSan. 231 232Special options: 233 -h|--help Print this help and exit. 234 --list-all-components List all available test components and exit. 235 --list-components List components supported on this platform and exit. 236 237General options: 238 -q|--quiet Only output component names, and errors if any. 239 -f|--force Force the tests to overwrite any modified files. 240 -k|--keep-going Run all tests and report errors at the end. 241 -m|--memory Additional optional memory tests. 242 --append-outcome Append to the outcome file (if used). 243 --arm-none-eabi-gcc-prefix=<string> 244 Prefix for a cross-compiler for arm-none-eabi 245 (default: "${ARM_NONE_EABI_GCC_PREFIX}") 246 --arm-linux-gnueabi-gcc-prefix=<string> 247 Prefix for a cross-compiler for arm-linux-gnueabi 248 (default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}") 249 --armcc Run ARM Compiler builds (on by default). 250 --restore First clean up the build tree, restoring backed up 251 files. Do not run any components unless they are 252 explicitly specified. 253 --error-test Error test mode: run a failing function in addition 254 to any specified component. May be repeated. 255 --except Exclude the COMPONENTs listed on the command line, 256 instead of running only those. 257 --no-append-outcome Write a new outcome file and analyze it (default). 258 --no-armcc Skip ARM Compiler builds. 259 --no-force Refuse to overwrite modified files (default). 260 --no-keep-going Stop at the first error (default). 261 --no-memory No additional memory tests (default). 262 --no-quiet Print full ouput from components. 263 --out-of-source-dir=<path> Directory used for CMake out-of-source build tests. 264 --outcome-file=<path> File where test outcomes are written (not done if 265 empty; default: \$MBEDTLS_TEST_OUTCOME_FILE). 266 --random-seed Use a random seed value for randomized tests (default). 267 -r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}. 268 -s|--seed Integer seed value to use for this test run. 269 270Tool path options: 271 --armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory. 272 --armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory. 273 --gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests. 274 --gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests. 275 --gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests. 276 --gnutls-legacy-serv=<GnuTLS_serv_path> GnuTLS server executable to use for legacy tests. 277 --openssl=<OpenSSL_path> OpenSSL executable to use for most tests. 278 --openssl-legacy=<OpenSSL_path> OpenSSL executable to use for legacy tests.. 279 --openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA 280EOF 281} 282 283# Cleanup before/after running a component. 284# Remove built files as well as the cmake cache/config. 285# Does not remove generated source files. 286cleanup() 287{ 288 command make clean 289 290 # Remove CMake artefacts 291 find . -name .git -prune -o \ 292 -iname CMakeFiles -exec rm -rf {} \+ -o \ 293 \( -iname cmake_install.cmake -o \ 294 -iname CTestTestfile.cmake -o \ 295 -iname CMakeCache.txt -o \ 296 -path './cmake/*.cmake' \) -exec rm -f {} \+ 297 # Recover files overwritten by in-tree CMake builds 298 rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile 299 300 # Remove any artifacts from the component_test_cmake_as_subdirectory test. 301 rm -rf programs/test/cmake_subproject/build 302 rm -f programs/test/cmake_subproject/Makefile 303 rm -f programs/test/cmake_subproject/cmake_subproject 304 305 # Remove any artifacts from the component_test_cmake_as_package test. 306 rm -rf programs/test/cmake_package/build 307 rm -f programs/test/cmake_package/Makefile 308 rm -f programs/test/cmake_package/cmake_package 309 310 # Remove any artifacts from the component_test_cmake_as_installed_package test. 311 rm -rf programs/test/cmake_package_install/build 312 rm -f programs/test/cmake_package_install/Makefile 313 rm -f programs/test/cmake_package_install/cmake_package_install 314 315 # Restore files that may have been clobbered by the job 316 for x in $files_to_back_up; do 317 cp -p "$x$backup_suffix" "$x" 318 done 319} 320 321# Final cleanup when this script exits (except when exiting on a failure 322# in non-keep-going mode). 323final_cleanup () { 324 cleanup 325 326 for x in $files_to_back_up; do 327 rm -f "$x$backup_suffix" 328 done 329} 330 331# Executed on exit. May be redefined depending on command line options. 332final_report () { 333 : 334} 335 336fatal_signal () { 337 final_cleanup 338 final_report $1 339 trap - $1 340 kill -$1 $$ 341} 342 343trap 'fatal_signal HUP' HUP 344trap 'fatal_signal INT' INT 345trap 'fatal_signal TERM' TERM 346 347# Number of processors on this machine. Used as the default setting 348# for parallel make. 349all_sh_nproc () 350{ 351 { 352 nproc || # Linux 353 sysctl -n hw.ncpuonline || # NetBSD, OpenBSD 354 sysctl -n hw.ncpu || # FreeBSD 355 echo 1 356 } 2>/dev/null 357} 358 359msg() 360{ 361 if [ -n "${current_component:-}" ]; then 362 current_section="${current_component#component_}: $1" 363 else 364 current_section="$1" 365 fi 366 367 if [ $QUIET -eq 1 ]; then 368 return 369 fi 370 371 echo "" 372 echo "******************************************************************" 373 echo "* $current_section " 374 printf "* "; date 375 echo "******************************************************************" 376} 377 378armc6_build_test() 379{ 380 FLAGS="$1" 381 382 msg "build: ARM Compiler 6 ($FLAGS)" 383 ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ 384 WARNING_CFLAGS='-xc -std=c99' make lib 385 386 msg "size: ARM Compiler 6 ($FLAGS)" 387 "$ARMC6_FROMELF" -z library/*.o 388 389 make clean 390} 391 392err_msg() 393{ 394 echo "$1" >&2 395} 396 397check_tools() 398{ 399 for TOOL in "$@"; do 400 if ! `type "$TOOL" >/dev/null 2>&1`; then 401 err_msg "$TOOL not found!" 402 exit 1 403 fi 404 done 405} 406 407pre_parse_command_line () { 408 COMMAND_LINE_COMPONENTS= 409 all_except=0 410 error_test=0 411 restore_first=0 412 no_armcc= 413 414 # Note that legacy options are ignored instead of being omitted from this 415 # list of options, so invocations that worked with previous version of 416 # all.sh will still run and work properly. 417 while [ $# -gt 0 ]; do 418 case "$1" in 419 --append-outcome) append_outcome=1;; 420 --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";; 421 --arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";; 422 --armcc) no_armcc=;; 423 --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; 424 --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; 425 --error-test) error_test=$((error_test + 1));; 426 --except) all_except=1;; 427 --force|-f) FORCE=1;; 428 --gnutls-cli) shift; GNUTLS_CLI="$1";; 429 --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; 430 --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; 431 --gnutls-serv) shift; GNUTLS_SERV="$1";; 432 --help|-h) usage; exit;; 433 --keep-going|-k) KEEP_GOING=1;; 434 --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;; 435 --list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;; 436 --memory|-m) MEMORY=1;; 437 --no-append-outcome) append_outcome=0;; 438 --no-armcc) no_armcc=1;; 439 --no-force) FORCE=0;; 440 --no-keep-going) KEEP_GOING=0;; 441 --no-memory) MEMORY=0;; 442 --no-quiet) QUIET=0;; 443 --openssl) shift; OPENSSL="$1";; 444 --openssl-legacy) shift; OPENSSL_LEGACY="$1";; 445 --openssl-next) shift; OPENSSL_NEXT="$1";; 446 --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";; 447 --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; 448 --quiet|-q) QUIET=1;; 449 --random-seed) unset SEED;; 450 --release-test|-r) SEED=$RELEASE_SEED;; 451 --restore) restore_first=1;; 452 --seed|-s) shift; SEED="$1";; 453 -*) 454 echo >&2 "Unknown option: $1" 455 echo >&2 "Run $0 --help for usage." 456 exit 120 457 ;; 458 *) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";; 459 esac 460 shift 461 done 462 463 # With no list of components, run everything. 464 if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then 465 all_except=1 466 fi 467 468 # --no-armcc is a legacy option. The modern way is --except '*_armcc*'. 469 # Ignore it if components are listed explicitly on the command line. 470 if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then 471 COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*" 472 fi 473 474 # Error out if an explicitly requested component doesn't exist. 475 if [ $all_except -eq 0 ]; then 476 unsupported=0 477 # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS 478 # only does word splitting. 479 set -f 480 for component in $COMMAND_LINE_COMPONENTS; do 481 set +f 482 # If the requested name includes a wildcard character, don't 483 # check it. Accept wildcard patterns that don't match anything. 484 case $component in 485 *[*?\[]*) continue;; 486 esac 487 case " $SUPPORTED_COMPONENTS " in 488 *" $component "*) :;; 489 *) 490 echo >&2 "Component $component was explicitly requested, but is not known or not supported." 491 unsupported=$((unsupported + 1));; 492 esac 493 done 494 set +f 495 if [ $unsupported -ne 0 ]; then 496 exit 2 497 fi 498 fi 499 500 # Build the list of components to run. 501 RUN_COMPONENTS= 502 for component in $SUPPORTED_COMPONENTS; do 503 if is_component_included "$component"; [ $? -eq $all_except ]; then 504 RUN_COMPONENTS="$RUN_COMPONENTS $component" 505 fi 506 done 507 508 unset all_except 509 unset no_armcc 510} 511 512pre_check_git () { 513 if [ $FORCE -eq 1 ]; then 514 rm -rf "$OUT_OF_SOURCE_DIR" 515 git checkout-index -f -q $CONFIG_H 516 cleanup 517 else 518 519 if [ -d "$OUT_OF_SOURCE_DIR" ]; then 520 echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2 521 echo "You can either delete this directory manually, or force the test by rerunning" 522 echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR" 523 exit 1 524 fi 525 526 if ! git diff --quiet include/mbedtls/mbedtls_config.h; then 527 err_msg "Warning - the configuration file 'include/mbedtls/mbedtls_config.h' has been edited. " 528 echo "You can either delete or preserve your work, or force the test by rerunning the" 529 echo "script as: $0 --force" 530 exit 1 531 fi 532 fi 533} 534 535pre_restore_files () { 536 # If the makefiles have been generated by a framework such as cmake, 537 # restore them from git. If the makefiles look like modifications from 538 # the ones checked into git, take care not to modify them. Whatever 539 # this function leaves behind is what the script will restore before 540 # each component. 541 case "$(head -n1 Makefile)" in 542 *[Gg]enerated*) 543 git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile 544 git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile 545 ;; 546 esac 547} 548 549pre_back_up () { 550 for x in $files_to_back_up; do 551 cp -p "$x" "$x$backup_suffix" 552 done 553} 554 555pre_setup_keep_going () { 556 failure_count=0 # Number of failed components 557 last_failure_status=0 # Last failure status in this component 558 559 # See err_trap 560 previous_failure_status=0 561 previous_failed_command= 562 previous_failure_funcall_depth=0 563 unset report_failed_command 564 565 start_red= 566 end_color= 567 if [ -t 1 ]; then 568 case "${TERM:-}" in 569 *color*|cygwin|linux|rxvt*|screen|[Eex]term*) 570 start_red=$(printf '\033[31m') 571 end_color=$(printf '\033[0m') 572 ;; 573 esac 574 fi 575 576 # Keep a summary of failures in a file. We'll print it out at the end. 577 failure_summary_file=$PWD/all-sh-failures-$$.log 578 : >"$failure_summary_file" 579 580 # Whether it makes sense to keep a component going after the specified 581 # command fails (test command) or not (configure or build). 582 # This function normally receives the failing simple command 583 # ($BASH_COMMAND) as an argument, but if $report_failed_command is set, 584 # this is passed instead. 585 # This doesn't have to be 100% accurate: all failures are recorded anyway. 586 # False positives result in running things that can't be expected to 587 # work. False negatives result in things not running after something else 588 # failed even though they might have given useful feedback. 589 can_keep_going_after_failure () { 590 case "$1" in 591 "msg "*) false;; 592 "cd "*) false;; 593 *make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ... 594 *test*) true;; # make test, tests/stuff, env V=v tests/stuff, ... 595 *make*check*) true;; 596 "grep "*) true;; 597 "[ "*) true;; 598 "! "*) true;; 599 *) false;; 600 esac 601 } 602 603 # This function runs if there is any error in a component. 604 # It must either exit with a nonzero status, or set 605 # last_failure_status to a nonzero value. 