1#! /usr/bin/env sh 2 3# all.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 7# 8# Licensed under the Apache License, Version 2.0 (the "License"); you may 9# not use this file except in compliance with the License. 10# You may obtain a copy of the License at 11# 12# http://www.apache.org/licenses/LICENSE-2.0 13# 14# Unless required by applicable law or agreed to in writing, software 15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17# See the License for the specific language governing permissions and 18# limitations under the License. 19 20 21 22################################################################ 23#### Documentation 24################################################################ 25 26# Purpose 27# ------- 28# 29# To run all tests possible or available on the platform. 30# 31# Notes for users 32# --------------- 33# 34# Warning: the test is destructive. It includes various build modes and 35# configurations, and can and will arbitrarily change the current CMake 36# configuration. The following files must be committed into git: 37# * include/mbedtls/config.h 38# * Makefile, library/Makefile, programs/Makefile, tests/Makefile, 39# programs/fuzz/Makefile 40# After running this script, the CMake cache will be lost and CMake 41# will no longer be initialised. 42# 43# The script assumes the presence of a number of tools: 44# * Basic Unix tools (Windows users note: a Unix-style find must be before 45# the Windows find in the PATH) 46# * Perl 47# * GNU Make 48# * CMake 49# * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind) 50# * G++ 51# * arm-gcc and mingw-gcc 52# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc 53# * OpenSSL and GnuTLS command line tools, recent enough for the 54# interoperability tests. If they don't support SSLv3 then a legacy 55# version of these tools must be present as well (search for LEGACY 56# below). 57# See the invocation of check_tools below for details. 58# 59# This script must be invoked from the toplevel directory of a git 60# working copy of Mbed TLS. 61# 62# Note that the output is not saved. You may want to run 63# script -c tests/scripts/all.sh 64# or 65# tests/scripts/all.sh >all.log 2>&1 66# 67# Notes for maintainers 68# --------------------- 69# 70# The bulk of the code is organized into functions that follow one of the 71# following naming conventions: 72# * pre_XXX: things to do before running the tests, in order. 73# * component_XXX: independent components. They can be run in any order. 74# * component_check_XXX: quick tests that aren't worth parallelizing. 75# * component_build_XXX: build things but don't run them. 76# * component_test_XXX: build and test. 77# * support_XXX: if support_XXX exists and returns false then 78# component_XXX is not run by default. 79# * post_XXX: things to do after running the tests. 80# * other: miscellaneous support functions. 81# 82# Each component must start by invoking `msg` with a short informative message. 83# 84# The framework performs some cleanup tasks after each component. This 85# means that components can assume that the working directory is in a 86# cleaned-up state, and don't need to perform the cleanup themselves. 87# * Run `make clean`. 88# * Restore `include/mbedtks/config.h` from a backup made before running 89# the component. 90# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`, 91# `tests/Makefile` and `programs/fuzz/Makefile` from git. 92# This cleans up after an in-tree use of CMake. 93# 94# Any command that is expected to fail must be protected so that the 95# script keeps running in --keep-going mode despite `set -e`. In keep-going 96# mode, if a protected command fails, this is logged as a failure and the 97# script will exit with a failure status once it has run all components. 98# Commands can be protected in any of the following ways: 99# * `make` is a function which runs the `make` command with protection. 100# Note that you must write `make VAR=value`, not `VAR=value make`, 101# because the `VAR=value make` syntax doesn't work with functions. 102# * Put `report_status` before the command to protect it. 103# * Put `if_build_successful` before a command. This protects it, and 104# additionally skips it if a prior invocation of `make` in the same 105# component failed. 106# 107# The tests are roughly in order from fastest to slowest. This doesn't 108# have to be exact, but in general you should add slower tests towards 109# the end and fast checks near the beginning. 110 111 112 113################################################################ 114#### Initialization and command line parsing 115################################################################ 116 117# Abort on errors (and uninitialised variables) 118set -eu 119 120pre_check_environment () { 121 if [ -d library -a -d include -a -d tests ]; then :; else 122 echo "Must be run from mbed TLS root" >&2 123 exit 1 124 fi 125} 126 127pre_initialize_variables () { 128 CONFIG_H='include/mbedtls/config.h' 129 CONFIG_BAK="$CONFIG_H.bak" 130 CRYPTO_CONFIG_H='include/psa/crypto_config.h' 131 CRYPTO_CONFIG_BAK="$CRYPTO_CONFIG_H.bak" 132 133 append_outcome=0 134 MEMORY=0 135 FORCE=0 136 QUIET=0 137 KEEP_GOING=0 138 139 # Seed value used with the --release-test option. 140 # 141 # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if 142 # both values are kept in sync. If you change the value here because it 143 # breaks some tests, you'll definitely want to change it in 144 # basic-build-test.sh as well. 145 RELEASE_SEED=1 146 147 : ${MBEDTLS_TEST_OUTCOME_FILE=} 148 : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} 149 export MBEDTLS_TEST_OUTCOME_FILE 150 export MBEDTLS_TEST_PLATFORM 151 152 # Default commands, can be overridden by the environment 153 : ${OPENSSL:="openssl"} 154 : ${OPENSSL_LEGACY:="$OPENSSL"} 155 : ${OPENSSL_NEXT:="$OPENSSL"} 156 : ${GNUTLS_CLI:="gnutls-cli"} 157 : ${GNUTLS_SERV:="gnutls-serv"} 158 : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} 159 : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} 160 : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} 161 : ${ARMC5_BIN_DIR:=/usr/bin} 162 : ${ARMC6_BIN_DIR:=/usr/bin} 163 : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-} 164 165 # if MAKEFLAGS is not set add the -j option to speed up invocations of make 166 if [ -z "${MAKEFLAGS+set}" ]; then 167 export MAKEFLAGS="-j" 168 fi 169 170 # Include more verbose output for failing tests run by CMake 171 export CTEST_OUTPUT_ON_FAILURE=1 172 173 # CFLAGS and LDFLAGS for Asan builds that don't use CMake 174 ASAN_CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all' 175 176 # Gather the list of available components. These are the functions 177 # defined in this script whose name starts with "component_". 178 # Parse the script with sed, because in sh there is no way to list 179 # defined functions. 180 ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0") 181 182 # Exclude components that are not supported on this platform. 183 SUPPORTED_COMPONENTS= 184 for component in $ALL_COMPONENTS; do 185 case $(type "support_$component" 2>&1) in 186 *' function'*) 187 if ! support_$component; then continue; fi;; 188 esac 189 SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component" 190 done 191} 192 193# Test whether the component $1 is included in the command line patterns. 194is_component_included() 195{ 196 set -f 197 for pattern in $COMMAND_LINE_COMPONENTS; do 198 set +f 199 case ${1#component_} in $pattern) return 0;; esac 200 done 201 set +f 202 return 1 203} 204 205usage() 206{ 207 cat <<EOF 208Usage: $0 [OPTION]... [COMPONENT]... 209Run mbedtls release validation tests. 210By default, run all tests. With one or more COMPONENT, run only those. 211COMPONENT can be the name of a component or a shell wildcard pattern. 212 213Examples: 214 $0 "check_*" 215 Run all sanity checks. 216 $0 --no-armcc --except test_memsan 217 Run everything except builds that require armcc and MemSan. 218 219Special options: 220 -h|--help Print this help and exit. 221 --list-all-components List all available test components and exit. 222 --list-components List components supported on this platform and exit. 223 224General options: 225 -q|--quiet Only output component names, and errors if any. 226 -f|--force Force the tests to overwrite any modified files. 227 -k|--keep-going Run all tests and report errors at the end. 228 -m|--memory Additional optional memory tests. 229 --append-outcome Append to the outcome file (if used). 230 --arm-none-eabi-gcc-prefix=<string> 231 Prefix for a cross-compiler for arm-none-eabi 232 (default: "${ARM_NONE_EABI_GCC_PREFIX}") 233 --armcc Run ARM Compiler builds (on by default). 234 --except Exclude the COMPONENTs listed on the command line, 235 instead of running only those. 236 --no-append-outcome Write a new outcome file and analyze it (default). 237 --no-armcc Skip ARM Compiler builds. 238 --no-force Refuse to overwrite modified files (default). 239 --no-keep-going Stop at the first error (default). 240 --no-memory No additional memory tests (default). 241 --no-quiet Print full ouput from components. 242 --out-of-source-dir=<path> Directory used for CMake out-of-source build tests. 243 --outcome-file=<path> File where test outcomes are written (not done if 244 empty; default: \$MBEDTLS_TEST_OUTCOME_FILE). 245 --random-seed Use a random seed value for randomized tests (default). 246 -r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}. 247 -s|--seed Integer seed value to use for this test run. 248 249Tool path options: 250 --armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory. 251 --armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory. 252 --gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests. 253 --gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests. 254 --gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests. 255 --gnutls-legacy-serv=<GnuTLS_serv_path> GnuTLS server executable to use for legacy tests. 256 --openssl=<OpenSSL_path> OpenSSL executable to use for most tests. 257 --openssl-legacy=<OpenSSL_path> OpenSSL executable to use for legacy tests e.g. SSLv3. 258 --openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA 259EOF 260} 261 262# remove built files as well as the cmake cache/config 263cleanup() 264{ 265 if [ -n "${MBEDTLS_ROOT_DIR+set}" ]; then 266 cd "$MBEDTLS_ROOT_DIR" 267 fi 268 269 command make clean 270 271 # Remove CMake artefacts 272 find . -name .git -prune -o \ 273 -iname CMakeFiles -exec rm -rf {} \+ -o \ 274 \( -iname cmake_install.cmake -o \ 275 -iname CTestTestfile.cmake -o \ 276 -iname CMakeCache.txt \) -exec rm {} \+ 277 # Recover files overwritten by in-tree CMake builds 278 rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile 279 git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile 280 git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile 281 282 # Remove any artifacts from the component_test_cmake_as_subdirectory test. 283 rm -rf programs/test/cmake_subproject/build 284 rm -f programs/test/cmake_subproject/Makefile 285 rm -f programs/test/cmake_subproject/cmake_subproject 286 287 if [ -f "$CONFIG_BAK" ]; then 288 mv "$CONFIG_BAK" "$CONFIG_H" 289 fi 290 291 if [ -f "$CRYPTO_CONFIG_BAK" ]; then 292 mv "$CRYPTO_CONFIG_BAK" "$CRYPTO_CONFIG_H" 293 fi 294} 295 296# Executed on exit. May be redefined depending on command line options. 297final_report () { 298 : 299} 300 301fatal_signal () { 302 cleanup 303 final_report $1 304 trap - $1 305 kill -$1 $$ 306} 307 308trap 'fatal_signal HUP' HUP 309trap 'fatal_signal INT' INT 310trap 'fatal_signal TERM' TERM 311 312msg() 313{ 314 if [ -n "${current_component:-}" ]; then 315 current_section="${current_component#component_}: $1" 316 else 317 current_section="$1" 318 fi 319 320 if [ $QUIET -eq 1 ]; then 321 return 322 fi 323 324 echo "" 325 echo "******************************************************************" 326 echo "* $current_section " 327 printf "* "; date 328 echo "******************************************************************" 329} 330 331armc6_build_test() 332{ 333 FLAGS="$1" 334 335 msg "build: ARM Compiler 6 ($FLAGS)" 336 ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ 337 WARNING_CFLAGS='-xc -std=c99' make lib 338 339 msg "size: ARM Compiler 6 ($FLAGS)" 340 "$ARMC6_FROMELF" -z library/*.o 341 342 make clean 343} 344 345err_msg() 346{ 347 echo "$1" >&2 348} 349 350check_tools() 351{ 352 for TOOL in "$@"; do 353 if ! `type "$TOOL" >/dev/null 2>&1`; then 354 err_msg "$TOOL not found!" 