yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
mbedtls/tests/scripts/all.sh

3704 lines
152 KiB
Bash
Raw Normal View History

Switch all.sh to bash This will let us use bash features that are not found in some other sh implementations, such as DEBUG and ERR traps, "set -o pipefail", etc. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-27 16:35:23 +01:00
#! /usr/bin/env bash
all.sh: one test script to run them all
2014-03-19 18:29:01 +01:00
Update interop tests to default configuration Removed SSLv3 from the default tests in compat.sh, and adapted the test cases in all.sh to include an additional SSLv3 regression test suite.
2016-03-08 00:22:10 +01:00
# all.sh
#
Update copyright notices to use Linux Foundation guidance As a result, the copyright of contributors other than Arm is now acknowledged, and the years of publishing are no longer tracked in the source files. Also remove the now-redundant lines declaring that the files are part of MbedTLS. This commit was generated using the following script: # ======================== #!/bin/sh # Find files find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi ' # Replace copyright attribution line s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I # Remove redundant declaration and the preceding line $!N /This file is part of Mbed TLS/Id P D ' # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-07 13:07:28 +02:00
# Copyright The Mbed TLS Contributors
Add Apache-2.0 headers to all scripts This commit was generated using the following script: # ======================== #!/bin/sh # Find scripts find -path './.git' -prune -o '(' -name '*.gdb' -o -name '*.pl' -o -name '*.py' -o -name '*.sh' ')' -print | xargs sed -i ' # Remove Mbed TLS declaration if it occurs before the copyright line 1,/Copyright.*Arm/I { /This file is part of/,$ { /Copyright.*Arm/I! d } } # Convert non-standard header in scripts/abi_check.py to the format used in the other scripts /"""/,/"""/ { # Cut copyright declaration /Copyright.*Arm/I { h N d } # Paste copyright declaration /"""/ { x /./ { s/^/# / # Add # x # Replace orignal buffer with Copyright declaration p # Print original buffer, insert newline i\ s/.*// # Clear original buffer } x } } /Copyright.*Arm/I { # Print copyright declaration p # Read the two lines immediately following the copyright declaration N N # Insert Apache header if it is missing /SPDX/! { i\ # SPDX-License-Identifier: Apache-2.0\ #\ # Licensed under the Apache License, Version 2.0 (the "License"); you may\ # not use this file except in compliance with the License.\ # You may obtain a copy of the License at\ #\ # http://www.apache.org/licenses/LICENSE-2.0\ #\ # Unless required by applicable law or agreed to in writing, software\ # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\ # See the License for the specific language governing permissions and\ # limitations under the License. # Insert Mbed TLS declaration if it is missing /This file is part of/! i\ #\ # This file is part of Mbed TLS (https://tls.mbed.org) } # Clear copyright declaration from buffer D } ' # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-05-26 01:54:15 +02:00
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
all.sh: add some documentation
2017-12-21 15:59:21 +01:00
################################################################
#### Documentation
################################################################
Update interop tests to default configuration Removed SSLv3 from the default tests in compat.sh, and adapted the test cases in all.sh to include an additional SSLv3 regression test suite.
2016-03-08 00:22:10 +01:00
# Purpose
all.sh: add some documentation
2017-12-21 15:59:21 +01:00
# -------
Update interop tests to default configuration Removed SSLv3 from the default tests in compat.sh, and adapted the test cases in all.sh to include an additional SSLv3 regression test suite.
2016-03-08 00:22:10 +01:00
#
Adds check to avoid overwriting files Adds check to avoid accidental overwriting of config.h or the yotta module, as well as a force option to override any changes.
2016-04-16 22:54:39 +02:00
# To run all tests possible or available on the platform.
all.sh: one test script to run them all
2014-03-19 18:29:01 +01:00
#
all.sh: add some documentation
2017-12-21 15:59:21 +01:00
# Notes for users
# ---------------
#
Adds check to avoid overwriting files Adds check to avoid accidental overwriting of config.h or the yotta module, as well as a force option to override any changes.
2016-04-16 22:54:39 +02:00
# Warning: the test is destructive. It includes various build modes and
# configurations, and can and will arbitrarily change the current CMake
all.sh: add some documentation
2017-12-21 15:59:21 +01:00
# configuration. The following files must be committed into git:
Rename config.h to mbedtls_config.h This commit was generated using the following script: # ======================== #!/bin/sh git ls-files | grep -v '^ChangeLog' | xargs sed -b -E -i ' s/((check|crypto|full|mbedtls|query)_config)\.h/\1\nh/g s/config\.h/mbedtls_config.h/g y/\n/./ ' mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-05-28 09:42:25 +02:00
# * include/mbedtls/mbedtls_config.h
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
# * Makefile, library/Makefile, programs/Makefile, tests/Makefile,
# programs/fuzz/Makefile
all.sh: add some documentation
2017-12-21 15:59:21 +01:00
# After running this script, the CMake cache will be lost and CMake
# will no longer be initialised.
#
# The script assumes the presence of a number of tools:
# * Basic Unix tools (Windows users note: a Unix-style find must be before
# the Windows find in the PATH)
# * Perl
# * GNU Make
# * CMake
# * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind)
Make the C++ test mandatory by removing the --no-cxx flag from all.sh Remove the cmake test
2018-06-28 10:41:50 +02:00
# * G++
all.sh: add some documentation
2017-12-21 15:59:21 +01:00
# * arm-gcc and mingw-gcc
# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
# * OpenSSL and GnuTLS command line tools, recent enough for the
Remove remaining comments and strings refering to removed features. Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-15 13:28:52 +02:00
# interoperability tests. If they don't support old features which we want
# to test, then a legacy version of these tools must be present as well
# (search for LEGACY below).
all.sh: add some documentation
2017-12-21 15:59:21 +01:00
# See the invocation of check_tools below for details.
#
# This script must be invoked from the toplevel directory of a git
# working copy of Mbed TLS.
#
Run each component in a subshell and handle errors more robustly This commit completely rewrites keep-going mode. Instead of relying solely on "set -e", which has some subtle limitations (such as being off anywhere inside a conditional), use an ERR trap to record errors. Run each component in a subshell. This way a component can set environment variables, change the current directory, etc., without affecting other components. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:50:43 +01:00
# The behavior on an error depends on whether --keep-going (alias -k)
# is in effect.
# * Without --keep-going: the script stops on the first error without
# cleaning up. This lets you work in the configuration of the failing
# component.
# * With --keep-going: the script runs all requested components and
# reports failures at the end. In particular the script always cleans
# up on exit.
#
all.sh: add some documentation
2017-12-21 15:59:21 +01:00
# Note that the output is not saved. You may want to run
# script -c tests/scripts/all.sh
# or
# tests/scripts/all.sh >all.log 2>&1
all.sh: directly go for ASan build
2014-03-27 14:44:04 +01:00
#
all.sh: add some documentation
2017-12-21 15:59:21 +01:00
# Notes for maintainers
# ---------------------
all.sh: directly go for ASan build
2014-03-27 14:44:04 +01:00
#
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
# The bulk of the code is organized into functions that follow one of the
# following naming conventions:
# * pre_XXX: things to do before running the tests, in order.
# * component_XXX: independent components. They can be run in any order.
all.sh: Update the maintainer documentation
2019-01-09 22:29:17 +01:00
# * component_check_XXX: quick tests that aren't worth parallelizing.
# * component_build_XXX: build things but don't run them.
# * component_test_XXX: build and test.
all.sh: list components automatically Extract the list of available components by looking for definitions of functions called component_xxx. The previous code explicitly listed all components in run_all_components, which opened the risk of forgetting to list a component there. Add a conditional execution facility: if a function support_xxx exists and returns false then component_xxx is not executed (except when the command line lists an explicit set of components to execute).
2019-01-06 21:50:38 +01:00
# * support_XXX: if support_XXX exists and returns false then
# component_XXX is not run by default.
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
# * post_XXX: things to do after running the tests.
# * other: miscellaneous support functions.
#
all.sh: Update the maintainer documentation
2019-01-09 22:29:17 +01:00
# Each component must start by invoking `msg` with a short informative message.
#
Better not function In the `not` function, in keep-going mode, arrange to report the failing command (rather than `"$@"`). Note that the `!` keyword should not be used, because failures with `!` are not reported properly. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 21:27:40 +01:00
# Warning: due to the way bash detects errors, the failure of a command
# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'.
#
Run each component in a subshell and handle errors more robustly This commit completely rewrites keep-going mode. Instead of relying solely on "set -e", which has some subtle limitations (such as being off anywhere inside a conditional), use an ERR trap to record errors. Run each component in a subshell. This way a component can set environment variables, change the current directory, etc., without affecting other components. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:50:43 +01:00
# Each component is executed in a separate shell process. The component
# fails if any command in it returns a non-zero status.
#
all.sh: Update the maintainer documentation
2019-01-09 22:29:17 +01:00
# The framework performs some cleanup tasks after each component. This
# means that components can assume that the working directory is in a
# cleaned-up state, and don't need to perform the cleanup themselves.
# * Run `make clean`.
Fix pre-existing typo in comment Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 15:11:11 +02:00
# * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running
all.sh: Update the maintainer documentation
2019-01-09 22:29:17 +01:00
# the component.
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`,
# `tests/Makefile` and `programs/fuzz/Makefile` from git.
# This cleans up after an in-tree use of CMake.
all.sh: Update the maintainer documentation
2019-01-09 22:29:17 +01:00
#
all.sh: add some documentation
2017-12-21 15:59:21 +01:00
# The tests are roughly in order from fastest to slowest. This doesn't
# have to be exact, but in general you should add slower tests towards
# the end and fast checks near the beginning.
################################################################
#### Initialization and command line parsing
################################################################
all.sh: one test script to run them all
2014-03-19 18:29:01 +01:00
Detect errors on the left-hand side of a pipeline Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:50:49 +01:00
# Abort on errors (even on the left-hand side of a pipe).
# Treat uninitialised variables as errors.
set -e -o pipefail -u
all.sh: one test script to run them all
2014-03-19 18:29:01 +01:00
Don't remove programs/fuzz/Makefile Other programs/*/Makefile are only created by CMake, but programs/fuzz has its own Makefile in the repository. Fixes #6247. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-08-30 21:02:44 +02:00
# Enable ksh/bash extended file matching patterns
shopt -s extglob
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
pre_check_environment () {
all.sh: don't insist on Linux; always run Valgrind Don't bail out of all.sh if the OS isn't Linux. We only expect everything to pass on a recent Linux x86_64, but it's useful to call all.sh to run some components on any platform. In all.sh, always run both MemorySanitizer and Valgrind. Valgrind is slower than ASan and MSan but finds some things that they don't. Run MSan unconditionally, not just on Linux/x86_64. MSan is supported on some other OSes and CPUs these days. Use `all.sh --except test_memsan` if you want to omit MSan because it isn't supported on your platform. Use `all.sh --except test_memcheck` if you want to omit Valgrind because it's too slow. Make the test scripts more portable (tested on FreeBSD): don't insist on GNU sed, and recognize amd64 as well as x86_64 for `uname -m`. The `make` utility must still be GNU make.
2019-01-06 20:58:02 +01:00
if [ -d library -a -d include -a -d tests ]; then :; else
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
echo "Must be run from mbed TLS root" >&2
exit 1
fi
}
all.sh: one test script to run them all
2014-03-19 18:29:01 +01:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
pre_initialize_variables () {
Rename config.h to mbedtls_config.h This commit was generated using the following script: # ======================== #!/bin/sh git ls-files | grep -v '^ChangeLog' | xargs sed -b -E -i ' s/((check|crypto|full|mbedtls|query)_config)\.h/\1\nh/g s/config\.h/mbedtls_config.h/g y/\n/./ ' mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-05-28 09:42:25 +02:00
CONFIG_H='include/mbedtls/mbedtls_config.h'
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
CRYPTO_CONFIG_H='include/psa/crypto_config.h'
Don't restore *config.h before backing it up Back up the config files at the beginning of all.sh, rather than before each component. In particular, create the backup before running cleanup for the first time. This fixes #3139 (all.sh using a config.h.bak from a previous job), and makes all.sh more robust against accidentally using a modified config.h midway through because a component messed with the backup. Use a different extension (*.all.bak rather than *.bak) for the backups. This is necessary to ensure that auxiliary scripts such as depends*.pl that make their own backup don't remove all.sh's backup, which the code from this commit does not support. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-30 20:11:39 +02:00
# Files that are clobbered by some jobs will be backed up. Use a different
# suffix from auxiliary scripts so that all.sh and auxiliary scripts can
# independently decide when to remove the backup file.
backup_suffix='.all.bak'
# Files clobbered by config.py
files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H"
Don't unconditionally restore **/Makefile all.sh restores **/Makefile from git in case the version in the worktree was from doing a cmake in-tree build. Instead of doing this unconditionally, do it only if the toplevel Makefile seems to have been automatically generated (by cmake or otherwise, e.g. by mbedtls-prepare-build). This way all.sh no longer silently wipes changes made to Makefile but not committed yet. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-12 18:16:01 +02:00
# Files clobbered by in-tree cmake
files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
all.sh --outcome-file creates an outcome file By default, remove the outcome file before starting. With --append-outcome, append to the existing outcome file if there is one.
2019-09-16 15:55:46 +02:00
append_outcome=0
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
MEMORY=0
FORCE=0
Add a --quiet option to all.sh The primary purpose is to use it to run all.sh -k -q in the pre-push hook, but this can be useful in any circumstance where you're not interested in the full output from each component and just want a short summary of which components were run (and if any failed). Note that only stdout from components is suppressed, stderr is preserved so that errors are reported. This means components should avoid printing to stderr in normal usage (ie in the absence of errors). Currently all the `check_*` components obey this convention except: - check_generate_test_code: unittest prints progress to stderr - check_test_cases: lots of non-fatal warnings printed to stderr These components will be fixed in follow-up commits. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 11:28:07 +02:00
QUIET=0
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
KEEP_GOING=0
Make basic-build-test.sh deterministic Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 12:59:27 +02:00
# Seed value used with the --release-test option.
Adjust comments about SEED synchronisation Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-22 10:11:47 +02:00
#
# See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if
# both values are kept in sync. If you change the value here because it
# breaks some tests, you'll definitely want to change it in
# basic-build-test.sh as well.
Make basic-build-test.sh deterministic Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 12:59:27 +02:00
RELEASE_SEED=1
all.sh --outcome-file creates an outcome file By default, remove the outcome file before starting. With --append-outcome, append to the existing outcome file if there is one.
2019-09-16 15:55:46 +02:00
: ${MBEDTLS_TEST_OUTCOME_FILE=}
Set meaningful test configuration names when running tests Set MBEDTLS_TEST_PLATFORM and MBEDTLS_TEST_CONFIGURATION to meaningful values in all.sh. These environment variables are used when writing an outcome file, which happens if MBEDTLS_TEST_OUTCOME_FILE is also set. When running one of the try-multiple-configuration scripts, set MBEDTLS_TEST_CONFIGURATION to a value that uniquely describes the configuration.
2019-09-16 15:20:36 +02:00
: ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
all.sh --outcome-file creates an outcome file By default, remove the outcome file before starting. With --append-outcome, append to the existing outcome file if there is one.
2019-09-16 15:55:46 +02:00
export MBEDTLS_TEST_OUTCOME_FILE
Set meaningful test configuration names when running tests Set MBEDTLS_TEST_PLATFORM and MBEDTLS_TEST_CONFIGURATION to meaningful values in all.sh. These environment variables are used when writing an outcome file, which happens if MBEDTLS_TEST_OUTCOME_FILE is also set. When running one of the try-multiple-configuration scripts, set MBEDTLS_TEST_CONFIGURATION to a value that uniquely describes the configuration.
2019-09-16 15:20:36 +02:00
export MBEDTLS_TEST_PLATFORM
Merge remote-tracking branch 'origin/pr/2325' into development
2019-01-30 16:35:44 +01:00
# Default commands, can be overridden by the environment
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
: ${OPENSSL:="openssl"}
: ${OPENSSL_LEGACY:="$OPENSSL"}
: ${OPENSSL_NEXT:="$OPENSSL"}
: ${GNUTLS_CLI:="gnutls-cli"}
: ${GNUTLS_SERV:="gnutls-serv"}
: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
: ${ARMC5_BIN_DIR:=/usr/bin}
: ${ARMC6_BIN_DIR:=/usr/bin}
Rename --arm-gcc-prefix to --arm-none-eabi-gcc-prefix This is supposed to be for GCC (or a compiler with a compatible command line interface) targeting arm-none-eabi, so name it accordingly. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 18:19:32 +02:00
: ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
Add arm-linux-gnueabi-gcc build to all.sh Currently it can't be mandatory, since we can't install the required toolchain on Jenkins right away. Also, while at it, remove `SHELL='sh -x'` from the other arm5vte component; it was a leftover from debugging. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-18 10:28:51 +02:00
: ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
# if MAKEFLAGS is not set add the -j option to speed up invocations of make
all.sh: fix MAKEFLAGS setting MAKEFLAGS was set to -j if it was already set, instead of being set if not previously set as intended. So now all.sh will do parallel builds if invoked without MAKEFLAGS in the environment.
2019-01-06 21:15:26 +01:00
if [ -z "${MAKEFLAGS+set}" ]; then
Limit make parallelism to the number of CPUs Don't default to unbridled -j, which causes a load spike and isn't really faster. "Number of CPUs" is implemented here as a reasonable compromise between portability, correctness and simplicity. This is just a default that can be overridden by setting MAKEFLAGS in the environment. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-30 18:24:21 +02:00
export MAKEFLAGS="-j$(all_sh_nproc)"
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
fi
all.sh: list components automatically Extract the list of available components by looking for definitions of functions called component_xxx. The previous code explicitly listed all components in run_all_components, which opened the risk of forgetting to list a component there. Add a conditional execution facility: if a function support_xxx exists and returns false then component_xxx is not executed (except when the command line lists an explicit set of components to execute).
2019-01-06 21:50:38 +01:00
'make test': show failing test cases when cmake does When building with make, `make test` runs `run-test-suites.pl` which has a verbose mode that reports the failing test cases, but it didn't provide a way to enable this verbose mode. With the present commit, you can run `make test TEST_FLAGS=-v` to use verbose mode. Base the default for verbose mode on the same environment variable that `make test` uses when building with CMake: default off, but enabled if `CTEST_OUTPUT_ON_FAILURE` is true. In particular, verbose mode will now be on when building from `all.sh`. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-20 18:57:55 +02:00
# Include more verbose output for failing tests run by CMake or make
all.sh: Enable verbose failure messages for CMake Set the CMake-observed variable `CTEST_OUTPUT_ON_FAILURE`, so that when a "make test" run by CMake fails, verbose test output about the detail of failure is available.
2019-02-07 18:43:39 +01:00
export CTEST_OUTPUT_ON_FAILURE=1
Unify ASan options in make builds Use a common set of options when building with Asan without CMake.
2019-10-21 17:11:33 +02:00
# CFLAGS and LDFLAGS for Asan builds that don't use CMake
Asan make builds: avoid sanitizer recovery Some sanitizers default to displaying an error message and recovering. This could result in a test being recorded as passing despite a complaint from the sanitizer. Turn off sanitizer recovery to avoid this risk.
2019-10-21 19:06:33 +02:00
ASAN_CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all'
Unify ASan options in make builds Use a common set of options when building with Asan without CMake.
2019-10-21 17:11:33 +02:00
all.sh: list components automatically Extract the list of available components by looking for definitions of functions called component_xxx. The previous code explicitly listed all components in run_all_components, which opened the risk of forgetting to list a component there. Add a conditional execution facility: if a function support_xxx exists and returns false then component_xxx is not executed (except when the command line lists an explicit set of components to execute).
2019-01-06 21:50:38 +01:00
# Gather the list of available components. These are the functions
# defined in this script whose name starts with "component_".
Switch all.sh to bash This will let us use bash features that are not found in some other sh implementations, such as DEBUG and ERR traps, "set -o pipefail", etc. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-27 16:35:23 +01:00
# Parse the script with sed. This way we get the functions in the order
# they are defined.
all.sh: list components automatically Extract the list of available components by looking for definitions of functions called component_xxx. The previous code explicitly listed all components in run_all_components, which opened the risk of forgetting to list a component there. Add a conditional execution facility: if a function support_xxx exists and returns false then component_xxx is not executed (except when the command line lists an explicit set of components to execute).
2019-01-06 21:50:38 +01:00
ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0")
# Exclude components that are not supported on this platform.
SUPPORTED_COMPONENTS=
for component in $ALL_COMPONENTS; do
case $(type "support_$component" 2>&1) in
*' function'*)
if ! support_$component; then continue; fi;;
esac
SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component"
done
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Use MAKEFLAGS to pass args to make in all.sh Modify the script at tests/scripts/all.sh to export the variable MAKEFLAGS with -j if it was not set before. This should decrease the total runtime of tests/scripts/all.sh by letting make run multiple jobs in parallel. Also, add a check at the top of the script to cause a failure if the environment is not Linux.
2016-07-12 17:54:33 +02:00
Support wildcard patterns with a positive list of components to run Wildcard patterns now work with command line COMPONENT arguments without --except as well as with. You can now run e.g. `all.sh "check_*` to run all the sanity checks.
2019-01-10 00:05:18 +01:00
# Test whether the component $1 is included in the command line patterns.
is_component_included()
Add --except mode: run all components except a list Allow the list to use wildcards, e.g. you can run the sanity checks with all.sh --except "test_*" "build_*"
2018-11-27 21:37:53 +01:00
{
Documentation improvements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-06 11:35:17 +02:00
# Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
# only does word splitting.
Add --except mode: run all components except a list Allow the list to use wildcards, e.g. you can run the sanity checks with all.sh --except "test_*" "build_*"
2018-11-27 21:37:53 +01:00
set -f
all.sh: Always build the list of components to run Build the list of components to run in $RUN_COMPONENTS as part of command line parsing. After parsing the command line, it no longer matters how this list was built.
2019-01-06 23:11:25 +01:00
for pattern in $COMMAND_LINE_COMPONENTS; do
Add --except mode: run all components except a list Allow the list to use wildcards, e.g. you can run the sanity checks with all.sh --except "test_*" "build_*"
2018-11-27 21:37:53 +01:00
set +f
case ${1#component_} in $pattern) return 0;; esac
done
set +f
return 1
}
Use MAKEFLAGS to pass args to make in all.sh Modify the script at tests/scripts/all.sh to export the variable MAKEFLAGS with -j if it was not set before. This should decrease the total runtime of tests/scripts/all.sh by letting make run multiple jobs in parallel. Also, add a check at the top of the script to cause a failure if the environment is not Linux.
2016-07-12 17:54:33 +02:00
Fix merge of OpenSSL/GNUTLS version options in all.sh
2016-09-07 01:07:09 +02:00
usage()
Adds check to avoid overwriting files Adds check to avoid accidental overwriting of config.h or the yotta module, as well as a force option to override any changes.
2016-04-16 22:54:39 +02:00
{
all.sh: cleaned up usage output
2017-12-10 23:43:39 +01:00
cat <<EOF
all.sh: with non-option arguments, run only these components
2018-11-27 18:15:35 +01:00
Usage: $0 [OPTION]... [COMPONENT]...
New option --list-components Add an option to list the available components. This is not useful yet, but a subsequent commit will add the ability to run specific components.
2018-11-27 17:04:29 +01:00
Run mbedtls release validation tests.
all.sh: with non-option arguments, run only these components
2018-11-27 18:15:35 +01:00
By default, run all tests. With one or more COMPONENT, run only those.
Support wildcard patterns with a positive list of components to run Wildcard patterns now work with command line COMPONENT arguments without --except as well as with. You can now run e.g. `all.sh "check_*` to run all the sanity checks.
2019-01-10 00:05:18 +01:00
COMPONENT can be the name of a component or a shell wildcard pattern.
Examples:
$0 "check_*"
Run all sanity checks.
$0 --no-armcc --except test_memsan
Run everything except builds that require armcc and MemSan.
New option --list-components Add an option to list the available components. This is not useful yet, but a subsequent commit will add the ability to run specific components.
2018-11-27 17:04:29 +01:00
Special options:
-h|--help Print this help and exit.
all.sh: list components automatically Extract the list of available components by looking for definitions of functions called component_xxx. The previous code explicitly listed all components in run_all_components, which opened the risk of forgetting to list a component there. Add a conditional execution facility: if a function support_xxx exists and returns false then component_xxx is not executed (except when the command line lists an explicit set of components to execute).
2019-01-06 21:50:38 +01:00
--list-all-components List all available test components and exit.
--list-components List components supported on this platform and exit.
all.sh: cleaned up usage output
2017-12-10 23:43:39 +01:00
General options:
Add a --quiet option to all.sh The primary purpose is to use it to run all.sh -k -q in the pre-push hook, but this can be useful in any circumstance where you're not interested in the full output from each component and just want a short summary of which components were run (and if any failed). Note that only stdout from components is suppressed, stderr is preserved so that errors are reported. This means components should avoid printing to stderr in normal usage (ie in the absence of errors). Currently all the `check_*` components obey this convention except: - check_generate_test_code: unittest prints progress to stderr - check_test_cases: lots of non-fatal warnings printed to stderr These components will be fixed in follow-up commits. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 11:28:07 +02:00
-q|--quiet Only output component names, and errors if any.
all.sh: cleaned up usage output
2017-12-10 23:43:39 +01:00
-f|--force Force the tests to overwrite any modified files.
all.sh: --keep-going mode Add --keep-going mode to all.sh. In this mode, if a test fails, keep running the subsequent tests. If a build fails, skip any tests of this build and move on to the next tests. Errors in infrastructure, such as git or cmake runs, remain fatal. Print an error summary at the end of the run, and return a nonzero code if there was any failure. In known terminal types, use color to highlight errors. On a fatal signal, interrupt the run and report the errors so far.
2017-12-11 00:01:40 +01:00
-k|--keep-going Run all tests and report errors at the end.
all.sh: cleaned up usage output
2017-12-10 23:43:39 +01:00
-m|--memory Additional optional memory tests.
all.sh --outcome-file creates an outcome file By default, remove the outcome file before starting. With --append-outcome, append to the existing outcome file if there is one.
2019-09-16 15:55:46 +02:00
--append-outcome Append to the outcome file (if used).
Rename --arm-gcc-prefix to --arm-none-eabi-gcc-prefix This is supposed to be for GCC (or a compiler with a compatible command line interface) targeting arm-none-eabi, so name it accordingly. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 18:19:32 +02:00
--arm-none-eabi-gcc-prefix=<string>
Prefix for a cross-compiler for arm-none-eabi
(default: "${ARM_NONE_EABI_GCC_PREFIX}")
Add arm-linux-gnueabi-gcc build to all.sh Currently it can't be mandatory, since we can't install the required toolchain on Jenkins right away. Also, while at it, remove `SHELL='sh -x'` from the other arm5vte component; it was a leftover from debugging. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-18 10:28:51 +02:00
--arm-linux-gnueabi-gcc-prefix=<string>
Prefix for a cross-compiler for arm-linux-gnueabi
(default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}")
all.sh: new option --no-armcc With this option, don't run anything that requires armcc or yotta, so the script can run offline.
2017-12-19 18:24:31 +01:00
--armcc Run ARM Compiler builds (on by default).
Add --restore option to clean up but not necessarily run components Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-06 11:51:59 +02:00
--restore First clean up the build tree, restoring backed up
files. Do not run any components unless they are
explicitly specified.
Add --error-test option to test error detection and reporting Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 21:09:21 +01:00
--error-test Error test mode: run a failing function in addition
Documentation improvement Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-05 15:11:33 +02:00
to any specified component. May be repeated.
Support wildcard patterns with a positive list of components to run Wildcard patterns now work with command line COMPONENT arguments without --except as well as with. You can now run e.g. `all.sh "check_*` to run all the sanity checks.
2019-01-10 00:05:18 +01:00
--except Exclude the COMPONENTs listed on the command line,
instead of running only those.
all.sh --outcome-file creates an outcome file By default, remove the outcome file before starting. With --append-outcome, append to the existing outcome file if there is one.
2019-09-16 15:55:46 +02:00
--no-append-outcome Write a new outcome file and analyze it (default).
all.sh: new option --no-armcc With this option, don't run anything that requires armcc or yotta, so the script can run offline.
2017-12-19 18:24:31 +01:00
--no-armcc Skip ARM Compiler builds.
all.sh: add opposites to all boolean options All options can now be overridden by a subsequent option, e.g. "all.sh --foo --no-foo" is equivalent to "all.sh --no-foo". This allows making wrapper scripts with default options and occasionally overriding those options when running the wrapper script.
2018-03-21 08:40:26 +01:00
--no-force Refuse to overwrite modified files (default).
--no-keep-going Stop at the first error (default).
--no-memory No additional memory tests (default).
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. Signed-off-by: Shaun Case <warmsocks@gmail.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-21 06:14:10 +01:00
--no-quiet Print full output from components.
all.sh: cleaned up usage output
2017-12-10 23:43:39 +01:00
--out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
all.sh --outcome-file creates an outcome file By default, remove the outcome file before starting. With --append-outcome, append to the existing outcome file if there is one.
2019-09-16 15:55:46 +02:00
--outcome-file=<path> File where test outcomes are written (not done if
empty; default: \$MBEDTLS_TEST_OUTCOME_FILE).
all.sh: add opposites to all boolean options All options can now be overridden by a subsequent option, e.g. "all.sh --foo --no-foo" is equivalent to "all.sh --no-foo". This allows making wrapper scripts with default options and occasionally overriding those options when running the wrapper script.
2018-03-21 08:40:26 +01:00
--random-seed Use a random seed value for randomized tests (default).
Make basic-build-test.sh deterministic Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 12:59:27 +02:00
-r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}.
all.sh: cleaned up usage output
2017-12-10 23:43:39 +01:00
-s|--seed Integer seed value to use for this test run.
Tool path options:
--armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
--armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory.
--gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
--gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
--gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests.
--gnutls-legacy-serv=<GnuTLS_serv_path> GnuTLS server executable to use for legacy tests.
--openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
Drop support for SSLv3. Remove options: MBEDTLS_SSL_MINOR_VERSION_0 and MBEDTLS_SSL_PROTO_SSL3). Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-02-18 13:55:21 +01:00
--openssl-legacy=<OpenSSL_path> OpenSSL executable to use for legacy tests..
Add compat.sh ARIA run to all.sh Warning: needs OpenSSL >= 1.1.1-pre1 installed and environment variable OPENSSL_NEXT pointing to it.
2018-02-20 12:02:07 +01:00
--openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
all.sh: cleaned up usage output
2017-12-10 23:43:39 +01:00
EOF
Adds check to avoid overwriting files Adds check to avoid accidental overwriting of config.h or the yotta module, as well as a force option to override any changes.
2016-04-16 22:54:39 +02:00
}
all.sh: one test script to run them all
2014-03-19 18:29:01 +01:00
Documentation improvements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-03 13:44:28 +02:00
# Cleanup before/after running a component.
# Remove built files as well as the cmake cache/config.
# Does not remove generated source files.
all.sh: one test script to run them all
2014-03-19 18:29:01 +01:00
cleanup()
{
all.sh: --keep-going mode Add --keep-going mode to all.sh. In this mode, if a test fails, keep running the subsequent tests. If a build fails, skip any tests of this build and move on to the next tests. Errors in infrastructure, such as git or cmake runs, remain fatal. Print an error summary at the end of the run, and return a nonzero code if there was any failure. In known terminal types, use color to highlight errors. On a fatal signal, interrupt the run and report the errors so far.