606 err_trap () { 607 # Save $? (status of the failing command). This must be the very 608 # first thing, before $? is overridden. 609 last_failure_status=$? 610 failed_command=${report_failed_command-$BASH_COMMAND} 611 612 if [[ $last_failure_status -eq $previous_failure_status && 613 "$failed_command" == "$previous_failed_command" && 614 ${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]] 615 then 616 # The same command failed twice in a row, but this time one level 617 # less deep in the function call stack. This happens when the last 618 # command of a function returns a nonzero status, and the function 619 # returns that same status. Ignore the second failure. 620 previous_failure_funcall_depth=${#FUNCNAME[@]} 621 return 622 fi 623 previous_failure_status=$last_failure_status 624 previous_failed_command=$failed_command 625 previous_failure_funcall_depth=${#FUNCNAME[@]} 626 627 text="$current_section: $failed_command -> $last_failure_status" 628 echo "${start_red}^^^^$text^^^^${end_color}" >&2 629 echo "$text" >>"$failure_summary_file" 630 631 # If the command is fatal (configure or build command), stop this 632 # component. Otherwise (test command) keep the component running 633 # (run more tests from the same build). 634 if ! can_keep_going_after_failure "$failed_command"; then 635 exit $last_failure_status 636 fi 637 } 638 639 final_report () { 640 if [ $failure_count -gt 0 ]; then 641 echo 642 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" 643 echo "${start_red}FAILED: $failure_count components${end_color}" 644 cat "$failure_summary_file" 645 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" 646 elif [ -z "${1-}" ]; then 647 echo "SUCCESS :)" 648 fi 649 if [ -n "${1-}" ]; then 650 echo "Killed by SIG$1." 651 fi 652 rm -f "$failure_summary_file" 653 if [ $failure_count -gt 0 ]; then 654 exit 1 655 fi 656 } 657} 658 659# record_status() and if_build_succeeded() are kept temporarily for backward 660# compatibility. Don't use them in new components. 661record_status () { 662 "$@" 663} 664if_build_succeeded () { 665 "$@" 666} 667 668# '! true' does not trigger the ERR trap. Arrange to trigger it, with 669# a reasonably informative error message (not just "$@"). 670not () { 671 if "$@"; then 672 report_failed_command="! $*" 673 false 674 unset report_failed_command 675 fi 676} 677 678pre_prepare_outcome_file () { 679 case "$MBEDTLS_TEST_OUTCOME_FILE" in 680 [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";; 681 esac 682 if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then 683 rm -f "$MBEDTLS_TEST_OUTCOME_FILE" 684 fi 685} 686 687pre_print_configuration () { 688 if [ $QUIET -eq 1 ]; then 689 return 690 fi 691 692 msg "info: $0 configuration" 693 echo "MEMORY: $MEMORY" 694 echo "FORCE: $FORCE" 695 echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}" 696 echo "SEED: ${SEED-"UNSET"}" 697 echo 698 echo "OPENSSL: $OPENSSL" 699 echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" 700 echo "OPENSSL_NEXT: $OPENSSL_NEXT" 701 echo "GNUTLS_CLI: $GNUTLS_CLI" 702 echo "GNUTLS_SERV: $GNUTLS_SERV" 703 echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" 704 echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" 705 echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR" 706 echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR" 707} 708 709# Make sure the tools we need are available. 710pre_check_tools () { 711 # Build the list of variables to pass to output_env.sh. 712 set env 713 714 case " $RUN_COMPONENTS " in 715 # Require OpenSSL and GnuTLS if running any tests (as opposed to 716 # only doing builds). Not all tests run OpenSSL and GnuTLS, but this 717 # is a good enough approximation in practice. 718 *" test_"*) 719 # To avoid setting OpenSSL and GnuTLS for each call to compat.sh 720 # and ssl-opt.sh, we just export the variables they require. 721 export OPENSSL_CMD="$OPENSSL" 722 export GNUTLS_CLI="$GNUTLS_CLI" 723 export GNUTLS_SERV="$GNUTLS_SERV" 724 # Avoid passing --seed flag in every call to ssl-opt.sh 725 if [ -n "${SEED-}" ]; then 726 export SEED 727 fi 728 set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" 729 set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV" 730 set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" 731 set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" 732 check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ 733 "$GNUTLS_CLI" "$GNUTLS_SERV" \ 734 "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" 735 ;; 736 esac 737 738 case " $RUN_COMPONENTS " in 739 *_doxygen[_\ ]*) check_tools "doxygen" "dot";; 740 esac 741 742 case " $RUN_COMPONENTS " in 743 *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";; 744 esac 745 746 case " $RUN_COMPONENTS " in 747 *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";; 748 esac 749 750 case " $RUN_COMPONENTS " in 751 *" test_zeroize "*) check_tools "gdb";; 752 esac 753 754 case " $RUN_COMPONENTS " in 755 *_armcc*) 756 ARMC5_CC="$ARMC5_BIN_DIR/armcc" 757 ARMC5_AR="$ARMC5_BIN_DIR/armar" 758 ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf" 759 ARMC6_CC="$ARMC6_BIN_DIR/armclang" 760 ARMC6_AR="$ARMC6_BIN_DIR/armar" 761 ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf" 762 check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \ 763 "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";; 764 esac 765 766 # past this point, no call to check_tool, only printing output 767 if [ $QUIET -eq 1 ]; then 768 return 769 fi 770 771 msg "info: output_env.sh" 772 case $RUN_COMPONENTS in 773 *_armcc*) 774 set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;; 775 *) set "$@" RUN_ARMCC=0;; 776 esac 777 "$@" scripts/output_env.sh 778} 779 780pre_generate_files() { 781 # since make doesn't have proper dependencies, remove any possibly outdate 782 # file that might be around before generating fresh ones 783 make neat 784 if [ $QUIET -eq 1 ]; then 785 make generated_files >/dev/null 786 else 787 make generated_files 788 fi 789} 790 791 792 793################################################################ 794#### Basic checks 795################################################################ 796 797# 798# Test Suites to be executed 799# 800# The test ordering tries to optimize for the following criteria: 801# 1. Catch possible problems early, by running first tests that run quickly 802# and/or are more likely to fail than others (eg I use Clang most of the 803# time, so start with a GCC build). 804# 2. Minimize total running time, by avoiding useless rebuilds 805# 806# Indicative running times are given for reference. 807 808component_check_recursion () { 809 msg "Check: recursion.pl" # < 1s 810 tests/scripts/recursion.pl library/*.c 811} 812 813component_check_generated_files () { 814 msg "Check: check-generated-files, files generated with make" # 2s 815 make generated_files 816 tests/scripts/check-generated-files.sh 817 818 msg "Check: check-generated-files -u, files present" # 2s 819 tests/scripts/check-generated-files.sh -u 820 # Check that the generated files are considered up to date. 821 tests/scripts/check-generated-files.sh 822 823 msg "Check: check-generated-files -u, files absent" # 2s 824 command make neat 825 tests/scripts/check-generated-files.sh -u 826 # Check that the generated files are considered up to date. 827 tests/scripts/check-generated-files.sh 828 829 # This component ends with the generated files present in the source tree. 830 # This is necessary for subsequent components! 831} 832 833component_check_doxy_blocks () { 834 msg "Check: doxygen markup outside doxygen blocks" # < 1s 835 tests/scripts/check-doxy-blocks.pl 836} 837 838component_check_files () { 839 msg "Check: file sanity checks (permissions, encodings)" # < 1s 840 tests/scripts/check_files.py 841} 842 843component_check_changelog () { 844 msg "Check: changelog entries" # < 1s 845 rm -f ChangeLog.new 846 scripts/assemble_changelog.py -o ChangeLog.new 847 if [ -e ChangeLog.new ]; then 848 # Show the diff for information. It isn't an error if the diff is 849 # non-empty. 850 diff -u ChangeLog ChangeLog.new || true 851 rm ChangeLog.new 852 fi 853} 854 855component_check_names () { 856 msg "Check: declared and exported names (builds the library)" # < 3s 857 tests/scripts/check_names.py -v 858} 859 860component_check_test_cases () { 861 msg "Check: test case descriptions" # < 1s 862 if [ $QUIET -eq 1 ]; then 863 opt='--quiet' 864 else 865 opt='' 866 fi 867 tests/scripts/check_test_cases.py $opt 868 unset opt 869} 870 871component_check_doxygen_warnings () { 872 msg "Check: doxygen warnings (builds the documentation)" # ~ 3s 873 tests/scripts/doxygen.sh 874} 875 876 877 878################################################################ 879#### Build and test many configurations and targets 880################################################################ 881 882component_test_default_out_of_box () { 883 msg "build: make, default config (out-of-box)" # ~1min 884 make 885 # Disable fancy stuff 886 SAVE_MBEDTLS_TEST_OUTCOME_FILE="$MBEDTLS_TEST_OUTCOME_FILE" 887 unset MBEDTLS_TEST_OUTCOME_FILE 888 889 msg "test: main suites make, default config (out-of-box)" # ~10s 890 make test 891 892 msg "selftest: make, default config (out-of-box)" # ~10s 893 programs/test/selftest 894 895 export MBEDTLS_TEST_OUTCOME_FILE="$SAVE_MBEDTLS_TEST_OUTCOME_FILE" 896 unset SAVE_MBEDTLS_TEST_OUTCOME_FILE 897} 898 899component_test_default_cmake_gcc_asan () { 900 msg "build: cmake, gcc, ASan" # ~ 1 min 50s 901 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 902 make 903 904 msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s 905 make test 906 907 msg "test: selftest (ASan build)" # ~ 10s 908 programs/test/selftest 909 910 msg "test: ssl-opt.sh (ASan build)" # ~ 1 min 911 tests/ssl-opt.sh 912 913 msg "test: compat.sh (ASan build)" # ~ 6 min 914 tests/compat.sh 915 916 msg "test: context-info.sh (ASan build)" # ~ 15 sec 917 tests/context-info.sh 918} 919 920component_test_full_cmake_gcc_asan () { 921 msg "build: full config, cmake, gcc, ASan" 922 scripts/config.py full 923 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 924 make 925 926 msg "test: main suites (inc. selftests) (full config, ASan build)" 927 make test 928 929 msg "test: selftest (ASan build)" # ~ 10s 930 programs/test/selftest 931 932 msg "test: ssl-opt.sh (full config, ASan build)" 933 tests/ssl-opt.sh 934 935 msg "test: compat.sh (full config, ASan build)" 936 tests/compat.sh 937 938 msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec 939 tests/context-info.sh 940} 941 942component_test_psa_crypto_key_id_encodes_owner () { 943 msg "build: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" 944 scripts/config.py full 945 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 946 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 947 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 948 make 949 950 msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" 951 make test 952} 953 954# check_renamed_symbols HEADER LIB 955# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol 956# name is LIB. 957check_renamed_symbols () { 958 ! nm "$2" | sed 's/.* //' | 959 grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")" 960} 961 962component_build_psa_crypto_spm () { 963 msg "build: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc" 964 scripts/config.py full 965 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 966 scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS 967 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 968 scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM 969 # We can only compile, not link, since our test and sample programs 970 # aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM 971 # is active. 972 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib 973 974 # Check that if a symbol is renamed by crypto_spe.h, the non-renamed 975 # version is not present. 976 echo "Checking for renamed symbols in the library" 977 check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a 978} 979 980component_test_psa_crypto_client () { 981 msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make" 982 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C 983 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 984 scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT 985 make 986 987 msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make" 988 make test 989} 990 991component_test_psa_crypto_rsa_no_genprime() { 992 msg "build: default config minus MBEDTLS_GENPRIME" 993 scripts/config.py unset MBEDTLS_GENPRIME 994 make 995 996 msg "test: default config minus MBEDTLS_GENPRIME" 997 make test 998} 999 1000component_test_ref_configs () { 1001 msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s 1002 # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake 1003 # want to re-generate generated files that depend on it, quite correctly. 