355 exit 1 356 fi 357 done 358} 359 360check_headers_in_cpp () { 361 ls include/mbedtls | grep "\.h$" >headers.txt 362 <programs/test/cpp_dummy_build.cpp sed -n 's/"$//; s!^#include "mbedtls/!!p' | 363 sort | 364 diff headers.txt - 365 rm headers.txt 366} 367 368pre_parse_command_line () { 369 COMMAND_LINE_COMPONENTS= 370 all_except=0 371 no_armcc= 372 373 # Note that legacy options are ignored instead of being omitted from this 374 # list of options, so invocations that worked with previous version of 375 # all.sh will still run and work properly. 376 while [ $# -gt 0 ]; do 377 case "$1" in 378 --append-outcome) append_outcome=1;; 379 --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";; 380 --armcc) no_armcc=;; 381 --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; 382 --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; 383 --except) all_except=1;; 384 --force|-f) FORCE=1;; 385 --gnutls-cli) shift; GNUTLS_CLI="$1";; 386 --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; 387 --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; 388 --gnutls-serv) shift; GNUTLS_SERV="$1";; 389 --help|-h) usage; exit;; 390 --keep-going|-k) KEEP_GOING=1;; 391 --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;; 392 --list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;; 393 --memory|-m) MEMORY=1;; 394 --no-append-outcome) append_outcome=0;; 395 --no-armcc) no_armcc=1;; 396 --no-force) FORCE=0;; 397 --no-keep-going) KEEP_GOING=0;; 398 --no-memory) MEMORY=0;; 399 --no-quiet) QUIET=0;; 400 --openssl) shift; OPENSSL="$1";; 401 --openssl-legacy) shift; OPENSSL_LEGACY="$1";; 402 --openssl-next) shift; OPENSSL_NEXT="$1";; 403 --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";; 404 --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; 405 --quiet|-q) QUIET=1;; 406 --random-seed) unset SEED;; 407 --release-test|-r) SEED=$RELEASE_SEED;; 408 --seed|-s) shift; SEED="$1";; 409 -*) 410 echo >&2 "Unknown option: $1" 411 echo >&2 "Run $0 --help for usage." 412 exit 120 413 ;; 414 *) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";; 415 esac 416 shift 417 done 418 419 # With no list of components, run everything. 420 if [ -z "$COMMAND_LINE_COMPONENTS" ]; then 421 all_except=1 422 fi 423 424 # --no-armcc is a legacy option. The modern way is --except '*_armcc*'. 425 # Ignore it if components are listed explicitly on the command line. 426 if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then 427 COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*" 428 fi 429 430 # Build the list of components to run. 431 RUN_COMPONENTS= 432 for component in $SUPPORTED_COMPONENTS; do 433 if is_component_included "$component"; [ $? -eq $all_except ]; then 434 RUN_COMPONENTS="$RUN_COMPONENTS $component" 435 fi 436 done 437 438 unset all_except 439 unset no_armcc 440} 441 442pre_check_git () { 443 if [ $FORCE -eq 1 ]; then 444 rm -rf "$OUT_OF_SOURCE_DIR" 445 git checkout-index -f -q $CONFIG_H 446 cleanup 447 else 448 449 if [ -d "$OUT_OF_SOURCE_DIR" ]; then 450 echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2 451 echo "You can either delete this directory manually, or force the test by rerunning" 452 echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR" 453 exit 1 454 fi 455 456 if ! git diff --quiet include/mbedtls/config.h; then 457 err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " 458 echo "You can either delete or preserve your work, or force the test by rerunning the" 459 echo "script as: $0 --force" 460 exit 1 461 fi 462 fi 463} 464 465pre_setup_keep_going () { 466 failure_summary= 467 failure_count=0 468 start_red= 469 end_color= 470 if [ -t 1 ]; then 471 case "${TERM:-}" in 472 *color*|cygwin|linux|rxvt*|screen|[Eex]term*) 473 start_red=$(printf '\033[31m') 474 end_color=$(printf '\033[0m') 475 ;; 476 esac 477 fi 478 record_status () { 479 if "$@"; then 480 last_status=0 481 else 482 last_status=$? 483 text="$current_section: $* -> $last_status" 484 failure_summary="$failure_summary 485$text" 486 failure_count=$((failure_count + 1)) 487 echo "${start_red}^^^^$text^^^^${end_color}" >&2 488 fi 489 } 490 make () { 491 case "$*" in 492 *test|*check) 493 if [ $build_status -eq 0 ]; then 494 record_status command make "$@" 495 else 496 echo "(skipped because the build failed)" 497 fi 498 ;; 499 *) 500 record_status command make "$@" 501 build_status=$last_status 502 ;; 503 esac 504 } 505 final_report () { 506 if [ $failure_count -gt 0 ]; then 507 echo 508 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" 509 echo "${start_red}FAILED: $failure_count${end_color}$failure_summary" 510 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" 511 exit 1 512 elif [ -z "${1-}" ]; then 513 echo "SUCCESS :)" 514 fi 515 if [ -n "${1-}" ]; then 516 echo "Killed by SIG$1." 517 fi 518 } 519} 520 521if_build_succeeded () { 522 if [ $build_status -eq 0 ]; then 523 record_status "$@" 524 fi 525} 526 527# to be used instead of ! for commands run with 528# record_status or if_build_succeeded 529not() { 530 ! "$@" 531} 532 533pre_setup_quiet_redirect () { 534 if [ $QUIET -ne 1 ]; then 535 redirect_out () { 536 "$@" 537 } 538 redirect_err () { 539 "$@" 540 } 541 else 542 redirect_out () { 543 "$@" >/dev/null 544 } 545 redirect_err () { 546 "$@" 2>/dev/null 547 } 548 fi 549} 550 551pre_prepare_outcome_file () { 552 case "$MBEDTLS_TEST_OUTCOME_FILE" in 553 [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";; 554 esac 555 if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then 556 rm -f "$MBEDTLS_TEST_OUTCOME_FILE" 557 fi 558} 559 560pre_print_configuration () { 561 if [ $QUIET -eq 1 ]; then 562 return 563 fi 564 565 msg "info: $0 configuration" 566 echo "MEMORY: $MEMORY" 567 echo "FORCE: $FORCE" 568 echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}" 569 echo "SEED: ${SEED-"UNSET"}" 570 echo 571 echo "OPENSSL: $OPENSSL" 572 echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" 573 echo "OPENSSL_NEXT: $OPENSSL_NEXT" 574 echo "GNUTLS_CLI: $GNUTLS_CLI" 575 echo "GNUTLS_SERV: $GNUTLS_SERV" 576 echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" 577 echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" 578 echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR" 579 echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR" 580} 581 582# Make sure the tools we need are available. 583pre_check_tools () { 584 # Build the list of variables to pass to output_env.sh. 585 set env 586 587 case " $RUN_COMPONENTS " in 588 # Require OpenSSL and GnuTLS if running any tests (as opposed to 589 # only doing builds). Not all tests run OpenSSL and GnuTLS, but this 590 # is a good enough approximation in practice. 591 *" test_"*) 592 # To avoid setting OpenSSL and GnuTLS for each call to compat.sh 593 # and ssl-opt.sh, we just export the variables they require. 594 export OPENSSL_CMD="$OPENSSL" 595 export GNUTLS_CLI="$GNUTLS_CLI" 596 export GNUTLS_SERV="$GNUTLS_SERV" 597 # Avoid passing --seed flag in every call to ssl-opt.sh 598 if [ -n "${SEED-}" ]; then 599 export SEED 600 fi 601 set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" 602 set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV" 603 set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" 604 set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" 605 check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ 606 "$GNUTLS_CLI" "$GNUTLS_SERV" \ 607 "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" 608 ;; 609 esac 610 611 case " $RUN_COMPONENTS " in 612 *_doxygen[_\ ]*) check_tools "doxygen" "dot";; 613 esac 614 615 case " $RUN_COMPONENTS " in 616 *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";; 617 esac 618 619 case " $RUN_COMPONENTS " in 620 *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";; 621 esac 622 623 case " $RUN_COMPONENTS " in 624 *" test_zeroize "*) check_tools "gdb";; 625 esac 626 627 case " $RUN_COMPONENTS " in 628 *_armcc*) 629 ARMC5_CC="$ARMC5_BIN_DIR/armcc" 630 ARMC5_AR="$ARMC5_BIN_DIR/armar" 631 ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf" 632 ARMC6_CC="$ARMC6_BIN_DIR/armclang" 633 ARMC6_AR="$ARMC6_BIN_DIR/armar" 634 ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf" 635 check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \ 636 "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";; 637 esac 638 639 # past this point, no call to check_tool, only printing output 640 if [ $QUIET -eq 1 ]; then 641 return 642 fi 643 644 msg "info: output_env.sh" 645 case $RUN_COMPONENTS in 646 *_armcc*) 647 set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;; 648 *) set "$@" RUN_ARMCC=0;; 649 esac 650 "$@" scripts/output_env.sh 651} 652 653 654 655################################################################ 656#### Basic checks 657################################################################ 658 659# 660# Test Suites to be executed 661# 662# The test ordering tries to optimize for the following criteria: 663# 1. Catch possible problems early, by running first tests that run quickly 664# and/or are more likely to fail than others (eg I use Clang most of the 665# time, so start with a GCC build). 666# 2. Minimize total running time, by avoiding useless rebuilds 667# 668# Indicative running times are given for reference. 669 670component_check_recursion () { 671 msg "Check: recursion.pl" # < 1s 672 record_status tests/scripts/recursion.pl library/*.c 673} 674 675component_check_generated_files () { 676 msg "Check: freshness of generated source files" # < 1s 677 record_status tests/scripts/check-generated-files.sh 678} 679 680component_check_doxy_blocks () { 681 msg "Check: doxygen markup outside doxygen blocks" # < 1s 682 record_status tests/scripts/check-doxy-blocks.pl 683} 684 685component_check_files () { 686 msg "Check: file sanity checks (permissions, encodings)" # < 1s 687 record_status tests/scripts/check_files.py 688} 689 690component_check_changelog () { 691 msg "Check: changelog entries" # < 1s 692 rm -f ChangeLog.new 693 record_status scripts/assemble_changelog.py -o ChangeLog.new 694 if [ -e ChangeLog.new ]; then 695 # Show the diff for information. It isn't an error if the diff is 696 # non-empty. 