2017-12-11 00:01:40 +01:00
command make clean
Add config-full to all.sh
2014-07-12 04:00:00 +02:00
all.sh: be more conservative when cleaning up CMake artefacts Only delete things that we expect to find, to avoid deleting other things that people might have lying around in their build tree. Explicitly skip .git to avoid e.g. accidentally matching a branch name.
2018-03-21 12:15:06 +01:00
# Remove CMake artefacts
all.sh: Cleanup CMakeFiles all.sh's cleanup function would not entirely remove CMakeFiles due to a missing -o in its fine command. Add a -o after prune, so that the find for CMakeFiles can succeed.
2018-11-07 19:46:41 +01:00
find . -name .git -prune -o \
all.sh: be more conservative when cleaning up CMake artefacts Only delete things that we expect to find, to avoid deleting other things that people might have lying around in their build tree. Explicitly skip .git to avoid e.g. accidentally matching a branch name.
2018-03-21 12:15:06 +01:00
-iname CMakeFiles -exec rm -rf {} \+ -o \
\( -iname cmake_install.cmake -o \
-iname CTestTestfile.cmake -o \
Cleanup: rm all files generated by cmake Again, unrelated, except I kept noticing. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-09 11:11:44 +02:00
-iname CMakeCache.txt -o \
-path './cmake/*.cmake' \) -exec rm -f {} \+
all.sh: be more conservative when cleaning up CMake artefacts Only delete things that we expect to find, to avoid deleting other things that people might have lying around in their build tree. Explicitly skip .git to avoid e.g. accidentally matching a branch name.
2018-03-21 12:15:06 +01:00
# Recover files overwritten by in-tree CMake builds
Don't remove programs/fuzz/Makefile Other programs/*/Makefile are only created by CMake, but programs/fuzz has its own Makefile in the repository. Fixes #6247. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-08-30 21:02:44 +02:00
rm -f include/Makefile include/mbedtls/Makefile programs/!(fuzz)/Makefile
Add config-full to all.sh
2014-07-12 04:00:00 +02:00
CMake: Add a subdirectory build regression test If we have a regression with the "build Mbed TLS as a subdirectory with CMake" feature and fail to build, fail the test.
2019-06-20 18:38:22 +02:00
# Remove any artifacts from the component_test_cmake_as_subdirectory test.
rm -rf programs/test/cmake_subproject/build
rm -f programs/test/cmake_subproject/Makefile
rm -f programs/test/cmake_subproject/cmake_subproject
Add CMake package config file This change enables automatic detection and consumption of Mbed TLS library targets from within other CMake projects. By generating an `MbedTLSConfig.cmake` file, consuming projects receive a more complete view of these targets, allowing them to be used as dependencies which properly inherit the transitive dependencies of the libraries. This is fairly fragile, as it seems Mbed TLS's libraries do not appear to properly model their dependencies on other targets, including third-party dependencies. It is, however, sufficient for building and linking the compiled Mbed TLS libraries when there are no third-party dependencies involved. Further work is needed for more complex use-cases, but this will likely meet the needs of most projects. Resolves #298. Probably useful for #2857. Signed-off-by: Chris Kay <chris.kay@arm.com>
2021-03-25 17:03:25 +01:00
# Remove any artifacts from the component_test_cmake_as_package test.
rm -rf programs/test/cmake_package/build
rm -f programs/test/cmake_package/Makefile
rm -f programs/test/cmake_package/cmake_package
# Remove any artifacts from the component_test_cmake_as_installed_package test.
rm -rf programs/test/cmake_package_install/build
rm -f programs/test/cmake_package_install/Makefile
rm -f programs/test/cmake_package_install/cmake_package_install
Don't restore *config.h before backing it up Back up the config files at the beginning of all.sh, rather than before each component. In particular, create the backup before running cleanup for the first time. This fixes #3139 (all.sh using a config.h.bak from a previous job), and makes all.sh more robust against accidentally using a modified config.h midway through because a component messed with the backup. Use a different extension (*.all.bak rather than *.bak) for the backups. This is necessary to ensure that auxiliary scripts such as depends*.pl that make their own backup don't remove all.sh's backup, which the code from this commit does not support. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-30 20:11:39 +02:00
# Restore files that may have been clobbered by the job
for x in $files_to_back_up; do
Don't try restoring a file if no backup is available This caused `all.sh --force` to fail on a clean build tree. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-08-30 21:02:00 +02:00
if [[ -e "$x$backup_suffix" ]]; then
cp -p "$x$backup_suffix" "$x"
fi
Don't restore *config.h before backing it up Back up the config files at the beginning of all.sh, rather than before each component. In particular, create the backup before running cleanup for the first time. This fixes #3139 (all.sh using a config.h.bak from a previous job), and makes all.sh more robust against accidentally using a modified config.h midway through because a component messed with the backup. Use a different extension (*.all.bak rather than *.bak) for the backups. This is necessary to ensure that auxiliary scripts such as depends*.pl that make their own backup don't remove all.sh's backup, which the code from this commit does not support. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-30 20:11:39 +02:00
done
}
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
Documentation improvements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-03 13:44:28 +02:00
# Final cleanup when this script exits (except when exiting on a failure
# in non-keep-going mode).
Don't restore *config.h before backing it up Back up the config files at the beginning of all.sh, rather than before each component. In particular, create the backup before running cleanup for the first time. This fixes #3139 (all.sh using a config.h.bak from a previous job), and makes all.sh more robust against accidentally using a modified config.h midway through because a component messed with the backup. Use a different extension (*.all.bak rather than *.bak) for the backups. This is necessary to ensure that auxiliary scripts such as depends*.pl that make their own backup don't remove all.sh's backup, which the code from this commit does not support. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-30 20:11:39 +02:00
final_cleanup () {
cleanup
for x in $files_to_back_up; do
rm -f "$x$backup_suffix"
done
all.sh: one test script to run them all
2014-03-19 18:29:01 +01:00
}
all.sh: --keep-going mode Add --keep-going mode to all.sh. In this mode, if a test fails, keep running the subsequent tests. If a build fails, skip any tests of this build and move on to the next tests. Errors in infrastructure, such as git or cmake runs, remain fatal. Print an error summary at the end of the run, and return a nonzero code if there was any failure. In known terminal types, use color to highlight errors. On a fatal signal, interrupt the run and report the errors so far.
2017-12-11 00:01:40 +01:00
# Executed on exit. May be redefined depending on command line options.
final_report () {
:
}
fatal_signal () {
Don't restore *config.h before backing it up Back up the config files at the beginning of all.sh, rather than before each component. In particular, create the backup before running cleanup for the first time. This fixes #3139 (all.sh using a config.h.bak from a previous job), and makes all.sh more robust against accidentally using a modified config.h midway through because a component messed with the backup. Use a different extension (*.all.bak rather than *.bak) for the backups. This is necessary to ensure that auxiliary scripts such as depends*.pl that make their own backup don't remove all.sh's backup, which the code from this commit does not support. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-30 20:11:39 +02:00
final_cleanup
all.sh: --keep-going mode Add --keep-going mode to all.sh. In this mode, if a test fails, keep running the subsequent tests. If a build fails, skip any tests of this build and move on to the next tests. Errors in infrastructure, such as git or cmake runs, remain fatal. Print an error summary at the end of the run, and return a nonzero code if there was any failure. In known terminal types, use color to highlight errors. On a fatal signal, interrupt the run and report the errors so far.
2017-12-11 00:01:40 +01:00
final_report $1
trap - $1
kill -$1 $$
}
trap 'fatal_signal HUP' HUP
trap 'fatal_signal INT' INT
trap 'fatal_signal TERM' TERM
Add config-full to all.sh
2014-07-12 04:00:00 +02:00
Limit make parallelism to the number of CPUs Don't default to unbridled -j, which causes a load spike and isn't really faster. "Number of CPUs" is implemented here as a reasonable compromise between portability, correctness and simplicity. This is just a default that can be overridden by setting MAKEFLAGS in the environment. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-30 18:24:21 +02:00
# Number of processors on this machine. Used as the default setting
# for parallel make.
all_sh_nproc ()
{
{
nproc || # Linux
sysctl -n hw.ncpuonline || # NetBSD, OpenBSD
sysctl -n hw.ncpu || # FreeBSD
echo 1
} 2>/dev/null
}
all.sh: directly go for ASan build
2014-03-27 14:44:04 +01:00
msg()
{
Add the current component name to msg output and the final report
2018-12-04 12:49:28 +01:00
if [ -n "${current_component:-}" ]; then
current_section="${current_component#component_}: $1"
else
current_section="$1"
fi
Add a --quiet option to all.sh The primary purpose is to use it to run all.sh -k -q in the pre-push hook, but this can be useful in any circumstance where you're not interested in the full output from each component and just want a short summary of which components were run (and if any failed). Note that only stdout from components is suppressed, stderr is preserved so that errors are reported. This means components should avoid printing to stderr in normal usage (ie in the absence of errors). Currently all the `check_*` components obey this convention except: - check_generate_test_code: unittest prints progress to stderr - check_test_cases: lots of non-fatal warnings printed to stderr These components will be fixed in follow-up commits. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 11:28:07 +02:00
if [ $QUIET -eq 1 ]; then
return
fi
all.sh: directly go for ASan build
2014-03-27 14:44:04 +01:00
echo ""
echo "******************************************************************"
Add the current component name to msg output and the final report
2018-12-04 12:49:28 +01:00
echo "* $current_section "
Adapt all.sh for OS X (no MemSan)
2015-01-26 15:03:56 +01:00
printf "* "; date
all.sh: directly go for ASan build
2014-03-27 14:44:04 +01:00
echo "******************************************************************"
}
all.sh: one test script to run them all
2014-03-19 18:29:01 +01:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
armc6_build_test()
{
FLAGS="$1"
Add -march argument to armc6 build tests
2016-10-17 16:23:10 +02:00
all.sh: on arm builds (GCC or Arm Compiler), show the code size Just show the code size in the logs, for human consumption. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:11:54 +02:00
msg "build: ARM Compiler 6 ($FLAGS)"
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
WARNING_CFLAGS='-xc -std=c99' make lib
all.sh: on arm builds (GCC or Arm Compiler), show the code size Just show the code size in the logs, for human consumption. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:11:54 +02:00
msg "size: ARM Compiler 6 ($FLAGS)"
"$ARMC6_FROMELF" -z library/*.o
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
make clean
}
Add -march argument to armc6 build tests
2016-10-17 16:23:10 +02:00
Allow alternate openssl and gnutls in all.sh Allow the user to specify alternative openssl, gnutls-cli and gnutls-serv binaries to execute legacy tests in all.sh.
2016-08-26 15:42:14 +02:00
err_msg()
{
echo "$1" >&2
}
check_tools()
{
for TOOL in "$@"; do
Fix all.sh check_tools function to handle paths
2017-01-31 18:04:45 +01:00
if ! `type "$TOOL" >/dev/null 2>&1`; then
Allow alternate openssl and gnutls in all.sh Allow the user to specify alternative openssl, gnutls-cli and gnutls-serv binaries to execute legacy tests in all.sh.
2016-08-26 15:42:14 +02:00
err_msg "$TOOL not found!"
exit 1
fi
done
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
pre_parse_command_line () {
all.sh: Always build the list of components to run Build the list of components to run in $RUN_COMPONENTS as part of command line parsing. After parsing the command line, it no longer matters how this list was built.
2019-01-06 23:11:25 +01:00
COMMAND_LINE_COMPONENTS=
Support wildcard patterns with a positive list of components to run Wildcard patterns now work with command line COMPONENT arguments without --except as well as with. You can now run e.g. `all.sh "check_*` to run all the sanity checks.
2019-01-10 00:05:18 +01:00
all_except=0
Add --error-test option to test error detection and reporting Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 21:09:21 +01:00
error_test=0
Add --restore option to clean up but not necessarily run components Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-06 11:51:59 +02:00
restore_first=0
all.sh: only look for armcc if it is used Only look for armcc if component_build_armcc is to be executed, instead of requiring the option --no-armcc. You can still pass --no-armcc, but it's no longer required when listing components to run. With no list of components or an exclude list on the command line, --no-armcc is equivalent to having build_armcc in the exclude list.
2019-01-06 23:23:42 +01:00
no_armcc=
all.sh: Always build the list of components to run Build the list of components to run in $RUN_COMPONENTS as part of command line parsing. After parsing the command line, it no longer matters how this list was built.
2019-01-06 23:11:25 +01:00
all.sh: Remove dependency on TLS, NET, and X.509
2018-11-02 19:34:17 +01:00
# Note that legacy options are ignored instead of being omitted from this
# list of options, so invocations that worked with previous version of
# all.sh will still run and work properly.
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
while [ $# -gt 0 ]; do
Fix inconsistent indentation Only whitespace changes in this commit.
2019-01-09 22:28:21 +01:00
case "$1" in
all.sh --outcome-file creates an outcome file By default, remove the outcome file before starting. With --append-outcome, append to the existing outcome file if there is one.
2019-09-16 15:55:46 +02:00
--append-outcome) append_outcome=1;;
Rename --arm-gcc-prefix to --arm-none-eabi-gcc-prefix This is supposed to be for GCC (or a compiler with a compatible command line interface) targeting arm-none-eabi, so name it accordingly. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 18:19:32 +02:00
--arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
Add arm-linux-gnueabi-gcc build to all.sh Currently it can't be mandatory, since we can't install the required toolchain on Jenkins right away. Also, while at it, remove `SHELL='sh -x'` from the other arm5vte component; it was a leftover from debugging. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-18 10:28:51 +02:00
--arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";;
all.sh: only look for armcc if it is used Only look for armcc if component_build_armcc is to be executed, instead of requiring the option --no-armcc. You can still pass --no-armcc, but it's no longer required when listing components to run. With no list of components or an exclude list on the command line, --no-armcc is equivalent to having build_armcc in the exclude list.
2019-01-06 23:23:42 +01:00
--armcc) no_armcc=;;
Fix inconsistent indentation Only whitespace changes in this commit.
2019-01-09 22:28:21 +01:00
--armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
Add --error-test option to test error detection and reporting Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 21:09:21 +01:00
--error-test) error_test=$((error_test + 1));;
all.sh: Always build the list of components to run Build the list of components to run in $RUN_COMPONENTS as part of command line parsing. After parsing the command line, it no longer matters how this list was built.
2019-01-06 23:11:25 +01:00
--except) all_except=1;;
Fix inconsistent indentation Only whitespace changes in this commit.
2019-01-09 22:28:21 +01:00
--force|-f) FORCE=1;;
--gnutls-cli) shift; GNUTLS_CLI="$1";;
--gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";;
--gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";;
--gnutls-serv) shift; GNUTLS_SERV="$1";;
--help|-h) usage; exit;;
--keep-going|-k) KEEP_GOING=1;;
all.sh: list components automatically Extract the list of available components by looking for definitions of functions called component_xxx. The previous code explicitly listed all components in run_all_components, which opened the risk of forgetting to list a component there. Add a conditional execution facility: if a function support_xxx exists and returns false then component_xxx is not executed (except when the command line lists an explicit set of components to execute).
2019-01-06 21:50:38 +01:00
--list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
--list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;;
Fix inconsistent indentation Only whitespace changes in this commit.
2019-01-09 22:28:21 +01:00
--memory|-m) MEMORY=1;;
all.sh --outcome-file creates an outcome file By default, remove the outcome file before starting. With --append-outcome, append to the existing outcome file if there is one.
2019-09-16 15:55:46 +02:00
--no-append-outcome) append_outcome=0;;
all.sh: only look for armcc if it is used Only look for armcc if component_build_armcc is to be executed, instead of requiring the option --no-armcc. You can still pass --no-armcc, but it's no longer required when listing components to run. With no list of components or an exclude list on the command line, --no-armcc is equivalent to having build_armcc in the exclude list.
2019-01-06 23:23:42 +01:00
--no-armcc) no_armcc=1;;
Fix inconsistent indentation Only whitespace changes in this commit.
2019-01-09 22:28:21 +01:00
--no-force) FORCE=0;;
--no-keep-going) KEEP_GOING=0;;
--no-memory) MEMORY=0;;
Add a --quiet option to all.sh The primary purpose is to use it to run all.sh -k -q in the pre-push hook, but this can be useful in any circumstance where you're not interested in the full output from each component and just want a short summary of which components were run (and if any failed). Note that only stdout from components is suppressed, stderr is preserved so that errors are reported. This means components should avoid printing to stderr in normal usage (ie in the absence of errors). Currently all the `check_*` components obey this convention except: - check_generate_test_code: unittest prints progress to stderr - check_test_cases: lots of non-fatal warnings printed to stderr These components will be fixed in follow-up commits. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 11:28:07 +02:00
--no-quiet) QUIET=0;;
Fix inconsistent indentation Only whitespace changes in this commit.
2019-01-09 22:28:21 +01:00
--openssl) shift; OPENSSL="$1";;
--openssl-legacy) shift; OPENSSL_LEGACY="$1";;
--openssl-next) shift; OPENSSL_NEXT="$1";;
all.sh --outcome-file creates an outcome file By default, remove the outcome file before starting. With --append-outcome, append to the existing outcome file if there is one.
2019-09-16 15:55:46 +02:00
--outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";;
Fix inconsistent indentation Only whitespace changes in this commit.
2019-01-09 22:28:21 +01:00
--out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
Add a --quiet option to all.sh The primary purpose is to use it to run all.sh -k -q in the pre-push hook, but this can be useful in any circumstance where you're not interested in the full output from each component and just want a short summary of which components were run (and if any failed). Note that only stdout from components is suppressed, stderr is preserved so that errors are reported. This means components should avoid printing to stderr in normal usage (ie in the absence of errors). Currently all the `check_*` components obey this convention except: - check_generate_test_code: unittest prints progress to stderr - check_test_cases: lots of non-fatal warnings printed to stderr These components will be fixed in follow-up commits. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 11:28:07 +02:00
--quiet|-q) QUIET=1;;
Fix inconsistent indentation Only whitespace changes in this commit.
2019-01-09 22:28:21 +01:00
--random-seed) unset SEED;;
Make basic-build-test.sh deterministic Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 12:59:27 +02:00
--release-test|-r) SEED=$RELEASE_SEED;;
Add --restore option to clean up but not necessarily run components Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-06 11:51:59 +02:00
--restore) restore_first=1;;
Fix inconsistent indentation Only whitespace changes in this commit.
2019-01-09 22:28:21 +01:00
--seed|-s) shift; SEED="$1";;
-*)
echo >&2 "Unknown option: $1"
echo >&2 "Run $0 --help for usage."
exit 120
;;
all.sh: Always build the list of components to run Build the list of components to run in $RUN_COMPONENTS as part of command line parsing. After parsing the command line, it no longer matters how this list was built.
2019-01-06 23:11:25 +01:00
*) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";;
Fix inconsistent indentation Only whitespace changes in this commit.
2019-01-09 22:28:21 +01:00
esac
shift
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
done
Adds check to avoid overwriting files Adds check to avoid accidental overwriting of config.h or the yotta module, as well as a force option to override any changes.
2016-04-16 22:54:39 +02:00
Support wildcard patterns with a positive list of components to run Wildcard patterns now work with command line COMPONENT arguments without --except as well as with. You can now run e.g. `all.sh "check_*` to run all the sanity checks.
2019-01-10 00:05:18 +01:00
# With no list of components, run everything.
Add --restore option to clean up but not necessarily run components Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-06 11:51:59 +02:00
if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then
all.sh: Always build the list of components to run Build the list of components to run in $RUN_COMPONENTS as part of command line parsing. After parsing the command line, it no longer matters how this list was built.
2019-01-06 23:11:25 +01:00
all_except=1
fi
Adds check to avoid overwriting files Adds check to avoid accidental overwriting of config.h or the yotta module, as well as a force option to override any changes.
2016-04-16 22:54:39 +02:00
all.sh: only look for armcc if it is used Only look for armcc if component_build_armcc is to be executed, instead of requiring the option --no-armcc. You can still pass --no-armcc, but it's no longer required when listing components to run. With no list of components or an exclude list on the command line, --no-armcc is equivalent to having build_armcc in the exclude list.
2019-01-06 23:23:42 +01:00
# --no-armcc is a legacy option. The modern way is --except '*_armcc*'.
# Ignore it if components are listed explicitly on the command line.
Support wildcard patterns with a positive list of components to run Wildcard patterns now work with command line COMPONENT arguments without --except as well as with. You can now run e.g. `all.sh "check_*` to run all the sanity checks.
2019-01-10 00:05:18 +01:00
if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then
all.sh: only look for armcc if it is used Only look for armcc if component_build_armcc is to be executed, instead of requiring the option --no-armcc. You can still pass --no-armcc, but it's no longer required when listing components to run. With no list of components or an exclude list on the command line, --no-armcc is equivalent to having build_armcc in the exclude list.
2019-01-06 23:23:42 +01:00
COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*"
Allow cmake 'out-of-source' builds Allow mbed TLS to be build in a subdirectory. Also add a test in all.sh
2016-08-31 18:33:13 +02:00
fi
Documentation improvements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-03 13:44:28 +02:00
# Error out if an explicitly requested component doesn't exist.
Complain if an unsupported component is explicitly requested In all.sh, when an explicit list of components is specified, error out if one of the components is not known or not supported. Patterns that happen to match zero components are still effectively ignored. Fix #2783 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 21:37:59 +01:00
if [ $all_except -eq 0 ]; then
unsupported=0
Documentation improvements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-06 11:35:17 +02:00
# Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
# only does word splitting.
Disable wildcards when checking for unsupported components Otherwise $COMMAND_LINE_COMPONENTS would try to expand wildcard patterns based on files in the current directory. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-03 13:43:36 +02:00
set -f
Complain if an unsupported component is explicitly requested In all.sh, when an explicit list of components is specified, error out if one of the components is not known or not supported. Patterns that happen to match zero components are still effectively ignored. Fix #2783 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 21:37:59 +01:00
for component in $COMMAND_LINE_COMPONENTS; do
Disable wildcards when checking for unsupported components Otherwise $COMMAND_LINE_COMPONENTS would try to expand wildcard patterns based on files in the current directory. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-03 13:43:36 +02:00
set +f
Documentation improvements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-03 13:44:28 +02:00
# If the requested name includes a wildcard character, don't
# check it. Accept wildcard patterns that don't match anything.
Complain if an unsupported component is explicitly requested In all.sh, when an explicit list of components is specified, error out if one of the components is not known or not supported. Patterns that happen to match zero components are still effectively ignored. Fix #2783 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 21:37:59 +01:00
case $component in
*[*?\[]*) continue;;
esac
case " $SUPPORTED_COMPONENTS " in
*" $component "*) :;;
*)
echo >&2 "Component $component was explicitly requested, but is not known or not supported."
unsupported=$((unsupported + 1));;
esac
done
Disable wildcards when checking for unsupported components Otherwise $COMMAND_LINE_COMPONENTS would try to expand wildcard patterns based on files in the current directory. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-03 13:43:36 +02:00
set +f
Complain if an unsupported component is explicitly requested In all.sh, when an explicit list of components is specified, error out if one of the components is not known or not supported. Patterns that happen to match zero components are still effectively ignored. Fix #2783 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 21:37:59 +01:00
if [ $unsupported -ne 0 ]; then
exit 2
fi
fi
all.sh: Always build the list of components to run Build the list of components to run in $RUN_COMPONENTS as part of command line parsing. After parsing the command line, it no longer matters how this list was built.
2019-01-06 23:11:25 +01:00
# Build the list of components to run.
Support wildcard patterns with a positive list of components to run Wildcard patterns now work with command line COMPONENT arguments without --except as well as with. You can now run e.g. `all.sh "check_*` to run all the sanity checks.
2019-01-10 00:05:18 +01:00
RUN_COMPONENTS=
for component in $SUPPORTED_COMPONENTS; do
if is_component_included "$component"; [ $? -eq $all_except ]; then
RUN_COMPONENTS="$RUN_COMPONENTS $component"
fi
done
all.sh: Always build the list of components to run Build the list of components to run in $RUN_COMPONENTS as part of command line parsing. After parsing the command line, it no longer matters how this list was built.
2019-01-06 23:11:25 +01:00
unset all_except
all.sh: only look for armcc if it is used Only look for armcc if component_build_armcc is to be executed, instead of requiring the option --no-armcc. You can still pass --no-armcc, but it's no longer required when listing components to run. With no list of components or an exclude list on the command line, --no-armcc is equivalent to having build_armcc in the exclude list.
2019-01-06 23:23:42 +01:00
unset no_armcc
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Adds check to avoid overwriting files Adds check to avoid accidental overwriting of config.h or the yotta module, as well as a force option to override any changes.
2016-04-16 22:54:39 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
pre_check_git () {
if [ $FORCE -eq 1 ]; then
Delete $OUT_OF_SOURCE_DIR under --force The deletion of "$OUT_OF_SOURCE_DIR" had mistakenly been lumped together with Yotta and then removed when Yotta support was removed. Bring it back.
2019-01-09 23:17:35 +01:00
rm -rf "$OUT_OF_SOURCE_DIR"
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
git checkout-index -f -q $CONFIG_H
cleanup
else
Allow cmake 'out-of-source' builds Allow mbed TLS to be build in a subdirectory. Also add a test in all.sh
2016-08-31 18:33:13 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
if [ -d "$OUT_OF_SOURCE_DIR" ]; then
echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2
echo "You can either delete this directory manually, or force the test by rerunning"
echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR"
exit 1
fi
Rename config.h to mbedtls_config.h This commit was generated using the following script: # ======================== #!/bin/sh git ls-files | grep -v '^ChangeLog' | xargs sed -b -E -i ' s/((check|crypto|full|mbedtls|query)_config)\.h/\1\nh/g s/config\.h/mbedtls_config.h/g y/\n/./ ' mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-05-28 09:42:25 +02:00
if ! git diff --quiet include/mbedtls/mbedtls_config.h; then
err_msg "Warning - the configuration file 'include/mbedtls/mbedtls_config.h' has been edited. "
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
echo "You can either delete or preserve your work, or force the test by rerunning the"
echo "script as: $0 --force"
exit 1
fi
Adds check to avoid overwriting files Adds check to avoid accidental overwriting of config.h or the yotta module, as well as a force option to override any changes.
2016-04-16 22:54:39 +02:00
fi
all.sh: add a seedfile generation step When using PSA with MBEDTLS_ENTROPY_NV_SEED, some test suites require the seed file for PSA initialization, which was normally generated later, when entropy tests were run. This change creates an initial seedfile in all.sh.
2019-02-14 13:18:59 +01:00
}
Don't unconditionally restore **/Makefile all.sh restores **/Makefile from git in case the version in the worktree was from doing a cmake in-tree build. Instead of doing this unconditionally, do it only if the toplevel Makefile seems to have been automatically generated (by cmake or otherwise, e.g. by mbedtls-prepare-build). This way all.sh no longer silently wipes changes made to Makefile but not committed yet. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-12 18:16:01 +02:00
pre_restore_files () {
# If the makefiles have been generated by a framework such as cmake,
# restore them from git. If the makefiles look like modifications from
# the ones checked into git, take care not to modify them. Whatever
# this function leaves behind is what the script will restore before
# each component.
case "$(head -n1 Makefile)" in
*[Gg]enerated*)
git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
;;
esac
}
Don't restore *config.h before backing it up Back up the config files at the beginning of all.sh, rather than before each component. In particular, create the backup before running cleanup for the first time. This fixes #3139 (all.sh using a config.h.bak from a previous job), and makes all.sh more robust against accidentally using a modified config.h midway through because a component messed with the backup. Use a different extension (*.all.bak rather than *.bak) for the backups. This is necessary to ensure that auxiliary scripts such as depends*.pl that make their own backup don't remove all.sh's backup, which the code from this commit does not support. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-30 20:11:39 +02:00
pre_back_up () {
for x in $files_to_back_up; do
cp -p "$x" "$x$backup_suffix"
done
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
pre_setup_keep_going () {
Run each component in a subshell and handle errors more robustly This commit completely rewrites keep-going mode. Instead of relying solely on "set -e", which has some subtle limitations (such as being off anywhere inside a conditional), use an ERR trap to record errors. Run each component in a subshell. This way a component can set environment variables, change the current directory, etc., without affecting other components. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:50:43 +01:00
failure_count=0 # Number of failed components
last_failure_status=0 # Last failure status in this component
Fix double reporting when the last command of a function fails Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 19:34:23 +01:00
# See err_trap
previous_failure_status=0
previous_failed_command=
previous_failure_funcall_depth=0
Better not function In the `not` function, in keep-going mode, arrange to report the failing command (rather than `"$@"`). Note that the `!` keyword should not be used, because failures with `!` are not reported properly. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 21:27:40 +01:00
unset report_failed_command
Fix double reporting when the last command of a function fails Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 19:34:23 +01:00
all.sh: --keep-going mode Add --keep-going mode to all.sh. In this mode, if a test fails, keep running the subsequent tests. If a build fails, skip any tests of this build and move on to the next tests. Errors in infrastructure, such as git or cmake runs, remain fatal. Print an error summary at the end of the run, and return a nonzero code if there was any failure. In known terminal types, use color to highlight errors. On a fatal signal, interrupt the run and report the errors so far.
2017-12-11 00:01:40 +01:00
start_red=
end_color=
if [ -t 1 ]; then
all.sh --keep-going: work if TERM is unset
2018-01-02 21:54:17 +01:00
case "${TERM:-}" in
all.sh: --keep-going mode Add --keep-going mode to all.sh. In this mode, if a test fails, keep running the subsequent tests. If a build fails, skip any tests of this build and move on to the next tests. Errors in infrastructure, such as git or cmake runs, remain fatal. Print an error summary at the end of the run, and return a nonzero code if there was any failure. In known terminal types, use color to highlight errors. On a fatal signal, interrupt the run and report the errors so far.
2017-12-11 00:01:40 +01:00
*color*|cygwin|linux|rxvt*|screen|[Eex]term*)
start_red=$(printf '\033[31m')
end_color=$(printf '\033[0m')
;;
esac
fi
Run each component in a subshell and handle errors more robustly This commit completely rewrites keep-going mode. Instead of relying solely on "set -e", which has some subtle limitations (such as being off anywhere inside a conditional), use an ERR trap to record errors. Run each component in a subshell. This way a component can set environment variables, change the current directory, etc., without affecting other components. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:50:43 +01:00
# Keep a summary of failures in a file. We'll print it out at the end.
failure_summary_file=$PWD/all-sh-failures-$$.log
: >"$failure_summary_file"
# Whether it makes sense to keep a component going after the specified
# command fails (test command) or not (configure or build).
Documentation improvements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-06 11:35:17 +02:00
# This function normally receives the failing simple command
# ($BASH_COMMAND) as an argument, but if $report_failed_command is set,
# this is passed instead.
Run each component in a subshell and handle errors more robustly This commit completely rewrites keep-going mode. Instead of relying solely on "set -e", which has some subtle limitations (such as being off anywhere inside a conditional), use an ERR trap to record errors. Run each component in a subshell. This way a component can set environment variables, change the current directory, etc., without affecting other components. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:50:43 +01:00
# This doesn't have to be 100% accurate: all failures are recorded anyway.
Improve the detection of keep-going commands Have simpler patterns related to 'test' (the central objective being to keep going if 'make test' or 'tests/...' fails, but not if 'make tests' fails). Add 'cd' as a can't-keep-going command. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 23:29:53 +02:00
# False positives result in running things that can't be expected to
# work. False negatives result in things not running after something else
# failed even though they might have given useful feedback.
Run each component in a subshell and handle errors more robustly This commit completely rewrites keep-going mode. Instead of relying solely on "set -e", which has some subtle limitations (such as being off anywhere inside a conditional), use an ERR trap to record errors. Run each component in a subshell. This way a component can set environment variables, change the current directory, etc., without affecting other components. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:50:43 +01:00
can_keep_going_after_failure () {
case "$1" in
"msg "*) false;;
Improve the detection of keep-going commands Have simpler patterns related to 'test' (the central objective being to keep going if 'make test' or 'tests/...' fails, but not if 'make tests' fails). Add 'cd' as a can't-keep-going command. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 23:29:53 +02:00
"cd "*) false;;
*make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ...