1004 # However this doesn't work as the generation script expects a specific 1005 # format for mbedtls_config.h, which the other files don't follow. Also, 1006 # cmake can't know this, but re-generation is actually not necessary as 1007 # the generated files only depend on the list of available options, not 1008 # whether they're on or off. So, disable cmake's (over-sensitive here) 1009 # dependency resolution for generated files and just rely on them being 1010 # present (thanks to pre_generate_files) by turning GEN_FILES off. 1011 CC=gcc cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan . 1012 tests/scripts/test-ref-configs.pl 1013} 1014 1015component_test_no_renegotiation () { 1016 msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min 1017 scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION 1018 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1019 make 1020 1021 msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s 1022 make test 1023 1024 msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min 1025 tests/ssl-opt.sh 1026} 1027 1028component_test_no_pem_no_fs () { 1029 msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)" 1030 scripts/config.py unset MBEDTLS_PEM_PARSE_C 1031 scripts/config.py unset MBEDTLS_FS_IO 1032 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem 1033 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS 1034 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1035 make 1036 1037 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s 1038 make test 1039 1040 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min 1041 tests/ssl-opt.sh 1042} 1043 1044component_test_rsa_no_crt () { 1045 msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min 1046 scripts/config.py set MBEDTLS_RSA_NO_CRT 1047 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1048 make 1049 1050 msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s 1051 make test 1052 1053 msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s 1054 tests/ssl-opt.sh -f RSA 1055 1056 msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min 1057 tests/compat.sh -t RSA 1058 1059 msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec 1060 tests/context-info.sh 1061} 1062 1063component_test_no_ctr_drbg_classic () { 1064 msg "build: Full minus CTR_DRBG, classic crypto in TLS" 1065 scripts/config.py full 1066 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1067 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1068 1069 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1070 make 1071 1072 msg "test: Full minus CTR_DRBG, classic crypto - main suites" 1073 make test 1074 1075 # In this configuration, the TLS test programs use HMAC_DRBG. 1076 # The SSL tests are slow, so run a small subset, just enough to get 1077 # confidence that the SSL code copes with HMAC_DRBG. 1078 msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)" 1079 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' 1080 1081 msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)" 1082 tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL 1083} 1084 1085component_test_no_ctr_drbg_use_psa () { 1086 msg "build: Full minus CTR_DRBG, PSA crypto in TLS" 1087 scripts/config.py full 1088 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1089 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1090 1091 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1092 make 1093 1094 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites" 1095 make test 1096 1097 # In this configuration, the TLS test programs use HMAC_DRBG. 1098 # The SSL tests are slow, so run a small subset, just enough to get 1099 # confidence that the SSL code copes with HMAC_DRBG. 1100 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" 1101 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' 1102 1103 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)" 1104 tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL 1105} 1106 1107component_test_no_hmac_drbg_classic () { 1108 msg "build: Full minus HMAC_DRBG, classic crypto in TLS" 1109 scripts/config.py full 1110 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1111 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1112 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1113 1114 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1115 make 1116 1117 msg "test: Full minus HMAC_DRBG, classic crypto - main suites" 1118 make test 1119 1120 # Normally our ECDSA implementation uses deterministic ECDSA. But since 1121 # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used 1122 # instead. 1123 # Test SSL with non-deterministic ECDSA. Only test features that 1124 # might be affected by how ECDSA signature is performed. 1125 msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)" 1126 tests/ssl-opt.sh -f 'Default\|SSL async private: sign' 1127 1128 # To save time, only test one protocol version, since this part of 1129 # the protocol is identical in (D)TLS up to 1.2. 1130 msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)" 1131 tests/compat.sh -m tls1_2 -t 'ECDSA' 1132} 1133 1134component_test_no_hmac_drbg_use_psa () { 1135 msg "build: Full minus HMAC_DRBG, PSA crypto in TLS" 1136 scripts/config.py full 1137 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1138 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1139 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1140 1141 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1142 make 1143 1144 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites" 1145 make test 1146 1147 # Normally our ECDSA implementation uses deterministic ECDSA. But since 1148 # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used 1149 # instead. 1150 # Test SSL with non-deterministic ECDSA. Only test features that 1151 # might be affected by how ECDSA signature is performed. 1152 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" 1153 tests/ssl-opt.sh -f 'Default\|SSL async private: sign' 1154 1155 # To save time, only test one protocol version, since this part of 1156 # the protocol is identical in (D)TLS up to 1.2. 1157 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)" 1158 tests/compat.sh -m tls1_2 -t 'ECDSA' 1159} 1160 1161component_test_psa_external_rng_no_drbg_classic () { 1162 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS" 1163 scripts/config.py full 1164 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1165 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 1166 scripts/config.py unset MBEDTLS_ENTROPY_C 1167 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 1168 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 1169 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1170 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1171 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1172 # When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG, 1173 # the SSL test programs don't have an RNG and can't work. Explicitly 1174 # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG. 1175 make CFLAGS="$ASAN_CFLAGS -O2 -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS" 1176 1177 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites" 1178 make test 1179 1180 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)" 1181 tests/ssl-opt.sh -f 'Default' 1182} 1183 1184component_test_psa_external_rng_no_drbg_use_psa () { 1185 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS" 1186 scripts/config.py full 1187 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 1188 scripts/config.py unset MBEDTLS_ENTROPY_C 1189 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 1190 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 1191 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1192 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 1193 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 1194 make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1195 1196 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" 1197 make test 1198 1199 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)" 1200 tests/ssl-opt.sh -f 'Default\|opaque' 1201} 1202 1203component_test_psa_external_rng_use_psa_crypto () { 1204 msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" 1205 scripts/config.py full 1206 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 1207 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1208 scripts/config.py unset MBEDTLS_CTR_DRBG_C 1209 make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1210 1211 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" 1212 make test 1213 1214 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" 1215 tests/ssl-opt.sh -f 'Default\|opaque' 1216} 1217 1218component_test_everest () { 1219 msg "build: Everest ECDH context (ASan build)" # ~ 6 min 1220 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 1221 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan . 1222 make 1223 1224 msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s 1225 make test 1226 1227 msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s 1228 tests/ssl-opt.sh -f ECDH 1229 1230 msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min 1231 # Exclude some symmetric ciphers that are redundant here to gain time. 1232 tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES' 1233} 1234 1235component_test_everest_curve25519_only () { 1236 msg "build: Everest ECDH context, only Curve25519" # ~ 6 min 1237 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 1238 scripts/config.py unset MBEDTLS_ECDSA_C 1239 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1240 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1241 scripts/config.py unset MBEDTLS_ECJPAKE_C 1242 # Disable all curves 1243 for c in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do 1244 scripts/config.py unset "$c" 1245 done 1246 scripts/config.py set MBEDTLS_ECP_DP_CURVE25519_ENABLED 1247 1248 make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1249 1250 msg "test: Everest ECDH context, only Curve25519" # ~ 50s 1251 make test 1252} 1253 1254component_test_small_ssl_out_content_len () { 1255 msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" 1256 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 1257 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 1258 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1259 make 1260 1261 msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" 1262 tests/ssl-opt.sh -f "Max fragment\|Large packet" 1263} 1264 1265component_test_small_ssl_in_content_len () { 1266 msg "build: small SSL_IN_CONTENT_LEN (ASan build)" 1267 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 4096 1268 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 1269 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1270 make 1271 1272 msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" 1273 tests/ssl-opt.sh -f "Max fragment" 1274} 1275 1276component_test_small_ssl_dtls_max_buffering () { 1277 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" 1278 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 1279 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1280 make 1281 1282 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" 1283 tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" 1284} 1285 1286component_test_small_mbedtls_ssl_dtls_max_buffering () { 1287 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" 1288 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190 1289 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1290 make 1291 1292 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" 1293 tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" 1294} 1295 1296component_test_psa_collect_statuses () { 1297 msg "build+test: psa_collect_statuses" # ~30s 1298 scripts/config.py full 1299 tests/scripts/psa_collect_statuses.py 1300 # Check that psa_crypto_init() succeeded at least once 1301 grep -q '^0:psa_crypto_init:' tests/statuses.log 1302 rm -f tests/statuses.log 1303} 1304 1305component_test_full_cmake_clang () { 1306 msg "build: cmake, full config, clang" # ~ 50s 1307 scripts/config.py full 1308 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On . 