697 diff -u ChangeLog ChangeLog.new || true 698 rm ChangeLog.new 699 fi 700} 701 702component_check_names () { 703 msg "Check: declared and exported names (builds the library)" # < 3s 704 record_status tests/scripts/check-names.sh -v 705} 706 707component_check_test_cases () { 708 msg "Check: test case descriptions" # < 1s 709 if [ $QUIET -eq 1 ]; then 710 opt='--quiet' 711 else 712 opt='' 713 fi 714 record_status tests/scripts/check_test_cases.py $opt 715 unset opt 716} 717 718component_check_doxygen_warnings () { 719 msg "Check: doxygen warnings (builds the documentation)" # ~ 3s 720 record_status tests/scripts/doxygen.sh 721} 722 723 724 725################################################################ 726#### Build and test many configurations and targets 727################################################################ 728 729component_test_default_out_of_box () { 730 msg "build: make, default config (out-of-box)" # ~1min 731 make 732 # Disable fancy stuff 733 SAVE_MBEDTLS_TEST_OUTCOME_FILE="$MBEDTLS_TEST_OUTCOME_FILE" 734 unset MBEDTLS_TEST_OUTCOME_FILE 735 736 msg "test: main suites make, default config (out-of-box)" # ~10s 737 make test 738 739 msg "selftest: make, default config (out-of-box)" # ~10s 740 if_build_succeeded programs/test/selftest 741 742 export MBEDTLS_TEST_OUTCOME_FILE="$SAVE_MBEDTLS_TEST_OUTCOME_FILE" 743 unset SAVE_MBEDTLS_TEST_OUTCOME_FILE 744} 745 746component_test_default_cmake_gcc_asan () { 747 msg "build: cmake, gcc, ASan" # ~ 1 min 50s 748 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 749 make 750 751 msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s 752 make test 753 754 msg "test: selftest (ASan build)" # ~ 10s 755 if_build_succeeded programs/test/selftest 756 757 msg "test: ssl-opt.sh (ASan build)" # ~ 1 min 758 if_build_succeeded tests/ssl-opt.sh 759 760 msg "test: compat.sh (ASan build)" # ~ 6 min 761 if_build_succeeded tests/compat.sh 762 763 msg "test: context-info.sh (ASan build)" # ~ 15 sec 764 if_build_succeeded tests/context-info.sh 765} 766 767component_test_full_cmake_gcc_asan () { 768 msg "build: full config, cmake, gcc, ASan" 769 scripts/config.py full 770 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 771 make 772 773 msg "test: main suites (inc. selftests) (full config, ASan build)" 774 make test 775 776 msg "test: selftest (ASan build)" # ~ 10s 777 if_build_succeeded programs/test/selftest 778 779 msg "test: ssl-opt.sh (full config, ASan build)" 780 if_build_succeeded tests/ssl-opt.sh 781 782 msg "test: compat.sh (full config, ASan build)" 783 if_build_succeeded tests/compat.sh 784 785 msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec 786 if_build_succeeded tests/context-info.sh 787} 788 789component_test_psa_crypto_key_id_encodes_owner () { 790 msg "build: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" 791 scripts/config.py full 792 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 793 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 794 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 795 make 796 797 msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" 798 make test 799} 800 801component_test_zlib_make() { 802 msg "build: zlib enabled, make" 803 scripts/config.py set MBEDTLS_ZLIB_SUPPORT 804 make ZLIB=1 CFLAGS='-Werror -O1' 805 806 msg "test: main suites (zlib, make)" 807 make test 808 809 msg "test: ssl-opt.sh (zlib, make)" 810 if_build_succeeded tests/ssl-opt.sh 811} 812support_test_zlib_make () { 813 base=support_test_zlib_$$ 814 cat <<'EOF' > ${base}.c 815#include "zlib.h" 816int main(void) { return 0; } 817EOF 818 gcc -o ${base}.exe ${base}.c -lz 2>/dev/null 819 ret=$? 820 rm -f ${base}.* 821 return $ret 822} 823 824component_test_zlib_cmake() { 825 msg "build: zlib enabled, cmake" 826 scripts/config.py set MBEDTLS_ZLIB_SUPPORT 827 cmake -D ENABLE_ZLIB_SUPPORT=On -D CMAKE_BUILD_TYPE:String=Check . 828 make 829 830 msg "test: main suites (zlib, cmake)" 831 make test 832 833 msg "test: ssl-opt.sh (zlib, cmake)" 834 if_build_succeeded tests/ssl-opt.sh 835} 836support_test_zlib_cmake () { 837 support_test_zlib_make "$@" 838} 839 840component_test_ref_configs () { 841 msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s 842 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 843 record_status tests/scripts/test-ref-configs.pl 844} 845 846component_test_sslv3 () { 847 msg "build: Default + SSLv3 (ASan build)" # ~ 6 min 848 scripts/config.py set MBEDTLS_SSL_PROTO_SSL3 849 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 850 make 851 852 msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s 853 make test 854 855 msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min 856 if_build_succeeded tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' 857 if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' 858 859 msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min 860 if_build_succeeded tests/ssl-opt.sh 861 862 msg "build: SSLv3 - context-info.sh (ASan build)" # ~ 15 sec 863 if_build_succeeded tests/context-info.sh 864} 865 866component_test_no_renegotiation () { 867 msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min 868 scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION 869 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 870 make 871 872 msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s 873 make test 874 875 msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min 876 if_build_succeeded tests/ssl-opt.sh 877} 878 879component_test_no_pem_no_fs () { 880 msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)" 881 scripts/config.py unset MBEDTLS_PEM_PARSE_C 882 scripts/config.py unset MBEDTLS_FS_IO 883 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem 884 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS 885 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 886 make 887 888 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s 889 make test 890 891 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min 892 if_build_succeeded tests/ssl-opt.sh 893} 894 895component_test_rsa_no_crt () { 896 msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min 897 scripts/config.py set MBEDTLS_RSA_NO_CRT 898 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 899 make 900 901 msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s 902 make test 903 904 msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s 905 if_build_succeeded tests/ssl-opt.sh -f RSA 906 907 msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min 908 if_build_succeeded tests/compat.sh -t RSA 909 910 msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec 911 if_build_succeeded tests/context-info.sh 912} 913 914component_test_no_ctr_drbg () { 915 msg "build: Full minus CTR_DRBG" 916 scripts/config.py full 917 scripts/config.py unset MBEDTLS_CTR_DRBG_C 918 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # requires CTR_DRBG 919 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto 920 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C # requires PSA Crypto 921 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO # requires PSA Crypto 922 923 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 924 make 925 926 msg "test: no CTR_DRBG" 927 make test 928 929 # no ssl-opt.sh/compat.sh as they all depend on CTR_DRBG so far 930} 931 932component_test_no_hmac_drbg () { 933 msg "build: Full minus HMAC_DRBG" 934 scripts/config.py full 935 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 936 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 937 938 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 939 make 940 941 msg "test: no HMAC_DRBG" 942 make test 943 944 # No ssl-opt.sh/compat.sh as they never use HMAC_DRBG so far, 945 # so there's little value in running those lengthy tests here. 946} 947 948component_test_ecp_no_internal_rng () { 949 msg "build: Default plus ECP_NO_INTERNAL_RNG minus DRBG modules" 950 scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG 951 scripts/config.py unset MBEDTLS_CTR_DRBG_C 952 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 953 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 954 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG 955 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto 956 957 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 958 make 959 960 msg "test: ECP_NO_INTERNAL_RNG, no DRBG module" 961 make test 962 963 # no SSL tests as they all depend on having a DRBG 964} 965 966component_test_ecp_restartable_no_internal_rng () { 967 msg "build: Default plus ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG" 968 scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG 969 scripts/config.py set MBEDTLS_ECP_RESTARTABLE 970 scripts/config.py unset MBEDTLS_CTR_DRBG_C 971 scripts/config.py unset MBEDTLS_HMAC_DRBG_C 972 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG 973 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # requires CTR_DRBG 974 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto 975 976 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 977 make 978 979 msg "test: ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG module" 980 make test 981 982 # no SSL tests as they all depend on having a DRBG 983} 984 985component_test_new_ecdh_context () { 986 msg "build: new ECDH context (ASan build)" # ~ 6 min 987 scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT 988 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 989 make 990 991 msg "test: new ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s 992 make test 993 994 msg "test: new ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s 995 if_build_succeeded tests/ssl-opt.sh -f ECDH 996 997 msg "test: new ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min 998 # Exclude some symmetric ciphers that are redundant here to gain time. 999 if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4' 1000} 1001 1002component_test_everest () { 1003 msg "build: Everest ECDH context (ASan build)" # ~ 6 min 1004 scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT 1005 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 1006 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan . 1007 make 1008 1009 msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s 1010 make test 1011 1012 msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s 1013 if_build_succeeded tests/ssl-opt.sh -f ECDH 1014 1015 msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min 1016 # Exclude some symmetric ciphers that are redundant here to gain time. 1017 if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4' 1018} 1019 1020component_test_everest_curve25519_only () { 1021 msg "build: Everest ECDH context, only Curve25519" # ~ 6 min 1022 scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT 1023 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 1024 scripts/config.py unset MBEDTLS_ECDSA_C 1025 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1026 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1027 # Disable all curves 1028 for c in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do 1029 scripts/config.py unset "$c" 1030 done 1031 scripts/config.py set MBEDTLS_ECP_DP_CURVE25519_ENABLED 1032 1033 make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1034 1035 msg "test: Everest ECDH context, only Curve25519" # ~ 50s 1036 make test 1037} 1038 1039component_test_small_ssl_out_content_len () { 1040 msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" 1041 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 1042 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 1043 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1044 make 1045 1046 msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" 1047 if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet" 1048} 1049 1050component_test_small_ssl_in_content_len () { 1051 msg "build: small SSL_IN_CONTENT_LEN (ASan build)" 1052 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 4096 1053 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 1054 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1055 make 1056 1057 msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" 1058 if_build_succeeded tests/ssl-opt.sh -f "Max fragment" 1059} 1060 1061component_test_small_ssl_dtls_max_buffering () { 1062 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" 1063 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 1064 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1065 make 1066 1067 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" 1068 if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" 1069} 1070 1071component_test_small_mbedtls_ssl_dtls_max_buffering () { 1072 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" 1073 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190 1074 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1075 make 1076 1077 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" 1078 if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" 1079} 1080 1081component_test_psa_collect_statuses () { 1082 msg "build+test: psa_collect_statuses" # ~30s 1083 scripts/config.py full 1084 record_status tests/scripts/psa_collect_statuses.py 1085 # Check that psa_crypto_init() succeeded at least once 1086 record_status grep -q '^0:psa_crypto_init:' tests/statuses.log 1087 rm -f tests/statuses.log 1088} 1089 1090component_test_full_cmake_clang () { 1091 msg "build: cmake, full config, clang" # ~ 50s 1092 scripts/config.py full 1093 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On . 