*test*) true;; # make test, tests/stuff, env V=v tests/stuff, ...
*make*check*) true;;
"grep "*) true;;
"[ "*) true;;
"! "*) true;;
Run each component in a subshell and handle errors more robustly This commit completely rewrites keep-going mode. Instead of relying solely on "set -e", which has some subtle limitations (such as being off anywhere inside a conditional), use an ERR trap to record errors. Run each component in a subshell. This way a component can set environment variables, change the current directory, etc., without affecting other components. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:50:43 +01:00
*) false;;
all.sh: --keep-going mode Add --keep-going mode to all.sh. In this mode, if a test fails, keep running the subsequent tests. If a build fails, skip any tests of this build and move on to the next tests. Errors in infrastructure, such as git or cmake runs, remain fatal. Print an error summary at the end of the run, and return a nonzero code if there was any failure. In known terminal types, use color to highlight errors. On a fatal signal, interrupt the run and report the errors so far.
2017-12-11 00:01:40 +01:00
esac
}
Run each component in a subshell and handle errors more robustly This commit completely rewrites keep-going mode. Instead of relying solely on "set -e", which has some subtle limitations (such as being off anywhere inside a conditional), use an ERR trap to record errors. Run each component in a subshell. This way a component can set environment variables, change the current directory, etc., without affecting other components. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:50:43 +01:00
# This function runs if there is any error in a component.
# It must either exit with a nonzero status, or set
# last_failure_status to a nonzero value.
err_trap () {
# Save $? (status of the failing command). This must be the very
# first thing, before $? is overridden.
last_failure_status=$?
Better not function In the `not` function, in keep-going mode, arrange to report the failing command (rather than `"$@"`). Note that the `!` keyword should not be used, because failures with `!` are not reported properly. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 21:27:40 +01:00
failed_command=${report_failed_command-$BASH_COMMAND}
Run each component in a subshell and handle errors more robustly This commit completely rewrites keep-going mode. Instead of relying solely on "set -e", which has some subtle limitations (such as being off anywhere inside a conditional), use an ERR trap to record errors. Run each component in a subshell. This way a component can set environment variables, change the current directory, etc., without affecting other components. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:50:43 +01:00
Fix double reporting when the last command of a function fails Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 19:34:23 +01:00
if [[ $last_failure_status -eq $previous_failure_status &&
"$failed_command" == "$previous_failed_command" &&
${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]]
then
# The same command failed twice in a row, but this time one level
# less deep in the function call stack. This happens when the last
# command of a function returns a nonzero status, and the function
# returns that same status. Ignore the second failure.
previous_failure_funcall_depth=${#FUNCNAME[@]}
return
fi
previous_failure_status=$last_failure_status
previous_failed_command=$failed_command
previous_failure_funcall_depth=${#FUNCNAME[@]}
Run each component in a subshell and handle errors more robustly This commit completely rewrites keep-going mode. Instead of relying solely on "set -e", which has some subtle limitations (such as being off anywhere inside a conditional), use an ERR trap to record errors. Run each component in a subshell. This way a component can set environment variables, change the current directory, etc., without affecting other components. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:50:43 +01:00
text="$current_section: $failed_command -> $last_failure_status"
echo "${start_red}^^^^$text^^^^${end_color}" >&2
echo "$text" >>"$failure_summary_file"
# If the command is fatal (configure or build command), stop this
# component. Otherwise (test command) keep the component running
# (run more tests from the same build).
if ! can_keep_going_after_failure "$failed_command"; then
exit $last_failure_status
fi
}
all.sh: --keep-going mode Add --keep-going mode to all.sh. In this mode, if a test fails, keep running the subsequent tests. If a build fails, skip any tests of this build and move on to the next tests. Errors in infrastructure, such as git or cmake runs, remain fatal. Print an error summary at the end of the run, and return a nonzero code if there was any failure. In known terminal types, use color to highlight errors. On a fatal signal, interrupt the run and report the errors so far.
2017-12-11 00:01:40 +01:00
final_report () {
if [ $failure_count -gt 0 ]; then
echo
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
Run each component in a subshell and handle errors more robustly This commit completely rewrites keep-going mode. Instead of relying solely on "set -e", which has some subtle limitations (such as being off anywhere inside a conditional), use an ERR trap to record errors. Run each component in a subshell. This way a component can set environment variables, change the current directory, etc., without affecting other components. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:50:43 +01:00
echo "${start_red}FAILED: $failure_count components${end_color}"
cat "$failure_summary_file"
all.sh: --keep-going mode Add --keep-going mode to all.sh. In this mode, if a test fails, keep running the subsequent tests. If a build fails, skip any tests of this build and move on to the next tests. Errors in infrastructure, such as git or cmake runs, remain fatal. Print an error summary at the end of the run, and return a nonzero code if there was any failure. In known terminal types, use color to highlight errors. On a fatal signal, interrupt the run and report the errors so far.
2017-12-11 00:01:40 +01:00
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
elif [ -z "${1-}" ]; then
echo "SUCCESS :)"
fi
if [ -n "${1-}" ]; then
echo "Killed by SIG$1."
fi
Run each component in a subshell and handle errors more robustly This commit completely rewrites keep-going mode. Instead of relying solely on "set -e", which has some subtle limitations (such as being off anywhere inside a conditional), use an ERR trap to record errors. Run each component in a subshell. This way a component can set environment variables, change the current directory, etc., without affecting other components. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:50:43 +01:00
rm -f "$failure_summary_file"
if [ $failure_count -gt 0 ]; then
exit 1
fi
all.sh: --keep-going mode Add --keep-going mode to all.sh. In this mode, if a test fails, keep running the subsequent tests. If a build fails, skip any tests of this build and move on to the next tests. Errors in infrastructure, such as git or cmake runs, remain fatal. Print an error summary at the end of the run, and return a nonzero code if there was any failure. In known terminal types, use color to highlight errors. On a fatal signal, interrupt the run and report the errors so far.
2017-12-11 00:01:40 +01:00
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
# record_status() and if_build_succeeded() are kept temporarily for backward
# compatibility. Don't use them in new components.
Run each component in a subshell and handle errors more robustly This commit completely rewrites keep-going mode. Instead of relying solely on "set -e", which has some subtle limitations (such as being off anywhere inside a conditional), use an ERR trap to record errors. Run each component in a subshell. This way a component can set environment variables, change the current directory, etc., without affecting other components. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:50:43 +01:00
record_status () {
"$@"
all.sh: --keep-going mode Add --keep-going mode to all.sh. In this mode, if a test fails, keep running the subsequent tests. If a build fails, skip any tests of this build and move on to the next tests. Errors in infrastructure, such as git or cmake runs, remain fatal. Print an error summary at the end of the run, and return a nonzero code if there was any failure. In known terminal types, use color to highlight errors. On a fatal signal, interrupt the run and report the errors so far.
2017-12-11 00:01:40 +01:00
}
if_build_succeeded () {
Run each component in a subshell and handle errors more robustly This commit completely rewrites keep-going mode. Instead of relying solely on "set -e", which has some subtle limitations (such as being off anywhere inside a conditional), use an ERR trap to record errors. Run each component in a subshell. This way a component can set environment variables, change the current directory, etc., without affecting other components. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:50:43 +01:00
"$@"
Add option to avoid 64-bit multiplication Motivation is similar to NO_UDBL_DIVISION. The alternative implementation of 64-bit mult is straightforward and aims at obvious correctness. Also, visual examination of the generate assembly show that it's quite efficient with clang, armcc5 and arm-clang. However current GCC generates fairly inefficient code for it. I tried to rework the code in order to make GCC generate more efficient code. Unfortunately the only way to do that is to get rid of 64-bit add and handle the carry manually, but this causes other compilers to generate less efficient code with branches, which is not acceptable from a side-channel point of view. So let's keep the obvious code that works for most compilers and hope future versions of GCC learn to manage registers in a sensible way in that context. See https://bugs.launchpad.net/gcc-arm-embedded/+bug/1775263
2018-06-07 10:51:44 +02:00
}
Better not function In the `not` function, in keep-going mode, arrange to report the failing command (rather than `"$@"`). Note that the `!` keyword should not be used, because failures with `!` are not reported properly. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 21:27:40 +01:00
# '! true' does not trigger the ERR trap. Arrange to trigger it, with
# a reasonably informative error message (not just "$@").
not () {
if "$@"; then
report_failed_command="! $*"
false
unset report_failed_command
Add a --quiet option to all.sh The primary purpose is to use it to run all.sh -k -q in the pre-push hook, but this can be useful in any circumstance where you're not interested in the full output from each component and just want a short summary of which components were run (and if any failed). Note that only stdout from components is suppressed, stderr is preserved so that errors are reported. This means components should avoid printing to stderr in normal usage (ie in the absence of errors). Currently all the `check_*` components obey this convention except: - check_generate_test_code: unittest prints progress to stderr - check_test_cases: lots of non-fatal warnings printed to stderr These components will be fixed in follow-up commits. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 11:28:07 +02:00
fi
}
all.sh --outcome-file creates an outcome file By default, remove the outcome file before starting. With --append-outcome, append to the existing outcome file if there is one.
2019-09-16 15:55:46 +02:00
pre_prepare_outcome_file () {
case "$MBEDTLS_TEST_OUTCOME_FILE" in
[!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";;
esac
if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then
rm -f "$MBEDTLS_TEST_OUTCOME_FILE"
fi
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
pre_print_configuration () {
Add a --quiet option to all.sh The primary purpose is to use it to run all.sh -k -q in the pre-push hook, but this can be useful in any circumstance where you're not interested in the full output from each component and just want a short summary of which components were run (and if any failed). Note that only stdout from components is suppressed, stderr is preserved so that errors are reported. This means components should avoid printing to stderr in normal usage (ie in the absence of errors). Currently all the `check_*` components obey this convention except: - check_generate_test_code: unittest prints progress to stderr - check_test_cases: lots of non-fatal warnings printed to stderr These components will be fixed in follow-up commits. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 11:28:07 +02:00
if [ $QUIET -eq 1 ]; then
return
fi
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "info: $0 configuration"
echo "MEMORY: $MEMORY"
echo "FORCE: $FORCE"
all.sh --outcome-file creates an outcome file By default, remove the outcome file before starting. With --append-outcome, append to the existing outcome file if there is one.
2019-09-16 15:55:46 +02:00
echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}"
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
echo "SEED: ${SEED-"UNSET"}"
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
echo
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
echo "OPENSSL: $OPENSSL"
echo "OPENSSL_LEGACY: $OPENSSL_LEGACY"
echo "OPENSSL_NEXT: $OPENSSL_NEXT"
echo "GNUTLS_CLI: $GNUTLS_CLI"
echo "GNUTLS_SERV: $GNUTLS_SERV"
echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI"
echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV"
echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
}
Add seed cmdline arg to test scripts
2016-10-10 16:46:20 +02:00
Allow alternate openssl and gnutls in all.sh Allow the user to specify alternative openssl, gnutls-cli and gnutls-serv binaries to execute legacy tests in all.sh.
2016-08-26 15:42:14 +02:00
# Make sure the tools we need are available.
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
pre_check_tools () {
Merge the code to call output_env.sh into pre_check_tools It's all about tool detection.
2019-01-06 23:46:21 +01:00
# Build the list of variables to pass to output_env.sh.
set env
all.sh: only check tools that are going to be used Don't require openssl, mingw, etc. if we aren't going to run a component that uses them.
2019-01-06 23:40:00 +01:00
case " $RUN_COMPONENTS " in
# Require OpenSSL and GnuTLS if running any tests (as opposed to
# only doing builds). Not all tests run OpenSSL and GnuTLS, but this
# is a good enough approximation in practice.
*" test_"*)
# To avoid setting OpenSSL and GnuTLS for each call to compat.sh
# and ssl-opt.sh, we just export the variables they require.
export OPENSSL_CMD="$OPENSSL"
export GNUTLS_CLI="$GNUTLS_CLI"
export GNUTLS_SERV="$GNUTLS_SERV"
# Avoid passing --seed flag in every call to ssl-opt.sh
if [ -n "${SEED-}" ]; then
export SEED
fi
Merge the code to call output_env.sh into pre_check_tools It's all about tool detection.
2019-01-06 23:46:21 +01:00
set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY"
set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV"
set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI"
set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV"
all.sh: only check tools that are going to be used Don't require openssl, mingw, etc. if we aren't going to run a component that uses them.
2019-01-06 23:40:00 +01:00
check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \
"$GNUTLS_CLI" "$GNUTLS_SERV" \
"$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV"
;;
esac
case " $RUN_COMPONENTS " in
*_doxygen[_\ ]*) check_tools "doxygen" "dot";;
esac
case " $RUN_COMPONENTS " in
Rename --arm-gcc-prefix to --arm-none-eabi-gcc-prefix This is supposed to be for GCC (or a compiler with a compatible command line interface) targeting arm-none-eabi, so name it accordingly. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 18:19:32 +02:00
*_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";;
all.sh: only check tools that are going to be used Don't require openssl, mingw, etc. if we aren't going to run a component that uses them.
2019-01-06 23:40:00 +01:00
esac
case " $RUN_COMPONENTS " in
*_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";;
esac
case " $RUN_COMPONENTS " in
*" test_zeroize "*) check_tools "gdb";;
esac
Allow alternate openssl and gnutls in all.sh Allow the user to specify alternative openssl, gnutls-cli and gnutls-serv binaries to execute legacy tests in all.sh.
2016-08-26 15:42:14 +02:00
all.sh: only check tools that are going to be used Don't require openssl, mingw, etc. if we aren't going to run a component that uses them.
2019-01-06 23:40:00 +01:00
case " $RUN_COMPONENTS " in
all.sh: only look for armcc if it is used Only look for armcc if component_build_armcc is to be executed, instead of requiring the option --no-armcc. You can still pass --no-armcc, but it's no longer required when listing components to run. With no list of components or an exclude list on the command line, --no-armcc is equivalent to having build_armcc in the exclude list.
2019-01-06 23:23:42 +01:00
*_armcc*)
all.sh: only check tools that are going to be used Don't require openssl, mingw, etc. if we aren't going to run a component that uses them.
2019-01-06 23:40:00 +01:00
ARMC5_CC="$ARMC5_BIN_DIR/armcc"
ARMC5_AR="$ARMC5_BIN_DIR/armar"
all.sh: on arm builds (GCC or Arm Compiler), show the code size Just show the code size in the logs, for human consumption. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:11:54 +02:00
ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf"
all.sh: only check tools that are going to be used Don't require openssl, mingw, etc. if we aren't going to run a component that uses them.
2019-01-06 23:40:00 +01:00
ARMC6_CC="$ARMC6_BIN_DIR/armclang"
ARMC6_AR="$ARMC6_BIN_DIR/armar"
all.sh: on arm builds (GCC or Arm Compiler), show the code size Just show the code size in the logs, for human consumption. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:11:54 +02:00
ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf"
check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \
"$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";;
all.sh: only look for armcc if it is used Only look for armcc if component_build_armcc is to be executed, instead of requiring the option --no-armcc. You can still pass --no-armcc, but it's no longer required when listing components to run. With no list of components or an exclude list on the command line, --no-armcc is equivalent to having build_armcc in the exclude list.
2019-01-06 23:23:42 +01:00
esac
Allow alternate openssl and gnutls in all.sh Allow the user to specify alternative openssl, gnutls-cli and gnutls-serv binaries to execute legacy tests in all.sh.
2016-08-26 15:42:14 +02:00
Add a --quiet option to all.sh The primary purpose is to use it to run all.sh -k -q in the pre-push hook, but this can be useful in any circumstance where you're not interested in the full output from each component and just want a short summary of which components were run (and if any failed). Note that only stdout from components is suppressed, stderr is preserved so that errors are reported. This means components should avoid printing to stderr in normal usage (ie in the absence of errors). Currently all the `check_*` components obey this convention except: - check_generate_test_code: unittest prints progress to stderr - check_test_cases: lots of non-fatal warnings printed to stderr These components will be fixed in follow-up commits. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 11:28:07 +02:00
# past this point, no call to check_tool, only printing output
if [ $QUIET -eq 1 ]; then
return
fi
Merge the code to call output_env.sh into pre_check_tools It's all about tool detection.
2019-01-06 23:46:21 +01:00
msg "info: output_env.sh"
case $RUN_COMPONENTS in
*_armcc*)
set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;;
*) set "$@" RUN_ARMCC=0;;
esac
"$@" scripts/output_env.sh
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Allow alternate openssl and gnutls in all.sh Allow the user to specify alternative openssl, gnutls-cli and gnutls-serv binaries to execute legacy tests in all.sh.
2016-08-26 15:42:14 +02:00
Generate source files before running any components Now that generated source files are no longer checked in version control, they must be generated before running any tests. Do not check the generated files for freshness: it's no longer relevant. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-22 01:10:12 +02:00
pre_generate_files() {
Clean up old files before generating them Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-18 13:30:14 +02:00
# since make doesn't have proper dependencies, remove any possibly outdate
# file that might be around before generating fresh ones
make neat
Heed --quiet when running make generated_files Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 19:07:07 +02:00
if [ $QUIET -eq 1 ]; then
Make --quiet more effective when running make generated_files Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-05 15:10:47 +02:00
make generated_files >/dev/null
Heed --quiet when running make generated_files Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 19:07:07 +02:00
else
make generated_files
fi
Generate source files before running any components Now that generated source files are no longer checked in version control, they must be generated before running any tests. Do not check the generated files for freshness: it's no longer relevant. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-22 01:10:12 +02:00
}
all.sh: add some documentation
2017-12-21 15:59:21 +01:00
################################################################
#### Basic checks
################################################################
Allow alternate openssl and gnutls in all.sh Allow the user to specify alternative openssl, gnutls-cli and gnutls-serv binaries to execute legacy tests in all.sh.
2016-08-26 15:42:14 +02:00
Adds check to avoid overwriting files Adds check to avoid accidental overwriting of config.h or the yotta module, as well as a force option to override any changes.
2016-04-16 22:54:39 +02:00
#
# Test Suites to be executed
#
Tweak test ordering in all.sh
2014-06-09 11:21:49 +02:00
# The test ordering tries to optimize for the following criteria:
Fix 3DES -> DES in all.sh (+ time estimates)
2014-11-20 13:48:53 +01:00
# 1. Catch possible problems early, by running first tests that run quickly
Optimize all.sh for new build options
2014-08-14 11:29:06 +02:00
# and/or are more likely to fail than others (eg I use Clang most of the
# time, so start with a GCC build).
Tweak test ordering in all.sh
2014-06-09 11:21:49 +02:00
# 2. Minimize total running time, by avoiding useless rebuilds
#
# Indicative running times are given for reference.
all.sh: directly go for ASan build
2014-03-27 14:44:04 +01:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_check_recursion () {
Better information messages for quick checks Call them "check" rather than "test" to distinguish them from tests that build and run code, and for consistency with the component names.
2019-09-19 21:29:11 +02:00
msg "Check: recursion.pl" # < 1s
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/scripts/recursion.pl library/*.c
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
all.sh: one test script to run them all
2014-03-19 18:29:01 +01:00
Test check-generated-files.sh Re-create a component check_generated_files. Unlike the old one, which checked that the generated files were up-to-date, the job of the new one is to check that tests/scripts/check-generated-files.sh works (at least to the extent of not errorring out). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-18 16:09:50 +02:00
component_check_generated_files () {
msg "Check: check-generated-files, files generated with make" # 2s
make generated_files
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/scripts/check-generated-files.sh
Test check-generated-files.sh Re-create a component check_generated_files. Unlike the old one, which checked that the generated files were up-to-date, the job of the new one is to check that tests/scripts/check-generated-files.sh works (at least to the extent of not errorring out). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-18 16:09:50 +02:00
msg "Check: check-generated-files -u, files present" # 2s
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/scripts/check-generated-files.sh -u
Test check-generated-files.sh Re-create a component check_generated_files. Unlike the old one, which checked that the generated files were up-to-date, the job of the new one is to check that tests/scripts/check-generated-files.sh works (at least to the extent of not errorring out). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-18 16:09:50 +02:00
# Check that the generated files are considered up to date.
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/scripts/check-generated-files.sh
Test check-generated-files.sh Re-create a component check_generated_files. Unlike the old one, which checked that the generated files were up-to-date, the job of the new one is to check that tests/scripts/check-generated-files.sh works (at least to the extent of not errorring out). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-18 16:09:50 +02:00
msg "Check: check-generated-files -u, files absent" # 2s
command make neat
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/scripts/check-generated-files.sh -u
Test check-generated-files.sh Re-create a component check_generated_files. Unlike the old one, which checked that the generated files were up-to-date, the job of the new one is to check that tests/scripts/check-generated-files.sh works (at least to the extent of not errorring out). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-18 16:09:50 +02:00
# Check that the generated files are considered up to date.
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/scripts/check-generated-files.sh
Test check-generated-files.sh Re-create a component check_generated_files. Unlike the old one, which checked that the generated files were up-to-date, the job of the new one is to check that tests/scripts/check-generated-files.sh works (at least to the extent of not errorring out). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-18 16:09:50 +02:00
# This component ends with the generated files present in the source tree.
# This is necessary for subsequent components!
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_check_doxy_blocks () {
Better information messages for quick checks Call them "check" rather than "test" to distinguish them from tests that build and run code, and for consistency with the component names.
2019-09-19 21:29:11 +02:00
msg "Check: doxygen markup outside doxygen blocks" # < 1s
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/scripts/check-doxy-blocks.pl
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Move test scripts to tests/scripts
2015-04-09 17:19:23 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_check_files () {
Better information messages for quick checks Call them "check" rather than "test" to distinguish them from tests that build and run code, and for consistency with the component names.
2019-09-19 21:29:11 +02:00
msg "Check: file sanity checks (permissions, encodings)" # < 1s
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/scripts/check_files.py
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add check-files.py to all.sh
2018-03-13 17:48:16 +01:00
Run assemble_changelog.py in all.sh Avoid nasty surprises where it would fail when we want to make a release. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-10 17:40:49 +02:00
component_check_changelog () {
msg "Check: changelog entries" # < 1s
rm -f ChangeLog.new
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
scripts/assemble_changelog.py -o ChangeLog.new
Run assemble_changelog.py in all.sh Avoid nasty surprises where it would fail when we want to make a release. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-10 17:40:49 +02:00
if [ -e ChangeLog.new ]; then
# Show the diff for information. It isn't an error if the diff is
# non-empty.
diff -u ChangeLog ChangeLog.new || true
rm ChangeLog.new
fi
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_check_names () {
Better information messages for quick checks Call them "check" rather than "test" to distinguish them from tests that build and run code, and for consistency with the component names.
2019-09-19 21:29:11 +02:00
msg "Check: declared and exported names (builds the library)" # < 3s
Merge updates from upstream development branch into check-names-rewrite Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-09-24 19:02:56 +02:00
tests/scripts/check_names.py -v
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add check-names.sh to all.sh
2015-04-09 11:09:03 +02:00
all.sh: run check-test-cases.py
2019-09-19 21:30:05 +02:00
component_check_test_cases () {
msg "Check: test case descriptions" # < 1s
Make component_check_test_cases more -q frienly Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 11:51:40 +02:00
if [ $QUIET -eq 1 ]; then
all.sh: clean up some uses of "local" variables While pure sh doesn't have a concept of local variables, we can partially emulate them by unsetting variables before we exit the function, and use the convention of giving them lowercase names to distinguish from global variables. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 10:59:41 +02:00
opt='--quiet'
Make component_check_test_cases more -q frienly Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 11:51:40 +02:00
else
all.sh: clean up some uses of "local" variables While pure sh doesn't have a concept of local variables, we can partially emulate them by unsetting variables before we exit the function, and use the convention of giving them lowercase names to distinguish from global variables. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 10:59:41 +02:00
opt=''
Make component_check_test_cases more -q frienly Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 11:51:40 +02:00
fi
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/scripts/check_test_cases.py $opt
all.sh: clean up some uses of "local" variables While pure sh doesn't have a concept of local variables, we can partially emulate them by unsetting variables before we exit the function, and use the convention of giving them lowercase names to distinguish from global variables. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 10:59:41 +02:00
unset opt
Move and fixup check_test_requires_psa_disabled() into check_test_cases() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 16:50:29 +02:00
Fixup and update comment of disabled USE_PSA_CRYPTO test check in all.sh Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-27 10:00:42 +02:00
# Check that no tests are explicitely disabled when USE_PSA_CRYPTO is set
# as a matter of policy to ensure there is no missed testing
msg "Check: explicitely disabled test with USE_PSA_CRYPTO" # < 1s
not grep -n 'depends_on:.*!MBEDTLS_USE_PSA_CRYPTO' tests/suites/*.function tests/suites/*.data
not grep -n '^ *requires_config_disabled.*MBEDTLS_USE_PSA_CRYPTO' tests/ssl-opt.sh tests/opt-testcases/*.sh
all.sh: run check-test-cases.py
2019-09-19 21:30:05 +02:00
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_check_doxygen_warnings () {
Better information messages for quick checks Call them "check" rather than "test" to distinguish them from tests that build and run code, and for consistency with the component names.
2019-09-19 21:29:11 +02:00
msg "Check: doxygen warnings (builds the documentation)" # ~ 3s
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/scripts/doxygen.sh
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add test script for doxygen warnings
2016-01-04 16:49:09 +01:00
all.sh: add some documentation
2017-12-21 15:59:21 +01:00
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
all.sh: add some documentation
2017-12-21 15:59:21 +01:00
################################################################
#### Build and test many configurations and targets
################################################################
Add an "out-of-box" component Just run `make` and `make test`. And `selftest` for good measure.
2019-04-08 17:00:15 +02:00
component_test_default_out_of_box () {
msg "build: make, default config (out-of-box)" # ~1min
make
all.sh --outcome-file creates an outcome file By default, remove the outcome file before starting. With --append-outcome, append to the existing outcome file if there is one.
2019-09-16 15:55:46 +02:00
# Disable fancy stuff
unset MBEDTLS_TEST_OUTCOME_FILE
Add an "out-of-box" component Just run `make` and `make test`. And `selftest` for good measure.
2019-04-08 17:00:15 +02:00
msg "test: main suites make, default config (out-of-box)" # ~10s
make test
msg "selftest: make, default config (out-of-box)" # ~10s
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
programs/test/selftest
Add an "out-of-box" component Just run `make` and `make test`. And `selftest` for good measure.
2019-04-08 17:00:15 +02:00
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_default_cmake_gcc_asan () {
msg "build: cmake, gcc, ASan" # ~ 1 min 50s
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
Tweak test ordering in all.sh
2014-06-09 11:21:49 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
make test
Tweak test ordering in all.sh
2014-06-09 11:21:49 +02:00
all.sh: run selftest in the full config and with ASan Almost everything the selftest program does is in the test suites. But just in case run the selftest program itself once in the full configuration, and once in the default configuration with ASan, in addition to running it out of box. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-23 23:37:45 +02:00
msg "test: selftest (ASan build)" # ~ 10s
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
programs/test/selftest
all.sh: run selftest in the full config and with ASan Almost everything the selftest program does is in the test suites. But just in case run the selftest program itself once in the full configuration, and once in the default configuration with ASan, in addition to running it out of box. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-23 23:37:45 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh
Tweak test ordering in all.sh
2014-06-09 11:21:49 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: compat.sh (ASan build)" # ~ 6 min
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/compat.sh
Add tests for the ssl_context_info program Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-07 16:07:05 +02:00
msg "test: context-info.sh (ASan build)" # ~ 15 sec
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/context-info.sh
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Tweak test ordering in all.sh
2014-06-09 11:21:49 +02:00
Add all.sh run with full config and ASan enabled
2019-02-26 15:27:09 +01:00
component_test_full_cmake_gcc_asan () {
msg "build: full config, cmake, gcc, ASan"
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py full
Add all.sh run with full config and ASan enabled
2019-02-26 15:27:09 +01:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: main suites (inc. selftests) (full config, ASan build)"
make test
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
all.sh: run selftest in the full config and with ASan Almost everything the selftest program does is in the test suites. But just in case run the selftest program itself once in the full configuration, and once in the default configuration with ASan, in addition to running it out of box. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-23 23:37:45 +02:00
msg "test: selftest (ASan build)" # ~ 10s
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
programs/test/selftest
all.sh: run selftest in the full config and with ASan Almost everything the selftest program does is in the test suites. But just in case run the selftest program itself once in the full configuration, and once in the default configuration with ASan, in addition to running it out of box. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-23 23:37:45 +02:00
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
msg "test: ssl-opt.sh (full config, ASan build)"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
msg "test: compat.sh (full config, ASan build)"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/compat.sh
Add tests for the ssl_context_info program Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-07 16:07:05 +02:00
msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/context-info.sh
Add all.sh run with full config and ASan enabled
2019-02-26 15:27:09 +01:00
}
Tweak test ordering in all.sh
2014-06-09 11:21:49 +02:00
State PSA_CRYPTO_KEY_ID_ENCODES_OWNER and USE_PSA_CRYPTO incompatibility Code under MBEDTLS_USE_PSA_CRYPTO define is PSA client code intended to use key identifiers of type psa_key_id_t. Thus the MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER configuration option is incompatible with MBEDTLS_USE_PSA_CRYPTO. State this in config.h and check_config.h. As a consequence: . remove MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER from the full configuration, as MBEDTLS_USE_PSA_CRYPTO is part of it. . add a new component in all.sh to keep testing the library when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is set. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-10-29 10:51:32 +01:00
component_test_psa_crypto_key_id_encodes_owner () {
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO Fix library references, tests and programs. Testing is performed in the already present all.sh test. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-03 12:53:24 +01:00
msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
State PSA_CRYPTO_KEY_ID_ENCODES_OWNER and USE_PSA_CRYPTO incompatibility Code under MBEDTLS_USE_PSA_CRYPTO define is PSA client code intended to use key identifiers of type psa_key_id_t. Thus the MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER configuration option is incompatible with MBEDTLS_USE_PSA_CRYPTO. State this in config.h and check_config.h. As a consequence: . remove MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER from the full configuration, as MBEDTLS_USE_PSA_CRYPTO is part of it. . add a new component in all.sh to keep testing the library when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is set. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-10-29 10:51:32 +01:00
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
make test
}
In the SPM test build, fail if a symbol wasn't renamed Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 11:37:52 +02:00
# check_renamed_symbols HEADER LIB
# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol
# name is LIB.
check_renamed_symbols () {
! nm "$2" | sed 's/.* //' |
grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")"
}
Do a test build with MBEDTLS_PSA_CRYPTO_SPM Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 18:37:38 +02:00
component_build_psa_crypto_spm () {
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO Fix library references, tests and programs. Testing is performed in the already present all.sh test. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-03 12:53:24 +01:00
msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc"
Do a test build with MBEDTLS_PSA_CRYPTO_SPM Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 18:37:38 +02:00
scripts/config.py full
scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM
# We can only compile, not link, since our test and sample programs
# aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM
# is active.
make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib
In the SPM test build, fail if a symbol wasn't renamed Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 11:37:52 +02:00
# Check that if a symbol is renamed by crypto_spe.h, the non-renamed
# version is not present.
echo "Checking for renamed symbols in the library"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
Do a test build with MBEDTLS_PSA_CRYPTO_SPM Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 18:37:38 +02:00
}
tests: psa: Test PSA client-only code Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-01-28 17:54:24 +01:00
component_test_psa_crypto_client () {
msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make"
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT
Disable LMS in PSA crypto client test Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-09-28 18:11:42 +02:00
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
tests: psa: Test PSA client-only code Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-01-28 17:54:24 +01:00
make
msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make"
make test
}
psa: Support RSA signature without MBEDTLS_GENPRIME On space-constrained platforms, it is a useful configuration to be able to import/export and perform RSA key pair operations, but to exclude RSA key generation, potentially saving flash space. It is not possible to express this with the PSA_WANT_ configuration system at the present time. However, in previous versions of Mbed TLS (v2.24.0 and earlier) it was possible to configure a software PSA implementation which was capable of making RSA signatures but not capable of generating RSA keys. To do this, one unset MBEDTLS_GENPRIME. Since the addition of MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR, this expressivity was lost. Expressing that you wanted to work with RSA key pairs forced you to include the ability to generate key pairs as well. Change psa_crypto_rsa.c to only call mbedtls_rsa_gen_key() if MBEDTLS_GENPRIME is also set. This restores the configuration behavior present in Mbed TLS v2.24.0 and earlier versions. It left as a future exercise to add the ability to PSA to be able to express a desire for a software or accelerator configuration that includes RSA key pair operations, like signature, but excludes key pair generation. Without this change, linker errors will occur when attempts to call, which doesn't exist when MBEDTLS_GENPRIME is unset. psa_crypto_rsa.c.obj: in function `rsa_generate_key': psa_crypto_rsa.c:320: undefined reference to `mbedtls_rsa_gen_key' Fixes #4512 Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2021-05-14 09:34:32 +02:00
component_test_psa_crypto_rsa_no_genprime() {
msg "build: default config minus MBEDTLS_GENPRIME"
scripts/config.py unset MBEDTLS_GENPRIME
make
msg "test: default config minus MBEDTLS_GENPRIME"
make test
}
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
component_test_ref_configs () {
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
Fix test_ref_config component of all.sh Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-09 11:46:25 +02:00
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
# want to re-generate generated files that depend on it, quite correctly.
# However this doesn't work as the generation script expects a specific
# format for mbedtls_config.h, which the other files don't follow. Also,
# cmake can't know this, but re-generation is actually not necessary as
Fix assorted spelling and wording issues Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-20 13:29:47 +02:00
# the generated files only depend on the list of available options, not
Fix test_ref_config component of all.sh Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-09 11:46:25 +02:00
# whether they're on or off. So, disable cmake's (over-sensitive here)
# dependency resolution for generated files and just rely on them being
Rename DEV_MODE to GEN_FILES GEN_FILES is a bit clearer as it describes what the setting does more precisely. Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-20 18:14:23 +02:00
# present (thanks to pre_generate_files) by turning GEN_FILES off.
CC=gcc cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/scripts/test-ref-configs.pl
Move test-ref-configs into its own component
2018-11-27 16:11:09 +01:00
}
Tweak test ordering in all.sh
2014-06-09 11:21:49 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_no_renegotiation () {
msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
Update interop tests to default configuration Removed SSLv3 from the default tests in compat.sh, and adapted the test cases in all.sh to include an additional SSLv3 regression test suite.