1309 make 1310 1311 msg "test: main suites (full config, clang)" # ~ 5s 1312 make test 1313 1314 msg "test: psa_constant_names (full config, clang)" # ~ 1s 1315 tests/scripts/test_psa_constant_names.py 1316 1317 msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s 1318 tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' 1319 1320 msg "test: compat.sh DES, 3DES & NULL (full config)" # ~ 2 min 1321 env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES' 1322 1323 msg "test: compat.sh ARIA + ChachaPoly" 1324 env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' 1325} 1326 1327component_test_memsan_constant_flow () { 1328 # This tests both (1) accesses to undefined memory, and (2) branches or 1329 # memory access depending on secret values. To distinguish between those: 1330 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist? 1331 # - or alternatively, change the build type to MemSanDbg, which enables 1332 # origin tracking and nicer stack traces (which are useful for debugging 1333 # anyway), and check if the origin was TEST_CF_SECRET() or something else. 1334 msg "build: cmake MSan (clang), full config with constant flow testing" 1335 scripts/config.py full 1336 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN 1337 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm 1338 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . 1339 make 1340 1341 msg "test: main suites (Msan + constant flow)" 1342 make test 1343} 1344 1345component_test_valgrind_constant_flow () { 1346 # This tests both (1) everything that valgrind's memcheck usually checks 1347 # (heap buffer overflows, use of uninitialized memory, use-after-free, 1348 # etc.) and (2) branches or memory access depending on secret values, 1349 # which will be reported as uninitialized memory. To distinguish between 1350 # secret and actually uninitialized: 1351 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? 1352 # - or alternatively, build with debug info and manually run the offending 1353 # test suite with valgrind --track-origins=yes, then check if the origin 1354 # was TEST_CF_SECRET() or something else. 1355 msg "build: cmake release GCC, full config with constant flow testing" 1356 scripts/config.py full 1357 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND 1358 cmake -D CMAKE_BUILD_TYPE:String=Release . 1359 make 1360 1361 # this only shows a summary of the results (how many of each type) 1362 # details are left in Testing/<date>/DynamicAnalysis.xml 1363 msg "test: main suites (valgrind + constant flow)" 1364 make memcheck 1365} 1366 1367component_test_default_no_deprecated () { 1368 # Test that removing the deprecated features from the default 1369 # configuration leaves something consistent. 1370 msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s 1371 scripts/config.py set MBEDTLS_DEPRECATED_REMOVED 1372 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1373 1374 msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s 1375 make test 1376} 1377 1378component_test_full_no_deprecated () { 1379 msg "build: make, full_no_deprecated config" # ~ 30s 1380 scripts/config.py full_no_deprecated 1381 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1382 1383 msg "test: make, full_no_deprecated config" # ~ 5s 1384 make test 1385} 1386 1387component_test_full_no_deprecated_deprecated_warning () { 1388 # Test that there is nothing deprecated in "full_no_deprecated". 1389 # A deprecated feature would trigger a warning (made fatal) from 1390 # MBEDTLS_DEPRECATED_WARNING. 1391 msg "build: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 30s 1392 scripts/config.py full_no_deprecated 1393 scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED 1394 scripts/config.py set MBEDTLS_DEPRECATED_WARNING 1395 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1396 1397 msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s 1398 make test 1399} 1400 1401component_test_full_deprecated_warning () { 1402 # Test that when MBEDTLS_DEPRECATED_WARNING is enabled, the build passes 1403 # with only certain whitelisted types of warnings. 1404 msg "build: make, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s 1405 scripts/config.py full 1406 scripts/config.py set MBEDTLS_DEPRECATED_WARNING 1407 # Expect warnings from '#warning' directives in check_config.h. 1408 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs 1409 1410 msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s 1411 # Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features. 1412 # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set. 1413 # Expect warnings from '#warning' directives in check_config.h and 1414 # from the use of deprecated functions in test suites. 1415 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests 1416 1417 msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s 1418 make test 1419} 1420 1421# Check that the specified libraries exist and are empty. 1422are_empty_libraries () { 1423 nm "$@" >/dev/null 2>/dev/null 1424 ! nm "$@" 2>/dev/null | grep -v ':$' | grep . 1425} 1426 1427component_build_crypto_default () { 1428 msg "build: make, crypto only" 1429 scripts/config.py crypto 1430 make CFLAGS='-O1 -Werror' 1431 are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1432} 1433 1434component_build_crypto_full () { 1435 msg "build: make, crypto only, full config" 1436 scripts/config.py crypto_full 1437 make CFLAGS='-O1 -Werror' 1438 are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1439} 1440 1441component_build_crypto_baremetal () { 1442 msg "build: make, crypto only, baremetal config" 1443 scripts/config.py crypto_baremetal 1444 make CFLAGS='-O1 -Werror' 1445 are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1446} 1447 1448component_test_depends_curves () { 1449 msg "test/build: curves.pl (gcc)" # ~ 4 min 1450 tests/scripts/curves.pl 1451} 1452 1453component_test_depends_curves_psa () { 1454 msg "test/build: curves.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" 1455 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1456 tests/scripts/curves.pl 1457} 1458 1459component_test_depends_hashes () { 1460 msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min 1461 tests/scripts/depends-hashes.pl 1462} 1463 1464component_test_depends_hashes_psa () { 1465 msg "test/build: depends-hashes.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" 1466 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1467 tests/scripts/depends-hashes.pl 1468} 1469 1470component_test_depends_pkalgs () { 1471 msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min 1472 tests/scripts/depends-pkalgs.pl 1473} 1474 1475component_test_depends_pkalgs_psa () { 1476 msg "test/build: depends-pkalgs.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" 1477 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1478 tests/scripts/depends-pkalgs.pl 1479} 1480 1481component_build_key_exchanges () { 1482 msg "test/build: key-exchanges (gcc)" # ~ 1 min 1483 tests/scripts/key-exchanges.pl 1484} 1485 1486component_test_make_cxx () { 1487 msg "build: Unix make, full, gcc + g++" 1488 scripts/config.py full 1489 make TEST_CPP=1 lib programs 1490 1491 msg "test: cpp_dummy_build" 1492 programs/test/cpp_dummy_build 1493} 1494 1495component_build_module_alt () { 1496 msg "build: MBEDTLS_XXX_ALT" # ~30s 1497 scripts/config.py full 1498 # Disable options that are incompatible with some ALT implementations. 1499 # aesni.c and padlock.c reference mbedtls_aes_context fields directly. 1500 scripts/config.py unset MBEDTLS_AESNI_C 1501 scripts/config.py unset MBEDTLS_PADLOCK_C 1502 # You can only have one threading implementation: alt or pthread, not both. 1503 scripts/config.py unset MBEDTLS_THREADING_PTHREAD 1504 # The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields 1505 # directly and assumes the implementation works with partial groups. 1506 scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED 1507 # Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable 1508 # MBEDTLS_XXX_YYY_ALT which are for single functions. 1509 scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT' 1510 scripts/config.py unset MBEDTLS_DHM_ALT #incompatible with MBEDTLS_DEBUG_C 1511 # We can only compile, not link, since we don't have any implementations 1512 # suitable for testing with the dummy alt headers. 1513 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib 1514} 1515 1516component_build_dhm_alt () { 1517 msg "build: MBEDTLS_DHM_ALT" # ~30s 1518 scripts/config.py full 1519 scripts/config.py set MBEDTLS_DHM_ALT 1520 # debug.c currently references mbedtls_dhm_context fields directly. 1521 scripts/config.py unset MBEDTLS_DEBUG_C 1522 # We can only compile, not link, since we don't have any implementations 1523 # suitable for testing with the dummy alt headers. 1524 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib 1525} 1526 1527component_test_no_use_psa_crypto_full_cmake_asan() { 1528 # full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh 1529 msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan" 1530 scripts/config.py full 1531 scripts/config.py set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC 1532 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C 1533 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1534 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C 1535 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 1536 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 1537 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1538 make 1539 1540 msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)" 1541 make test 1542 1543 msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)" 1544 tests/ssl-opt.sh 1545 1546 msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)" 1547 tests/compat.sh 1548 1549 msg "test: compat.sh DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)" 1550 env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES' 1551 1552 msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)" 1553 env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' 1554} 1555 1556component_test_psa_crypto_config_basic() { 1557 # Test the library excluding all Mbed TLS cryptographic support for which 1558 # we have an accelerator support. Acceleration is faked with the 1559 # transparent test driver. 1560 msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG + as much acceleration as supported" 1561 scripts/config.py full 1562 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1563 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1564 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1565 1566 # There is no intended accelerator support for ALG STREAM_CIPHER and 1567 # ALG_ECB_NO_PADDING. Therefore, asking for them in the build implies the 1568 # inclusion of the Mbed TLS cipher operations. As we want to test here with 1569 # cipher operations solely supported by accelerators, disabled those 1570 # PSA configuration options. 1571 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER 1572 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING 1573 1574 # Don't test DES encryption as: 1575 # 1) It is not an issue if we don't test all cipher types here. 1576 # 2) That way we don't have to modify in psa_crypto.c the compilation 1577 # guards MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES for the code they guard to be 1578 # available to the test driver. Modifications that we would need to 1579 # revert when we move to compile the test driver separately. 