1094 make 1095 1096 msg "test: main suites (full config, clang)" # ~ 5s 1097 make test 1098 1099 msg "test: psa_constant_names (full config, clang)" # ~ 1s 1100 record_status tests/scripts/test_psa_constant_names.py 1101 1102 msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s 1103 if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' 1104 1105 msg "test: compat.sh RC4, DES, 3DES & NULL (full config)" # ~ 2 min 1106 if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' 1107 1108 msg "test: compat.sh ARIA + ChachaPoly" 1109 if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' 1110} 1111 1112component_test_memsan_constant_flow () { 1113 # This tests both (1) accesses to undefined memory, and (2) branches or 1114 # memory access depending on secret values. To distinguish between those: 1115 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist? 1116 # - or alternatively, change the build type to MemSanDbg, which enables 1117 # origin tracking and nicer stack traces (which are useful for debugging 1118 # anyway), and check if the origin was TEST_CF_SECRET() or something else. 1119 msg "build: cmake MSan (clang), full config with constant flow testing" 1120 scripts/config.py full 1121 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN 1122 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm 1123 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . 1124 make 1125 1126 msg "test: main suites (Msan + constant flow)" 1127 make test 1128} 1129 1130component_test_valgrind_constant_flow () { 1131 # This tests both (1) everything that valgrind's memcheck usually checks 1132 # (heap buffer overflows, use of uninitialized memory, use-after-free, 1133 # etc.) and (2) branches or memory access depending on secret values, 1134 # which will be reported as uninitialized memory. To distinguish between 1135 # secret and actually uninitialized: 1136 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? 1137 # - or alternatively, build with debug info and manually run the offending 1138 # test suite with valgrind --track-origins=yes, then check if the origin 1139 # was TEST_CF_SECRET() or something else. 1140 msg "build: cmake release GCC, full config with constant flow testing" 1141 scripts/config.py full 1142 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND 1143 cmake -D CMAKE_BUILD_TYPE:String=Release . 1144 make 1145 1146 # this only shows a summary of the results (how many of each type) 1147 # details are left in Testing/<date>/DynamicAnalysis.xml 1148 msg "test: main suites (valgrind + constant flow)" 1149 make memcheck 1150} 1151 1152component_test_default_no_deprecated () { 1153 # Test that removing the deprecated features from the default 1154 # configuration leaves something consistent. 1155 msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s 1156 scripts/config.py set MBEDTLS_DEPRECATED_REMOVED 1157 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1158 1159 msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s 1160 make test 1161} 1162 1163component_test_full_no_deprecated () { 1164 msg "build: make, full_no_deprecated config" # ~ 30s 1165 scripts/config.py full_no_deprecated 1166 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1167 1168 msg "test: make, full_no_deprecated config" # ~ 5s 1169 make test 1170} 1171 1172component_test_full_no_deprecated_deprecated_warning () { 1173 # Test that there is nothing deprecated in "full_no_deprecated". 1174 # A deprecated feature would trigger a warning (made fatal) from 1175 # MBEDTLS_DEPRECATED_WARNING. 1176 msg "build: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 30s 1177 scripts/config.py full_no_deprecated 1178 scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED 1179 scripts/config.py set MBEDTLS_DEPRECATED_WARNING 1180 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' 1181 1182 msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s 1183 make test 1184} 1185 1186component_test_full_deprecated_warning () { 1187 # Test that when MBEDTLS_DEPRECATED_WARNING is enabled, the build passes 1188 # with only certain whitelisted types of warnings. 1189 msg "build: make, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s 1190 scripts/config.py full 1191 scripts/config.py set MBEDTLS_DEPRECATED_WARNING 1192 # Expect warnings from '#warning' directives in check_config.h. 1193 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs 1194 1195 msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s 1196 # Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features. 1197 # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set. 1198 # Expect warnings from '#warning' directives in check_config.h and 1199 # from the use of deprecated functions in test suites. 1200 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests 1201 1202 msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s 1203 make test 1204} 1205 1206# Check that the specified libraries exist and are empty. 1207are_empty_libraries () { 1208 nm "$@" >/dev/null 2>/dev/null 1209 ! nm "$@" 2>/dev/null | grep -v ':$' | grep . 1210} 1211 1212component_build_crypto_default () { 1213 msg "build: make, crypto only" 1214 scripts/config.py crypto 1215 make CFLAGS='-O1 -Werror' 1216 if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1217} 1218 1219component_build_crypto_full () { 1220 msg "build: make, crypto only, full config" 1221 scripts/config.py crypto_full 1222 make CFLAGS='-O1 -Werror' 1223 if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1224} 1225 1226component_build_crypto_baremetal () { 1227 msg "build: make, crypto only, baremetal config" 1228 scripts/config.py crypto_baremetal 1229 make CFLAGS='-O1 -Werror' 1230 if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.* 1231} 1232 1233component_test_depends_curves () { 1234 msg "test/build: curves.pl (gcc)" # ~ 4 min 1235 record_status tests/scripts/curves.pl 1236} 1237 1238component_test_depends_curves_psa () { 1239 msg "test/build: curves.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" 1240 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1241 record_status tests/scripts/curves.pl 1242} 1243 1244component_test_depends_hashes () { 1245 msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min 1246 record_status tests/scripts/depends-hashes.pl 1247} 1248 1249component_test_depends_hashes_psa () { 1250 msg "test/build: depends-hashes.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" 1251 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1252 record_status tests/scripts/depends-hashes.pl 1253} 1254 1255component_test_depends_pkalgs () { 1256 msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min 1257 record_status tests/scripts/depends-pkalgs.pl 1258} 1259 1260component_test_depends_pkalgs_psa () { 1261 msg "test/build: depends-pkalgs.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" 1262 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 1263 record_status tests/scripts/depends-pkalgs.pl 1264} 1265 1266component_build_key_exchanges () { 1267 msg "test/build: key-exchanges (gcc)" # ~ 1 min 1268 record_status tests/scripts/key-exchanges.pl 1269} 1270 1271component_build_default_make_gcc_and_cxx () { 1272 msg "build: Unix make, -Os (gcc)" # ~ 30s 1273 make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' 1274 1275 msg "test: verify header list in cpp_dummy_build.cpp" 1276 record_status check_headers_in_cpp 1277 1278 msg "build: Unix make, incremental g++" 1279 make TEST_CPP=1 1280} 1281 1282component_test_no_use_psa_crypto_full_cmake_asan() { 1283 # full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh 1284 msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan" 1285 scripts/config.py full 1286 scripts/config.py set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC 1287 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C 1288 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1289 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C 1290 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 1291 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 1292 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1293 make 1294 1295 msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)" 1296 make test 1297 1298 msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)" 1299 if_build_succeeded tests/ssl-opt.sh 1300 1301 msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)" 1302 if_build_succeeded tests/compat.sh 1303 1304 msg "test: compat.sh RC4, DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)" 1305 if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' 1306 1307 msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)" 1308 if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' 1309} 1310 1311component_test_psa_crypto_config_basic() { 1312 # full plus MBEDTLS_PSA_CRYPTO_CONFIG 1313 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG" 1314 scripts/config.py full 1315 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1316 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1317 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1318 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1319 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1320 1321 msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG" 1322 make test 1323} 1324 1325component_test_psa_crypto_config_no_driver() { 1326 # full plus MBEDTLS_PSA_CRYPTO_CONFIG 1327 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" 1328 scripts/config.py full 1329 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1330 scripts/config.py unset MBEDTLS_PSA_CRYPTO_DRIVERS 1331 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1332 make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" 1333 1334 msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" 1335 make test 1336} 1337 1338# This should be renamed to test and updated once the accelerator ECDSA code is in place and ready to test. 1339component_build_psa_accel_alg_ecdsa() { 1340 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA 1341 # without MBEDTLS_ECDSA_C 1342 # PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_DETERMINISTIC_ECDSA are already 1343 # set in include/psa/crypto_config.h 1344 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDSA without MBEDTLS_ECDSA_C" 1345 scripts/config.py full 1346 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1347 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1348 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1349 scripts/config.py unset MBEDTLS_ECDSA_C 1350 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1351 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1352 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1353 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDSA -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1354} 1355 1356# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test. 1357component_build_psa_accel_alg_ecdh() { 1358 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH 1359 # without MBEDTLS_ECDH_C 1360 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C" 1361 scripts/config.py full 1362 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1363 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1364 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1365 scripts/config.py unset MBEDTLS_ECDH_C 1366 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 1367 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 1368 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 1369 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 1370 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 1371 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1372 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1373} 1374 1375# This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test. 1376component_build_psa_accel_key_type_ecc_key_pair() { 1377 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1378 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR" 1379 scripts/config.py full 1380 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1381 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1382 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1383 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 1384 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 1385 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1386 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1387} 1388 1389# This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test. 1390component_build_psa_accel_key_type_ecc_public_key() { 1391 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1392 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY" 1393 scripts/config.py full 1394 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1395 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1396 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1397 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 1398 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1399 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1400 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1401} 1402 1403# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. 