2016-03-08 00:22:10 +01:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
Add build and ssl-opt.sh run for !SSL_RENEGOTIATION to all.sh
2017-10-12 16:29:50 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add build and ssl-opt.sh run for !SSL_RENEGOTIATION to all.sh
2017-10-12 16:29:50 +02:00
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
component_test_no_pem_no_fs () {
msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)"
scripts/config.py unset MBEDTLS_PEM_PARSE_C
scripts/config.py unset MBEDTLS_FS_IO
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_rsa_no_crt () {
msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py set MBEDTLS_RSA_NO_CRT
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
Update interop tests to default configuration Removed SSLv3 from the default tests in compat.sh, and adapted the test cases in all.sh to include an additional SSLv3 regression test suite.
2016-03-08 00:22:10 +01:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
Add ASan build-and-test run for MBEDTLS_RSA_NO_CRT in all.sh
2017-09-28 13:53:51 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f RSA
Add ASan build-and-test run for MBEDTLS_RSA_NO_CRT in all.sh
2017-09-28 13:53:51 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/compat.sh -t RSA
Add tests for the ssl_context_info program Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-07 16:07:05 +02:00
msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/context-info.sh
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add ASan build-and-test run for MBEDTLS_RSA_NO_CRT in all.sh
2017-09-28 13:53:51 +02:00
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
component_test_no_ctr_drbg_classic () {
msg "build: Full minus CTR_DRBG, classic crypto in TLS"
Add test for building without CTR_DRBG People who prefer to rely on HMAC_DRBG (for example because they use it for deterministic ECDSA and don't want a second DRBG for code size reasons) should be able to build and run the tests suites without CTR_DRBG. Ideally we should make sure the level of testing (SSL) is the same regardless of which DRBG modules is enabled, but that's a more significant piece of work. For now, just ensure everything builds and `make test` passes. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-05-28 12:55:10 +02:00
scripts/config.py full
scripts/config.py unset MBEDTLS_CTR_DRBG_C
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Add test for building without CTR_DRBG People who prefer to rely on HMAC_DRBG (for example because they use it for deterministic ECDSA and don't want a second DRBG for code size reasons) should be able to build and run the tests suites without CTR_DRBG. Ideally we should make sure the level of testing (SSL) is the same regardless of which DRBG modules is enabled, but that's a more significant piece of work. For now, just ensure everything builds and `make test` passes. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-05-28 12:55:10 +02:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
msg "test: Full minus CTR_DRBG, classic crypto - main suites"
Add test for building without CTR_DRBG People who prefer to rely on HMAC_DRBG (for example because they use it for deterministic ECDSA and don't want a second DRBG for code size reasons) should be able to build and run the tests suites without CTR_DRBG. Ideally we should make sure the level of testing (SSL) is the same regardless of which DRBG modules is enabled, but that's a more significant piece of work. For now, just ensure everything builds and `make test` passes. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-05-28 12:55:10 +02:00
make test
SSL test programs: support HMAC_DRBG Support HMAC_DRBG in ssl_client2 and ssl_server2, in addition to CTR_DRBG. CTR_DRBG is still used if present, but it's now possible to run the SSL test programs with CTR_DRBG disabled. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:02:03 +01:00
# In this configuration, the TLS test programs use HMAC_DRBG.
# The SSL tests are slow, so run a small subset, just enough to get
# confidence that the SSL code copes with HMAC_DRBG.
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
SSL test programs: support HMAC_DRBG Support HMAC_DRBG in ssl_client2 and ssl_server2, in addition to CTR_DRBG. CTR_DRBG is still used if present, but it's now possible to run the SSL test programs with CTR_DRBG disabled. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:02:03 +01:00
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)"
Fix (d)tls1_2 into (d)tls12 in version options Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 09:43:35 +01:00
tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
Add test for dependencies on HMAC_DRBG in all.sh Similarly to the recently-added tests for dependencies on CTR_DRBG: constrained environments will probably want only one DRBG module, and we should make sure that tests pass in such a configuration. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-05 09:29:51 +02:00
}
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
component_test_no_ctr_drbg_use_psa () {
msg "build: Full minus CTR_DRBG, PSA crypto in TLS"
scripts/config.py full
scripts/config.py unset MBEDTLS_CTR_DRBG_C
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites"
make test
# In this configuration, the TLS test programs use HMAC_DRBG.
# The SSL tests are slow, so run a small subset, just enough to get
# confidence that the SSL code copes with HMAC_DRBG.
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)"
Fix (d)tls1_2 into (d)tls12 in version options Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 09:43:35 +01:00
tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
}
component_test_no_hmac_drbg_classic () {
msg "build: Full minus HMAC_DRBG, classic crypto in TLS"
Add test for dependencies on HMAC_DRBG in all.sh Similarly to the recently-added tests for dependencies on CTR_DRBG: constrained environments will probably want only one DRBG module, and we should make sure that tests pass in such a configuration. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-05 09:29:51 +02:00
scripts/config.py full
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Add test for dependencies on HMAC_DRBG in all.sh Similarly to the recently-added tests for dependencies on CTR_DRBG: constrained environments will probably want only one DRBG module, and we should make sure that tests pass in such a configuration. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-05 09:29:51 +02:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
msg "test: Full minus HMAC_DRBG, classic crypto - main suites"
Add test for dependencies on HMAC_DRBG in all.sh Similarly to the recently-added tests for dependencies on CTR_DRBG: constrained environments will probably want only one DRBG module, and we should make sure that tests pass in such a configuration. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-05 09:29:51 +02:00
make test
Test SSL with non-deterministic ECDSA In component_test_no_hmac_drbg, the fact that HMAC_DRBG is disabled doesn't affect the SSL code, but the fact that deterministic ECDSA is disabled does. So run some ECDSA-related SSL tests. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-19 22:14:34 +01:00
# Normally our ECDSA implementation uses deterministic ECDSA. But since
# HMAC_DRBG is disabled in this configuration, randomized ECDSA is used
# instead.
# Test SSL with non-deterministic ECDSA. Only test features that
# might be affected by how ECDSA signature is performed.
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
Test SSL with non-deterministic ECDSA In component_test_no_hmac_drbg, the fact that HMAC_DRBG is disabled doesn't affect the SSL code, but the fact that deterministic ECDSA is disabled does. So run some ECDSA-related SSL tests. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-19 22:14:34 +01:00
# To save time, only test one protocol version, since this part of
# the protocol is identical in (D)TLS up to 1.2.
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)"
Fix (d)tls1_2 into (d)tls12 in version options Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 09:43:35 +01:00
tests/compat.sh -m tls12 -t 'ECDSA'
Add test for building without CTR_DRBG People who prefer to rely on HMAC_DRBG (for example because they use it for deterministic ECDSA and don't want a second DRBG for code size reasons) should be able to build and run the tests suites without CTR_DRBG. Ideally we should make sure the level of testing (SSL) is the same regardless of which DRBG modules is enabled, but that's a more significant piece of work. For now, just ensure everything builds and `make test` passes. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-05-28 12:55:10 +02:00
}
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
component_test_no_hmac_drbg_use_psa () {
msg "build: Full minus HMAC_DRBG, PSA crypto in TLS"
Add test for dependencies on HMAC_DRBG in all.sh Similarly to the recently-added tests for dependencies on CTR_DRBG: constrained environments will probably want only one DRBG module, and we should make sure that tests pass in such a configuration. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-05 09:29:51 +02:00
scripts/config.py full
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
Add test for dependencies on HMAC_DRBG in all.sh Similarly to the recently-added tests for dependencies on CTR_DRBG: constrained environments will probably want only one DRBG module, and we should make sure that tests pass in such a configuration. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-05 09:29:51 +02:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites"
Add test for dependencies on HMAC_DRBG in all.sh Similarly to the recently-added tests for dependencies on CTR_DRBG: constrained environments will probably want only one DRBG module, and we should make sure that tests pass in such a configuration. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-05 09:29:51 +02:00
make test
Test SSL with non-deterministic ECDSA In component_test_no_hmac_drbg, the fact that HMAC_DRBG is disabled doesn't affect the SSL code, but the fact that deterministic ECDSA is disabled does. So run some ECDSA-related SSL tests. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-19 22:14:34 +01:00
# Normally our ECDSA implementation uses deterministic ECDSA. But since
# HMAC_DRBG is disabled in this configuration, randomized ECDSA is used
# instead.
# Test SSL with non-deterministic ECDSA. Only test features that
# might be affected by how ECDSA signature is performed.
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
Test SSL with non-deterministic ECDSA In component_test_no_hmac_drbg, the fact that HMAC_DRBG is disabled doesn't affect the SSL code, but the fact that deterministic ECDSA is disabled does. So run some ECDSA-related SSL tests. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-19 22:14:34 +01:00
# To save time, only test one protocol version, since this part of
# the protocol is identical in (D)TLS up to 1.2.
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)"
Fix (d)tls1_2 into (d)tls12 in version options Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 09:43:35 +01:00
tests/compat.sh -m tls12 -t 'ECDSA'
Add test for building without CTR_DRBG People who prefer to rely on HMAC_DRBG (for example because they use it for deterministic ECDSA and don't want a second DRBG for code size reasons) should be able to build and run the tests suites without CTR_DRBG. Ideally we should make sure the level of testing (SSL) is the same regardless of which DRBG modules is enabled, but that's a more significant piece of work. For now, just ensure everything builds and `make test` passes. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-05-28 12:55:10 +02:00
}
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
component_test_psa_external_rng_no_drbg_classic () {
msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS"
Test MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG Add two builds with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG to all.sh: * full minus all DRBG (validates that PSA can work without any of the DRBG modules). * with MBEDTLS_USE_PSA_CRYPTO and no CTR_DRBG (validates that PSA can work without CTR_DRBG, and that it works for USE_PSA_CRYPTO). The goal is to exercise default/full, with/out USE_PSA_CRYPTO, and with/out deterministic ECDSA (which requires HMAC_DRBG). The choice of pairing is rather arbitrary. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:39:04 +01:00
scripts/config.py full
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Test MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG Add two builds with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG to all.sh: * full minus all DRBG (validates that PSA can work without any of the DRBG modules). * with MBEDTLS_USE_PSA_CRYPTO and no CTR_DRBG (validates that PSA can work without CTR_DRBG, and that it works for USE_PSA_CRYPTO). The goal is to exercise default/full, with/out USE_PSA_CRYPTO, and with/out deterministic ECDSA (which requires HMAC_DRBG). The choice of pairing is rather arbitrary. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:39:04 +01:00
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
In external_rng tests, disable the entropy module The point of having an external RNG is that you can disable all built-in RNG functionality: both the entropy part and the DRBG part. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 21:02:53 +01:00
scripts/config.py unset MBEDTLS_ENTROPY_C
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
Test MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG Add two builds with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG to all.sh: * full minus all DRBG (validates that PSA can work without any of the DRBG modules). * with MBEDTLS_USE_PSA_CRYPTO and no CTR_DRBG (validates that PSA can work without CTR_DRBG, and that it works for USE_PSA_CRYPTO). The goal is to exercise default/full, with/out USE_PSA_CRYPTO, and with/out deterministic ECDSA (which requires HMAC_DRBG). The choice of pairing is rather arbitrary. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:39:04 +01:00
scripts/config.py unset MBEDTLS_CTR_DRBG_C
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
Support mbedtls_psa_get_random() in SSL test programs The SSL test programs can now use mbedtls_psa_get_random() rather than entropy+DRBG as a random generator. This happens if the configuration option MBEDTLS_USE_PSA_CRYPTO is enabled, or if MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is set at build time. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 20:07:11 +01:00
# When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG,
# the SSL test programs don't have an RNG and can't work. Explicitly
# make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG.
make CFLAGS="$ASAN_CFLAGS -O2 -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS"
Test MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG Add two builds with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG to all.sh: * full minus all DRBG (validates that PSA can work without any of the DRBG modules). * with MBEDTLS_USE_PSA_CRYPTO and no CTR_DRBG (validates that PSA can work without CTR_DRBG, and that it works for USE_PSA_CRYPTO). The goal is to exercise default/full, with/out USE_PSA_CRYPTO, and with/out deterministic ECDSA (which requires HMAC_DRBG). The choice of pairing is rather arbitrary. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:39:04 +01:00
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites"
Test MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG Add two builds with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG to all.sh: * full minus all DRBG (validates that PSA can work without any of the DRBG modules). * with MBEDTLS_USE_PSA_CRYPTO and no CTR_DRBG (validates that PSA can work without CTR_DRBG, and that it works for USE_PSA_CRYPTO). The goal is to exercise default/full, with/out USE_PSA_CRYPTO, and with/out deterministic ECDSA (which requires HMAC_DRBG). The choice of pairing is rather arbitrary. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:39:04 +01:00
make test
Support mbedtls_psa_get_random() in SSL test programs The SSL test programs can now use mbedtls_psa_get_random() rather than entropy+DRBG as a random generator. This happens if the configuration option MBEDTLS_USE_PSA_CRYPTO is enabled, or if MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is set at build time. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 20:07:11 +01:00
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f 'Default'
Test MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG Add two builds with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG to all.sh: * full minus all DRBG (validates that PSA can work without any of the DRBG modules). * with MBEDTLS_USE_PSA_CRYPTO and no CTR_DRBG (validates that PSA can work without CTR_DRBG, and that it works for USE_PSA_CRYPTO). The goal is to exercise default/full, with/out USE_PSA_CRYPTO, and with/out deterministic ECDSA (which requires HMAC_DRBG). The choice of pairing is rather arbitrary. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:39:04 +01:00
}
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
component_test_psa_external_rng_no_drbg_use_psa () {
msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
In external_rng tests, disable the entropy module The point of having an external RNG is that you can disable all built-in RNG functionality: both the entropy part and the DRBG part. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 21:02:53 +01:00
scripts/config.py unset MBEDTLS_ENTROPY_C
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
Test MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG Add two builds with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG to all.sh: * full minus all DRBG (validates that PSA can work without any of the DRBG modules). * with MBEDTLS_USE_PSA_CRYPTO and no CTR_DRBG (validates that PSA can work without CTR_DRBG, and that it works for USE_PSA_CRYPTO). The goal is to exercise default/full, with/out USE_PSA_CRYPTO, and with/out deterministic ECDSA (which requires HMAC_DRBG). The choice of pairing is rather arbitrary. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:39:04 +01:00
scripts/config.py unset MBEDTLS_CTR_DRBG_C
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 14:56:51 +01:00
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites"
Test MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG Add two builds with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG to all.sh: * full minus all DRBG (validates that PSA can work without any of the DRBG modules). * with MBEDTLS_USE_PSA_CRYPTO and no CTR_DRBG (validates that PSA can work without CTR_DRBG, and that it works for USE_PSA_CRYPTO). The goal is to exercise default/full, with/out USE_PSA_CRYPTO, and with/out deterministic ECDSA (which requires HMAC_DRBG). The choice of pairing is rather arbitrary. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:39:04 +01:00
make test
Support mbedtls_psa_get_random() in SSL test programs The SSL test programs can now use mbedtls_psa_get_random() rather than entropy+DRBG as a random generator. This happens if the configuration option MBEDTLS_USE_PSA_CRYPTO is enabled, or if MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is set at build time. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 20:07:11 +01:00
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f 'Default\|opaque'
Test MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG Add two builds with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG to all.sh: * full minus all DRBG (validates that PSA can work without any of the DRBG modules). * with MBEDTLS_USE_PSA_CRYPTO and no CTR_DRBG (validates that PSA can work without CTR_DRBG, and that it works for USE_PSA_CRYPTO). The goal is to exercise default/full, with/out USE_PSA_CRYPTO, and with/out deterministic ECDSA (which requires HMAC_DRBG). The choice of pairing is rather arbitrary. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:39:04 +01:00
}
all.sh: add build/test config crypto_full minus MD Dependeny list: - ['MBEDTLS_MD_C'] - ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C'] - ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C'] Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-28 15:44:18 +02:00
component_test_crypto_full_no_md () {
msg "build: crypto_full minus MD"
scripts/config.py crypto_full
scripts/config.py unset MBEDTLS_MD_C
component_test_crypto_full_no_md: fix order of disabled features Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 11:41:56 +02:00
# Direct dependencies
all.sh: add build/test config crypto_full minus MD Dependeny list: - ['MBEDTLS_MD_C'] - ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C'] - ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C'] Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-28 15:44:18 +02:00
scripts/config.py unset MBEDTLS_HKDF_C
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
component_test_crypto_full_no_md: fix order of disabled features Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 11:41:56 +02:00
# Indirect dependencies
all.sh: add build/test config crypto_full minus MD Dependeny list: - ['MBEDTLS_MD_C'] - ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C'] - ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C'] Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-28 15:44:18 +02:00
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC
make
msg "test: crypto_full minus MD"
make test
}
all.sh: add build/test config full minus CIPHER Dependency list: - ['MBEDTLS_CIPHER_C'] - ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C'] - ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO'] Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
component_test_full_no_cipher () {
msg "build: full minus CIPHER"
scripts/config.py full
scripts/config.py unset MBEDTLS_CIPHER_C
all.sh: Fix order of CIPHER dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 09:46:29 +02:00
# Direct dependencies
scripts/config.py unset MBEDTLS_CCM_C
all.sh: add build/test config full minus CIPHER Dependency list: - ['MBEDTLS_CIPHER_C'] - ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C'] - ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO'] Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
scripts/config.py unset MBEDTLS_CMAC_C
all.sh: Fix order of CIPHER dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 09:46:29 +02:00
scripts/config.py unset MBEDTLS_GCM_C
all.sh: add build/test config full minus CIPHER Dependency list: - ['MBEDTLS_CIPHER_C'] - ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C'] - ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO'] Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
scripts/config.py unset MBEDTLS_NIST_KW_C
scripts/config.py unset MBEDTLS_PKCS12_C
scripts/config.py unset MBEDTLS_PKCS5_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
scripts/config.py unset MBEDTLS_SSL_TLS_C
scripts/config.py unset MBEDTLS_SSL_TICKET_C
all.sh: Fix order of CIPHER dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 09:46:29 +02:00
# Indirect dependencies
scripts/config.py unset MBEDTLS_SSL_CLI_C
all.sh: add build/test config full minus CIPHER Dependency list: - ['MBEDTLS_CIPHER_C'] - ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C'] - ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO'] Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.py unset MBEDTLS_SSL_DTLS_ANTI_REPLAY
scripts/config.py unset MBEDTLS_SSL_DTLS_CONNECTION_ID
all.sh: Fix order of CIPHER dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 09:46:29 +02:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py unset MBEDTLS_SSL_SRV_C
all.sh: add build/test config full minus CIPHER Dependency list: - ['MBEDTLS_CIPHER_C'] - ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C'] - ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO'] Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
Disable LMS in all.sh when PSA isn't enabled Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-09-28 10:32:48 +02:00
scripts/config.py unset MBEDTLS_LMS_C
Disable LMS_PRIVATE in all.sh when LMS is disabled Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-09-28 13:00:20 +02:00
scripts/config.py unset MBEDTLS_LMS_PRIVATE
all.sh: add build/test config full minus CIPHER Dependency list: - ['MBEDTLS_CIPHER_C'] - ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C'] - ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO'] Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
make
msg "test: full minus CIPHER"
make test
}
all.sh: add build/test config crypto_full minus CIPHER Dependency list: - ['MBEDTLS_CIPHER_C'] - ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C'] - ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_USE_PSA_CRYPTO'] Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 11:03:35 +02:00
component_test_crypto_full_no_cipher () {
msg "build: crypto_full minus CIPHER"
scripts/config.py crypto_full
scripts/config.py unset MBEDTLS_CIPHER_C
all.sh: Fix order of CIPHER dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 09:46:29 +02:00
# Direct dependencies
scripts/config.py unset MBEDTLS_CCM_C
all.sh: add build/test config crypto_full minus CIPHER Dependency list: - ['MBEDTLS_CIPHER_C'] - ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C'] - ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_USE_PSA_CRYPTO'] Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 11:03:35 +02:00
scripts/config.py unset MBEDTLS_CMAC_C
all.sh: Fix order of CIPHER dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 09:46:29 +02:00
scripts/config.py unset MBEDTLS_GCM_C
all.sh: add build/test config crypto_full minus CIPHER Dependency list: - ['MBEDTLS_CIPHER_C'] - ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C'] - ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_USE_PSA_CRYPTO'] Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 11:03:35 +02:00
scripts/config.py unset MBEDTLS_NIST_KW_C
scripts/config.py unset MBEDTLS_PKCS12_C
scripts/config.py unset MBEDTLS_PKCS5_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
all.sh: Fix order of CIPHER dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 09:46:29 +02:00
# Indirect dependencies
all.sh: add build/test config crypto_full minus CIPHER Dependency list: - ['MBEDTLS_CIPHER_C'] - ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C'] - ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_USE_PSA_CRYPTO'] Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 11:03:35 +02:00
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
Disable LMS in all.sh when PSA isn't enabled Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-09-28 10:32:48 +02:00
scripts/config.py unset MBEDTLS_LMS_C
Disable LMS_PRIVATE in all.sh when LMS is disabled Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-09-28 13:00:20 +02:00
scripts/config.py unset MBEDTLS_LMS_PRIVATE
all.sh: add build/test config crypto_full minus CIPHER Dependency list: - ['MBEDTLS_CIPHER_C'] - ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C'] - ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_USE_PSA_CRYPTO'] Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 11:03:35 +02:00
make
msg "test: crypto_full minus CIPHER"
make test
}
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
component_test_tls1_2_default_stream_cipher_only () {
Add component to build and test default config with stream cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 13:34:31 +02:00
msg "build: default with only stream cipher"
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C
Add component to build and test default config with stream cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 13:34:31 +02:00
scripts/config.py unset MBEDTLS_GCM_C
scripts/config.py unset MBEDTLS_CCM_C
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
Add component to build and test default config with stream cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 13:34:31 +02:00
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
Add component to build and test default config with stream cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 13:34:31 +02:00
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER
Fix typos and comments Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 09:04:16 +02:00
# Modules that depend on AEAD
Make MBEDTLS_SSL_CONTEXT_SERIALIZATION dependent on AEAD Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 07:59:01 +02:00
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
Fix MBEDTLS_SSL_TICKET_C, MBEDTLS_SSL_SESSION_TICKETS dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-10 08:47:13 +02:00
scripts/config.py unset MBEDTLS_SSL_TICKET_C
Add component to build and test default config with stream cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 13:34:31 +02:00
make
msg "test: default with only stream cipher"
make test
Fix typos and comments Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 09:04:16 +02:00
# Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
Add component to build and test default config with stream cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 13:34:31 +02:00
}
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
component_test_tls1_2_default_stream_cipher_only_use_psa () {
Fix typos and comments Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 09:04:16 +02:00
msg "build: default with only stream cipher use psa"
Add component to build and test full config with stream cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 09:51:55 +02:00
Change testing strategy to default + one cypher only (psa/no psa) In full config TLS 1.2 is disabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
Add component to build and test full config with stream cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 09:51:55 +02:00
scripts/config.py unset MBEDTLS_GCM_C
scripts/config.py unset MBEDTLS_CCM_C
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
Add component to build and test full config with stream cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 09:51:55 +02:00
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
Add component to build and test full config with stream cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 09:51:55 +02:00
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER
Fix typos and comments Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 09:04:16 +02:00
# Modules that depend on AEAD
Add component to build and test full config with stream cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 09:51:55 +02:00
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
Fix MBEDTLS_SSL_TICKET_C, MBEDTLS_SSL_SESSION_TICKETS dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-10 08:47:13 +02:00
scripts/config.py unset MBEDTLS_SSL_TICKET_C
Add component to build and test full config with stream cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 09:51:55 +02:00
make
Fix typos and comments Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 09:04:16 +02:00
msg "test: default with only stream cipher use psa"
Add component to build and test full config with stream cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 09:51:55 +02:00
make test
Fix typos and comments Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 09:04:16 +02:00
# Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
Add component to build and test full config with stream cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 09:51:55 +02:00
}
Add component to build and test default config with stream cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 13:34:31 +02:00
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
component_test_tls1_2_default_cbc_legacy_cipher_only () {
Add components to build and test default/full config with legacy-ccm cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 10:23:22 +02:00
msg "build: default with only CBC-legacy cipher"
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
Add components to build and test default/full config with legacy-ccm cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 10:23:22 +02:00
scripts/config.py unset MBEDTLS_GCM_C
scripts/config.py unset MBEDTLS_CCM_C
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
Add components to build and test default/full config with legacy-ccm cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 10:23:22 +02:00
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
Add components to build and test default/full config with legacy-ccm cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 10:23:22 +02:00
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
Fix typos and comments Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 09:04:16 +02:00
# Modules that depend on AEAD
Add components to build and test default/full config with legacy-ccm cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 10:23:22 +02:00
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
Fix MBEDTLS_SSL_TICKET_C, MBEDTLS_SSL_SESSION_TICKETS dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-10 08:47:13 +02:00
scripts/config.py unset MBEDTLS_SSL_TICKET_C
Add components to build and test default/full config with legacy-ccm cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 10:23:22 +02:00
make
msg "test: default with only CBC-legacy cipher"
make test
Add ssl-opt tls 1.2 tests for single cipher builds Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 15:22:01 +02:00
msg "test: default with only CBC-legacy cipher - ssl-opt.sh (subset)"
tests/ssl-opt.sh -f "TLS 1.2"
Add components to build and test default/full config with legacy-ccm cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 10:23:22 +02:00
}
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () {
Change testing strategy to default + one cypher only (psa/no psa) In full config TLS 1.2 is disabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
msg "build: default with only CBC-legacy cipher use psa"
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
Change testing strategy to default + one cypher only (psa/no psa) In full config TLS 1.2 is disabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
scripts/config.py unset MBEDTLS_GCM_C
scripts/config.py unset MBEDTLS_CCM_C
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
Change testing strategy to default + one cypher only (psa/no psa) In full config TLS 1.2 is disabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
Change testing strategy to default + one cypher only (psa/no psa) In full config TLS 1.2 is disabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
Fix typos and comments Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 09:04:16 +02:00
# Modules that depend on AEAD
Change testing strategy to default + one cypher only (psa/no psa) In full config TLS 1.2 is disabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
Fix MBEDTLS_SSL_TICKET_C, MBEDTLS_SSL_SESSION_TICKETS dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-10 08:47:13 +02:00
scripts/config.py unset MBEDTLS_SSL_TICKET_C
Change testing strategy to default + one cypher only (psa/no psa) In full config TLS 1.2 is disabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
make
msg "test: default with only CBC-legacy cipher use psa"
make test
Add ssl-opt tls 1.2 tests for single cipher builds Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 15:22:01 +02:00
msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)"
tests/ssl-opt.sh -f "TLS 1.2"
Change testing strategy to default + one cypher only (psa/no psa) In full config TLS 1.2 is disabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
}
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () {
Change testing strategy to default + one cypher only (psa/no psa) In full config TLS 1.2 is disabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
msg "build: default with only CBC-legacy and CBC-EtM ciphers"
Add components to build and test default/full config with legacy-ccm cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 10:23:22 +02:00
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
Add components to build and test default/full config with legacy-ccm cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 10:23:22 +02:00
scripts/config.py unset MBEDTLS_GCM_C
scripts/config.py unset MBEDTLS_CCM_C
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
Add components to build and test default/full config with legacy-ccm cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 10:23:22 +02:00
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
Fix typos and comments Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 09:04:16 +02:00
# Modules that depend on AEAD
Add components to build and test default/full config with legacy-ccm cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 10:23:22 +02:00
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
Fix MBEDTLS_SSL_TICKET_C, MBEDTLS_SSL_SESSION_TICKETS dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-10 08:47:13 +02:00
scripts/config.py unset MBEDTLS_SSL_TICKET_C
Add components to build and test default/full config with legacy-ccm cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 10:23:22 +02:00
Change testing strategy to default + one cypher only (psa/no psa) In full config TLS 1.2 is disabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
make
msg "test: default with only CBC-legacy and CBC-EtM ciphers"
make test
Add ssl-opt tls 1.2 tests for single cipher builds Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 15:22:01 +02:00
msg "test: default with only CBC-legacy and CBC-EtM ciphers - ssl-opt.sh (subset)"
tests/ssl-opt.sh -f "TLS 1.2"
Change testing strategy to default + one cypher only (psa/no psa) In full config TLS 1.2 is disabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
}
Add ssl-opt tls 1.2 tests for single cipher builds Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 15:22:01 +02:00
component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () {
msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa"
Change testing strategy to default + one cypher only (psa/no psa) In full config TLS 1.2 is disabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
Change testing strategy to default + one cypher only (psa/no psa) In full config TLS 1.2 is disabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
scripts/config.py unset MBEDTLS_GCM_C
scripts/config.py unset MBEDTLS_CCM_C
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
Change testing strategy to default + one cypher only (psa/no psa) In full config TLS 1.2 is disabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
Fix typos and comments Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 09:04:16 +02:00
# Modules that depend on AEAD
Change testing strategy to default + one cypher only (psa/no psa) In full config TLS 1.2 is disabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
Fix MBEDTLS_SSL_TICKET_C, MBEDTLS_SSL_SESSION_TICKETS dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-10 08:47:13 +02:00
scripts/config.py unset MBEDTLS_SSL_TICKET_C
Change testing strategy to default + one cypher only (psa/no psa) In full config TLS 1.2 is disabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
Add components to build and test default/full config with legacy-ccm cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 10:23:22 +02:00
make
Add ssl-opt tls 1.2 tests for single cipher builds Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 15:22:01 +02:00
msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa"
Add components to build and test default/full config with legacy-ccm cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 10:23:22 +02:00
make test
Add ssl-opt tls 1.2 tests for single cipher builds Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 15:22:01 +02:00
msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)"
tests/ssl-opt.sh -f "TLS 1.2"
Add components to build and test default/full config with legacy-ccm cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 10:23:22 +02:00
}
Test MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG Add two builds with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG to all.sh: * full minus all DRBG (validates that PSA can work without any of the DRBG modules). * with MBEDTLS_USE_PSA_CRYPTO and no CTR_DRBG (validates that PSA can work without CTR_DRBG, and that it works for USE_PSA_CRYPTO). The goal is to exercise default/full, with/out USE_PSA_CRYPTO, and with/out deterministic ECDSA (which requires HMAC_DRBG). The choice of pairing is rather arbitrary. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:39:04 +01:00
component_test_psa_external_rng_use_psa_crypto () {
msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_CTR_DRBG_C
make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
make test
SSL test programs: support HMAC_DRBG Support HMAC_DRBG in ssl_client2 and ssl_server2, in addition to CTR_DRBG. CTR_DRBG is still used if present, but it's now possible to run the SSL test programs with CTR_DRBG disabled. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:02:03 +01:00
msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f 'Default\|opaque'
Test MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG Add two builds with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG to all.sh: * full minus all DRBG (validates that PSA can work without any of the DRBG modules). * with MBEDTLS_USE_PSA_CRYPTO and no CTR_DRBG (validates that PSA can work without CTR_DRBG, and that it works for USE_PSA_CRYPTO). The goal is to exercise default/full, with/out USE_PSA_CRYPTO, and with/out deterministic ECDSA (which requires HMAC_DRBG). The choice of pairing is rather arbitrary. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:39:04 +01:00