1580 # We also disable MBEDTLS_DES_C as the dependencies on DES in PSA test 1581 # suites are still based on MBEDTLS_DES_C and not PSA_WANT_KEY_TYPE_DES. 1582 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DES 1583 scripts/config.py unset MBEDTLS_DES_C 1584 1585 loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL" 1586 loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" 1587 loc_cflags="${loc_cflags} -I../tests/include -O2" 1588 1589 make CC=gcc CFLAGS="$loc_cflags" LDFLAGS="$ASAN_CFLAGS" 1590 unset loc_cflags 1591 1592 msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG" 1593 make test 1594} 1595 1596component_test_psa_crypto_config_no_driver() { 1597 # full plus MBEDTLS_PSA_CRYPTO_CONFIG 1598 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" 1599 scripts/config.py full 1600 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1601 scripts/config.py unset MBEDTLS_PSA_CRYPTO_DRIVERS 1602 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1603 make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1604 1605 msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" 1606 make test 1607} 1608 1609component_test_psa_crypto_config_chachapoly_disabled() { 1610 # full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305 1611 msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305" 1612 scripts/config.py full 1613 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 1614 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_GCM 1615 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CHACHA20_POLY1305 1616 make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1617 1618 msg "test: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305" 1619 make test 1620} 1621 1622# This should be renamed to test and updated once the accelerator ECDSA code is in place and ready to test. 1623component_build_psa_accel_alg_ecdsa() { 1624 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA 1625 # without MBEDTLS_ECDSA_C 1626 # PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_DETERMINISTIC_ECDSA are already 1627 # set in include/psa/crypto_config.h 1628 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDSA without MBEDTLS_ECDSA_C" 1629 scripts/config.py full 1630 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1631 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1632 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1633 scripts/config.py unset MBEDTLS_ECDSA_C 1634 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1635 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1636 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1637 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDSA -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1638} 1639 1640# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test. 1641component_build_psa_accel_alg_ecdh() { 1642 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH 1643 # without MBEDTLS_ECDH_C 1644 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C" 1645 scripts/config.py full 1646 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1647 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1648 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1649 scripts/config.py unset MBEDTLS_ECDH_C 1650 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 1651 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1652 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1653 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 1654 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 1655 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1656 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1657} 1658 1659# This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test. 1660component_build_psa_accel_key_type_ecc_key_pair() { 1661 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1662 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR" 1663 scripts/config.py full 1664 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1665 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1666 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1667 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 1668 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 1669 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1670 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1671} 1672 1673# This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test. 1674component_build_psa_accel_key_type_ecc_public_key() { 1675 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1676 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY" 1677 scripts/config.py full 1678 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1679 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1680 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1681 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 1682 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1683 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1684 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1685} 1686 1687# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. 1688component_build_psa_accel_alg_hmac() { 1689 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC 1690 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC" 1691 scripts/config.py full 1692 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1693 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1694 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1695 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1696 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1697} 1698 1699# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. 1700component_build_psa_accel_alg_hkdf() { 1701 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HKDF 1702 # without MBEDTLS_HKDF_C 1703 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C" 1704 scripts/config.py full 1705 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1706 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1707 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1708 scripts/config.py unset MBEDTLS_HKDF_C 1709 # Make sure to unset TLS1_3_EXPERIMENTAL since it requires HKDF_C and will not build properly without it. 1710 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL 1711 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1712 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1713} 1714 1715# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test. 1716component_build_psa_accel_alg_md5() { 1717 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD5 without other hashes 1718 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD5 - other hashes" 1719 scripts/config.py full 1720 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1721 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1722 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1723 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1724 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1725 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1726 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1727 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1728 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1729 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1730 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1731} 1732 1733# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test. 1734component_build_psa_accel_alg_ripemd160() { 1735 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RIPEMD160 without other hashes 1736 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RIPEMD160 - other hashes" 1737 scripts/config.py full 1738 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1739 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1740 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1741 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1742 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1743 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1744 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1745 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1746 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1747 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1748 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1749} 1750 1751# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test. 1752component_build_psa_accel_alg_sha1() { 1753 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_1 without other hashes 1754 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_1 - other hashes" 1755 scripts/config.py full 1756 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1757 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1758 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1759 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1760 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1761 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1762 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1763 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1764 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1765 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1766 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1767} 1768 1769# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test. 1770component_build_psa_accel_alg_sha224() { 1771 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_224 without other hashes 1772 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_224 - other hashes" 1773 scripts/config.py full 1774 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1775 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1776 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1777 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1778 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1779 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1780 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1781 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1782 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1783 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1784} 1785 1786# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test. 1787component_build_psa_accel_alg_sha256() { 1788 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_256 without other hashes 1789 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_256 - other hashes" 1790 scripts/config.py full 1791 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1792 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1793 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1794 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1795 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1796 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1797 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1798 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1799 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1800 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1801 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1802} 1803 1804# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test. 1805component_build_psa_accel_alg_sha384() { 1806 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_384 without other hashes 1807 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_384 - other hashes" 1808 scripts/config.py full 1809 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1810 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1811 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1812 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1813 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1814 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1815 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1816 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1817 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1818 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1819} 1820 1821# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test. 1822component_build_psa_accel_alg_sha512() { 1823 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_512 without other hashes 1824 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_512 - other hashes" 1825 scripts/config.py full 1826 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1827 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1828 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1829 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1830 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1831 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1832 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1833 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1834 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1835 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1836 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1837} 1838 1839# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 1840component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { 1841 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1842 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 1843 scripts/config.py full 1844 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1845 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1846 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1847 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 1848 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1849 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 1850 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 1851 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1852 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1853} 1854 1855# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 1856component_build_psa_accel_alg_rsa_pkcs1v15_sign() { 1857 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_SIGN and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1858 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 