1404component_build_psa_accel_alg_hmac() { 1405 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC 1406 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC" 1407 scripts/config.py full 1408 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1409 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1410 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1411 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1412 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1413} 1414 1415# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. 1416component_build_psa_accel_alg_hkdf() { 1417 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HKDF 1418 # without MBEDTLS_HKDF_C 1419 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C" 1420 scripts/config.py full 1421 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1422 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1423 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1424 scripts/config.py unset MBEDTLS_HKDF_C 1425 # Make sure to unset TLS1_3_EXPERIMENTAL since it requires HKDF_C and will not build properly without it. 1426 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL 1427 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1428 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1429} 1430 1431# This should be renamed to test and updated once the accelerator MD2 code is in place and ready to test. 1432component_build_psa_accel_alg_md2() { 1433 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD2 without other hashes 1434 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD2 - other hashes" 1435 scripts/config.py full 1436 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1437 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1438 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1439 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 1440 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1441 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1442 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1443 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1444 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1445 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1446 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1447 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1448 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD2 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1449} 1450 1451# This should be renamed to test and updated once the accelerator MD4 code is in place and ready to test. 1452component_build_psa_accel_alg_md4() { 1453 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD4 without other hashes 1454 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD4 - other hashes" 1455 scripts/config.py full 1456 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1457 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1458 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1459 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 1460 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1461 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1462 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1463 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1464 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1465 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1466 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1467 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1468 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD4 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1469} 1470 1471# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test. 1472component_build_psa_accel_alg_md5() { 1473 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD5 without other hashes 1474 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD5 - other hashes" 1475 scripts/config.py full 1476 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1477 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1478 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1479 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 1480 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 1481 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1482 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1483 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1484 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1485 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1486 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1487 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1488 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1489} 1490 1491# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test. 1492component_build_psa_accel_alg_ripemd160() { 1493 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RIPEMD160 without other hashes 1494 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RIPEMD160 - other hashes" 1495 scripts/config.py full 1496 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1497 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1498 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1499 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 1500 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 1501 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1502 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1503 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1504 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1505 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1506 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1507 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1508 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1509} 1510 1511# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test. 1512component_build_psa_accel_alg_sha1() { 1513 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_1 without other hashes 1514 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_1 - other hashes" 1515 scripts/config.py full 1516 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1517 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1518 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1519 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 1520 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 1521 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1522 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1523 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1524 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1525 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1526 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1527 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1528 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1529} 1530 1531# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test. 1532component_build_psa_accel_alg_sha224() { 1533 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_224 without other hashes 1534 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_224 - other hashes" 1535 scripts/config.py full 1536 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1537 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1538 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1539 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 1540 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 1541 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1542 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1543 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1544 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1545 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1546 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1547 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1548} 1549 1550# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test. 1551component_build_psa_accel_alg_sha256() { 1552 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_256 without other hashes 1553 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_256 - other hashes" 1554 scripts/config.py full 1555 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1556 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1557 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1558 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 1559 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 1560 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1561 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1562 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1563 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1564 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1565 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 1566 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1567 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1568} 1569 1570# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test. 1571component_build_psa_accel_alg_sha384() { 1572 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_384 without other hashes 1573 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_384 - other hashes" 1574 scripts/config.py full 1575 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1576 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1577 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1578 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 1579 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 1580 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1581 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1582 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1583 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1584 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1585 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1586 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1587} 1588 1589# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test. 1590component_build_psa_accel_alg_sha512() { 1591 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_512 without other hashes 1592 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_512 - other hashes" 1593 scripts/config.py full 1594 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1595 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1596 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1597 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 1598 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 1599 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 1600 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 1601 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 1602 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 1603 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 1604 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 1605 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1606 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1607} 1608 1609# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 1610component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { 1611 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1612 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 1613 scripts/config.py full 1614 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1615 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1616 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1617 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 1618 