}
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
component_test_everest () {
msg "build: Everest ECDH context (ASan build)" # ~ 6 min
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f ECDH
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
# Exclude some symmetric ciphers that are redundant here to gain time.
Rm DES from invocations of compat.sh It no longer makes sense, either in -e or -f: those ciphersuites have been removed anyway. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-06 13:28:27 +02:00
tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
}
Test Everest with only Curve25519 enabled tests/scripts/curves.pl tests the library with a single curve enabled. This uses the legacy ECDH context and the default ECDH implementation. For Curve25519, there is an alternative implementation, which is Everest. Test this. This also tests the new ECDH context, which Everest requires. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-03 00:15:37 +02:00
component_test_everest_curve25519_only () {
msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Correction fixing the test_everest_curve25519_only falure Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-23 13:33:44 +02:00
scripts/config.py unset MBEDTLS_ECJPAKE_C
Test Everest with only Curve25519 enabled tests/scripts/curves.pl tests the library with a single curve enabled. This uses the legacy ECDH context and the default ECDH implementation. For Curve25519, there is an alternative implementation, which is Everest. Test this. This also tests the new ECDH context, which Everest requires. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-03 00:15:37 +02:00
# Disable all curves
for c in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do
scripts/config.py unset "$c"
done
scripts/config.py set MBEDTLS_ECP_DP_CURVE25519_ENABLED
make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
msg "test: Everest ECDH context, only Curve25519" # ~ 50s
make test
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_small_ssl_out_content_len () {
msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384
scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
Add ASan build-and-test run for MBEDTLS_RSA_NO_CRT in all.sh
2017-09-28 13:53:51 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f "Max fragment\|Large packet"
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
test: Add test cases for separately reduced inward/outward buffer sizes
2018-04-11 08:28:39 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_small_ssl_in_content_len () {
msg "build: small SSL_IN_CONTENT_LEN (ASan build)"
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 4096
scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 16384
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
test: Add test cases for separately reduced inward/outward buffer sizes
2018-04-11 08:28:39 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f "Max fragment"
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
test: Add test cases for separately reduced inward/outward buffer sizes
2018-04-11 08:28:39 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_small_ssl_dtls_max_buffering () {
msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0"
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
test: Add test cases for separately reduced inward/outward buffer sizes
2018-04-11 08:28:39 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg"
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
all.sh: Add builds allowing to test dropping buffered messages This commit adds two builds to all.sh which use a value of MBEDTLS_SSL_DTLS_MAX_BUFFERING that allows to run the reordering tests in ssl-opt.sh introduced in the last commit.
2018-08-24 15:43:44 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_small_mbedtls_ssl_dtls_max_buffering () {
msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1"
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
all.sh: Add builds allowing to test dropping buffered messages This commit adds two builds to all.sh which use a value of MBEDTLS_SSL_DTLS_MAX_BUFFERING that allows to run the reordering tests in ssl-opt.sh introduced in the last commit.
2018-08-24 15:43:44 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket"
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
all.sh: Add builds allowing to test dropping buffered messages This commit adds two builds to all.sh which use a value of MBEDTLS_SSL_DTLS_MAX_BUFFERING that allows to run the reordering tests in ssl-opt.sh introduced in the last commit.
2018-08-24 15:43:44 +02:00
Run psa_collect_statuses.py in all.sh Since it needs a slightly different build, even if that's only for the tests, make it its own component.
2019-09-06 19:47:17 +02:00
component_test_psa_collect_statuses () {
msg "build+test: psa_collect_statuses" # ~30s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py full
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/scripts/psa_collect_statuses.py
Run psa_collect_statuses.py in all.sh Since it needs a slightly different build, even if that's only for the tests, make it its own component.
2019-09-06 19:47:17 +02:00
# Check that psa_crypto_init() succeeded at least once
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
grep -q '^0:psa_crypto_init:' tests/statuses.log
Run psa_collect_statuses.py in all.sh Since it needs a slightly different build, even if that's only for the tests, make it its own component.
2019-09-06 19:47:17 +02:00
rm -f tests/statuses.log
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_full_cmake_clang () {
msg "build: cmake, full config, clang" # ~ 50s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py full
Group cpp_dummy_build test into an existing component No need to do yet another build just to compile an additional trivial program. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-30 21:02:40 +01:00
CC=clang CXX=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On -D TEST_CPP=1 .
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
make
all.sh: Add builds allowing to test dropping buffered messages This commit adds two builds to all.sh which use a value of MBEDTLS_SSL_DTLS_MAX_BUFFERING that allows to run the reordering tests in ssl-opt.sh introduced in the last commit.
2018-08-24 15:43:44 +02:00
Add an alternarive full build component to all.sh
2019-06-26 15:52:12 +02:00
msg "test: main suites (full config, clang)" # ~ 5s
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
make test
all.sh: one test script to run them all
2014-03-19 18:29:01 +01:00
Group cpp_dummy_build test into an existing component No need to do yet another build just to compile an additional trivial program. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-30 21:02:40 +01:00
msg "test: cpp_dummy_build (full config, clang)" # ~ 1s
programs/test/cpp_dummy_build
Add an alternarive full build component to all.sh
2019-06-26 15:52:12 +02:00
msg "test: psa_constant_names (full config, clang)" # ~ 1s
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/scripts/test_psa_constant_names.py
Revert "all.sh: Remove dependency on TLS, NET, and X.509" This reverts commit 9b90f2e294970ade3e4aa94879a19470f2c052e0. Conflicts: * tests/scripts/all.sh: do the same changes, dancing around the new outcome file feature and components added in the same places. Make sure that the components that are getting added back are at the same locations as where they are now in mbedtls.
2020-02-26 19:51:43 +01:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
Add config-full to all.sh
2014-07-12 04:00:00 +02:00
Rm DES from invocations of compat.sh It no longer makes sense, either in -e or -f: those ciphersuites have been removed anyway. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-06 13:28:27 +02:00
msg "test: compat.sh NULL (full config)" # ~ 2 min
env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL'
Add config-full to all.sh
2014-07-12 04:00:00 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: compat.sh ARIA + ChachaPoly"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add config-full to all.sh
2014-07-12 04:00:00 +02:00
Add MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN This option allows to test the constant-flow nature of selected code, using MemSan and the fundamental observation behind ctgrind that the set of operations allowed on undefined memory by dynamic analysers is the same as the set of operations allowed on secret data to avoid leaking it to a local attacker via side channels, namely, any operation except branching and dereferencing. (This isn't the full story, as on some CPUs some instructions have variable execution depending on the inputs, most notably division and on some cores multiplication. However, testing that no branch or memory access depends on secret data is already a good start.) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-10 09:35:54 +02:00
component_test_memsan_constant_flow () {
Add non-PSA and PSA variant of test_XXXX_constant_flow all.sh tests Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 09:57:32 +01:00
# This tests both (1) accesses to undefined memory, and (2) branches or
# memory access depending on secret values. To distinguish between those:
# - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
# - or alternatively, change the build type to MemSanDbg, which enables
# origin tracking and nicer stack traces (which are useful for debugging
# anyway), and check if the origin was TEST_CF_SECRET() or something else.
msg "build: cmake MSan (clang), full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
scripts/config.py full
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
make
msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, Msan + constant flow)"
make test
}
component_test_memsan_constant_flow_psa () {
Add comment on memsan + constant-flow testing
2020-07-22 11:09:28 +02:00
# This tests both (1) accesses to undefined memory, and (2) branches or
# memory access depending on secret values. To distinguish between those:
# - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
# - or alternatively, change the build type to MemSanDbg, which enables
# origin tracking and nicer stack traces (which are useful for debugging
# anyway), and check if the origin was TEST_CF_SECRET() or something else.
msg "build: cmake MSan (clang), full config with constant flow testing"
Add MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN This option allows to test the constant-flow nature of selected code, using MemSan and the fundamental observation behind ctgrind that the set of operations allowed on undefined memory by dynamic analysers is the same as the set of operations allowed on secret data to avoid leaking it to a local attacker via side channels, namely, any operation except branching and dereferencing. (This isn't the full story, as on some CPUs some instructions have variable execution depending on the inputs, most notably division and on some cores multiplication. However, testing that no branch or memory access depends on secret data is already a good start.) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-10 09:35:54 +02:00
scripts/config.py full
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
make
Add comment on memsan + constant-flow testing
2020-07-22 11:09:28 +02:00
msg "test: main suites (Msan + constant flow)"
Add MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN This option allows to test the constant-flow nature of selected code, using MemSan and the fundamental observation behind ctgrind that the set of operations allowed on undefined memory by dynamic analysers is the same as the set of operations allowed on secret data to avoid leaking it to a local attacker via side channels, namely, any operation except branching and dereferencing. (This isn't the full story, as on some CPUs some instructions have variable execution depending on the inputs, most notably division and on some cores multiplication. However, testing that no branch or memory access depends on secret data is already a good start.) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-10 09:35:54 +02:00
make test
}
Add option to test constant-flow with valgrind Currently the new component in all.sh fails because mbedtls_ssl_cf_memcpy_offset() is not actually constant flow - this is on purpose to be able to verify that the new test works. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-19 10:27:38 +02:00
component_test_valgrind_constant_flow () {
# This tests both (1) everything that valgrind's memcheck usually checks
# (heap buffer overflows, use of uninitialized memory, use-after-free,
# etc.) and (2) branches or memory access depending on secret values,
# which will be reported as uninitialized memory. To distinguish between
# secret and actually uninitialized:
# - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
# - or alternatively, build with debug info and manually run the offending
# test suite with valgrind --track-origins=yes, then check if the origin
# was TEST_CF_SECRET() or something else.
Add non-PSA and PSA variant of test_XXXX_constant_flow all.sh tests Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 09:57:32 +01:00
msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
scripts/config.py full
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
cmake -D CMAKE_BUILD_TYPE:String=Release .
make
# this only shows a summary of the results (how many of each type)
# details are left in Testing/<date>/DynamicAnalysis.xml
msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)"
make memcheck
}
component_test_valgrind_constant_flow_psa () {
Add option to test constant-flow with valgrind Currently the new component in all.sh fails because mbedtls_ssl_cf_memcpy_offset() is not actually constant flow - this is on purpose to be able to verify that the new test works. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-19 10:27:38 +02:00
# This tests both (1) everything that valgrind's memcheck usually checks
# (heap buffer overflows, use of uninitialized memory, use-after-free,
# etc.) and (2) branches or memory access depending on secret values,
# which will be reported as uninitialized memory. To distinguish between
# secret and actually uninitialized:
# - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
# - or alternatively, build with debug info and manually run the offending
# test suite with valgrind --track-origins=yes, then check if the origin
# was TEST_CF_SECRET() or something else.
msg "build: cmake release GCC, full config with constant flow testing"
scripts/config.py full
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
cmake -D CMAKE_BUILD_TYPE:String=Release .
make
# this only shows a summary of the results (how many of each type)
# details are left in Testing/<date>/DynamicAnalysis.xml
msg "test: main suites (valgrind + constant flow)"
make memcheck
}
all.sh: reorganize testing around deprecated features build_deprecated combined the testing of deprecated features, and testing of the build without deprecated features. Also, it violated the component naming convention by being called build_xxx but running tests. Replace it by: * test_default_no_deprecated: check that you can remove deprecated features from the default build. * test_full_no_deprecated: check that the library builds when deprecated features are disabled (and incidentally that the tests run). * test_no_deprecated_warning: check that there are no warnings when deprecated features are disabled and MBEDTLS_DEPRECATED_WARNING is enabled. * test_deprecated: test the deprecated features. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-13 01:03:21 +02:00
component_test_default_no_deprecated () {
all.sh: explain the testing around deprecated features Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 09:07:29 +02:00
# Test that removing the deprecated features from the default
# configuration leaves something consistent.
all.sh: reorganize testing around deprecated features build_deprecated combined the testing of deprecated features, and testing of the build without deprecated features. Also, it violated the component naming convention by being called build_xxx but running tests. Replace it by: * test_default_no_deprecated: check that you can remove deprecated features from the default build. * test_full_no_deprecated: check that the library builds when deprecated features are disabled (and incidentally that the tests run). * test_no_deprecated_warning: check that there are no warnings when deprecated features are disabled and MBEDTLS_DEPRECATED_WARNING is enabled. * test_deprecated: test the deprecated features. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-13 01:03:21 +02:00
msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s
scripts/config.py set MBEDTLS_DEPRECATED_REMOVED
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s
make test
}
component_test_full_no_deprecated () {
Make no_deprecated naming more consistent Use "no_deprecated" both in the name of the configuration and in the name of all.sh components, rather than a mixture of "no_deprecated" and "non_deprecated". Make all.sh component names more consistent. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-20 21:39:22 +02:00
msg "build: make, full_no_deprecated config" # ~ 30s
scripts/config.py full_no_deprecated
all.sh: reorganize testing around deprecated features build_deprecated combined the testing of deprecated features, and testing of the build without deprecated features. Also, it violated the component naming convention by being called build_xxx but running tests. Replace it by: * test_default_no_deprecated: check that you can remove deprecated features from the default build. * test_full_no_deprecated: check that the library builds when deprecated features are disabled (and incidentally that the tests run). * test_no_deprecated_warning: check that there are no warnings when deprecated features are disabled and MBEDTLS_DEPRECATED_WARNING is enabled. * test_deprecated: test the deprecated features. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-13 01:03:21 +02:00
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
Make no_deprecated naming more consistent Use "no_deprecated" both in the name of the configuration and in the name of all.sh components, rather than a mixture of "no_deprecated" and "non_deprecated". Make all.sh component names more consistent. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-20 21:39:22 +02:00
msg "test: make, full_no_deprecated config" # ~ 5s
all.sh: reorganize testing around deprecated features build_deprecated combined the testing of deprecated features, and testing of the build without deprecated features. Also, it violated the component naming convention by being called build_xxx but running tests. Replace it by: * test_default_no_deprecated: check that you can remove deprecated features from the default build. * test_full_no_deprecated: check that the library builds when deprecated features are disabled (and incidentally that the tests run). * test_no_deprecated_warning: check that there are no warnings when deprecated features are disabled and MBEDTLS_DEPRECATED_WARNING is enabled. * test_deprecated: test the deprecated features. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-13 01:03:21 +02:00
make test
}
all.sh: explain the testing around deprecated features Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 09:07:29 +02:00
component_test_full_no_deprecated_deprecated_warning () {
# Test that there is nothing deprecated in "full_no_deprecated".
# A deprecated feature would trigger a warning (made fatal) from
# MBEDTLS_DEPRECATED_WARNING.
Make no_deprecated naming more consistent Use "no_deprecated" both in the name of the configuration and in the name of all.sh components, rather than a mixture of "no_deprecated" and "non_deprecated". Make all.sh component names more consistent. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-20 21:39:22 +02:00
msg "build: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 30s
scripts/config.py full_no_deprecated
all.sh: reorganize testing around deprecated features build_deprecated combined the testing of deprecated features, and testing of the build without deprecated features. Also, it violated the component naming convention by being called build_xxx but running tests. Replace it by: * test_default_no_deprecated: check that you can remove deprecated features from the default build. * test_full_no_deprecated: check that the library builds when deprecated features are disabled (and incidentally that the tests run). * test_no_deprecated_warning: check that there are no warnings when deprecated features are disabled and MBEDTLS_DEPRECATED_WARNING is enabled. * test_deprecated: test the deprecated features. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-13 01:03:21 +02:00
scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED
scripts/config.py set MBEDTLS_DEPRECATED_WARNING
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
Make no_deprecated naming more consistent Use "no_deprecated" both in the name of the configuration and in the name of all.sh components, rather than a mixture of "no_deprecated" and "non_deprecated". Make all.sh component names more consistent. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-20 21:39:22 +02:00
msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s
all.sh: reorganize testing around deprecated features build_deprecated combined the testing of deprecated features, and testing of the build without deprecated features. Also, it violated the component naming convention by being called build_xxx but running tests. Replace it by: * test_default_no_deprecated: check that you can remove deprecated features from the default build. * test_full_no_deprecated: check that the library builds when deprecated features are disabled (and incidentally that the tests run). * test_no_deprecated_warning: check that there are no warnings when deprecated features are disabled and MBEDTLS_DEPRECATED_WARNING is enabled. * test_deprecated: test the deprecated features. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-13 01:03:21 +02:00
make test
}
all.sh: explain the testing around deprecated features Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 09:07:29 +02:00
component_test_full_deprecated_warning () {
# Test that when MBEDTLS_DEPRECATED_WARNING is enabled, the build passes
# with only certain whitelisted types of warnings.
all.sh: reorganize testing around deprecated features build_deprecated combined the testing of deprecated features, and testing of the build without deprecated features. Also, it violated the component naming convention by being called build_xxx but running tests. Replace it by: * test_default_no_deprecated: check that you can remove deprecated features from the default build. * test_full_no_deprecated: check that the library builds when deprecated features are disabled (and incidentally that the tests run). * test_no_deprecated_warning: check that there are no warnings when deprecated features are disabled and MBEDTLS_DEPRECATED_WARNING is enabled. * test_deprecated: test the deprecated features. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-13 01:03:21 +02:00
msg "build: make, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py full
scripts/config.py set MBEDTLS_DEPRECATED_WARNING
all.sh: reorganize testing around deprecated features build_deprecated combined the testing of deprecated features, and testing of the build without deprecated features. Also, it violated the component naming convention by being called build_xxx but running tests. Replace it by: * test_default_no_deprecated: check that you can remove deprecated features from the default build. * test_full_no_deprecated: check that the library builds when deprecated features are disabled (and incidentally that the tests run). * test_no_deprecated_warning: check that there are no warnings when deprecated features are disabled and MBEDTLS_DEPRECATED_WARNING is enabled. * test_deprecated: test the deprecated features. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-13 01:03:21 +02:00
# Expect warnings from '#warning' directives in check_config.h.
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs
Add compat.sh ARIA run to all.sh Warning: needs OpenSSL >= 1.1.1-pre1 installed and environment variable OPENSSL_NEXT pointing to it.
2018-02-20 12:02:07 +01:00
all.sh: explain the testing around deprecated features Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 09:07:29 +02:00
msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s
# Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features.
# By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set.
all.sh: reorganize testing around deprecated features build_deprecated combined the testing of deprecated features, and testing of the build without deprecated features. Also, it violated the component naming convention by being called build_xxx but running tests. Replace it by: * test_default_no_deprecated: check that you can remove deprecated features from the default build. * test_full_no_deprecated: check that the library builds when deprecated features are disabled (and incidentally that the tests run). * test_no_deprecated_warning: check that there are no warnings when deprecated features are disabled and MBEDTLS_DEPRECATED_WARNING is enabled. * test_deprecated: test the deprecated features. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-13 01:03:21 +02:00
# Expect warnings from '#warning' directives in check_config.h and
# from the use of deprecated functions in test suites.
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests
Add tests of deprecated PSA macros When MBEDTLS_TEST_DEPRECATED is defined, run some additional tests to validate deprecated PSA macros. We don't need to test deprecated features extensively, but we should at least ensure that they don't break the build. Add some code to component_build_deprecated in all.sh to run these tests with MBEDTLS_DEPRECATED_WARNING enabled. The tests are also executed when MBEDTLS_DEPRECATED_WARNING and MBEDTLS_DEPRECATED_REMOVED are both disabled.
2019-11-26 17:37:37 +01:00
all.sh: reorganize testing around deprecated features build_deprecated combined the testing of deprecated features, and testing of the build without deprecated features. Also, it violated the component naming convention by being called build_xxx but running tests. Replace it by: * test_default_no_deprecated: check that you can remove deprecated features from the default build. * test_full_no_deprecated: check that the library builds when deprecated features are disabled (and incidentally that the tests run). * test_no_deprecated_warning: check that there are no warnings when deprecated features are disabled and MBEDTLS_DEPRECATED_WARNING is enabled. * test_deprecated: test the deprecated features. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-13 01:03:21 +02:00
msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s
make test
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add build using PSA to all.sh
2018-10-30 11:20:45 +01:00
Add test components for crypto-only builds For each of the crypto-only presets, run the build and check that the resulting libmbedx509 and libmbedtls are empty. Don't bother testing, because for each crypto-only preset, another component builds that plus the x509 and tls parts and tests everything.
2020-01-31 14:24:14 +01:00
# Check that the specified libraries exist and are empty.
are_empty_libraries () {
nm "$@" >/dev/null 2>/dev/null
! nm "$@" 2>/dev/null | grep -v ':$' | grep .
}
component_build_crypto_default () {
msg "build: make, crypto only"
scripts/config.py crypto
Always use "-O1 -Werror" in crypto-only test builds Pass -Werror because any compiler warning would be suspicious. Pass -O1 because at -O0, gcc doesn't do as much analysis.
2020-02-03 11:59:20 +01:00
make CFLAGS='-O1 -Werror'
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
Add test components for crypto-only builds For each of the crypto-only presets, run the build and check that the resulting libmbedx509 and libmbedtls are empty. Don't bother testing, because for each crypto-only preset, another component builds that plus the x509 and tls parts and tests everything.
2020-01-31 14:24:14 +01:00
}
component_build_crypto_full () {
msg "build: make, crypto only, full config"
scripts/config.py crypto_full
Always use "-O1 -Werror" in crypto-only test builds Pass -Werror because any compiler warning would be suspicious. Pass -O1 because at -O0, gcc doesn't do as much analysis.
2020-02-03 11:59:20 +01:00
make CFLAGS='-O1 -Werror'
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
Add test components for crypto-only builds For each of the crypto-only presets, run the build and check that the resulting libmbedx509 and libmbedtls are empty. Don't bother testing, because for each crypto-only preset, another component builds that plus the x509 and tls parts and tests everything.
2020-01-31 14:24:14 +01:00
}
Improve test component name Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-21 19:34:54 +02:00
component_test_crypto_for_psa_service () {
Add build with a typical configuration for a PSA crypto service Disable non-crypto features that can't be called through the PSA API, as well as algorithms that have no PSA interface. This serves as a non-regression test for #6408 and #6409. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:05:06 +02:00
msg "build: make, config for PSA crypto service"
scripts/config.py crypto
scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
# Disable things that are not needed for just cryptography, to
# reach a configuration that would be typical for a PSA cryptography
# service providing all implemented PSA algorithms.
# System stuff
scripts/config.py unset MBEDTLS_ERROR_C
scripts/config.py unset MBEDTLS_TIMING_C
Fix spelling of a disabled option Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-25 21:02:33 +02:00
scripts/config.py unset MBEDTLS_VERSION_FEATURES
Add build with a typical configuration for a PSA crypto service Disable non-crypto features that can't be called through the PSA API, as well as algorithms that have no PSA interface. This serves as a non-regression test for #6408 and #6409. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:05:06 +02:00
# Crypto stuff with no PSA interface
scripts/config.py unset MBEDTLS_BASE64_C
PSA service config build: note why we aren't disabling cipher and md Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-25 21:05:57 +02:00
# Keep MBEDTLS_CIPHER_C because psa_crypto_cipher, CCM and GCM need it.
PSA service config build: disable more modules not used by PSA Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-25 21:06:11 +02:00
scripts/config.py unset MBEDTLS_HKDF_C # PSA's HKDF is independent
PSA service config build: note why we aren't disabling cipher and md Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-25 21:05:57 +02:00
# Keep MBEDTLS_MD_C because deterministic ECDSA needs it for HMAC_DRBG.
Add build with a typical configuration for a PSA crypto service Disable non-crypto features that can't be called through the PSA API, as well as algorithms that have no PSA interface. This serves as a non-regression test for #6408 and #6409. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:05:06 +02:00
scripts/config.py unset MBEDTLS_NIST_KW_C
scripts/config.py unset MBEDTLS_PEM_PARSE_C
scripts/config.py unset MBEDTLS_PEM_WRITE_C
scripts/config.py unset MBEDTLS_PKCS12_C
scripts/config.py unset MBEDTLS_PKCS5_C
Automatically enable PK_PARSE for RSA in PSA PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost anything with them (import, get attributes, export public from private, any cryptographic operations). Force it on, for symmetry with what we're doing for MBEDTLS_PK_WRITE_C. Fixes #6409. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:15:24 +02:00
# MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C are actually currently needed
# in PSA code to work with RSA keys. We don't require users to set those:
# they will be reenabled in build_info.h.
Disable pk in the PSA service config build It's not needed as a feature. It gets reenabled automatically in build_info.h like pk_write and pk_parse, but that's an implementation detail. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-25 21:02:56 +02:00
scripts/config.py unset MBEDTLS_PK_C
Automatically enable PK_PARSE for RSA in PSA PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost anything with them (import, get attributes, export public from private, any cryptographic operations). Force it on, for symmetry with what we're doing for MBEDTLS_PK_WRITE_C. Fixes #6409. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:15:24 +02:00
scripts/config.py unset MBEDTLS_PK_PARSE_C
Add build with a typical configuration for a PSA crypto service Disable non-crypto features that can't be called through the PSA API, as well as algorithms that have no PSA interface. This serves as a non-regression test for #6408 and #6409. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:05:06 +02:00
scripts/config.py unset MBEDTLS_PK_WRITE_C
make CFLAGS='-O1 -Werror' all test
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
}
Add test components for crypto-only builds For each of the crypto-only presets, run the build and check that the resulting libmbedx509 and libmbedtls are empty. Don't bother testing, because for each crypto-only preset, another component builds that plus the x509 and tls parts and tests everything.
2020-01-31 14:24:14 +01:00
component_build_crypto_baremetal () {
msg "build: make, crypto only, baremetal config"
scripts/config.py crypto_baremetal
Use $PWD instead of $(pwd) for consistency Change the new baremetal all.sh tests to use $PWD rather than calling pwd again directly. Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-11-30 12:40:54 +01:00
make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
Add test components for crypto-only builds For each of the crypto-only presets, run the build and check that the resulting libmbedx509 and libmbedtls are empty. Don't bother testing, because for each crypto-only preset, another component builds that plus the x509 and tls parts and tests everything.
2020-01-31 14:24:14 +01:00
}
tests: prevent inclusion of time.h in baremetal compiles baremetal compiles should not include time.h, as MBEDTLS_HAVE_TIME is undefined. To test this, provide an overriding include directory that has a time.h which throws a meaningful error if included. Signed-off-by: Daniel Axtens <dja@axtens.net>
2020-09-02 13:30:13 +02:00
support_build_crypto_baremetal () {
tests: add baremetal full config build To be able to test utility programs for an absence of time.h, we need a baremetal config that is not crypto only. Add one. Signed-off-by: Daniel Axtens <dja@axtens.net>
2020-08-31 06:22:58 +02:00
support_build_baremetal "$@"
}
component_build_baremetal () {
msg "build: make, baremetal config"
scripts/config.py baremetal
Use $PWD instead of $(pwd) for consistency Change the new baremetal all.sh tests to use $PWD rather than calling pwd again directly. Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-11-30 12:40:54 +01:00
make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
tests: add baremetal full config build To be able to test utility programs for an absence of time.h, we need a baremetal config that is not crypto only. Add one. Signed-off-by: Daniel Axtens <dja@axtens.net>
2020-08-31 06:22:58 +02:00
}
support_build_baremetal () {
tests: prevent inclusion of time.h in baremetal compiles baremetal compiles should not include time.h, as MBEDTLS_HAVE_TIME is undefined. To test this, provide an overriding include directory that has a time.h which throws a meaningful error if included. Signed-off-by: Daniel Axtens <dja@axtens.net>
2020-09-02 13:30:13 +02:00
# Older Glibc versions include time.h from other headers such as stdlib.h,
# which makes the no-time.h-in-baremetal check fail. Ubuntu 16.04 has this
# problem, Ubuntu 18.04 is ok.
! grep -q -F time.h /usr/include/x86_64-linux-gnu/sys/types.h
}
Add test components for crypto-only builds For each of the crypto-only presets, run the build and check that the resulting libmbedx509 and libmbedtls are empty. Don't bother testing, because for each crypto-only preset, another component builds that plus the x509 and tls parts and tests everything.