1859 scripts/config.py full 1860 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1861 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1862 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1863 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 1864 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1865 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 1866 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 1867 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1868 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1869} 1870 1871# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 1872component_build_psa_accel_alg_rsa_oaep() { 1873 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_OAEP and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1874 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 1875 scripts/config.py full 1876 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1877 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1878 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1879 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_OAEP 1 1880 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1881 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1882 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 1883 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1884 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1885} 1886 1887# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 1888component_build_psa_accel_alg_rsa_pss() { 1889 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PSS and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1890 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 1891 scripts/config.py full 1892 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1893 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1894 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1895 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 1896 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1897 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1898 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 1899 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1900 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1901} 1902 1903# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 1904component_build_psa_accel_key_type_rsa_key_pair() { 1905 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR and PSA_WANT_ALG_RSA_PSS 1906 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR + PSA_WANT_ALG_RSA_PSS" 1907 scripts/config.py full 1908 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1909 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1910 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1911 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 1912 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 1913 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1914 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1915} 1916 1917# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 1918component_build_psa_accel_key_type_rsa_public_key() { 1919 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY and PSA_WANT_ALG_RSA_PSS 1920 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS" 1921 scripts/config.py full 1922 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1923 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1924 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1925 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 1926 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 1927 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1928 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1929} 1930 1931component_test_no_platform () { 1932 # Full configuration build, without platform support, file IO and net sockets. 1933 # This should catch missing mbedtls_printf definitions, and by disabling file 1934 # IO, it should catch missing '#include <stdio.h>' 1935 msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s 1936 scripts/config.py full 1937 scripts/config.py unset MBEDTLS_PLATFORM_C 1938 scripts/config.py unset MBEDTLS_NET_C 1939 scripts/config.py unset MBEDTLS_PLATFORM_MEMORY 1940 scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT 1941 scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT 1942 scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT 1943 scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT 1944 scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT 1945 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 1946 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 1947 scripts/config.py unset MBEDTLS_FS_IO 1948 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 1949 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 1950 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C 1951 # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, 1952 # to re-enable platform integration features otherwise disabled in C99 builds 1953 make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs 1954 make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test 1955} 1956 1957component_build_no_std_function () { 1958 # catch compile bugs in _uninit functions 1959 msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s 1960 scripts/config.py full 1961 scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 1962 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 1963 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 1964 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check . 1965 make 1966} 1967 1968component_build_no_ssl_srv () { 1969 msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s 1970 scripts/config.py full 1971 scripts/config.py unset MBEDTLS_SSL_SRV_C 1972 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' 1973} 1974 1975component_build_no_ssl_cli () { 1976 msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s 1977 scripts/config.py full 1978 scripts/config.py unset MBEDTLS_SSL_CLI_C 1979 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' 1980} 1981 1982component_build_no_sockets () { 1983 # Note, C99 compliance can also be tested with the sockets support disabled, 1984 # as that requires a POSIX platform (which isn't the same as C99). 1985 msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s 1986 scripts/config.py full 1987 scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. 1988 scripts/config.py set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux 1989 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib 1990} 1991 1992component_test_memory_buffer_allocator_backtrace () { 1993 msg "build: default config with memory buffer allocator and backtrace enabled" 1994 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 1995 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 1996 scripts/config.py set MBEDTLS_MEMORY_BACKTRACE 1997 scripts/config.py set MBEDTLS_MEMORY_DEBUG 1998 CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . 1999 make 2000 2001 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE" 2002 make test 2003} 2004 2005component_test_memory_buffer_allocator () { 2006 msg "build: default config with memory buffer allocator" 2007 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 2008 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 2009 CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . 2010 make 2011 2012 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C" 2013 make test 2014 2015 msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C" 2016 # MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out. 2017 tests/ssl-opt.sh -e '^DTLS proxy' 2018} 2019 2020component_test_no_max_fragment_length () { 2021 # Run max fragment length tests with MFL disabled 2022 msg "build: default config except MFL extension (ASan build)" # ~ 30s 2023 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2024 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2025 make 2026 2027 msg "test: ssl-opt.sh, MFL-related tests" 2028 tests/ssl-opt.sh -f "Max fragment length" 2029} 2030 2031component_test_asan_remove_peer_certificate () { 2032 msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)" 2033 scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 2034 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2035 make 2036 2037 msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 2038 make test 2039 2040 msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 2041 tests/ssl-opt.sh 2042 2043 msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 2044 tests/compat.sh 2045 2046 msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 2047 tests/context-info.sh 2048} 2049 2050component_test_no_max_fragment_length_small_ssl_out_content_len () { 2051 msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" 2052 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2053 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 2054 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 2055 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2056 make 2057 2058 msg "test: MFL tests (disabled MFL extension case) & large packet tests" 2059 tests/ssl-opt.sh -f "Max fragment length\|Large buffer" 2060 2061 msg "test: context-info.sh (disabled MFL extension case)" 2062 tests/context-info.sh 2063} 2064 2065component_test_variable_ssl_in_out_buffer_len () { 2066 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)" 2067 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 2068 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2069 make 2070 2071 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 2072 make test 2073 2074 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 2075 tests/ssl-opt.sh 2076 2077 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 2078 tests/compat.sh 2079} 2080 2081component_test_variable_ssl_in_out_buffer_len_CID () { 2082 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled (ASan build)" 2083 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 2084 scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID 2085 2086 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2087 make 2088 2089 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID" 2090 make test 2091 2092 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled" 2093 tests/ssl-opt.sh 2094 2095 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled" 2096 tests/compat.sh 2097} 2098 2099component_test_CID_no_debug() { 2100 msg "build: Connection ID enabled, debug disabled" 2101 scripts/config.py unset MBEDTLS_DEBUG_C 2102 scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID 2103 2104 CC=gcc cmake . 2105 make 2106 2107 msg "test: Connection ID enabled, debug disabled" 2108 make test 2109} 2110 2111component_test_ssl_alloc_buffer_and_mfl () { 2112 msg "build: default config with memory buffer allocator and MFL extension" 2113 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 2114 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 2115 scripts/config.py set MBEDTLS_MEMORY_DEBUG 2116 scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2117 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 2118 CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . 2119 make 2120 2121 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 2122 make test 2123 2124 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 2125 tests/ssl-opt.sh -f "Handshake memory usage" 2126} 2127 2128component_test_when_no_ciphersuites_have_mac () { 2129 msg "build: when no ciphersuites have MAC" 2130 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 2131 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC 2132 scripts/config.py unset MBEDTLS_CMAC_C 2133 make 2134 2135 msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC" 2136 make test 2137 2138 msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC" 2139 tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM' 2140} 2141 2142component_test_no_date_time () { 2143 msg "build: default config without MBEDTLS_HAVE_TIME_DATE" 2144 scripts/config.py unset MBEDTLS_HAVE_TIME_DATE 2145 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check . 