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1619 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 1620 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 1621 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1622 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1623} 1624 1625# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 1626component_build_psa_accel_alg_rsa_pkcs1v15_sign() { 1627 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_SIGN and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1628 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 1629 scripts/config.py full 1630 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1631 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1632 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1633 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 1634 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1635 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 1636 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 1637 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1638 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1639} 1640 1641# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 1642component_build_psa_accel_alg_rsa_oaep() { 1643 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_OAEP and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1644 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 1645 scripts/config.py full 1646 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1647 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1648 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1649 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_OAEP 1 1650 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1651 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1652 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS 1653 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1654 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1655} 1656 1657# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 1658component_build_psa_accel_alg_rsa_pss() { 1659 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PSS and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1660 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" 1661 scripts/config.py full 1662 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1663 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1664 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1665 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 1666 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1667 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1668 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP 1669 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1670 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1671} 1672 1673# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 1674component_build_psa_accel_key_type_rsa_key_pair() { 1675 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR and PSA_WANT_ALG_RSA_PSS 1676 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR + PSA_WANT_ALG_RSA_PSS" 1677 scripts/config.py full 1678 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1679 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1680 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1681 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 1682 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 1683 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1684 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1685} 1686 1687# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. 1688component_build_psa_accel_key_type_rsa_public_key() { 1689 # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY and PSA_WANT_ALG_RSA_PSS 1690 msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS" 1691 scripts/config.py full 1692 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG 1693 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 1694 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO 1695 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 1696 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 1697 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 1698 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 1699} 1700 1701component_test_check_params_functionality () { 1702 msg "build+test: MBEDTLS_CHECK_PARAMS functionality" 1703 scripts/config.py full # includes CHECK_PARAMS 1704 # Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed(). 1705 scripts/config.py unset MBEDTLS_CHECK_PARAMS_ASSERT 1706 make CC=gcc CFLAGS='-Werror -O1' all test 1707} 1708 1709component_test_check_params_without_platform () { 1710 msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C" 1711 scripts/config.py full # includes CHECK_PARAMS 1712 # Keep MBEDTLS_PARAM_FAILED as assert. 1713 scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT 1714 scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT 1715 scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT 1716 scripts/config.py unset MBEDTLS_PLATFORM_MEMORY 1717 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 1718 scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT 1719 scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT 1720 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 1721 scripts/config.py unset MBEDTLS_PLATFORM_C 1722 make CC=gcc CFLAGS='-Werror -O1' all test 1723} 1724 1725component_test_check_params_silent () { 1726 msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()" 1727 scripts/config.py full # includes CHECK_PARAMS 1728 # Set MBEDTLS_PARAM_FAILED to nothing. 1729 sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H" 1730 make CC=gcc CFLAGS='-Werror -O1' all test 1731} 1732 1733component_test_no_platform () { 1734 # Full configuration build, without platform support, file IO and net sockets. 1735 # This should catch missing mbedtls_printf definitions, and by disabling file 1736 # IO, it should catch missing '#include <stdio.h>' 1737 msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s 1738 scripts/config.py full 1739 scripts/config.py unset MBEDTLS_PLATFORM_C 1740 scripts/config.py unset MBEDTLS_NET_C 1741 scripts/config.py unset MBEDTLS_PLATFORM_MEMORY 1742 scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT 1743 scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT 1744 scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT 1745 scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT 1746 scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT 1747 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 1748 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 1749 scripts/config.py unset MBEDTLS_FS_IO 1750 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C 1751 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C 1752 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C 1753 # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, 1754 # to re-enable platform integration features otherwise disabled in C99 builds 1755 make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs 1756 make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test 1757} 1758 1759component_build_no_std_function () { 1760 # catch compile bugs in _uninit functions 1761 msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s 1762 scripts/config.py full 1763 scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 1764 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 1765 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 1766 make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' 1767} 1768 1769component_build_no_ssl_srv () { 1770 msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s 1771 scripts/config.py full 1772 scripts/config.py unset MBEDTLS_SSL_SRV_C 1773 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' 1774} 1775 1776component_build_no_ssl_cli () { 1777 msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s 1778 scripts/config.py full 1779 scripts/config.py unset MBEDTLS_SSL_CLI_C 1780 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' 1781} 1782 1783component_build_no_sockets () { 1784 # Note, C99 compliance can also be tested with the sockets support disabled, 1785 # as that requires a POSIX platform (which isn't the same as C99). 1786 msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s 1787 scripts/config.py full 1788 scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. 1789 scripts/config.py set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux 1790 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib 1791} 1792 1793component_test_memory_buffer_allocator_backtrace () { 1794 msg "build: default config with memory buffer allocator and backtrace enabled" 1795 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 1796 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 1797 scripts/config.py set MBEDTLS_MEMORY_BACKTRACE 1798 scripts/config.py set MBEDTLS_MEMORY_DEBUG 1799 CC=gcc cmake . 1800 make 1801 1802 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE" 1803 make test 1804} 1805 1806component_test_memory_buffer_allocator () { 1807 msg "build: default config with memory buffer allocator" 1808 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 1809 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 1810 CC=gcc cmake . 1811 make 1812 1813 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C" 1814 make test 1815 1816 msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C" 1817 # MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out. 1818 if_build_succeeded tests/ssl-opt.sh -e '^DTLS proxy' 1819} 1820 1821component_test_no_max_fragment_length () { 1822 # Run max fragment length tests with MFL disabled 1823 msg "build: default config except MFL extension (ASan build)" # ~ 30s 1824 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1825 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1826 make 1827 1828 msg "test: ssl-opt.sh, MFL-related tests" 1829 if_build_succeeded tests/ssl-opt.sh -f "Max fragment length" 1830} 1831 1832component_test_asan_remove_peer_certificate () { 1833 msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)" 1834 scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 1835 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1836 make 1837 1838 msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 1839 make test 1840 1841 msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 1842 if_build_succeeded tests/ssl-opt.sh 1843 1844 msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 1845 if_build_succeeded tests/compat.sh 1846 1847 msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 1848 if_build_succeeded tests/context-info.sh 1849} 1850 1851component_test_no_max_fragment_length_small_ssl_out_content_len () { 1852 msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" 1853 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1854 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 1855 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 1856 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1857 make 1858 1859 msg "test: MFL tests (disabled MFL extension case) & large packet tests" 1860 if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer" 1861 1862 msg "test: context-info.sh (disabled MFL extension case)" 1863 if_build_succeeded tests/context-info.sh 1864} 1865 1866component_test_variable_ssl_in_out_buffer_len () { 1867 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)" 1868 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 1869 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1870 make 1871 1872 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 1873 make test 1874 1875 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 1876 if_build_succeeded tests/ssl-opt.sh 1877 1878 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 1879 if_build_succeeded tests/compat.sh 1880} 1881 1882component_test_variable_ssl_in_out_buffer_len_CID () { 1883 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled (ASan build)" 1884 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 1885 scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID 1886 1887 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1888 make 1889 1890 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID" 1891 make test 1892 1893 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled" 1894 if_build_succeeded tests/ssl-opt.sh 1895 1896 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled" 1897 if_build_succeeded tests/compat.sh 1898} 1899 1900component_test_variable_ssl_in_out_buffer_len_record_splitting () { 1901 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled (ASan build)" 1902 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 1903 scripts/config.py set MBEDTLS_SSL_CBC_RECORD_SPLITTING 1904 1905 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1906 make 1907 1908 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING" 1909 make test 1910 1911 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled" 1912 if_build_succeeded tests/ssl-opt.sh 1913 1914 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled" 1915 if_build_succeeded tests/compat.sh 1916} 1917 1918component_test_ssl_alloc_buffer_and_mfl () { 1919 msg "build: default config with memory buffer allocator and MFL extension" 1920 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 1921 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 1922 scripts/config.py set MBEDTLS_MEMORY_DEBUG 1923 scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1924 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 1925 CC=gcc cmake . 