2020-01-31 14:24:14 +01:00
Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 16:49:22 +02:00
# depends.py family of tests
Split depends.py all.sh job into seven Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-05 15:14:07 +02:00
component_test_depends_py_cipher_id () {
msg "test/build: depends.py cipher_id (gcc)"
Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 16:49:22 +02:00
tests/scripts/depends.py cipher_id --unset-use-psa
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add build using PSA to all.sh
2018-10-30 11:20:45 +01:00
Split depends.py all.sh job into seven Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-05 15:14:07 +02:00
component_test_depends_py_cipher_chaining () {
msg "test/build: depends.py cipher_chaining (gcc)"
Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 16:49:22 +02:00
tests/scripts/depends.py cipher_chaining --unset-use-psa
Add new test_depends_curves_psa to all.sh Add new test (test_depends_curves_psa) to all.sh to confirm that test is passing when MBEDTLS_USE_PSA_CRYPTO is defined. Fix #3294 Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-08-20 15:16:41 +02:00
}
Split depends.py all.sh job into seven Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-05 15:14:07 +02:00
component_test_depends_py_cipher_padding () {
msg "test/build: depends.py cipher_padding (gcc)"
Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 16:49:22 +02:00
tests/scripts/depends.py cipher_padding --unset-use-psa
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add build using PSA to all.sh
2018-10-30 11:20:45 +01:00
Split depends.py all.sh job into seven Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-05 15:14:07 +02:00
component_test_depends_py_curves () {
msg "test/build: depends.py curves (gcc)"
Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 16:49:22 +02:00
tests/scripts/depends.py curves --unset-use-psa
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add build using PSA to all.sh
2018-10-30 11:20:45 +01:00
Split depends.py all.sh job into seven Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-05 15:14:07 +02:00
component_test_depends_py_hashes () {
msg "test/build: depends.py hashes (gcc)"
Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 16:49:22 +02:00
tests/scripts/depends.py hashes --unset-use-psa
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add build using PSA to all.sh
2018-10-30 11:20:45 +01:00
Split depends.py all.sh job into seven Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-05 15:14:07 +02:00
component_test_depends_py_kex () {
msg "test/build: depends.py kex (gcc)"
Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 16:49:22 +02:00
tests/scripts/depends.py kex --unset-use-psa
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add build using PSA to all.sh
2018-10-30 11:20:45 +01:00
Split depends.py all.sh job into seven Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-05 15:14:07 +02:00
component_test_depends_py_pkalgs () {
msg "test/build: depends.py pkalgs (gcc)"
Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 16:49:22 +02:00
tests/scripts/depends.py pkalgs --unset-use-psa
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add build using PSA to all.sh
2018-10-30 11:20:45 +01:00
Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 16:49:22 +02:00
# PSA equivalents of the depends.py tests
component_test_depends_py_cipher_id_psa () {
msg "test/build: depends.py cipher_id (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
Split depends.py all.sh job into seven Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-05 15:14:07 +02:00
tests/scripts/depends.py cipher_id
}
Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 16:49:22 +02:00
component_test_depends_py_cipher_chaining_psa () {
msg "test/build: depends.py cipher_chaining (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
Split depends.py all.sh job into seven Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-05 15:14:07 +02:00
tests/scripts/depends.py cipher_chaining
}
Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 16:49:22 +02:00
component_test_depends_py_cipher_padding_psa () {
msg "test/build: depends.py cipher_padding (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
Split depends.py all.sh job into seven Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-05 15:14:07 +02:00
tests/scripts/depends.py cipher_padding
}
Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 16:49:22 +02:00
component_test_depends_py_curves_psa () {
msg "test/build: depends.py curves (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
Split depends.py all.sh job into seven Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-05 15:14:07 +02:00
tests/scripts/depends.py curves
}
Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 16:49:22 +02:00
component_test_depends_py_hashes_psa () {
msg "test/build: depends.py hashes (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
Split depends.py all.sh job into seven Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-05 15:14:07 +02:00
tests/scripts/depends.py hashes
}
Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 16:49:22 +02:00
component_test_depends_py_kex_psa () {
msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
Split depends.py all.sh job into seven Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-05 15:14:07 +02:00
tests/scripts/depends.py kex
}
Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 16:49:22 +02:00
component_test_depends_py_pkalgs_psa () {
msg "test/build: depends.py pkalgs (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
Split depends.py all.sh job into seven Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-05 15:14:07 +02:00
tests/scripts/depends.py pkalgs
Add an all.sh component running depends.pl Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-04 16:38:28 +02:00
}
Test the build with whole-module alternative implementations Use headers defining dummy context types. The test does not pass yet. I plan to fix this in subsequent commits. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 09:04:46 +02:00
component_build_module_alt () {
msg "build: MBEDTLS_XXX_ALT" # ~30s
scripts/config.py full
# Disable options that are incompatible with some ALT implementations.
# aesni.c and padlock.c reference mbedtls_aes_context fields directly.
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_PADLOCK_C
# You can only have one threading implementation: alt or pthread, not both.
scripts/config.py unset MBEDTLS_THREADING_PTHREAD
MBEDTLS_PK_PARSE_EC_EXTENDED is incompatible with MBEDTLS_ECP_ALT ... unless the alt implementation defines a group structure that's mostly compatible with the built-in one and supports partially filled group structures in the same way. It would be possible to rewrite the SpecifiedECDomain parsing code to avoid requiring support for partially filled group structures, but that's too complicated to do now. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-31 21:21:12 +02:00
# The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields
# directly and assumes the implementation works with partial groups.
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be specified. If used, it is necessary to compile with -march=armv8-a+crypto. The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms continue to work, and are mutually exclusive with A64_CRYPTO. There should be minimal code size impact if no A64_CRYPTO option is set. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-02-20 23:25:31 +01:00
# MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_A64_CRYPTO_*
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be specified. If used, it is necessary to compile with -march=armv8.2-a+sha3. The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO. There should be minimal code size impact if no A64_CRYPTO option is set. The SHA-512 implementation was originally written by Simon Tatham for PuTTY, under the MIT licence; dual-licensed as Apache 2 with his kind permission. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-15 11:51:52 +01:00
# MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
Test the build with whole-module alternative implementations Use headers defining dummy context types. The test does not pass yet. I plan to fix this in subsequent commits. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 09:04:46 +02:00
# Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable
# MBEDTLS_XXX_YYY_ALT which are for single functions.
scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT'
MBEDTLS_DEBUG_C is compatible with every whole-module ALT except DHM It would be possible to make SSL debugging compatible with MBEDTLS_DHM_ALT, but too much low-priority work right now, so don't require it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-31 22:09:58 +02:00
scripts/config.py unset MBEDTLS_DHM_ALT #incompatible with MBEDTLS_DEBUG_C
# We can only compile, not link, since we don't have any implementations
# suitable for testing with the dummy alt headers.
make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
}
component_build_dhm_alt () {
msg "build: MBEDTLS_DHM_ALT" # ~30s
scripts/config.py full
scripts/config.py set MBEDTLS_DHM_ALT
# debug.c currently references mbedtls_dhm_context fields directly.
scripts/config.py unset MBEDTLS_DEBUG_C
Test the build with whole-module alternative implementations Use headers defining dummy context types. The test does not pass yet. I plan to fix this in subsequent commits. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 09:04:46 +02:00
# We can only compile, not link, since we don't have any implementations
# suitable for testing with the dummy alt headers.
make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
}
Enable USE_PSA_CRYPTO with config.pl full Previously it was disabled as too experimental, which no longer holds. Also, this option introduces new APIs, so it's not only about an internal alternative (as the comment in config.pl used to state) - people who request a full config should get all of the available APIs. Adapt all.sh: now all builds with full config will also test this option, and builds with the default config will test without it. Just to be sure, let's have a build with full config minus this option. Update documentation of MBEDTLS_USE_PSA_CRYPTO to reflect the status of the new APIs it enables in Mbed TLS and why they're still opt-in.
2019-02-01 12:38:40 +01:00
component_test_no_use_psa_crypto_full_cmake_asan() {
# full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
Fix copypasta in msg
2019-09-03 11:42:04 +02:00
msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan"
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py full
scripts/config.py set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-08 16:57:54 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
Enable MBEDTLS_PSA_CRYPTO_SE_C in config full It started out as be experimental, but it is now robust enough not to break the rest, so there's no reason to leave it out. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-12 14:21:55 +02:00
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
Disable LMS in all.sh when PSA isn't enabled Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-09-28 10:32:48 +02:00
scripts/config.py unset MBEDTLS_LMS_C
Disable LMS_PRIVATE in all.sh when LMS is disabled Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-09-28 13:00:20 +02:00
scripts/config.py unset MBEDTLS_LMS_PRIVATE
Build from submodule by default (make, cmake) Adapt tests in all.sh: - tests with submodule enabled (default) no longer need to enable it explicitly, and no longer need runtime tests, as those are now handled by all other test cases in this script - tests with submodule disabled (old default) now need to disable it explicitly, and execute some runtime tests, as those are no longer tested anywhere else in this script Adapt documentation in Readme: remove the section "building with submodule" and replace it with a new section before the other building sections. Purposefully don't document how to build not from the submodule, as that option is going away soon.
2019-02-01 11:12:52 +01:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
Merge development commit f352f7 into development-psa
2019-02-01 13:03:03 +01:00
make
all_sh: add a check for header inclusion in cpp_dummy_build.cpp change the g++ test to be incremental, to save time reorganize header order in cpp_dummy_build.cpp according to c locale
2018-07-02 15:08:21 +02:00
Enable USE_PSA_CRYPTO with config.pl full Previously it was disabled as too experimental, which no longer holds. Also, this option introduces new APIs, so it's not only about an internal alternative (as the comment in config.pl used to state) - people who request a full config should get all of the available APIs. Adapt all.sh: now all builds with full config will also test this option, and builds with the default config will test without it. Just to be sure, let's have a build with full config minus this option. Update documentation of MBEDTLS_USE_PSA_CRYPTO to reflect the status of the new APIs it enables in Mbed TLS and why they're still opt-in.
2019-02-01 12:38:40 +01:00
msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)"
Merge development commit f352f7 into development-psa
2019-02-01 13:03:03 +01:00
make test
Merge development commit 8e76332 into development-psa Additional changes to temporarily enable running tests: ssl_srv.c and test_suite_ecdh use mbedtls_ecp_group_load instead of mbedtls_ecdh_setup test_suite_ctr_drbg uses mbedtls_ctr_drbg_update instead of mbedtls_ctr_drbg_update_ret
2019-01-31 14:20:20 +01:00
Enable USE_PSA_CRYPTO with config.pl full Previously it was disabled as too experimental, which no longer holds. Also, this option introduces new APIs, so it's not only about an internal alternative (as the comment in config.pl used to state) - people who request a full config should get all of the available APIs. Adapt all.sh: now all builds with full config will also test this option, and builds with the default config will test without it. Just to be sure, let's have a build with full config minus this option. Update documentation of MBEDTLS_USE_PSA_CRYPTO to reflect the status of the new APIs it enables in Mbed TLS and why they're still opt-in.
2019-02-01 12:38:40 +01:00
msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh
Merge development commit 8e76332 into development-psa Additional changes to temporarily enable running tests: ssl_srv.c and test_suite_ecdh use mbedtls_ecp_group_load instead of mbedtls_ecdh_setup test_suite_ctr_drbg uses mbedtls_ctr_drbg_update instead of mbedtls_ctr_drbg_update_ret
2019-01-31 14:20:20 +01:00
Enable USE_PSA_CRYPTO with config.pl full Previously it was disabled as too experimental, which no longer holds. Also, this option introduces new APIs, so it's not only about an internal alternative (as the comment in config.pl used to state) - people who request a full config should get all of the available APIs. Adapt all.sh: now all builds with full config will also test this option, and builds with the default config will test without it. Just to be sure, let's have a build with full config minus this option. Update documentation of MBEDTLS_USE_PSA_CRYPTO to reflect the status of the new APIs it enables in Mbed TLS and why they're still opt-in.
2019-02-01 12:38:40 +01:00
msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/compat.sh
Merge development commit 8e76332 into development-psa Additional changes to temporarily enable running tests: ssl_srv.c and test_suite_ecdh use mbedtls_ecp_group_load instead of mbedtls_ecdh_setup test_suite_ctr_drbg uses mbedtls_ctr_drbg_update instead of mbedtls_ctr_drbg_update_ret
2019-01-31 14:20:20 +01:00
Rm DES from invocations of compat.sh It no longer makes sense, either in -e or -f: those ciphersuites have been removed anyway. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-06 13:28:27 +02:00
msg "test: compat.sh NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -f 'NULL'
Add test build with all except ssl_cli/srv.c
2015-05-20 11:13:56 +02:00
Enable USE_PSA_CRYPTO with config.pl full Previously it was disabled as too experimental, which no longer holds. Also, this option introduces new APIs, so it's not only about an internal alternative (as the comment in config.pl used to state) - people who request a full config should get all of the available APIs. Adapt all.sh: now all builds with full config will also test this option, and builds with the default config will test without it. Just to be sure, let's have a build with full config minus this option. Update documentation of MBEDTLS_USE_PSA_CRYPTO to reflect the status of the new APIs it enables in Mbed TLS and why they're still opt-in.
2019-02-01 12:38:40 +01:00
msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
Merge development commit f352f7 into development-psa
2019-02-01 13:03:03 +01:00
}
Add tests for disabled MFL-extension to all.sh This commit adds a build with default config except MBEDTLS_SSL_MAX_FRAGMENT_LENGTH to all.sh, as well as a run of the MFL-related tests in ssl-opt.sh.
2017-09-18 16:36:25 +02:00
all.sh: psa: Add ECDSA and RSA signature acceleration component Add ECDSA and RSA signature acceleration testing with signature capabilitites removed from the Mbed TLS library. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-13 09:38:05 +02:00
component_test_psa_crypto_config_accel_ecdsa () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
# partial support for cipher operations in the driver test library.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
# SHA384 needed for some ECDSA signature tests.
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA384_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
# Restore test driver base configuration
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA384_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C
Add ECDSA support to PSA crypto configuration Initial changes to PSA crypto core to support configuration of ECDSA algorithm using PSA crypto configuration mechanism. Guards using MBEDTLS_ECDSA_C and MBEDTLS_ECDSA_DETERMINISTIC have been changed to be based off PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_ECDSA_DETERMINISTIC. Added new tests to all.sh to confirm new settings are working properly. Current code does not pass the tests since built in signature verification is not in place. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-21 08:09:17 +02:00
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
all.sh: psa: Add ECDSA and RSA signature acceleration component Add ECDSA and RSA signature acceleration testing with signature capabilitites removed from the Mbed TLS library. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-13 09:38:05 +02:00
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
Add ECDSA support to PSA crypto configuration Initial changes to PSA crypto core to support configuration of ECDSA algorithm using PSA crypto configuration mechanism. Guards using MBEDTLS_ECDSA_C and MBEDTLS_ECDSA_DETERMINISTIC have been changed to be based off PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_ECDSA_DETERMINISTIC. Added new tests to all.sh to confirm new settings are working properly. Current code does not pass the tests since built in signature verification is not in place. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-21 08:09:17 +02:00
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
all.sh: psa: Add ECDSA and RSA signature acceleration component Add ECDSA and RSA signature acceleration testing with signature capabilitites removed from the Mbed TLS library. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-13 09:38:05 +02:00
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
Fix include path for programs Same problem as #6101, same fix (the second commit of #6111). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 09:27:53 +02:00
make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
all.sh: psa: Add ECDSA and RSA signature acceleration component Add ECDSA and RSA signature acceleration testing with signature capabilitites removed from the Mbed TLS library. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-13 09:38:05 +02:00
Remove obsolete calls to if_build_succeeded This is now a no-op. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:30:54 +01:00
not grep mbedtls_ecdsa_ library/ecdsa.o
all.sh: psa: Add ECDSA and RSA signature acceleration component Add ECDSA and RSA signature acceleration testing with signature capabilitites removed from the Mbed TLS library. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-13 09:38:05 +02:00
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
make test
}
component_test_psa_crypto_config_accel_rsa_signature () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
# partial support for cipher operations in the driver test library.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
# It seems it is not possible to remove only the support for RSA signature
# in the library. Thus we have to remove all RSA support (signature and
# encryption/decryption). AS there is no driver support for asymmetric
# encryption/decryption so far remove RSA encryption/decryption from the
# application algorithm list.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
# Make sure both the library and the test library support the SHA hash
# algorithms and only those ones (SHA256 is included by default). That way:
# - the test library can compute the RSA signatures even in the case of a
# composite RSA signature algorithm based on a SHA hash (no other hash
# used in the unit tests).
# - the dependency of RSA signature tests on PSA_WANT_ALG_SHA_xyz is
# fulfilled as the hash SHA algorithm is supported by the library, and
# thus the tests are run, not skipped.
# - when testing a signature key with an algorithm wildcard built from
# PSA_ALG_ANY_HASH as algorithm to test with the key, the chosen hash
# algorithm based on the hashes supported by the library is also
# supported by the test library.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA1_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C
Fix failure of RSA accel test Previously MD_C was auto-enabled based on the fact that ALG_RSA_PSS was requested, but that's no longer the case since the previous commit. We can fix this in one of two ways: either enable MD_C, or enable all the PSA_WANT_ALG_SHA_xxx that are needed for test. Go for MD_C because it's a single line and avoids having to enumerate a list that might grow in the future. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-27 12:30:34 +02:00
# We need to define either MD_C or all of the PSA_WANT_ALG_SHAxxx.
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_MD_C
all.sh: psa: Add ECDSA and RSA signature acceleration component Add ECDSA and RSA signature acceleration testing with signature capabilitites removed from the Mbed TLS library. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-13 09:38:05 +02:00
# We need PEM parsing in the test library as well to support the import
# of PEM encoded RSA keys.
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_PEM_PARSE_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_BASE64_C
loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY"
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
# Restore test driver base configuration
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA1_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C
Fix failure of RSA accel test Previously MD_C was auto-enabled based on the fact that ALG_RSA_PSS was requested, but that's no longer the case since the previous commit. We can fix this in one of two ways: either enable MD_C, or enable all the PSA_WANT_ALG_SHA_xxx that are needed for test. Go for MD_C because it's a single line and avoids having to enumerate a list that might grow in the future. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-27 12:30:34 +02:00
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_MD_C
all.sh: psa: Add ECDSA and RSA signature acceleration component Add ECDSA and RSA signature acceleration testing with signature capabilitites removed from the Mbed TLS library. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-13 09:38:05 +02:00
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_PEM_PARSE_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_BASE64_C
# Mbed TLS library build
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
# Remove RSA support and its dependencies
scripts/config.py unset MBEDTLS_PKCS1_V15
scripts/config.py unset MBEDTLS_PKCS1_V21
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
scripts/config.py unset MBEDTLS_RSA_C
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
scripts/config.py unset MBEDTLS_MD5_C
scripts/config.py unset MBEDTLS_RIPEMD160_C
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_1
scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
Fix include path for programs Same problem as #6101, same fix (the second commit of #6111). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 09:27:53 +02:00
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
all.sh: psa: Add ECDSA and RSA signature acceleration component Add ECDSA and RSA signature acceleration testing with signature capabilitites removed from the Mbed TLS library. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-13 09:38:05 +02:00
Remove obsolete calls to if_build_succeeded This is now a no-op. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:30:54 +01:00
not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o
not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o
all.sh: psa: Add ECDSA and RSA signature acceleration component Add ECDSA and RSA signature acceleration testing with signature capabilitites removed from the Mbed TLS library. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-13 09:38:05 +02:00
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
make test
}
all.sh: psa: Add hash acceleration test component Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-05-08 14:32:59 +02:00
component_test_psa_crypto_config_accel_hash () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
# partial support for cipher operations in the driver test library.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
tests: psa: Remove MD2, MD4 and ARC4 related code MD2, MD4 and ARC4 are not supported anymore in 3.x. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-07 09:54:36 +01:00
loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
all.sh: psa: Add hash acceleration test component Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-05-08 14:32:59 +02:00
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_MD5_C
scripts/config.py unset MBEDTLS_RIPEMD160_C
scripts/config.py unset MBEDTLS_SHA1_C
# Don't unset MBEDTLS_SHA256_C as it is needed by PSA crypto core.
scripts/config.py unset MBEDTLS_SHA384_C
scripts/config.py unset MBEDTLS_SHA512_C
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
Fix include path for programs Same problem as #6101, same fix (the second commit of #6111). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 09:27:53 +02:00
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
all.sh: psa: Add hash acceleration test component Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-05-08 14:32:59 +02:00
Remove obsolete calls to if_build_succeeded This is now a no-op. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:30:54 +01:00
not grep mbedtls_sha512_init library/sha512.o
not grep mbedtls_sha1_init library/sha1.o
all.sh: psa: Add hash acceleration test component Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-05-08 14:32:59 +02:00
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
make test
}
Make configurations (driver, reference) as close as possible Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-15 13:21:14 +01:00
# Auxiliary function to build config for hashes with and without drivers
config_psa_crypto_hash_use_psa () {
DRIVER_ONLY="$1"
Use full config for testing driver-only hashes Stating from the default config means a few things are implicitly excluded; starting from the full config makes it all fully explicit. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 10:38:46 +02:00
# start with config full for maximum coverage (also enables USE_PSA)
scripts/config.py full
# enable support for drivers and configuring PSA-only algorithms
Add component with accelerated hashes and USE_PSA Currently the test suites are passing because a lot of tests functions/cases explicitly depend on SHAxxx_C, resulting in them being skipped in this build. The goal of the next few commits is going to make them pass and achieve test parity with a non-accelerated build for selected modules. Note: compared to the previous component, I'm using 'make tests' not 'make' (ie not building program) because I'm betting build failures (some header not found) in programs which are not my interest atm. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-06 13:06:57 +02:00
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
Keep drivers enabled also in reference build Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-16 12:53:20 +01:00
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
Make configurations (driver, reference) as close as possible Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-15 13:21:14 +01:00
if [ "$DRIVER_ONLY" -eq 1 ]; then
# disable the built-in implementation of hashes
scripts/config.py unset MBEDTLS_MD5_C
scripts/config.py unset MBEDTLS_RIPEMD160_C
scripts/config.py unset MBEDTLS_SHA1_C
scripts/config.py unset MBEDTLS_SHA224_C
scripts/config.py unset MBEDTLS_SHA256_C # see external RNG below
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
scripts/config.py unset MBEDTLS_SHA384_C
scripts/config.py unset MBEDTLS_SHA512_C
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
fi
Build with SHA-256 accelerated too Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-11 11:06:09 +02:00
# Use an external RNG as currently internal RNGs depend on entropy.c
# which in turn hard-depends on SHA256_C (or SHA512_C).
# See component_test_psa_external_rng_no_drbg_use_psa.
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
scripts/config.py unset MBEDTLS_ENTROPY_C
Use full config for testing driver-only hashes Stating from the default config means a few things are implicitly excluded; starting from the full config makes it all fully explicit. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 10:38:46 +02:00
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED # depends on ENTROPY_C
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT # depends on former
Build with SHA-256 accelerated too Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-11 11:06:09 +02:00
# Also unset MD_C and things that depend on it;
# see component_test_crypto_full_no_md.
Make configurations (driver, reference) as close as possible Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-15 13:21:14 +01:00
if [ "$DRIVER_ONLY" -eq 1 ]; then
scripts/config.py unset MBEDTLS_MD_C
fi
Improve comments & messages Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-19 12:12:21 +02:00
scripts/config.py unset MBEDTLS_HKDF_C # has independent PSA implementation
Test without MD_C test_suite_pk still passes, with the same number of skipped tests as in the default config minus PKCS#1v2.1 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-08 19:12:33 +02:00
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
Make configurations (driver, reference) as close as possible Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-15 13:21:14 +01:00
}
# Note that component_test_psa_crypto_config_reference_hash_use_psa
# is related to this component and both components need to be kept in sync.
# For details please see comments for component_test_psa_crypto_config_reference_hash_use_psa.
component_test_psa_crypto_config_accel_hash_use_psa () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
# partial support for cipher operations in the driver test library.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
config_psa_crypto_hash_use_psa 1
Test without MD_C test_suite_pk still passes, with the same number of skipped tests as in the default config minus PKCS#1v2.1 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-08 19:12:33 +02:00
Add component with accelerated hashes and USE_PSA Currently the test suites are passing because a lot of tests functions/cases explicitly depend on SHAxxx_C, resulting in them being skipped in this build. The goal of the next few commits is going to make them pass and achieve test parity with a non-accelerated build for selected modules. Note: compared to the previous component, I'm using 'make tests' not 'make' (ie not building program) because I'm betting build failures (some header not found) in programs which are not my interest atm. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-06 13:06:57 +02:00
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
Fix test_psa_crypto_config_accel_hash_use_psa build when including libtestdriver1 PSA headers from programs Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-20 16:25:49 +02:00
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" all
Add component with accelerated hashes and USE_PSA Currently the test suites are passing because a lot of tests functions/cases explicitly depend on SHAxxx_C, resulting in them being skipped in this build. The goal of the next few commits is going to make them pass and achieve test parity with a non-accelerated build for selected modules. Note: compared to the previous component, I'm using 'make tests' not 'make' (ie not building program) because I'm betting build failures (some header not found) in programs which are not my interest atm. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-06 13:06:57 +02:00
Test without MD_C test_suite_pk still passes, with the same number of skipped tests as in the default config minus PKCS#1v2.1 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-08 19:12:33 +02:00
# There's a risk of something getting re-enabled via config_psa.h;
# make sure it did not happen.
not grep mbedtls_md library/md.o
not grep mbedtls_md5 library/md5.o
not grep mbedtls_sha1 library/sha1.o
Build with SHA-256 accelerated too Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-11 11:06:09 +02:00
not grep mbedtls_sha256 library/sha256.o
Test without MD_C test_suite_pk still passes, with the same number of skipped tests as in the default config minus PKCS#1v2.1 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-08 19:12:33 +02:00
not grep mbedtls_sha512 library/sha512.o
not grep mbedtls_ripemd160 library/ripemd160.o
Add component with accelerated hashes and USE_PSA Currently the test suites are passing because a lot of tests functions/cases explicitly depend on SHAxxx_C, resulting in them being skipped in this build. The goal of the next few commits is going to make them pass and achieve test parity with a non-accelerated build for selected modules. Note: compared to the previous component, I'm using 'make tests' not 'make' (ie not building program) because I'm betting build failures (some header not found) in programs which are not my interest atm. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-06 13:06:57 +02:00
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
make test
Add an ssl-opt.sh run to all.sh for the accel_hash_use_psa config Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-05 21:39:23 +02:00
Remove hidden option to skip ssl-opt and compat tests Also remove compat tests from reference component as results from this run are not included in outcome file. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-27 08:24:43 +02:00
msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
tests/ssl-opt.sh
Add an ssl-opt.sh run to all.sh for the accel_hash_use_psa config Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-05 21:39:23 +02:00
Remove hidden option to skip ssl-opt and compat tests Also remove compat tests from reference component as results from this run are not included in outcome file. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-27 08:24:43 +02:00
msg "test: compat.sh, MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA"
Disable PSA_WANT_ALG_STREAM_CIPHER, PSA_WANT_ALG_ECB_NO_PADDING also in reference config Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-16 12:55:27 +01:00
tests/compat.sh
Add component with accelerated hashes and USE_PSA Currently the test suites are passing because a lot of tests functions/cases explicitly depend on SHAxxx_C, resulting in them being skipped in this build. The goal of the next few commits is going to make them pass and achieve test parity with a non-accelerated build for selected modules. Note: compared to the previous component, I'm using 'make tests' not 'make' (ie not building program) because I'm betting build failures (some header not found) in programs which are not my interest atm. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-06 13:06:57 +02:00
}
Add comments to explan the purpose of the reference component Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-27 10:29:15 +02:00
# This component provides reference configuration for test_psa_crypto_config_accel_hash_use_psa
# without accelerated hash. The outcome from both components are used by the analyze_outcomes.py
# script to find regression in test coverage when accelerated hash is used (tests and ssl-opt).
# Both components need to be kept in sync.
Add test component: component_test_psa_crypto_config_reference_hash_use_psa Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-20 14:21:21 +02:00
component_test_psa_crypto_config_reference_hash_use_psa() {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA"
Make configurations (driver, reference) as close as possible Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-15 13:21:14 +01:00
Disable PSA_WANT_ALG_STREAM_CIPHER, PSA_WANT_ALG_ECB_NO_PADDING also in reference config Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-16 12:55:27 +01:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
Make configurations (driver, reference) as close as possible Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-15 13:21:14 +01:00
config_psa_crypto_hash_use_psa 0
Add test component: component_test_psa_crypto_config_reference_hash_use_psa Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-20 14:21:21 +02:00
Fix build command in test_psa_crypto_config_reference_hash_use_psa Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-24 11:29:35 +02:00
make
Add test component: component_test_psa_crypto_config_reference_hash_use_psa Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-20 14:21:21 +02:00
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA"
make test
Remove hidden option to skip ssl-opt and compat tests Also remove compat tests from reference component as results from this run are not included in outcome file. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-27 08:24:43 +02:00
msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA"
tests/ssl-opt.sh
Add component with accelerated hashes and USE_PSA Currently the test suites are passing because a lot of tests functions/cases explicitly depend on SHAxxx_C, resulting in them being skipped in this build. The goal of the next few commits is going to make them pass and achieve test parity with a non-accelerated build for selected modules. Note: compared to the previous component, I'm using 'make tests' not 'make' (ie not building program) because I'm betting build failures (some header not found) in programs which are not my interest atm. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-06 13:06:57 +02:00
}
all.sh: psa: Add cipher acceleration test component Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-10-18 11:26:01 +02:00
component_test_psa_crypto_config_accel_cipher () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher"
loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES"
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
tests: psa: Test cipher operations by a transparent driver Test cipher operations by a transparent driver in all.sh test_psa_crypto_config_basic and test_psa_crypto_drivers components. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-11 11:49:03 +01:00
# There is no intended accelerator support for ALG STREAM_CIPHER and
# ALG_ECB_NO_PADDING. Therefore, asking for them in the build implies the
# inclusion of the Mbed TLS cipher operations. As we want to test here with
# cipher operations solely supported by accelerators, disabled those
# PSA configuration options.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
all.sh: psa: Add cipher acceleration test component Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-10-18 11:26:01 +02:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CMAC
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7
scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR
scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB
scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB
scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
tests: psa: Test cipher operations by a transparent driver Test cipher operations by a transparent driver in all.sh test_psa_crypto_config_basic and test_psa_crypto_drivers components. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-11 11:49:03 +01:00
scripts/config.py unset MBEDTLS_DES_C
all.sh: psa: Add cipher acceleration test component Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-10-18 11:26:01 +02:00
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
Fix include path for programs Same problem as #6101, same fix (the second commit of #6111). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 09:27:53 +02:00
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
all.sh: psa: Add cipher acceleration test component Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-10-18 11:26:01 +02:00
Remove obsolete calls to if_build_succeeded This is now a no-op. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:30:54 +01:00
not grep mbedtls_des* library/des.o
Add ECDSA support to PSA crypto configuration Initial changes to PSA crypto core to support configuration of ECDSA algorithm using PSA crypto configuration mechanism. Guards using MBEDTLS_ECDSA_C and MBEDTLS_ECDSA_DETERMINISTIC have been changed to be based off PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_ECDSA_DETERMINISTIC. Added new tests to all.sh to confirm new settings are working properly. Current code does not pass the tests since built in signature verification is not in place. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-21 08:09:17 +02:00
Clean up two accel tests in all.sh - TLS versions earlier than 1.2 have been removed - fix a copy-paste typo Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-06 10:46:57 +02:00
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher"
Added new PSA crypto config test with no test driver Added a new test to all.sh to confirm that using MBEDTLS_PSA_CRYPTO_CONFIG with no test driver and the library is configured with normal configurations that the test works. Minor updates to other PSA crypto tests to cleanup msg output for consistency. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-23 10:26:57 +02:00
make test
}
all.sh: add testing of AEAD drivers with libtestdriver1 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-02 20:58:39 +02:00
component_test_psa_crypto_config_accel_aead () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
# partial support for cipher operations in the driver test library.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
Make sure that disabled features are not included in image and fix test config Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-11 11:52:25 +02:00
loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA"
all.sh: add testing of AEAD drivers with libtestdriver1 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-02 20:58:39 +02:00
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
Make sure that disabled features are not included in image and fix test config Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-11 11:52:25 +02:00
scripts/config.py unset MBEDTLS_GCM_C
scripts/config.py unset MBEDTLS_CCM_C
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
# Features that depend on AEAD
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
Disable MBEDTLS_SSL_TICKET_C in aead driver test. MBEDTLS_SSL_TICKET_C depends now on: MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C. All features are disabled in this config. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-13 09:59:52 +02:00
scripts/config.py unset MBEDTLS_SSL_TICKET_C
all.sh: add testing of AEAD drivers with libtestdriver1 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-02 20:58:39 +02:00
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
Make sure that disabled features are not included in image and fix test config Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-11 11:52:25 +02:00
# There's a risk of something getting re-enabled via config_psa.h
# make sure it did not happen.
not grep mbedtls_ccm library/ccm.o
not grep mbedtls_gcm library/gcm.o
not grep mbedtls_chachapoly library/chachapoly.o
all.sh: add testing of AEAD drivers with libtestdriver1 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-02 20:58:39 +02:00
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
make test
}
Added new PSA crypto config test with no test driver Added a new test to all.sh to confirm that using MBEDTLS_PSA_CRYPTO_CONFIG with no test driver and the library is configured with normal configurations that the test works. Minor updates to other PSA crypto tests to cleanup msg output for consistency. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-23 10:26:57 +02:00
component_test_psa_crypto_config_no_driver() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Cleaned up test_psa_crypto_config_no_driver based on review comments Removed comment referencing test driver header path and the inclusion of the test driver directory from the build since it is not required for that test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-26 17:55:01 +01:00
make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
Added new PSA crypto config test with no test driver Added a new test to all.sh to confirm that using MBEDTLS_PSA_CRYPTO_CONFIG with no test driver and the library is configured with normal configurations that the test works. Minor updates to other PSA crypto tests to cleanup msg output for consistency. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-23 10:26:57 +02:00
msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS"
Add ECDSA support to PSA crypto configuration Initial changes to PSA crypto core to support configuration of ECDSA algorithm using PSA crypto configuration mechanism. Guards using MBEDTLS_ECDSA_C and MBEDTLS_ECDSA_DETERMINISTIC have been changed to be based off PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_ECDSA_DETERMINISTIC. Added new tests to all.sh to confirm new settings are working properly. Current code does not pass the tests since built in signature verification is not in place. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-21 08:09:17 +02:00
make test
}
all.sh: add full - MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305 Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-13 11:09:44 +02:00
component_test_psa_crypto_config_chachapoly_disabled() {
Address review comments Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-15 08:04:53 +02:00
# full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
all.sh: add full - MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305 Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-13 11:09:44 +02:00
scripts/config.py full
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_GCM
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CHACHA20_POLY1305
make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
Address review comments Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-15 08:04:53 +02:00
msg "test: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
all.sh: add full - MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305 Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-13 11:09:44 +02:00
make test
}
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG This phase adds in support for the following features being added to the list of features that can be configured in the include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to the PSA crypto library to use the appropriate new guards that will allow the feature to be compiled in or out either using new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros. For HKDF and HMAC, most of the PSA library code did not have a specific matching MBEDTLS_xxx macro for that feature, but was instead using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA features more closely aligned with a direct replacement with a similar macro. The new tests for RSA, HMAC, and HKDF would normally unset additional dependent macros, but when attempting to implement that level of testing it required removal of too many core features like MD_C, PK_C, ECP_C and other low level features. This may point to additional phases of work to complete the transition of these features to the new model. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test.