2146 make 2147 2148 msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites" 2149 make test 2150} 2151 2152component_test_platform_calloc_macro () { 2153 msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" 2154 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 2155 scripts/config.py set MBEDTLS_PLATFORM_CALLOC_MACRO calloc 2156 scripts/config.py set MBEDTLS_PLATFORM_FREE_MACRO free 2157 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2158 make 2159 2160 msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" 2161 make test 2162} 2163 2164component_test_malloc_0_null () { 2165 msg "build: malloc(0) returns NULL (ASan+UBSan build)" 2166 scripts/config.py full 2167 make CC=gcc CFLAGS="'-DMBEDTLS_CONFIG_FILE=\"$PWD/tests/configs/config-wrapper-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS" 2168 2169 msg "test: malloc(0) returns NULL (ASan+UBSan build)" 2170 make test 2171 2172 msg "selftest: malloc(0) returns NULL (ASan+UBSan build)" 2173 # Just the calloc selftest. "make test" ran the others as part of the 2174 # test suites. 2175 programs/test/selftest calloc 2176 2177 msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)" 2178 # Run a subset of the tests. The choice is a balance between coverage 2179 # and time (including time indirectly wasted due to flaky tests). 2180 # The current choice is to skip tests whose description includes 2181 # "proxy", which is an approximation of skipping tests that use the 2182 # UDP proxy, which tend to be slower and flakier. 2183 tests/ssl-opt.sh -e 'proxy' 2184} 2185 2186component_test_aes_fewer_tables () { 2187 msg "build: default config with AES_FEWER_TABLES enabled" 2188 scripts/config.py set MBEDTLS_AES_FEWER_TABLES 2189 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 2190 2191 msg "test: AES_FEWER_TABLES" 2192 make test 2193} 2194 2195component_test_aes_rom_tables () { 2196 msg "build: default config with AES_ROM_TABLES enabled" 2197 scripts/config.py set MBEDTLS_AES_ROM_TABLES 2198 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 2199 2200 msg "test: AES_ROM_TABLES" 2201 make test 2202} 2203 2204component_test_aes_fewer_tables_and_rom_tables () { 2205 msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" 2206 scripts/config.py set MBEDTLS_AES_FEWER_TABLES 2207 scripts/config.py set MBEDTLS_AES_ROM_TABLES 2208 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 2209 2210 msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" 2211 make test 2212} 2213 2214component_test_ctr_drbg_aes_256_sha_256 () { 2215 msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2216 scripts/config.py full 2217 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 2218 scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 2219 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2220 make 2221 2222 msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2223 make test 2224} 2225 2226component_test_ctr_drbg_aes_128_sha_512 () { 2227 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" 2228 scripts/config.py full 2229 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 2230 scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY 2231 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2232 make 2233 2234 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" 2235 make test 2236} 2237 2238component_test_ctr_drbg_aes_128_sha_256 () { 2239 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2240 scripts/config.py full 2241 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 2242 scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY 2243 scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 2244 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2245 make 2246 2247 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2248 make test 2249} 2250 2251component_test_se_default () { 2252 msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C" 2253 scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C 2254 make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" 2255 2256 msg "test: default config + MBEDTLS_PSA_CRYPTO_SE_C" 2257 make test 2258} 2259 2260component_test_psa_crypto_drivers () { 2261 msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks" 2262 scripts/config.py full 2263 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2264 scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS 2265 loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL" 2266 loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" 2267 loc_cflags="${loc_cflags} -I../tests/include -O2" 2268 2269 make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" 2270 unset loc_cflags 2271 2272 msg "test: full + MBEDTLS_PSA_CRYPTO_DRIVERS" 2273 make test 2274} 2275 2276component_test_make_shared () { 2277 msg "build/test: make shared" # ~ 40s 2278 make SHARED=1 all check 2279 ldd programs/util/strerror | grep libmbedcrypto 2280} 2281 2282component_test_cmake_shared () { 2283 msg "build/test: cmake shared" # ~ 2min 2284 cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On . 2285 make 2286 ldd programs/util/strerror | grep libmbedcrypto 2287 make test 2288} 2289 2290test_build_opt () { 2291 info=$1 cc=$2; shift 2 2292 for opt in "$@"; do 2293 msg "build/test: $cc $opt, $info" # ~ 30s 2294 make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" 2295 # We're confident enough in compilers to not run _all_ the tests, 2296 # but at least run the unit tests. In particular, runs with 2297 # optimizations use inline assembly whereas runs with -O0 2298 # skip inline assembly. 2299 make test # ~30s 2300 make clean 2301 done 2302} 2303 2304component_test_clang_opt () { 2305 scripts/config.py full 2306 test_build_opt 'full config' clang -O0 -Os -O2 2307} 2308 2309component_test_gcc_opt () { 2310 scripts/config.py full 2311 test_build_opt 'full config' gcc -O0 -Os -O2 2312} 2313 2314component_build_mbedtls_config_file () { 2315 msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s 2316 # Use the full config so as to catch a maximum of places where 2317 # the check of MBEDTLS_CONFIG_FILE might be missing. 2318 scripts/config.py full 2319 sed 's!"check_config.h"!"mbedtls/check_config.h"!' <"$CONFIG_H" >full_config.h 2320 echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H" 2321 make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" 2322 rm -f full_config.h 2323} 2324 2325component_test_m32_o0 () { 2326 # Build without optimization, so as to use portable C code (in a 32-bit 2327 # build) and not the i386-specific inline assembly. 2328 msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s 2329 scripts/config.py full 2330 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS" 2331 2332 msg "test: i386, make, gcc -O0 (ASan build)" 2333 make test 2334} 2335support_test_m32_o0 () { 2336 case $(uname -m) in 2337 *64*) true;; 2338 *) false;; 2339 esac 2340} 2341 2342component_test_m32_o2 () { 2343 # Build with optimization, to use the i386 specific inline assembly 2344 # and go faster for tests. 2345 msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s 2346 scripts/config.py full 2347 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS" 2348 2349 msg "test: i386, make, gcc -O2 (ASan build)" 2350 make test 2351 2352 msg "test ssl-opt.sh, i386, make, gcc-O2" 2353 tests/ssl-opt.sh 2354} 2355support_test_m32_o2 () { 2356 support_test_m32_o0 "$@" 2357} 2358 2359component_test_m32_everest () { 2360 msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min 2361 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 2362 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS" 2363 2364 msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s 2365 make test 2366 2367 msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s 2368 tests/ssl-opt.sh -f ECDH 2369 2370 msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min 2371 # Exclude some symmetric ciphers that are redundant here to gain time. 2372 tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES' 2373} 2374support_test_m32_everest () { 2375 support_test_m32_o0 "$@" 2376} 2377 2378component_test_mx32 () { 2379 msg "build: 64-bit ILP32, make, gcc" # ~ 30s 2380 scripts/config.py full 2381 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' 2382 2383 msg "test: 64-bit ILP32, make, gcc" 2384 make test 2385} 2386support_test_mx32 () { 2387 case $(uname -m) in 2388 amd64|x86_64) true;; 2389 *) false;; 2390 esac 2391} 2392 2393component_test_min_mpi_window_size () { 2394 msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s 2395 scripts/config.py set MBEDTLS_MPI_WINDOW_SIZE 1 2396 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2397 make 2398 2399 msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s 2400 make test 2401} 2402 2403component_test_have_int32 () { 2404 msg "build: gcc, force 32-bit bignum limbs" 2405 scripts/config.py unset MBEDTLS_HAVE_ASM 2406 scripts/config.py unset MBEDTLS_AESNI_C 2407 scripts/config.py unset MBEDTLS_PADLOCK_C 2408 make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' 2409 2410 msg "test: gcc, force 32-bit bignum limbs" 2411 make test 2412} 2413 2414component_test_have_int64 () { 2415 msg "build: gcc, force 64-bit bignum limbs" 2416 scripts/config.py unset MBEDTLS_HAVE_ASM 2417 scripts/config.py unset MBEDTLS_AESNI_C 2418 scripts/config.py unset MBEDTLS_PADLOCK_C 2419 make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' 2420 2421 msg "test: gcc, force 64-bit bignum limbs" 2422 make test 2423} 2424 2425component_test_no_udbl_division () { 2426 msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s 2427 scripts/config.py full 2428 scripts/config.py set MBEDTLS_NO_UDBL_DIVISION 2429 make CFLAGS='-Werror -O1' 2430 2431 msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s 2432 make test 2433} 2434 2435component_test_no_64bit_multiplication () { 2436 msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s 2437 scripts/config.py full 2438 scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION 2439 make CFLAGS='-Werror -O1' 2440 2441 msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s 2442 make test 2443} 2444 2445component_test_no_strings () { 2446 msg "build: no strings" # ~10s 2447 scripts/config.py full 2448 # Disable options that activate a large amount of string constants. 2449 scripts/config.py unset MBEDTLS_DEBUG_C 2450 scripts/config.py unset MBEDTLS_ERROR_C 2451 scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY 2452 scripts/config.py unset MBEDTLS_VERSION_FEATURES 2453 make CFLAGS='-Werror -Os' 2454 2455 msg "test: no strings" # ~ 10s 2456 make test 2457} 2458 2459component_test_no_x509_info () { 2460 msg "build: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s 2461 scripts/config.pl full 2462 scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests 2463 scripts/config.pl set MBEDTLS_X509_REMOVE_INFO 2464 make CFLAGS='-Werror -O2' 2465 2466 msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s 2467 make test 2468 2469 msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_INFO" # ~ 1 min 2470 tests/ssl-opt.sh 2471} 2472 2473component_build_arm_none_eabi_gcc () { 2474 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s 2475 scripts/config.py baremetal 2476 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib 2477 2478 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" 2479 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 2480} 2481 2482component_build_arm_linux_gnueabi_gcc_arm5vte () { 2483 msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s 2484 scripts/config.py baremetal 2485 # Build for a target platform that's close to what Debian uses 2486 # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). 2487 # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments. 