1926 make 1927 1928 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 1929 make test 1930 1931 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 1932 if_build_succeeded tests/ssl-opt.sh -f "Handshake memory usage" 1933} 1934 1935component_test_when_no_ciphersuites_have_mac () { 1936 msg "build: when no ciphersuites have MAC" 1937 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 1938 scripts/config.py unset MBEDTLS_ARC4_C 1939 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC 1940 make 1941 1942 msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC" 1943 make test 1944 1945 msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC" 1946 if_build_succeeded tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM' 1947} 1948 1949component_test_null_entropy () { 1950 msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" 1951 scripts/config.py set MBEDTLS_TEST_NULL_ENTROPY 1952 scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 1953 scripts/config.py set MBEDTLS_ENTROPY_C 1954 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED 1955 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT 1956 scripts/config.py unset MBEDTLS_ENTROPY_HARDWARE_ALT 1957 scripts/config.py unset MBEDTLS_HAVEGE_C 1958 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON . 1959 make 1960 1961 msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)" 1962 make test 1963} 1964 1965component_test_no_date_time () { 1966 msg "build: default config without MBEDTLS_HAVE_TIME_DATE" 1967 scripts/config.py unset MBEDTLS_HAVE_TIME_DATE 1968 CC=gcc cmake 1969 make 1970 1971 msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites" 1972 make test 1973} 1974 1975component_test_platform_calloc_macro () { 1976 msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" 1977 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 1978 scripts/config.py set MBEDTLS_PLATFORM_CALLOC_MACRO calloc 1979 scripts/config.py set MBEDTLS_PLATFORM_FREE_MACRO free 1980 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 1981 make 1982 1983 msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" 1984 make test 1985} 1986 1987component_test_malloc_0_null () { 1988 msg "build: malloc(0) returns NULL (ASan+UBSan build)" 1989 scripts/config.py full 1990 make CC=gcc CFLAGS="'-DMBEDTLS_CONFIG_FILE=\"$PWD/tests/configs/config-wrapper-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS" 1991 1992 msg "test: malloc(0) returns NULL (ASan+UBSan build)" 1993 make test 1994 1995 msg "selftest: malloc(0) returns NULL (ASan+UBSan build)" 1996 # Just the calloc selftest. "make test" ran the others as part of the 1997 # test suites. 1998 if_build_succeeded programs/test/selftest calloc 1999 2000 msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)" 2001 # Run a subset of the tests. The choice is a balance between coverage 2002 # and time (including time indirectly wasted due to flaky tests). 2003 # The current choice is to skip tests whose description includes 2004 # "proxy", which is an approximation of skipping tests that use the 2005 # UDP proxy, which tend to be slower and flakier. 2006 if_build_succeeded tests/ssl-opt.sh -e 'proxy' 2007} 2008 2009component_test_aes_fewer_tables () { 2010 msg "build: default config with AES_FEWER_TABLES enabled" 2011 scripts/config.py set MBEDTLS_AES_FEWER_TABLES 2012 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 2013 2014 msg "test: AES_FEWER_TABLES" 2015 make test 2016} 2017 2018component_test_aes_rom_tables () { 2019 msg "build: default config with AES_ROM_TABLES enabled" 2020 scripts/config.py set MBEDTLS_AES_ROM_TABLES 2021 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 2022 2023 msg "test: AES_ROM_TABLES" 2024 make test 2025} 2026 2027component_test_aes_fewer_tables_and_rom_tables () { 2028 msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" 2029 scripts/config.py set MBEDTLS_AES_FEWER_TABLES 2030 scripts/config.py set MBEDTLS_AES_ROM_TABLES 2031 make CC=gcc CFLAGS='-Werror -Wall -Wextra' 2032 2033 msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" 2034 make test 2035} 2036 2037component_test_ctr_drbg_aes_256_sha_256 () { 2038 msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2039 scripts/config.py full 2040 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 2041 scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 2042 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2043 make 2044 2045 msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2046 make test 2047} 2048 2049component_test_ctr_drbg_aes_128_sha_512 () { 2050 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" 2051 scripts/config.py full 2052 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 2053 scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY 2054 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2055 make 2056 2057 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" 2058 make test 2059} 2060 2061component_test_ctr_drbg_aes_128_sha_256 () { 2062 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2063 scripts/config.py full 2064 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C 2065 scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY 2066 scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 2067 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2068 make 2069 2070 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" 2071 make test 2072} 2073 2074component_test_se_default () { 2075 msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C" 2076 scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C 2077 make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" 2078 2079 msg "test: default config + MBEDTLS_PSA_CRYPTO_SE_C" 2080 make test 2081} 2082 2083component_test_psa_crypto_drivers () { 2084 msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks" 2085 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS 2086 # Need to define the correct symbol and include the test driver header path in order to build with the test driver 2087 make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" 2088 2089 msg "test: MBEDTLS_PSA_CRYPTO_DRIVERS, signature" 2090 make test 2091} 2092 2093component_test_make_shared () { 2094 msg "build/test: make shared" # ~ 40s 2095 make SHARED=1 all check 2096 ldd programs/util/strerror | grep libmbedcrypto 2097} 2098 2099component_test_cmake_shared () { 2100 msg "build/test: cmake shared" # ~ 2min 2101 cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On . 2102 make 2103 ldd programs/util/strerror | grep libmbedcrypto 2104 make test 2105} 2106 2107test_build_opt () { 2108 info=$1 cc=$2; shift 2 2109 for opt in "$@"; do 2110 msg "build/test: $cc $opt, $info" # ~ 30s 2111 make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" 2112 # We're confident enough in compilers to not run _all_ the tests, 2113 # but at least run the unit tests. In particular, runs with 2114 # optimizations use inline assembly whereas runs with -O0 2115 # skip inline assembly. 2116 make test # ~30s 2117 make clean 2118 done 2119} 2120 2121component_test_clang_opt () { 2122 scripts/config.py full 2123 test_build_opt 'full config' clang -O0 -Os -O2 2124} 2125 2126component_test_gcc_opt () { 2127 scripts/config.py full 2128 test_build_opt 'full config' gcc -O0 -Os -O2 2129} 2130 2131component_build_mbedtls_config_file () { 2132 msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s 2133 # Use the full config so as to catch a maximum of places where 2134 # the check of MBEDTLS_CONFIG_FILE might be missing. 2135 scripts/config.py full 2136 sed 's!"check_config.h"!"mbedtls/check_config.h"!' <"$CONFIG_H" >full_config.h 2137 echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H" 2138 make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" 2139 rm -f full_config.h 2140} 2141 2142component_test_m32_o0 () { 2143 # Build once with -O0, to compile out the i386 specific inline assembly 2144 msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s 2145 scripts/config.py full 2146 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS" 2147 2148 msg "test: i386, make, gcc -O0 (ASan build)" 2149 make test 2150} 2151support_test_m32_o0 () { 2152 case $(uname -m) in 2153 *64*) true;; 2154 *) false;; 2155 esac 2156} 2157 2158component_test_m32_o1 () { 2159 # Build again with -O1, to compile in the i386 specific inline assembly 2160 msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s 2161 scripts/config.py full 2162 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O1" LDFLAGS="-m32 $ASAN_CFLAGS" 2163 2164 msg "test: i386, make, gcc -O1 (ASan build)" 2165 make test 2166 2167 msg "test ssl-opt.sh, i386, make, gcc-O1" 2168 if_build_succeeded tests/ssl-opt.sh 2169} 2170support_test_m32_o1 () { 2171 support_test_m32_o0 "$@" 2172} 2173 2174component_test_m32_everest () { 2175 msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min 2176 scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT 2177 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 2178 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS" 2179 2180 msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s 2181 make test 2182 2183 msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s 2184 if_build_succeeded tests/ssl-opt.sh -f ECDH 2185 2186 msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min 2187 # Exclude some symmetric ciphers that are redundant here to gain time. 2188 if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4' 2189} 2190support_test_m32_everest () { 2191 support_test_m32_o0 "$@" 2192} 2193 2194component_test_mx32 () { 2195 msg "build: 64-bit ILP32, make, gcc" # ~ 30s 2196 scripts/config.py full 2197 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' 2198 2199 msg "test: 64-bit ILP32, make, gcc" 2200 make test 2201} 2202support_test_mx32 () { 2203 case $(uname -m) in 2204 amd64|x86_64) true;; 2205 *) false;; 2206 esac 2207} 2208 2209component_test_min_mpi_window_size () { 2210 msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s 2211 scripts/config.py set MBEDTLS_MPI_WINDOW_SIZE 1 2212 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2213 make 2214 2215 msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s 2216 make test 2217} 2218 2219component_test_have_int32 () { 2220 msg "build: gcc, force 32-bit bignum limbs" 2221 scripts/config.py unset MBEDTLS_HAVE_ASM 2222 scripts/config.py unset MBEDTLS_AESNI_C 2223 scripts/config.py unset MBEDTLS_PADLOCK_C 2224 make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' 2225 2226 msg "test: gcc, force 32-bit bignum limbs" 2227 make test 2228} 2229 2230component_test_have_int64 () { 2231 msg "build: gcc, force 64-bit bignum limbs" 2232 scripts/config.py unset MBEDTLS_HAVE_ASM 2233 scripts/config.py unset MBEDTLS_AESNI_C 2234 scripts/config.py unset MBEDTLS_PADLOCK_C 2235 make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' 2236 2237 msg "test: gcc, force 64-bit bignum limbs" 2238 make test 2239} 2240 2241component_test_no_udbl_division () { 2242 msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s 2243 scripts/config.py full 2244 scripts/config.py set MBEDTLS_NO_UDBL_DIVISION 2245 make CFLAGS='-Werror -O1' 2246 2247 msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s 2248 make test 2249} 2250 2251component_test_no_64bit_multiplication () { 2252 msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s 2253 scripts/config.py full 2254 scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION 2255 make CFLAGS='-Werror -O1' 2256 2257 msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s 2258 make test 2259} 2260 2261component_test_no_strings () { 2262 msg "build: no strings" # ~10s 2263 scripts/config.py full 2264 # Disable options that activate a large amount of string constants. 