Corrected guards in PSA library based on review comments Revised the placement of various new MBEDTLS_PSA_BUILTIN_xxx guards based on review comments. Corrected guards in psa test driver to use _ACCEL version instead of _BUILTIN version. Updated check_config_psa.h to include additional dependency checks for more algorithms. Renamed some of the new tests to be a little more clear on the purpose. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-10 17:50:04 +01:00
component_build_psa_accel_alg_ecdh() {
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG This phase adds in support for the following features being added to the list of features that can be configured in the include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to the PSA crypto library to use the appropriate new guards that will allow the feature to be compiled in or out either using new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros. For HKDF and HMAC, most of the PSA library code did not have a specific matching MBEDTLS_xxx macro for that feature, but was instead using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA features more closely aligned with a direct replacement with a similar macro. The new tests for RSA, HMAC, and HKDF would normally unset additional dependent macros, but when attempting to implement that level of testing it required removal of too many core features like MD_C, PK_C, ECP_C and other low level features. This may point to additional phases of work to complete the transition of these features to the new model. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH
# without MBEDTLS_ECDH_C
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG This phase adds in support for the following features being added to the list of features that can be configured in the include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to the PSA crypto library to use the appropriate new guards that will allow the feature to be compiled in or out either using new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros. For HKDF and HMAC, most of the PSA library code did not have a specific matching MBEDTLS_xxx macro for that feature, but was instead using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA features more closely aligned with a direct replacement with a similar macro. The new tests for RSA, HMAC, and HKDF would normally unset additional dependent macros, but when attempting to implement that level of testing it required removal of too many core features like MD_C, PK_C, ECP_C and other low level features. This may point to additional phases of work to complete the transition of these features to the new model. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
scripts/config.py unset MBEDTLS_ECDH_C
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
Added additional support for ECP for PSA_CRYPTO_CONFIG The KEY_TYPE_ECC_KEY_PAIR and KEY_TYPE_ECC_PUBLIC_KEY were previously being guarded by MBEDTLS_ECP_C in the PSA crypto library code. This change moves it to the new MBEDTLS_PSA_BUILTIN_xxx and separates KEY_PAIR and PUBLIC_KEY as needed. Tests have also been added to validate the new settings. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-29 04:09:55 +01:00
# This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test.
Corrected guards in PSA library based on review comments Revised the placement of various new MBEDTLS_PSA_BUILTIN_xxx guards based on review comments. Corrected guards in psa test driver to use _ACCEL version instead of _BUILTIN version. Updated check_config_psa.h to include additional dependency checks for more algorithms. Renamed some of the new tests to be a little more clear on the purpose. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-10 17:50:04 +01:00
component_build_psa_accel_key_type_ecc_key_pair() {
Minor updates from review comments Updated macros in config_psa.h that used ECC_xxx to use KEY_TYPE_ECC_xxx per comments from review. Implemented a check_config_psa.h to help with dependency checking of features enabled in config_psa.h. Added check_config_psa.h to visual studio project. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-04 21:28:15 +01:00
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR"
Added additional support for ECP for PSA_CRYPTO_CONFIG The KEY_TYPE_ECC_KEY_PAIR and KEY_TYPE_ECC_PUBLIC_KEY were previously being guarded by MBEDTLS_ECP_C in the PSA crypto library code. This change moves it to the new MBEDTLS_PSA_BUILTIN_xxx and separates KEY_PAIR and PUBLIC_KEY as needed. Tests have also been added to validate the new settings. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-29 04:09:55 +01:00
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Minor updates from review comments Updated macros in config_psa.h that used ECC_xxx to use KEY_TYPE_ECC_xxx per comments from review. Implemented a check_config_psa.h to help with dependency checking of features enabled in config_psa.h. Added check_config_psa.h to visual studio project. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-04 21:28:15 +01:00
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
Updates to PSA crypto library based on review comments Moved new check_crypto_config.h file from include/psa to library directory and the file is now included from *.c instead of the crypto_config.h file. Fixed guards in PSA crypto library based on review comments for new PSA crypto config features. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-17 07:08:34 +01:00
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
Added additional support for ECP for PSA_CRYPTO_CONFIG The KEY_TYPE_ECC_KEY_PAIR and KEY_TYPE_ECC_PUBLIC_KEY were previously being guarded by MBEDTLS_ECP_C in the PSA crypto library code. This change moves it to the new MBEDTLS_PSA_BUILTIN_xxx and separates KEY_PAIR and PUBLIC_KEY as needed. Tests have also been added to validate the new settings. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-29 04:09:55 +01:00
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
Minor updates from review comments Updated macros in config_psa.h that used ECC_xxx to use KEY_TYPE_ECC_xxx per comments from review. Implemented a check_config_psa.h to help with dependency checking of features enabled in config_psa.h. Added check_config_psa.h to visual studio project. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-04 21:28:15 +01:00
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
Added additional support for ECP for PSA_CRYPTO_CONFIG The KEY_TYPE_ECC_KEY_PAIR and KEY_TYPE_ECC_PUBLIC_KEY were previously being guarded by MBEDTLS_ECP_C in the PSA crypto library code. This change moves it to the new MBEDTLS_PSA_BUILTIN_xxx and separates KEY_PAIR and PUBLIC_KEY as needed. Tests have also been added to validate the new settings. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-29 04:09:55 +01:00
}
# This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test.
Corrected guards in PSA library based on review comments Revised the placement of various new MBEDTLS_PSA_BUILTIN_xxx guards based on review comments. Corrected guards in psa test driver to use _ACCEL version instead of _BUILTIN version. Updated check_config_psa.h to include additional dependency checks for more algorithms. Renamed some of the new tests to be a little more clear on the purpose. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-10 17:50:04 +01:00
component_build_psa_accel_key_type_ecc_public_key() {
Minor updates from review comments Updated macros in config_psa.h that used ECC_xxx to use KEY_TYPE_ECC_xxx per comments from review. Implemented a check_config_psa.h to help with dependency checking of features enabled in config_psa.h. Added check_config_psa.h to visual studio project. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-04 21:28:15 +01:00
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY"
Added additional support for ECP for PSA_CRYPTO_CONFIG The KEY_TYPE_ECC_KEY_PAIR and KEY_TYPE_ECC_PUBLIC_KEY were previously being guarded by MBEDTLS_ECP_C in the PSA crypto library code. This change moves it to the new MBEDTLS_PSA_BUILTIN_xxx and separates KEY_PAIR and PUBLIC_KEY as needed. Tests have also been added to validate the new settings. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-29 04:09:55 +01:00
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Minor updates from review comments Updated macros in config_psa.h that used ECC_xxx to use KEY_TYPE_ECC_xxx per comments from review. Implemented a check_config_psa.h to help with dependency checking of features enabled in config_psa.h. Added check_config_psa.h to visual studio project. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-04 21:28:15 +01:00
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
Added additional support for ECP for PSA_CRYPTO_CONFIG The KEY_TYPE_ECC_KEY_PAIR and KEY_TYPE_ECC_PUBLIC_KEY were previously being guarded by MBEDTLS_ECP_C in the PSA crypto library code. This change moves it to the new MBEDTLS_PSA_BUILTIN_xxx and separates KEY_PAIR and PUBLIC_KEY as needed. Tests have also been added to validate the new settings. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-29 04:09:55 +01:00
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
Minor updates from review comments Updated macros in config_psa.h that used ECC_xxx to use KEY_TYPE_ECC_xxx per comments from review. Implemented a check_config_psa.h to help with dependency checking of features enabled in config_psa.h. Added check_config_psa.h to visual studio project. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-04 21:28:15 +01:00
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
Added additional support for ECP for PSA_CRYPTO_CONFIG The KEY_TYPE_ECC_KEY_PAIR and KEY_TYPE_ECC_PUBLIC_KEY were previously being guarded by MBEDTLS_ECP_C in the PSA crypto library code. This change moves it to the new MBEDTLS_PSA_BUILTIN_xxx and separates KEY_PAIR and PUBLIC_KEY as needed. Tests have also been added to validate the new settings. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-29 04:09:55 +01:00
}
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG This phase adds in support for the following features being added to the list of features that can be configured in the include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to the PSA crypto library to use the appropriate new guards that will allow the feature to be compiled in or out either using new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros. For HKDF and HMAC, most of the PSA library code did not have a specific matching MBEDTLS_xxx macro for that feature, but was instead using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA features more closely aligned with a direct replacement with a similar macro. The new tests for RSA, HMAC, and HKDF would normally unset additional dependent macros, but when attempting to implement that level of testing it required removal of too many core features like MD_C, PK_C, ECP_C and other low level features. This may point to additional phases of work to complete the transition of these features to the new model. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test.
Corrected guards in PSA library based on review comments Revised the placement of various new MBEDTLS_PSA_BUILTIN_xxx guards based on review comments. Corrected guards in psa test driver to use _ACCEL version instead of _BUILTIN version. Updated check_config_psa.h to include additional dependency checks for more algorithms. Renamed some of the new tests to be a little more clear on the purpose. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-10 17:50:04 +01:00
component_build_psa_accel_alg_hmac() {
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG This phase adds in support for the following features being added to the list of features that can be configured in the include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to the PSA crypto library to use the appropriate new guards that will allow the feature to be compiled in or out either using new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros. For HKDF and HMAC, most of the PSA library code did not have a specific matching MBEDTLS_xxx macro for that feature, but was instead using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA features more closely aligned with a direct replacement with a similar macro. The new tests for RSA, HMAC, and HKDF would normally unset additional dependent macros, but when attempting to implement that level of testing it required removal of too many core features like MD_C, PK_C, ECP_C and other low level features. This may point to additional phases of work to complete the transition of these features to the new model. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG This phase adds in support for the following features being added to the list of features that can be configured in the include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to the PSA crypto library to use the appropriate new guards that will allow the feature to be compiled in or out either using new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros. For HKDF and HMAC, most of the PSA library code did not have a specific matching MBEDTLS_xxx macro for that feature, but was instead using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA features more closely aligned with a direct replacement with a similar macro. The new tests for RSA, HMAC, and HKDF would normally unset additional dependent macros, but when attempting to implement that level of testing it required removal of too many core features like MD_C, PK_C, ECP_C and other low level features. This may point to additional phases of work to complete the transition of these features to the new model. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test.
Corrected guards in PSA library based on review comments Revised the placement of various new MBEDTLS_PSA_BUILTIN_xxx guards based on review comments. Corrected guards in psa test driver to use _ACCEL version instead of _BUILTIN version. Updated check_config_psa.h to include additional dependency checks for more algorithms. Renamed some of the new tests to be a little more clear on the purpose. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-10 17:50:04 +01:00
component_build_psa_accel_alg_hkdf() {
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG This phase adds in support for the following features being added to the list of features that can be configured in the include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to the PSA crypto library to use the appropriate new guards that will allow the feature to be compiled in or out either using new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros. For HKDF and HMAC, most of the PSA library code did not have a specific matching MBEDTLS_xxx macro for that feature, but was instead using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA features more closely aligned with a direct replacement with a similar macro. The new tests for RSA, HMAC, and HKDF would normally unset additional dependent macros, but when attempting to implement that level of testing it required removal of too many core features like MD_C, PK_C, ECP_C and other low level features. This may point to additional phases of work to complete the transition of these features to the new model. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HKDF
# without MBEDTLS_HKDF_C
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG This phase adds in support for the following features being added to the list of features that can be configured in the include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to the PSA crypto library to use the appropriate new guards that will allow the feature to be compiled in or out either using new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros. For HKDF and HMAC, most of the PSA library code did not have a specific matching MBEDTLS_xxx macro for that feature, but was instead using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA features more closely aligned with a direct replacement with a similar macro. The new tests for RSA, HMAC, and HKDF would normally unset additional dependent macros, but when attempting to implement that level of testing it required removal of too many core features like MD_C, PK_C, ECP_C and other low level features. This may point to additional phases of work to complete the transition of these features to the new model. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
scripts/config.py unset MBEDTLS_HKDF_C
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-08 16:57:54 +01:00
# Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it.
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG This phase adds in support for the following features being added to the list of features that can be configured in the include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to the PSA crypto library to use the appropriate new guards that will allow the feature to be compiled in or out either using new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros. For HKDF and HMAC, most of the PSA library code did not have a specific matching MBEDTLS_xxx macro for that feature, but was instead using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA features more closely aligned with a direct replacement with a similar macro. The new tests for RSA, HMAC, and HKDF would normally unset additional dependent macros, but when attempting to implement that level of testing it required removal of too many core features like MD_C, PK_C, ECP_C and other low level features. This may point to additional phases of work to complete the transition of these features to the new model. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
Added tests to confirm hash support for crypto config New tests have been added for all the hash algorithms to confirm they compile correctly when using PSA_WANT and accelerator guards. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-27 17:51:22 +01:00
# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test.
component_build_psa_accel_alg_md5() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD5 without other hashes
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD5 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Added tests to confirm hash support for crypto config New tests have been added for all the hash algorithms to confirm they compile correctly when using PSA_WANT and accelerator guards. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-27 17:51:22 +01:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
all.sh: don't build with ECJPAKE_TO_PMS if SHA256 is not available Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 18:47:26 +02:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
Fix which config header MBEDTLS_LMS_xxx is unset from Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-13 22:05:38 +02:00
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
Added tests to confirm hash support for crypto config New tests have been added for all the hash algorithms to confirm they compile correctly when using PSA_WANT and accelerator guards. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-27 17:51:22 +01:00
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test.
component_build_psa_accel_alg_ripemd160() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RIPEMD160 without other hashes
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RIPEMD160 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Added tests to confirm hash support for crypto config New tests have been added for all the hash algorithms to confirm they compile correctly when using PSA_WANT and accelerator guards. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-27 17:51:22 +01:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
all.sh: don't build with ECJPAKE_TO_PMS if SHA256 is not available Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 18:47:26 +02:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
Fix which config header MBEDTLS_LMS_xxx is unset from Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-13 22:05:38 +02:00
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
Added tests to confirm hash support for crypto config New tests have been added for all the hash algorithms to confirm they compile correctly when using PSA_WANT and accelerator guards. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-27 17:51:22 +01:00
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test.
component_build_psa_accel_alg_sha1() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_1 without other hashes
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_1 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Added tests to confirm hash support for crypto config New tests have been added for all the hash algorithms to confirm they compile correctly when using PSA_WANT and accelerator guards. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-27 17:51:22 +01:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
all.sh: don't build with ECJPAKE_TO_PMS if SHA256 is not available Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 18:47:26 +02:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
Fix which config header MBEDTLS_LMS_xxx is unset from Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-13 22:05:38 +02:00
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
Added tests to confirm hash support for crypto config New tests have been added for all the hash algorithms to confirm they compile correctly when using PSA_WANT and accelerator guards. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-27 17:51:22 +01:00
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test.
component_build_psa_accel_alg_sha224() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_224 without other hashes
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_224 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Added tests to confirm hash support for crypto config New tests have been added for all the hash algorithms to confirm they compile correctly when using PSA_WANT and accelerator guards. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-27 17:51:22 +01:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
all.sh: don't build with ECJPAKE_TO_PMS if SHA256 is not available Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 18:47:26 +02:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
Added tests to confirm hash support for crypto config New tests have been added for all the hash algorithms to confirm they compile correctly when using PSA_WANT and accelerator guards. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-27 17:51:22 +01:00
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test.
component_build_psa_accel_alg_sha256() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_256 without other hashes
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_256 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Added tests to confirm hash support for crypto config New tests have been added for all the hash algorithms to confirm they compile correctly when using PSA_WANT and accelerator guards. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-27 17:51:22 +01:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test.
component_build_psa_accel_alg_sha384() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_384 without other hashes
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_384 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Added tests to confirm hash support for crypto config New tests have been added for all the hash algorithms to confirm they compile correctly when using PSA_WANT and accelerator guards. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-27 17:51:22 +01:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
all.sh: don't build with ECJPAKE_TO_PMS if SHA256 is not available Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 18:47:26 +02:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
Fix which config header MBEDTLS_LMS_xxx is unset from Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-13 22:05:38 +02:00
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
Added tests to confirm hash support for crypto config New tests have been added for all the hash algorithms to confirm they compile correctly when using PSA_WANT and accelerator guards. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-27 17:51:22 +01:00
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test.
component_build_psa_accel_alg_sha512() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_512 without other hashes
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_512 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Added tests to confirm hash support for crypto config New tests have been added for all the hash algorithms to confirm they compile correctly when using PSA_WANT and accelerator guards. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-27 17:51:22 +01:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
all.sh: don't build with ECJPAKE_TO_PMS if SHA256 is not available Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 18:47:26 +02:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
Fix which config header MBEDTLS_LMS_xxx is unset from Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-13 22:05:38 +02:00
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
Added tests to confirm hash support for crypto config New tests have been added for all the hash algorithms to confirm they compile correctly when using PSA_WANT and accelerator guards. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-27 17:51:22 +01:00
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG This phase adds in support for the following features being added to the list of features that can be configured in the include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to the PSA crypto library to use the appropriate new guards that will allow the feature to be compiled in or out either using new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros. For HKDF and HMAC, most of the PSA library code did not have a specific matching MBEDTLS_xxx macro for that feature, but was instead using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA features more closely aligned with a direct replacement with a similar macro. The new tests for RSA, HMAC, and HKDF would normally unset additional dependent macros, but when attempting to implement that level of testing it required removal of too many core features like MD_C, PK_C, ECP_C and other low level features. This may point to additional phases of work to complete the transition of these features to the new model. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
Corrected guards in PSA library based on review comments Revised the placement of various new MBEDTLS_PSA_BUILTIN_xxx guards based on review comments. Corrected guards in psa test driver to use _ACCEL version instead of _BUILTIN version. Updated check_config_psa.h to include additional dependency checks for more algorithms. Renamed some of the new tests to be a little more clear on the purpose. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-10 17:50:04 +01:00
component_build_psa_accel_alg_rsa_pkcs1v15_crypt() {
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
Enable all features in crypto_config.h In order to pass existing tests like test_psa_crypto_config_basic and test_psa_crypto_config_no_driver, all the new features need to be enabled in the default crypto_config.h file. This change enables those features by default and updates the other new tests to compensate for everything being enabled by disabling some features for some of the tests as needed. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-04 04:05:36 +01:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
Corrected guards in PSA library based on review comments Revised the placement of various new MBEDTLS_PSA_BUILTIN_xxx guards based on review comments. Corrected guards in psa test driver to use _ACCEL version instead of _BUILTIN version. Updated check_config_psa.h to include additional dependency checks for more algorithms. Renamed some of the new tests to be a little more clear on the purpose. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-10 17:50:04 +01:00
component_build_psa_accel_alg_rsa_pkcs1v15_sign() {
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_SIGN and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
Enable all features in crypto_config.h In order to pass existing tests like test_psa_crypto_config_basic and test_psa_crypto_config_no_driver, all the new features need to be enabled in the default crypto_config.h file. This change enables those features by default and updates the other new tests to compensate for everything being enabled by disabling some features for some of the tests as needed. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-04 04:05:36 +01:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
Corrected guards in PSA library based on review comments Revised the placement of various new MBEDTLS_PSA_BUILTIN_xxx guards based on review comments. Corrected guards in psa test driver to use _ACCEL version instead of _BUILTIN version. Updated check_config_psa.h to include additional dependency checks for more algorithms. Renamed some of the new tests to be a little more clear on the purpose. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-10 17:50:04 +01:00
component_build_psa_accel_alg_rsa_oaep() {
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_OAEP and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_OAEP 1
Enable all features in crypto_config.h In order to pass existing tests like test_psa_crypto_config_basic and test_psa_crypto_config_no_driver, all the new features need to be enabled in the default crypto_config.h file. This change enables those features by default and updates the other new tests to compensate for everything being enabled by disabling some features for some of the tests as needed. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-04 04:05:36 +01:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
Corrected guards in PSA library based on review comments Revised the placement of various new MBEDTLS_PSA_BUILTIN_xxx guards based on review comments. Corrected guards in psa test driver to use _ACCEL version instead of _BUILTIN version. Updated check_config_psa.h to include additional dependency checks for more algorithms. Renamed some of the new tests to be a little more clear on the purpose. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-10 17:50:04 +01:00
component_build_psa_accel_alg_rsa_pss() {
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PSS and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1
Enable all features in crypto_config.h In order to pass existing tests like test_psa_crypto_config_basic and test_psa_crypto_config_no_driver, all the new features need to be enabled in the default crypto_config.h file. This change enables those features by default and updates the other new tests to compensate for everything being enabled by disabling some features for some of the tests as needed. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-04 04:05:36 +01:00
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
Corrected guards in PSA library based on review comments Revised the placement of various new MBEDTLS_PSA_BUILTIN_xxx guards based on review comments. Corrected guards in psa test driver to use _ACCEL version instead of _BUILTIN version. Updated check_config_psa.h to include additional dependency checks for more algorithms. Renamed some of the new tests to be a little more clear on the purpose. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-10 17:50:04 +01:00
component_build_psa_accel_key_type_rsa_key_pair() {
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR and PSA_WANT_ALG_RSA_PSS
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR + PSA_WANT_ALG_RSA_PSS"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
Corrected guards in PSA library based on review comments Revised the placement of various new MBEDTLS_PSA_BUILTIN_xxx guards based on review comments. Corrected guards in psa test driver to use _ACCEL version instead of _BUILTIN version. Updated check_config_psa.h to include additional dependency checks for more algorithms. Renamed some of the new tests to be a little more clear on the purpose. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-10 17:50:04 +01:00
component_build_psa_accel_key_type_rsa_public_key() {
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY and PSA_WANT_ALG_RSA_PSS
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS"
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG This phase adds in support for the following features being added to the list of features that can be configured in the include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to the PSA crypto library to use the appropriate new guards that will allow the feature to be compiled in or out either using new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros. For HKDF and HMAC, most of the PSA library code did not have a specific matching MBEDTLS_xxx macro for that feature, but was instead using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA features more closely aligned with a direct replacement with a similar macro. The new tests for RSA, HMAC, and HKDF would normally unset additional dependent macros, but when attempting to implement that level of testing it required removal of too many core features like MD_C, PK_C, ECP_C and other low level features. This may point to additional phases of work to complete the transition of these features to the new model. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-15 11:23:25 +01:00
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG This phase adds in support for the following features being added to the list of features that can be configured in the include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to the PSA crypto library to use the appropriate new guards that will allow the feature to be compiled in or out either using new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros. For HKDF and HMAC, most of the PSA library code did not have a specific matching MBEDTLS_xxx macro for that feature, but was instead using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA features more closely aligned with a direct replacement with a similar macro. The new tests for RSA, HMAC, and HKDF would normally unset additional dependent macros, but when attempting to implement that level of testing it required removal of too many core features like MD_C, PK_C, ECP_C and other low level features. This may point to additional phases of work to complete the transition of these features to the new model. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-01 06:14:03 +01:00
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG This phase adds in support for the following features being added to the list of features that can be configured in the include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to the PSA crypto library to use the appropriate new guards that will allow the feature to be compiled in or out either using new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros. For HKDF and HMAC, most of the PSA library code did not have a specific matching MBEDTLS_xxx macro for that feature, but was instead using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA features more closely aligned with a direct replacement with a similar macro. The new tests for RSA, HMAC, and HKDF would normally unset additional dependent macros, but when attempting to implement that level of testing it required removal of too many core features like MD_C, PK_C, ECP_C and other low level features. This may point to additional phases of work to complete the transition of these features to the new model. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_no_platform () {
# Full configuration build, without platform support, file IO and net sockets.
# This should catch missing mbedtls_printf definitions, and by disabling file
# IO, it should catch missing '#include <stdio.h>'
msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py full
scripts/config.py unset MBEDTLS_PLATFORM_C
scripts/config.py unset MBEDTLS_NET_C
scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT
scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT
scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
MBEDTLS_PLATFORM_VSNPRINTF_ALT requires MBEDTLS_PLATFORM_C mbedtls_vsnprintf replacement works like mbedtls_snprintf replacement, so copy the requirements for MBEDTLS_PLATFORM_VSNPRINTF_ALT. (MBEDTLS_PLATFORM_xxx_MACRO shouldn't require MBEDTLS_PLATFORM_C, but that's a separate preexisting problem which I do not try address at this time.) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-18 14:05:23 +02:00
scripts/config.py unset MBEDTLS_PLATFORM_VSNPRINTF_ALT
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT
Add setbuf platform function Add a platform function mbedtls_setbuf(), defaulting to setbuf(). The intent is to allow disabling stdio buffering when reading or writing files with sensitive data, because this exposes the sensitive data to a subsequent memory disclosure vulnerability. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-30 17:01:40 +02:00
scripts/config.py unset MBEDTLS_PLATFORM_SETBUF_ALT
Document and fix the MBEDTLS_xxx_ALT logic for the full config The intended logic around MBEDTLS_xxx_ALT is to exclude them from full because they require the alternative implementation of one or more library functions, except that MBEDTLS_PLATFORM_xxx_ALT are different: they're alternative implementations of a platform function and they have a built-in default, so they should be included in full. Document this. Fix a bug whereby MBEDTLS_PLATFORM_xxx_ALT didn't catch symbols where xxx contains an underscore. As a consequence, MBEDTLS_PLATFORM_GMTIME_R_ALT and MBEDTLS_PLATFORM_NV_SEED_ALT are now enabled in the full config. Explicitly exclude MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT because it behaves like the non-platform ones, requiring an extra build-time dependency. Explicitly exclude MBEDTLS_PLATFORM_NV_SEED_ALT from baremetal because it requires MBEDTLS_ENTROPY_NV_SEED, and likewise explicitly unset it from builds that unset MBEDTLS_ENTROPY_NV_SEED. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-12 23:43:28 +02:00
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.py unset MBEDTLS_FS_IO
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
# to re-enable platform integration features otherwise disabled in C99 builds
Replace -O0 by -O1 or -Os in most components Gcc skips some analyses when compiling with -O0, so we may miss warnings about things like uninitialized variables.
2019-09-20 19:23:10 +02:00
make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs
make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
test: Add test cases for separately reduced inward/outward buffer sizes
2018-04-11 08:28:39 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_build_no_std_function () {
# catch compile bugs in _uninit functions
msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py full
scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
Document and fix the MBEDTLS_xxx_ALT logic for the full config The intended logic around MBEDTLS_xxx_ALT is to exclude them from full because they require the alternative implementation of one or more library functions, except that MBEDTLS_PLATFORM_xxx_ALT are different: they're alternative implementations of a platform function and they have a built-in default, so they should be included in full. Document this. Fix a bug whereby MBEDTLS_PLATFORM_xxx_ALT didn't catch symbols where xxx contains an underscore. As a consequence, MBEDTLS_PLATFORM_GMTIME_R_ALT and MBEDTLS_PLATFORM_NV_SEED_ALT are now enabled in the full config. Explicitly exclude MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT because it behaves like the non-platform ones, requiring an extra build-time dependency. Explicitly exclude MBEDTLS_PLATFORM_NV_SEED_ALT from baremetal because it requires MBEDTLS_ENTROPY_NV_SEED, and likewise explicitly unset it from builds that unset MBEDTLS_ENTROPY_NV_SEED. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-12 23:43:28 +02:00
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
Fix cmake invocation syntax Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-08 11:45:47 +02:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check .
Switch cmake -O2 builds around to where we test a lot Use Release mode (-O2) for component_test_full_cmake_clang which runs SSL tests. To have some coverage with Check mode (which enables more compiler warnings but compiles with -Os), change a few other builds that only run unit tests at most to Check mode. Don't add any new builds, to keep the total build volume down. We don't need extensive coverage of all combinations, just a reasonable set. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-07 19:34:57 +02:00
make
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add test for MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO to all.sh This commit adds a test to tests/scripts/all.sh exercising an ASan build of the default configuration with MBEDTLS_PLATFORM_MEMORY enabled, MBEDTLS_PLATFORM_CALLOC_MACRO set to std calloc MBEDTLS_PLATFORM_FREE_MACRO set to std free (This should functionally be indistinguishable from a default build)
2018-10-11 12:02:52 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_build_no_ssl_srv () {
Rename ssl_cli/srv.c Rename ssl_cli.c and ssl_srv.c to reflect the fact that they are TLS 1.2 specific now. Align there new names with the TLS 1.3 ones. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-07 16:20:30 +01:00
msg "build: full config except SSL server, make, gcc" # ~ 30s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py full
scripts/config.py unset MBEDTLS_SSL_SRV_C
Replace -O0 by -O1 or -Os in most components Gcc skips some analyses when compiling with -O0, so we may miss warnings about things like uninitialized variables.