2488 # Build everything including programs, see for example 2489 # https://github.com/ARMmbed/mbedtls/pull/3449#issuecomment-675313720 2490 make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' 2491 2492 msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1" 2493 ${ARM_LINUX_GNUEABI_GCC_PREFIX}size library/*.o 2494} 2495support_build_arm_linux_gnueabi_gcc_arm5vte () { 2496 type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1 2497} 2498 2499component_build_arm_none_eabi_gcc_arm5vte () { 2500 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s 2501 scripts/config.py baremetal 2502 # This is an imperfect substitute for 2503 # component_build_arm_linux_gnueabi_gcc_arm5vte 2504 # in case the gcc-arm-linux-gnueabi toolchain is not available 2505 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib 2506 2507 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1" 2508 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 2509} 2510 2511component_build_arm_none_eabi_gcc_m0plus () { 2512 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s 2513 scripts/config.py baremetal 2514 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib 2515 2516 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os" 2517 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 2518} 2519 2520component_build_arm_none_eabi_gcc_no_udbl_division () { 2521 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s 2522 scripts/config.py baremetal 2523 scripts/config.py set MBEDTLS_NO_UDBL_DIVISION 2524 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib 2525 echo "Checking that software 64-bit division is not required" 2526 not grep __aeabi_uldiv library/*.o 2527} 2528 2529component_build_arm_none_eabi_gcc_no_64bit_multiplication () { 2530 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s 2531 scripts/config.py baremetal 2532 scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION 2533 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib 2534 echo "Checking that software 64-bit multiplication is not required" 2535 not grep __aeabi_lmul library/*.o 2536} 2537 2538component_build_armcc () { 2539 msg "build: ARM Compiler 5" 2540 scripts/config.py baremetal 2541 make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib 2542 2543 msg "size: ARM Compiler 5" 2544 "$ARMC5_FROMELF" -z library/*.o 2545 2546 make clean 2547 2548 # ARM Compiler 6 - Target ARMv7-A 2549 armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" 2550 2551 # ARM Compiler 6 - Target ARMv7-M 2552 armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" 2553 2554 # ARM Compiler 6 - Target ARMv8-A - AArch32 2555 armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" 2556 2557 # ARM Compiler 6 - Target ARMv8-M 2558 armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" 2559 2560 # ARM Compiler 6 - Target ARMv8-A - AArch64 2561 armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" 2562} 2563 2564component_test_tls13_experimental () { 2565 msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding" 2566 scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL 2567 scripts/config.pl set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 2568 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2569 make 2570 msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding" 2571 make test 2572 msg "ssl-opt.sh (TLS 1.3 experimental)" 2573 if_build_succeeded tests/ssl-opt.sh 2574} 2575 2576component_test_tls13_experimental_with_padding () { 2577 msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding" 2578 scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL 2579 scripts/config.pl set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 2580 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2581 make 2582 msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding" 2583 make test 2584 msg "ssl-opt.sh (TLS 1.3 experimental)" 2585 if_build_succeeded tests/ssl-opt.sh 2586} 2587 2588component_test_tls13_experimental_with_ecp_restartable () { 2589 msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with ecp_restartable" 2590 scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL 2591 scripts/config.py set MBEDTLS_ECP_RESTARTABLE 2592 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2593 make 2594 msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with ecp_restartable" 2595 make test 2596 msg "ssl-opt.sh (TLS 1.3 experimental)" 2597 if_build_succeeded tests/ssl-opt.sh 2598} 2599 2600component_test_tls13_experimental_with_everest () { 2601 msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with Everest" 2602 scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL 2603 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 2604 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE 2605 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2606 make 2607 msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with Everest" 2608 make test 2609 msg "ssl-opt.sh (TLS 1.3 experimental)" 2610 if_build_succeeded tests/ssl-opt.sh 2611} 2612 2613component_build_mingw () { 2614 msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s 2615 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs 2616 2617 # note Make tests only builds the tests, but doesn't run them 2618 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests 2619 make WINDOWS_BUILD=1 clean 2620 2621 msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s 2622 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs 2623 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests 2624 make WINDOWS_BUILD=1 clean 2625} 2626support_build_mingw() { 2627 case $(i686-w64-mingw32-gcc -dumpversion) in 2628 [0-5]*) false;; 2629 *) true;; 2630 esac 2631} 2632 2633component_test_memsan () { 2634 msg "build: MSan (clang)" # ~ 1 min 20s 2635 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm 2636 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . 2637 make 2638 2639 msg "test: main suites (MSan)" # ~ 10s 2640 make test 2641 2642 msg "test: ssl-opt.sh (MSan)" # ~ 1 min 2643 tests/ssl-opt.sh 2644 2645 # Optional part(s) 2646 2647 if [ "$MEMORY" -gt 0 ]; then 2648 msg "test: compat.sh (MSan)" # ~ 6 min 20s 2649 tests/compat.sh 2650 fi 2651} 2652 2653component_test_valgrind () { 2654 msg "build: Release (clang)" 2655 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . 2656 make 2657 2658 msg "test: main suites valgrind (Release)" 2659 make memcheck 2660 2661 # Optional parts (slow; currently broken on OS X because programs don't 2662 # seem to receive signals under valgrind on OS X). 2663 if [ "$MEMORY" -gt 0 ]; then 2664 msg "test: ssl-opt.sh --memcheck (Release)" 2665 tests/ssl-opt.sh --memcheck 2666 fi 2667 2668 if [ "$MEMORY" -gt 1 ]; then 2669 msg "test: compat.sh --memcheck (Release)" 2670 tests/compat.sh --memcheck 2671 fi 2672 2673 if [ "$MEMORY" -gt 0 ]; then 2674 msg "test: context-info.sh --memcheck (Release)" 2675 tests/context-info.sh --memcheck 2676 fi 2677} 2678 2679component_test_cmake_out_of_source () { 2680 msg "build: cmake 'out-of-source' build" 2681 MBEDTLS_ROOT_DIR="$PWD" 2682 mkdir "$OUT_OF_SOURCE_DIR" 2683 cd "$OUT_OF_SOURCE_DIR" 2684 cmake -D CMAKE_BUILD_TYPE:String=Check "$MBEDTLS_ROOT_DIR" 2685 make 2686 2687 msg "test: cmake 'out-of-source' build" 2688 make test 2689 # Test an SSL option that requires an auxiliary script in test/scripts/. 2690 # Also ensure that there are no error messages such as 2691 # "No such file or directory", which would indicate that some required 2692 # file is missing (ssl-opt.sh tolerates the absence of some files so 2693 # may exit with status 0 but emit errors). 2694 ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err 2695 cat ssl-opt.err >&2 2696 # If ssl-opt.err is non-empty, record an error and keep going. 2697 [ ! -s ssl-opt.err ] 2698 rm ssl-opt.err 2699 cd "$MBEDTLS_ROOT_DIR" 2700 rm -rf "$OUT_OF_SOURCE_DIR" 2701} 2702 2703component_test_cmake_as_subdirectory () { 2704 msg "build: cmake 'as-subdirectory' build" 2705 MBEDTLS_ROOT_DIR="$PWD" 2706 2707 cd programs/test/cmake_subproject 2708 cmake . 2709 make 2710 ./cmake_subproject 2711 2712 cd "$MBEDTLS_ROOT_DIR" 2713 unset MBEDTLS_ROOT_DIR 2714} 2715 2716component_test_cmake_as_package () { 2717 msg "build: cmake 'as-package' build" 2718 MBEDTLS_ROOT_DIR="$PWD" 2719 2720 cd programs/test/cmake_package 2721 cmake . 2722 make 2723 ./cmake_package 2724 2725 cd "$MBEDTLS_ROOT_DIR" 2726 unset MBEDTLS_ROOT_DIR 2727} 2728 2729component_test_cmake_as_package_install () { 2730 msg "build: cmake 'as-installed-package' build" 2731 MBEDTLS_ROOT_DIR="$PWD" 2732 2733 cd programs/test/cmake_package_install 2734 cmake . 2735 make 2736 ./cmake_package_install 2737 2738 cd "$MBEDTLS_ROOT_DIR" 2739 unset MBEDTLS_ROOT_DIR 2740} 2741 2742component_test_zeroize () { 2743 # Test that the function mbedtls_platform_zeroize() is not optimized away by 2744 # different combinations of compilers and optimization flags by using an 2745 # auxiliary GDB script. Unfortunately, GDB does not return error values to the 2746 # system in all cases that the script fails, so we must manually search the 2747 # output to check whether the pass string is present and no failure strings 2748 # were printed. 2749 2750 # Don't try to disable ASLR. We don't care about ASLR here. We do care 2751 # about a spurious message if Gdb tries and fails, so suppress that. 2752 gdb_disable_aslr= 2753 if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then 2754 gdb_disable_aslr='set disable-randomization off' 2755 fi 2756 2757 for optimization_flag in -O2 -O3 -Ofast -Os; do 2758 for compiler in clang gcc; do 2759 msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" 2760 make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" 2761 gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log 2762 grep "The buffer was correctly zeroized" test_zeroize.log 2763 not grep -i "error" test_zeroize.log 2764 rm -f test_zeroize.log 2765 make clean 2766 done 2767 done 2768 2769 unset gdb_disable_aslr 2770} 2771 2772component_check_python_files () { 2773 msg "Lint: Python scripts" 2774 tests/scripts/check-python-files.sh 2775} 2776 2777component_check_test_helpers () { 2778 msg "unit test: generate_test_code.py" 2779 # unittest writes out mundane stuff like number or tests run on stderr. 2780 # Our convention is to reserve stderr for actual errors, and write 2781 # harmless info on stdout so it can be suppress with --quiet. 2782 ./tests/scripts/test_generate_test_code.py 2>&1 2783 2784 msg "unit test: translate_ciphers.py" 2785 python3 -m unittest tests/scripts/translate_ciphers.py 2>&1 2786} 2787 2788################################################################ 2789#### Termination 2790################################################################ 2791 2792post_report () { 2793 msg "Done, cleaning up" 2794 final_cleanup 2795 2796 final_report 2797} 2798 2799 2800 2801################################################################ 2802#### Run all the things 2803################################################################ 2804 2805# Function invoked by --error-test to test error reporting. 2806pseudo_component_error_test () { 2807 msg "Testing error reporting $error_test_i" 2808 if [ $KEEP_GOING -ne 0 ]; then 2809 echo "Expect three failing commands." 2810 fi 2811 # If the component doesn't run in a subshell, changing error_test_i to an 2812 # invalid integer will cause an error in the loop that runs this function. 2813 error_test_i=this_should_not_be_used_since_the_component_runs_in_a_subshell 2814 # Expected error: 'grep non_existent /dev/null -> 1' 2815 grep non_existent /dev/null 2816 # Expected error: '! grep -q . tests/scripts/all.sh -> 1' 2817 not grep -q . "$0" 2818 # Expected error: 'make unknown_target -> 2' 2819 make unknown_target 2820 false "this should not be executed" 2821} 2822 2823# Run one component and clean up afterwards. 2824run_component () { 2825 current_component="$1" 2826 export MBEDTLS_TEST_CONFIGURATION="$current_component" 2827 2828 # Unconditionally create a seedfile that's sufficiently long. 2829 # Do this before each component, because a previous component may 2830 # have messed it up or shortened it. 2831 local dd_cmd 2832 dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1) 2833 case $OSTYPE in 2834 linux*|freebsd*|openbsd*|darwin*) dd_cmd+=(status=none) 2835 esac 2836 "${dd_cmd[@]}" 2837 2838 # Run the component in a subshell, with error trapping and output 2839 # redirection set up based on the relevant options. 2840 if [ $KEEP_GOING -eq 1 ]; then 2841 # We want to keep running if the subshell fails, so 'set -e' must 2842 # be off when the subshell runs. 2843 set +e 2844 fi 2845 ( 2846 if [ $QUIET -eq 1 ]; then 2847 # msg() will be silenced, so just print the component name here. 2848 echo "${current_component#component_}" 2849 exec >/dev/null 2850 fi 2851 if [ $KEEP_GOING -eq 1 ]; then 2852 # Keep "set -e" off, and run an ERR trap instead to record failures. 2853 set -E 2854 trap err_trap ERR 2855 fi 2856 # The next line is what runs the component 2857 "$@" 2858 if [ $KEEP_GOING -eq 1 ]; then 2859 trap - ERR 2860 exit $last_failure_status 2861 fi 2862 ) 2863 component_status=$? 2864 if [ $KEEP_GOING -eq 1 ]; then 2865 set -e 2866 if [ $component_status -ne 0 ]; then 2867 failure_count=$((failure_count + 1)) 2868 fi 2869 fi 2870 2871 # Restore the build tree to a clean state. 2872 cleanup 2873 unset current_component 2874} 2875 2876# Preliminary setup 2877pre_check_environment 2878pre_initialize_variables 2879pre_parse_command_line "$@" 2880 2881pre_check_git 2882pre_restore_files 2883pre_back_up 2884 2885build_status=0 2886if [ $KEEP_GOING -eq 1 ]; then 2887 pre_setup_keep_going 2888fi 2889pre_prepare_outcome_file 2890pre_print_configuration 2891pre_check_tools 2892cleanup 2893pre_generate_files 2894 2895# Run the requested tests. 2896for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do 2897 run_component pseudo_component_error_test 2898done 2899unset error_test_i 2900for component in $RUN_COMPONENTS; do 2901 run_component "component_$component" 2902done 2903 2904# We're done. 2905post_report 2906