2265 scripts/config.py unset MBEDTLS_DEBUG_C 2266 scripts/config.py unset MBEDTLS_ERROR_C 2267 scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY 2268 scripts/config.py unset MBEDTLS_VERSION_FEATURES 2269 make CFLAGS='-Werror -Os' 2270 2271 msg "test: no strings" # ~ 10s 2272 make test 2273} 2274 2275component_build_arm_none_eabi_gcc () { 2276 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s 2277 scripts/config.py baremetal 2278 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib 2279 2280 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" 2281 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 2282} 2283 2284component_build_arm_none_eabi_gcc_arm5vte () { 2285 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s 2286 scripts/config.py baremetal 2287 # Build for a target platform that's close to what Debian uses 2288 # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). 2289 # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments. 2290 # It would be better to build with arm-linux-gnueabi-gcc but 2291 # we don't have that on our CI at this time. 2292 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib 2293 2294 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1" 2295 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 2296} 2297 2298component_build_arm_none_eabi_gcc_m0plus () { 2299 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s 2300 scripts/config.py baremetal 2301 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib 2302 2303 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os" 2304 ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o 2305} 2306 2307component_build_arm_none_eabi_gcc_no_udbl_division () { 2308 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s 2309 scripts/config.py baremetal 2310 scripts/config.py set MBEDTLS_NO_UDBL_DIVISION 2311 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib 2312 echo "Checking that software 64-bit division is not required" 2313 if_build_succeeded not grep __aeabi_uldiv library/*.o 2314} 2315 2316component_build_arm_none_eabi_gcc_no_64bit_multiplication () { 2317 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s 2318 scripts/config.py baremetal 2319 scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION 2320 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib 2321 echo "Checking that software 64-bit multiplication is not required" 2322 if_build_succeeded not grep __aeabi_lmul library/*.o 2323} 2324 2325component_build_armcc () { 2326 msg "build: ARM Compiler 5" 2327 scripts/config.py baremetal 2328 make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib 2329 2330 msg "size: ARM Compiler 5" 2331 "$ARMC5_FROMELF" -z library/*.o 2332 2333 make clean 2334 2335 # ARM Compiler 6 - Target ARMv7-A 2336 armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" 2337 2338 # ARM Compiler 6 - Target ARMv7-M 2339 armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" 2340 2341 # ARM Compiler 6 - Target ARMv8-A - AArch32 2342 armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" 2343 2344 # ARM Compiler 6 - Target ARMv8-M 2345 armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" 2346 2347 # ARM Compiler 6 - Target ARMv8-A - AArch64 2348 armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" 2349} 2350 2351component_build_ssl_hw_record_accel() { 2352 msg "build: default config with MBEDTLS_SSL_HW_RECORD_ACCEL enabled" 2353 scripts/config.pl set MBEDTLS_SSL_HW_RECORD_ACCEL 2354 make CFLAGS='-Werror -O1' 2355} 2356 2357component_test_allow_sha1 () { 2358 msg "build: allow SHA1 in certificates by default" 2359 scripts/config.py set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 2360 make CFLAGS='-Werror -Wall -Wextra' 2361 msg "test: allow SHA1 in certificates by default" 2362 make test 2363 if_build_succeeded tests/ssl-opt.sh -f SHA-1 2364} 2365 2366component_test_tls13_experimental () { 2367 msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled" 2368 scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL 2369 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 2370 make 2371 msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled" 2372 make test 2373} 2374 2375component_build_mingw () { 2376 msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s 2377 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs 2378 2379 # note Make tests only builds the tests, but doesn't run them 2380 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests 2381 make WINDOWS_BUILD=1 clean 2382 2383 msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s 2384 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs 2385 make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests 2386 make WINDOWS_BUILD=1 clean 2387} 2388support_build_mingw() { 2389 case $(i686-w64-mingw32-gcc -dumpversion) in 2390 [0-5]*) false;; 2391 *) true;; 2392 esac 2393} 2394 2395component_test_memsan () { 2396 msg "build: MSan (clang)" # ~ 1 min 20s 2397 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm 2398 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . 2399 make 2400 2401 msg "test: main suites (MSan)" # ~ 10s 2402 make test 2403 2404 msg "test: ssl-opt.sh (MSan)" # ~ 1 min 2405 if_build_succeeded tests/ssl-opt.sh 2406 2407 # Optional part(s) 2408 2409 if [ "$MEMORY" -gt 0 ]; then 2410 msg "test: compat.sh (MSan)" # ~ 6 min 20s 2411 if_build_succeeded tests/compat.sh 2412 fi 2413} 2414 2415component_test_valgrind () { 2416 msg "build: Release (clang)" 2417 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . 2418 make 2419 2420 msg "test: main suites valgrind (Release)" 2421 make memcheck 2422 2423 # Optional parts (slow; currently broken on OS X because programs don't 2424 # seem to receive signals under valgrind on OS X). 2425 if [ "$MEMORY" -gt 0 ]; then 2426 msg "test: ssl-opt.sh --memcheck (Release)" 2427 if_build_succeeded tests/ssl-opt.sh --memcheck 2428 fi 2429 2430 if [ "$MEMORY" -gt 1 ]; then 2431 msg "test: compat.sh --memcheck (Release)" 2432 if_build_succeeded tests/compat.sh --memcheck 2433 fi 2434 2435 if [ "$MEMORY" -gt 0 ]; then 2436 msg "test: context-info.sh --memcheck (Release)" 2437 if_build_succeeded tests/context-info.sh --memcheck 2438 fi 2439} 2440 2441component_test_cmake_out_of_source () { 2442 msg "build: cmake 'out-of-source' build" 2443 MBEDTLS_ROOT_DIR="$PWD" 2444 mkdir "$OUT_OF_SOURCE_DIR" 2445 cd "$OUT_OF_SOURCE_DIR" 2446 cmake "$MBEDTLS_ROOT_DIR" 2447 make 2448 2449 msg "test: cmake 'out-of-source' build" 2450 make test 2451 # Test an SSL option that requires an auxiliary script in test/scripts/. 2452 # Also ensure that there are no error messages such as 2453 # "No such file or directory", which would indicate that some required 2454 # file is missing (ssl-opt.sh tolerates the absence of some files so 2455 # may exit with status 0 but emit errors). 2456 if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err 2457 if [ -s ssl-opt.err ]; then 2458 cat ssl-opt.err >&2 2459 record_status [ ! -s ssl-opt.err ] 2460 rm ssl-opt.err 2461 fi 2462 cd "$MBEDTLS_ROOT_DIR" 2463 rm -rf "$OUT_OF_SOURCE_DIR" 2464 unset MBEDTLS_ROOT_DIR 2465} 2466 2467component_test_cmake_as_subdirectory () { 2468 msg "build: cmake 'as-subdirectory' build" 2469 MBEDTLS_ROOT_DIR="$PWD" 2470 2471 cd programs/test/cmake_subproject 2472 cmake . 2473 make 2474 if_build_succeeded ./cmake_subproject 2475 2476 cd "$MBEDTLS_ROOT_DIR" 2477 unset MBEDTLS_ROOT_DIR 2478} 2479 2480component_test_zeroize () { 2481 # Test that the function mbedtls_platform_zeroize() is not optimized away by 2482 # different combinations of compilers and optimization flags by using an 2483 # auxiliary GDB script. Unfortunately, GDB does not return error values to the 2484 # system in all cases that the script fails, so we must manually search the 2485 # output to check whether the pass string is present and no failure strings 2486 # were printed. 2487 2488 # Don't try to disable ASLR. We don't care about ASLR here. We do care 2489 # about a spurious message if Gdb tries and fails, so suppress that. 2490 gdb_disable_aslr= 2491 if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then 2492 gdb_disable_aslr='set disable-randomization off' 2493 fi 2494 2495 for optimization_flag in -O2 -O3 -Ofast -Os; do 2496 for compiler in clang gcc; do 2497 msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" 2498 make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" 2499 if_build_succeeded gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log 2500 if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log 2501 if_build_succeeded not grep -i "error" test_zeroize.log 2502 rm -f test_zeroize.log 2503 make clean 2504 done 2505 done 2506 2507 unset gdb_disable_aslr 2508} 2509 2510component_check_python_files () { 2511 msg "Lint: Python scripts" 2512 record_status tests/scripts/check-python-files.sh 2513} 2514 2515component_check_generate_test_code () { 2516 msg "uint test: generate_test_code.py" 2517 # unittest writes out mundane stuff like number or tests run on stderr. 2518 # Our convention is to reserve stderr for actual errors, and write 2519 # harmless info on stdout so it can be suppress with --quiet. 2520 record_status ./tests/scripts/test_generate_test_code.py 2>&1 2521} 2522 2523################################################################ 2524#### Termination 2525################################################################ 2526 2527post_report () { 2528 msg "Done, cleaning up" 2529 cleanup 2530 2531 final_report 2532} 2533 2534 2535 2536################################################################ 2537#### Run all the things 2538################################################################ 2539 2540# Run one component and clean up afterwards. 2541run_component () { 2542 # Back up the configuration in case the component modifies it. 2543 # The cleanup function will restore it. 2544 cp -p "$CONFIG_H" "$CONFIG_BAK" 2545 cp -p "$CRYPTO_CONFIG_H" "$CRYPTO_CONFIG_BAK" 2546 current_component="$1" 2547 export MBEDTLS_TEST_CONFIGURATION="$current_component" 2548 2549 # Unconditionally create a seedfile that's sufficiently long. 2550 # Do this before each component, because a previous component may 2551 # have messed it up or shortened it. 2552 redirect_err dd if=/dev/urandom of=./tests/seedfile bs=64 count=1 2553 2554 # Run the component code. 2555 if [ $QUIET -eq 1 ]; then 2556 # msg() is silenced, so just print the component name here 2557 echo "${current_component#component_}" 2558 fi 2559 redirect_out "$@" 2560 2561 # Restore the build tree to a clean state. 2562 cleanup 2563 unset current_component 2564} 2565 2566# Preliminary setup 2567pre_check_environment 2568pre_initialize_variables 2569pre_parse_command_line "$@" 2570 2571pre_check_git 2572 2573build_status=0 2574if [ $KEEP_GOING -eq 1 ]; then 2575 pre_setup_keep_going 2576else 2577 record_status () { 2578 "$@" 2579 } 2580fi 2581pre_setup_quiet_redirect 2582pre_prepare_outcome_file 2583pre_print_configuration 2584pre_check_tools 2585cleanup 2586 2587# Run the requested tests. 2588for component in $RUN_COMPONENTS; do 2589 run_component "component_$component" 2590done 2591 2592# We're done. 2593post_report 2594