2019-09-20 19:23:10 +02:00
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add test for MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO to all.sh This commit adds a test to tests/scripts/all.sh exercising an ASan build of the default configuration with MBEDTLS_PLATFORM_MEMORY enabled, MBEDTLS_PLATFORM_CALLOC_MACRO set to std calloc MBEDTLS_PLATFORM_FREE_MACRO set to std free (This should functionally be indistinguishable from a default build)
2018-10-11 12:02:52 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_build_no_ssl_cli () {
Rename ssl_cli/srv.c Rename ssl_cli.c and ssl_srv.c to reflect the fact that they are TLS 1.2 specific now. Align there new names with the TLS 1.3 ones. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-07 16:20:30 +01:00
msg "build: full config except SSL client, make, gcc" # ~ 30s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py full
scripts/config.py unset MBEDTLS_SSL_CLI_C
Replace -O0 by -O1 or -Os in most components Gcc skips some analyses when compiling with -O0, so we may miss warnings about things like uninitialized variables.
2019-09-20 19:23:10 +02:00
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add test for AES_ROM_TABLES and AES_FEWER_TABLES to all.sh
2017-07-07 13:29:15 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_build_no_sockets () {
# Note, C99 compliance can also be tested with the sockets support disabled,
# as that requires a POSIX platform (which isn't the same as C99).
msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py full
scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
scripts/config.py set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
Replace -O0 by -O1 or -Os in most components Gcc skips some analyses when compiling with -O0, so we may miss warnings about things like uninitialized variables.
2019-09-20 19:23:10 +02:00
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add test for AES_ROM_TABLES and AES_FEWER_TABLES to all.sh
2017-07-07 13:29:15 +02:00
all.sh: restructure memory allocator tests Run basic tests and ssl-opt with memory backtrace disabled, then run basic tests only with it enabled.
2019-09-05 15:27:47 +02:00
component_test_memory_buffer_allocator_backtrace () {
msg "build: default config with memory buffer allocator and backtrace enabled"
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.py set MBEDTLS_PLATFORM_MEMORY
scripts/config.py set MBEDTLS_MEMORY_BACKTRACE
scripts/config.py set MBEDTLS_MEMORY_DEBUG
Always set a build type for cmake when building for testing Set the build type to Release (-O2) when running CPU-intensive tests (ssl-opt, or unit tests with debug features). A build type of Check (-Os) would be best when the main objective of the build is to check for build errors or warnings and there aren't many tests to run; in this commit there are no such test cases to change. Only use cmake with no build type (which results in not passing a -O option, and thus missing some GCC warnings) when exercising cmake features. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 21:33:32 +02:00
CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release .
all.sh: restructure memory allocator tests Run basic tests and ssl-opt with memory backtrace disabled, then run basic tests only with it enabled.
2019-09-05 15:27:47 +02:00
make
msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE"
make test
}
component_test_memory_buffer_allocator () {
msg "build: default config with memory buffer allocator"
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.py set MBEDTLS_PLATFORM_MEMORY
Always set a build type for cmake when building for testing Set the build type to Release (-O2) when running CPU-intensive tests (ssl-opt, or unit tests with debug features). A build type of Check (-Os) would be best when the main objective of the build is to check for build errors or warnings and there aren't many tests to run; in this commit there are no such test cases to change. Only use cmake with no build type (which results in not passing a -O option, and thus missing some GCC warnings) when exercising cmake features. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 21:33:32 +02:00
CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release .
Add all.sh run with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled With the removal of MBEDTLS_MEMORY_BUFFER_ALLOC_C from the full config, there are no tests for it remaining in all.sh. This commit adds a build as well as runs of `make test` and `ssl-opt.sh` with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled to all.sh.
2019-02-26 15:34:13 +01:00
make
msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C"
make test
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C"
# MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out.
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -e '^DTLS proxy'
Add all.sh run with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled With the removal of MBEDTLS_MEMORY_BUFFER_ALLOC_C from the full config, there are no tests for it remaining in all.sh. This commit adds a build as well as runs of `make test` and `ssl-opt.sh` with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled to all.sh.
2019-02-26 15:34:13 +01:00
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_no_max_fragment_length () {
# Run max fragment length tests with MFL disabled
msg "build: default config except MFL extension (ASan build)" # ~ 30s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
Add test for AES_ROM_TABLES and AES_FEWER_TABLES to all.sh
2017-07-07 13:29:15 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: ssl-opt.sh, MFL-related tests"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f "Max fragment length"
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add test for AES_ROM_TABLES and AES_FEWER_TABLES to all.sh
2017-07-07 13:29:15 +02:00
Add test for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE to all.sh
2019-02-19 12:10:48 +01:00
component_test_asan_remove_peer_certificate () {
msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)"
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
Add test for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE to all.sh
2019-02-19 12:10:48 +01:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
make test
msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh
Add test for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE to all.sh
2019-02-19 12:10:48 +01:00
msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/compat.sh
Add tests for the ssl_context_info program Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-07 16:07:05 +02:00
msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/context-info.sh
Add test for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE to all.sh
2019-02-19 12:10:48 +01:00
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_no_max_fragment_length_small_ssl_out_content_len () {
msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)"
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384
scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
Add test for AES_ROM_TABLES and AES_FEWER_TABLES to all.sh
2017-07-07 13:29:15 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: MFL tests (disabled MFL extension case) & large packet tests"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
Add tests for the ssl_context_info program Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-07 16:07:05 +02:00
msg "test: context-info.sh (disabled MFL extension case)"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/context-info.sh
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add test for AES_ROM_TABLES and AES_FEWER_TABLES to all.sh
2017-07-07 13:29:15 +02:00
Add variable buffer length tests to all.sh Exercise the feature alone, with record splitting and DTLS connection ID. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-12-02 11:53:11 +01:00
component_test_variable_ssl_in_out_buffer_len () {
msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)"
scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
make test
msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh
Add variable buffer length tests to all.sh Exercise the feature alone, with record splitting and DTLS connection ID. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-12-02 11:53:11 +01:00
msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/compat.sh
Add variable buffer length tests to all.sh Exercise the feature alone, with record splitting and DTLS connection ID. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-12-02 11:53:11 +01:00
}
component_test_variable_ssl_in_out_buffer_len_CID () {
msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled (ASan build)"
scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID"
make test
msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh
Add variable buffer length tests to all.sh Exercise the feature alone, with record splitting and DTLS connection ID. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-12-02 11:53:11 +01:00
msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/compat.sh
Add variable buffer length tests to all.sh Exercise the feature alone, with record splitting and DTLS connection ID. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-12-02 11:53:11 +01:00
}
Add an acceptance test for memory usage after handshake Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2019-11-26 16:32:40 +01:00
component_test_ssl_alloc_buffer_and_mfl () {
msg "build: default config with memory buffer allocator and MFL extension"
scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.py set MBEDTLS_PLATFORM_MEMORY
scripts/config.py set MBEDTLS_MEMORY_DEBUG
scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
Always set a build type for cmake when building for testing Set the build type to Release (-O2) when running CPU-intensive tests (ssl-opt, or unit tests with debug features). A build type of Check (-Os) would be best when the main objective of the build is to check for build errors or warnings and there aren't many tests to run; in this commit there are no such test cases to change. Only use cmake with no build type (which results in not passing a -O option, and thus missing some GCC warnings) when exercising cmake features. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 21:33:32 +02:00
CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release .
Add an acceptance test for memory usage after handshake Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2019-11-26 16:32:40 +01:00
make
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
make test
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f "Handshake memory usage"
Add an acceptance test for memory usage after handshake Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2019-11-26 16:32:40 +01:00
}
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
component_test_when_no_ciphersuites_have_mac () {
msg "build: when no ciphersuites have MAC"
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
On second thought changing the way the test is run Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-28 16:50:20 +02:00
scripts/config.py unset MBEDTLS_CMAC_C
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
make
msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
make test
msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM'
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
}
Always revoke certificate on CRL RFC5280 does not state that the `revocationDate` should be checked. In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all. https://tools.ietf.org/html/rfc5280 Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
2020-06-15 17:03:13 +02:00
component_test_no_date_time () {
msg "build: default config without MBEDTLS_HAVE_TIME_DATE"
scripts/config.py unset MBEDTLS_HAVE_TIME_DATE
Fix cmake invocation syntax Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-08 11:45:47 +02:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check .
Always revoke certificate on CRL RFC5280 does not state that the `revocationDate` should be checked. In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all. https://tools.ietf.org/html/rfc5280 Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
2020-06-15 17:03:13 +02:00
make
msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites"
make test
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_platform_calloc_macro () {
msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py set MBEDTLS_PLATFORM_MEMORY
scripts/config.py set MBEDTLS_PLATFORM_CALLOC_MACRO calloc
scripts/config.py set MBEDTLS_PLATFORM_FREE_MACRO free
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
make test
}
Add a test component with malloc(0) returning NULL Exercise the library functions with calloc returning NULL for a size of 0. Make this a separate job with UBSan (and ASan) to detect places where we try to dereference the result of calloc(0) or to do things like buf = calloc(size, 1); if (buf == NULL && size != 0) return INSUFFICIENT_MEMORY; memcpy(buf, source, size); which has undefined behavior when buf is NULL at the memcpy call even if size is 0. This is needed because other test components jobs either use the system malloc which returns non-NULL on Linux and FreeBSD, or the memory_buffer_alloc malloc which returns NULL but does not give as useful feedback with ASan (because the whole heap is a single C object).
2019-09-17 19:04:38 +02:00
component_test_malloc_0_null () {
msg "build: malloc(0) returns NULL (ASan+UBSan build)"
Fix remaining occurrences of config.pl in all.sh The .pl version is now a compat wrapper around the .py script. Better call the .py script directly. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-04 10:34:47 +01:00
scripts/config.py full
Unify ASan options in make builds Use a common set of options when building with Asan without CMake.
2019-10-21 17:11:33 +02:00
make CC=gcc CFLAGS="'-DMBEDTLS_CONFIG_FILE=\"$PWD/tests/configs/config-wrapper-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS"
Add a test component with malloc(0) returning NULL Exercise the library functions with calloc returning NULL for a size of 0. Make this a separate job with UBSan (and ASan) to detect places where we try to dereference the result of calloc(0) or to do things like buf = calloc(size, 1); if (buf == NULL && size != 0) return INSUFFICIENT_MEMORY; memcpy(buf, source, size); which has undefined behavior when buf is NULL at the memcpy call even if size is 0. This is needed because other test components jobs either use the system malloc which returns non-NULL on Linux and FreeBSD, or the memory_buffer_alloc malloc which returns NULL but does not give as useful feedback with ASan (because the whole heap is a single C object).
2019-09-17 19:04:38 +02:00
msg "test: malloc(0) returns NULL (ASan+UBSan build)"
make test
msg "selftest: malloc(0) returns NULL (ASan+UBSan build)"
# Just the calloc selftest. "make test" ran the others as part of the
# test suites.
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
programs/test/selftest calloc
Test component with malloc(0) returning NULL: run some ssl tests
2020-02-11 18:26:34 +01:00
msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)"
# Run a subset of the tests. The choice is a balance between coverage
# and time (including time indirectly wasted due to flaky tests).
# The current choice is to skip tests whose description includes
# "proxy", which is an approximation of skipping tests that use the
# UDP proxy, which tend to be slower and flakier.
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -e 'proxy'
Add a test component with malloc(0) returning NULL Exercise the library functions with calloc returning NULL for a size of 0. Make this a separate job with UBSan (and ASan) to detect places where we try to dereference the result of calloc(0) or to do things like buf = calloc(size, 1); if (buf == NULL && size != 0) return INSUFFICIENT_MEMORY; memcpy(buf, source, size); which has undefined behavior when buf is NULL at the memcpy call even if size is 0. This is needed because other test components jobs either use the system malloc which returns non-NULL on Linux and FreeBSD, or the memory_buffer_alloc malloc which returns NULL but does not give as useful feedback with ASan (because the whole heap is a single C object).
2019-09-17 19:04:38 +02:00
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_aes_fewer_tables () {
msg "build: default config with AES_FEWER_TABLES enabled"
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py set MBEDTLS_AES_FEWER_TABLES
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
msg "test: AES_FEWER_TABLES"
make test
}
component_test_aes_rom_tables () {
msg "build: default config with AES_ROM_TABLES enabled"
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py set MBEDTLS_AES_ROM_TABLES
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
msg "test: AES_ROM_TABLES"
make test
}
component_test_aes_fewer_tables_and_rom_tables () {
msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled"
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py set MBEDTLS_AES_FEWER_TABLES
scripts/config.py set MBEDTLS_AES_ROM_TABLES
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
msg "test: AES_FEWER_TABLES + AES_ROM_TABLES"
make test
}
all.sh: test CTR_DRBG_USE_128_BIT_KEY and ENTROPY_FORCE_SHA256 Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY and MBEDTLS_ENTROPY_FORCE_SHA256 together and separately.
2019-10-07 18:49:32 +02:00
component_test_ctr_drbg_aes_256_sha_256 () {
msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
Invoke config.py instead of config.pl in reverted content perl -i -pe 's/\bconfig\.pl/config.py/g' $(git grep -l -Fw config.pl -- . '#!tests/scripts/test_config_script.py')
2020-02-18 17:56:33 +01:00
scripts/config.py full
scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
all.sh: test CTR_DRBG_USE_128_BIT_KEY and ENTROPY_FORCE_SHA256 Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY and MBEDTLS_ENTROPY_FORCE_SHA256 together and separately.
2019-10-07 18:49:32 +02:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
make test
}
component_test_ctr_drbg_aes_128_sha_512 () {
msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
Invoke config.py instead of config.pl in reverted content perl -i -pe 's/\bconfig\.pl/config.py/g' $(git grep -l -Fw config.pl -- . '#!tests/scripts/test_config_script.py')
2020-02-18 17:56:33 +01:00
scripts/config.py full
scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
all.sh: test CTR_DRBG_USE_128_BIT_KEY and ENTROPY_FORCE_SHA256 Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY and MBEDTLS_ENTROPY_FORCE_SHA256 together and separately.
2019-10-07 18:49:32 +02:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
make test
}
component_test_ctr_drbg_aes_128_sha_256 () {
msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
Invoke config.py instead of config.pl in reverted content perl -i -pe 's/\bconfig\.pl/config.py/g' $(git grep -l -Fw config.pl -- . '#!tests/scripts/test_config_script.py')
2020-02-18 17:56:33 +01:00
scripts/config.py full
scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
all.sh: test CTR_DRBG_USE_128_BIT_KEY and ENTROPY_FORCE_SHA256 Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY and MBEDTLS_ENTROPY_FORCE_SHA256 together and separately.
2019-10-07 18:49:32 +02:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
make test
}
Test with secure element support Test with default config + SE with Clang and with full config + SE with GCC, for variety. Full+Clang+Asan has known issues so don't do that.
2019-07-24 14:58:38 +02:00
component_test_se_default () {
msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C"
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C
Unify ASan options in make builds Use a common set of options when building with Asan without CMake.
2019-10-21 17:11:33 +02:00
make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS"
Test with secure element support Test with default config + SE with Clang and with full config + SE with GCC, for variety. Full+Clang+Asan has known issues so don't do that.
2019-07-24 14:58:38 +02:00
msg "test: default config + MBEDTLS_PSA_CRYPTO_SE_C"
make test
}
Add driver tests and run them through all.sh Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-16 20:28:59 +02:00
component_test_psa_crypto_drivers () {
Add and splice in signature verification through driver Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-17 19:46:15 +02:00
msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks"
Use full config during driver testing Due to the way the test drivers are setup, we require the full setup. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 11:38:44 +01:00
scripts/config.py full
Add driver tests and run them through all.sh Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-16 20:28:59 +02:00
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
Implement support for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS According to the design in psa-driver-interface.md. Compiles without issue in test_psa_crypto_drivers. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-19 17:21:22 +01:00
scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
Move long -D lists from all.sh to a header file To facilitate maintenance and to make it easier to reproduce all.sh builds manually, remove the long, repeated list of -D options from component_test_psa_crypto_config_basic and component_test_psa_crypto_drivers and put it in a header file instead. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-20 19:20:04 +02:00
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
tests: psa: Test sign/verify hash by a transparent driver Test signature and signature verification by a transparent driver in all.sh test_psa_crypto_config_basic and test_psa_crypto_drivers components. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-12-10 18:17:09 +01:00
loc_cflags="${loc_cflags} -I../tests/include -O2"
make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
Add driver tests and run them through all.sh Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-16 20:28:59 +02:00
Use full config during driver testing Due to the way the test drivers are setup, we require the full setup. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 11:38:44 +01:00
msg "test: full + MBEDTLS_PSA_CRYPTO_DRIVERS"
Add driver tests and run them through all.sh Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-16 20:28:59 +02:00
make test
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_make_shared () {
all.sh: indent
2017-12-10 23:22:20 +01:00
msg "build/test: make shared" # ~ 40s
Enable parallel shared target tests Now that the dependency issues for shared target are fixed, the feature can be enabled in tests.
2019-10-03 09:18:01 +02:00
make SHARED=1 all check
Test that a shared library build produces a dynamically linked executable
2019-07-03 20:43:32 +02:00
ldd programs/util/strerror | grep libmbedcrypto
Run the dlopen test in shared library builds Non-regression for the fix in https://github.com/ARMmbed/mbedtls/pull/5126: libmbedtls and libmbedx509 did not declare their dependencies on libmbedx509 and libmbedcrypto when built with make. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-04 12:52:14 +01:00
programs/test/dlopen_demo.sh
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add a shared build with make on Linux to all.sh
2015-06-25 09:56:07 +02:00
Test that the shared library build with CMake works
2019-07-03 20:43:05 +02:00
component_test_cmake_shared () {
msg "build/test: cmake shared" # ~ 2min
cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
make
Test that a shared library build produces a dynamically linked executable
2019-07-03 20:43:32 +02:00
ldd programs/util/strerror | grep libmbedcrypto
Test that the shared library build with CMake works
2019-07-03 20:43:05 +02:00
make test
Run the dlopen test in shared library builds Non-regression for the fix in https://github.com/ARMmbed/mbedtls/pull/5126: libmbedtls and libmbedx509 did not declare their dependencies on libmbedx509 and libmbedcrypto when built with make. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-04 12:52:14 +01:00
programs/test/dlopen_demo.sh
Test that the shared library build with CMake works
2019-07-03 20:43:05 +02:00
}
Test GCC and Clang with common build options Goals: * Build with common compilers with common options, so that we don't miss a (potentially useful) warning only triggered with certain build options. * A previous commit removed -O0 test jobs, leaving only the one with -m32. We have inline assembly that is disabled with -O0, falling back to generic C code. This commit restores a test that runs the generic C code on a 64-bit platform.
2019-09-20 19:56:06 +02:00
test_build_opt () {
info=$1 cc=$2; shift 2
for opt in "$@"; do
msg "build/test: $cc $opt, $info" # ~ 30s
Strict C99: check it in the full config Ensure that there is a build with -pedantic in the full config, not just in "exotic" configurations. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-14 20:08:41 +02:00
make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror"
Test GCC and Clang with common build options Goals: * Build with common compilers with common options, so that we don't miss a (potentially useful) warning only triggered with certain build options. * A previous commit removed -O0 test jobs, leaving only the one with -m32. We have inline assembly that is disabled with -O0, falling back to generic C code. This commit restores a test that runs the generic C code on a 64-bit platform.
2019-09-20 19:56:06 +02:00
# We're confident enough in compilers to not run _all_ the tests,
# but at least run the unit tests. In particular, runs with
# optimizations use inline assembly whereas runs with -O0
# skip inline assembly.
make test # ~30s
make clean
done
}
component_test_clang_opt () {
Fix remaining occurrences of config.pl in all.sh The .pl version is now a compat wrapper around the .py script. Better call the .py script directly. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-04 10:34:47 +01:00
scripts/config.py full
Test GCC and Clang with common build options Goals: * Build with common compilers with common options, so that we don't miss a (potentially useful) warning only triggered with certain build options. * A previous commit removed -O0 test jobs, leaving only the one with -m32. We have inline assembly that is disabled with -O0, falling back to generic C code. This commit restores a test that runs the generic C code on a 64-bit platform.
2019-09-20 19:56:06 +02:00
test_build_opt 'full config' clang -O0 -Os -O2
}
component_test_gcc_opt () {
Fix remaining occurrences of config.pl in all.sh The .pl version is now a compat wrapper around the .py script. Better call the .py script directly. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-04 10:34:47 +01:00
scripts/config.py full
Test GCC and Clang with common build options Goals: * Build with common compilers with common options, so that we don't miss a (potentially useful) warning only triggered with certain build options. * A previous commit removed -O0 test jobs, leaving only the one with -m32. We have inline assembly that is disabled with -O0, falling back to generic C code. This commit restores a test that runs the generic C code on a 64-bit platform.
2019-09-20 19:56:06 +02:00
test_build_opt 'full config' gcc -O0 -Os -O2
}
Add a test of MBEDTLS_CONFIG_FILE configs/README.txt documents that you can use an alternative configuration file by defining the preprocessor symbol MBEDTLS_CONFIG_FILE. Test this.
2019-07-03 20:42:16 +02:00
component_build_mbedtls_config_file () {
msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s
Simplify build_mbedtls_config_file $CONFIG_H no longer includes check_config.h since Mbed TLS 3.0. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 20:55:57 +02:00
scripts/config.py -w full_config.h full
Add a test of MBEDTLS_CONFIG_FILE configs/README.txt documents that you can use an alternative configuration file by defining the preprocessor symbol MBEDTLS_CONFIG_FILE. Test this.
2019-07-03 20:42:16 +02:00
echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H"
make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'"
Explain why we check that a certain feature is enabled Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 23:23:21 +02:00
# Make sure this feature is enabled. We'll disable it in the next phase.
Test MBEDTLS_USER_CONFIG_FILE as such Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:06:41 +02:00
programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
make clean
msg "build: make with MBEDTLS_CONFIG_FILE + MBEDTLS_USER_CONFIG_FILE"
# In the user config, disable one feature (for simplicity, pick a feature
# that nothing else depends on).
echo '#undef MBEDTLS_NIST_KW_C' >user_config.h
make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'"
not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
rm -f user_config.h full_config.h
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add a shared build with make on Linux to all.sh
2015-06-25 09:56:07 +02:00
Test MBEDTLS_PSA_CRYPTO_CONFIG_FILE and MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:59:14 +02:00
component_build_psa_config_file () {
msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE" # ~40s
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
cp "$CRYPTO_CONFIG_H" psa_test_config.h
echo '#error "MBEDTLS_PSA_CRYPTO_CONFIG_FILE is not working"' >"$CRYPTO_CONFIG_H"
make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'"
Explain why we check that a certain feature is enabled Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 23:23:21 +02:00
# Make sure this feature is enabled. We'll disable it in the next phase.
Test MBEDTLS_PSA_CRYPTO_CONFIG_FILE and MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:59:14 +02:00
programs/test/query_compile_time_config MBEDTLS_CMAC_C
make clean
msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE + MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s
# In the user config, disable one feature, which will reflect on the
# mbedtls configuration so we can query it with query_compile_time_config.
echo '#undef PSA_WANT_ALG_CMAC' >psa_user_config.h
scripts/config.py unset MBEDTLS_CMAC_C
make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'"
not programs/test/query_compile_time_config MBEDTLS_CMAC_C
rm -f psa_test_config.h psa_user_config.h
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add a shared build with make on Linux to all.sh
2015-06-25 09:56:07 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_m32_o0 () {
Clarify a comment Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-07 19:27:16 +02:00
# Build without optimization, so as to use portable C code (in a 32-bit
# build) and not the i386-specific inline assembly.
Add additional i386 tests to all.sh Added an additional i386 test to all.sh, to allow one test with -O0 which compiles out inline assembly, and one to test with -01 which includes the inline assembly.
2018-07-20 22:27:33 +02:00
msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py full
Unify ASan options in make builds Use a common set of options when building with Asan without CMake.
2019-10-21 17:11:33 +02:00
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS"
Add all.sh test to force 32-bit compilation
2017-05-04 12:35:51 +02:00
Add additional i386 tests to all.sh Added an additional i386 test to all.sh, to allow one test with -O0 which compiles out inline assembly, and one to test with -01 which includes the inline assembly.
2018-07-20 22:27:33 +02:00
msg "test: i386, make, gcc -O0 (ASan build)"
make test
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
all.sh: list components automatically Extract the list of available components by looking for definitions of functions called component_xxx. The previous code explicitly listed all components in run_all_components, which opened the risk of forgetting to list a component there. Add a conditional execution facility: if a function support_xxx exists and returns false then component_xxx is not executed (except when the command line lists an explicit set of components to execute).
2019-01-06 21:50:38 +01:00
support_test_m32_o0 () {
case $(uname -m) in
*64*) true;;
*) false;;
esac
}
Add additional i386 tests to all.sh Added an additional i386 test to all.sh, to allow one test with -O0 which compiles out inline assembly, and one to test with -01 which includes the inline assembly.
2018-07-20 22:27:33 +02:00
Build with -O2 when running ssl-opt SSL testing benefits from faster executables, so use -O2 rather than -O1. Some builds use -O1, but that's intended for jobs that only run unit tests, where the build takes longer than the tests. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 09:36:03 +02:00
component_test_m32_o2 () {
# Build with optimization, to use the i386 specific inline assembly
# and go faster for tests.
msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py full
Build with -O2 when running ssl-opt SSL testing benefits from faster executables, so use -O2 rather than -O1. Some builds use -O1, but that's intended for jobs that only run unit tests, where the build takes longer than the tests. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 09:36:03 +02:00
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS"
Add additional i386 tests to all.sh Added an additional i386 test to all.sh, to allow one test with -O0 which compiles out inline assembly, and one to test with -01 which includes the inline assembly.
2018-07-20 22:27:33 +02:00
Build with -O2 when running ssl-opt SSL testing benefits from faster executables, so use -O2 rather than -O1. Some builds use -O1, but that's intended for jobs that only run unit tests, where the build takes longer than the tests. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 09:36:03 +02:00
msg "test: i386, make, gcc -O2 (ASan build)"
Add test command for 64-bit ILP32 in all.sh
2017-05-08 12:19:19 +02:00
make test
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
Build with -O2 when running ssl-opt SSL testing benefits from faster executables, so use -O2 rather than -O1. Some builds use -O1, but that's intended for jobs that only run unit tests, where the build takes longer than the tests. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 09:36:03 +02:00
msg "test ssl-opt.sh, i386, make, gcc-O2"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Correct support function name Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-07 19:25:29 +02:00
support_test_m32_o2 () {
all.sh: list components automatically Extract the list of available components by looking for definitions of functions called component_xxx. The previous code explicitly listed all components in run_all_components, which opened the risk of forgetting to list a component there. Add a conditional execution facility: if a function support_xxx exists and returns false then component_xxx is not executed (except when the command line lists an explicit set of components to execute).
2019-01-06 21:50:38 +01:00
support_test_m32_o0 "$@"
}
Add test command for 64-bit ILP32 in all.sh
2017-05-08 12:19:19 +02:00
Add Everest components to all.sh Test a native build and a 32-bit build. For variety, the native build is with CMake and clang, and the 32-bit build is with GNU make and gcc.
2019-04-12 20:29:48 +02:00
component_test_m32_everest () {
msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
Unify ASan options in make builds Use a common set of options when building with Asan without CMake.
2019-10-21 17:11:33 +02:00
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS"
Add Everest components to all.sh Test a native build and a 32-bit build. For variety, the native build is with CMake and clang, and the 32-bit build is with GNU make and gcc.
2019-04-12 20:29:48 +02:00
msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh -f ECDH
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
# Exclude some symmetric ciphers that are redundant here to gain time.
Rm DES from invocations of compat.sh It no longer makes sense, either in -e or -f: those ciphersuites have been removed anyway. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-06 13:28:27 +02:00
tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
Add Everest components to all.sh Test a native build and a 32-bit build. For variety, the native build is with CMake and clang, and the 32-bit build is with GNU make and gcc.
2019-04-12 20:29:48 +02:00
}
support_test_m32_everest () {
support_test_m32_o0 "$@"
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_mx32 () {
Add test command for 64-bit ILP32 in all.sh
2017-05-08 12:19:19 +02:00
msg "build: 64-bit ILP32, make, gcc" # ~ 30s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py full
Pass -m32 to the linker as well For unit tests and sample programs, CFLAGS=-m32 is enough to get a 32-bit build, because these programs are all compiled directly from *.c to the executable in one shot. But with makefile rules that first build object files and then link them, LDFLAGS=-m32 is also needed.
2019-06-07 14:50:09 +02:00
make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32'
Add test command for 64-bit ILP32 in all.sh
2017-05-08 12:19:19 +02:00
msg "test: 64-bit ILP32, make, gcc"
make test
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
all.sh: list components automatically Extract the list of available components by looking for definitions of functions called component_xxx. The previous code explicitly listed all components in run_all_components, which opened the risk of forgetting to list a component there. Add a conditional execution facility: if a function support_xxx exists and returns false then component_xxx is not executed (except when the command line lists an explicit set of components to execute).
2019-01-06 21:50:38 +01:00
support_test_mx32 () {
case $(uname -m) in
amd64|x86_64) true;;
*) false;;
esac
}
Add all.sh test to force 32-bit compilation
2017-05-04 12:35:51 +02:00
all.sh: Test MBEDTLS_MPI_WINDOW_SIZE=1 There were no tests for a non-default MPI window size. Add one. Change-Id: Ic08fbc9161d0b3ee67eb3c91f9baf602646c9dfe
2018-12-27 13:59:04 +01:00
component_test_min_mpi_window_size () {
msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py set MBEDTLS_MPI_WINDOW_SIZE 1
all.sh: Test MBEDTLS_MPI_WINDOW_SIZE=1 There were no tests for a non-default MPI window size. Add one. Change-Id: Ic08fbc9161d0b3ee67eb3c91f9baf602646c9dfe
2018-12-27 13:59:04 +01:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s
make test
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_have_int32 () {
msg "build: gcc, force 32-bit bignum limbs"
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py unset MBEDTLS_HAVE_ASM
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_PADLOCK_C
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32'
Add ARM Compiler 6 build tests to all.sh
2016-09-27 16:05:15 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: gcc, force 32-bit bignum limbs"
make test
}
Fixes test for MBEDTLS_NO_UDBL_DIVISION The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h for the next test. Also added comments to ARM Compiler 6 tests to better explain them.
2017-07-23 13:42:36 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_have_int64 () {
msg "build: gcc, force 64-bit bignum limbs"
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py unset MBEDTLS_HAVE_ASM
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_PADLOCK_C
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64'
Fixes test for MBEDTLS_NO_UDBL_DIVISION The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h for the next test. Also added comments to ARM Compiler 6 tests to better explain them.
2017-07-23 13:42:36 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: gcc, force 64-bit bignum limbs"
make test
}
Fixes test for MBEDTLS_NO_UDBL_DIVISION The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h for the next test. Also added comments to ARM Compiler 6 tests to better explain them.
2017-07-23 13:42:36 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_no_udbl_division () {
msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py full
scripts/config.py set MBEDTLS_NO_UDBL_DIVISION
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
make CFLAGS='-Werror -O1'
Fixes test for MBEDTLS_NO_UDBL_DIVISION The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h for the next test. Also added comments to ARM Compiler 6 tests to better explain them.
2017-07-23 13:42:36 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
make test
}
Add armcc to all.sh if available
2015-02-10 17:38:54 +01:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_no_64bit_multiplication () {
msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py full
scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
make CFLAGS='-Werror -O1'
Add mingw cross-compile test to all.sh
2015-02-16 17:18:36 +01:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
make test
}
Add a build with MBEDTLS_ERROR_STRERROR_DUMMY Add a build with MBEDTLS_ERROR_STRERROR_DUMMY but not MBEDTLS_ERROR_C. Previously, both options were enabled by default, but MBEDTLS_ERROR_STRERROR_DUMMY only matters when MBEDTLS_ERROR_C is enabled, so its effect was not tested. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-09 15:40:05 +01:00
component_test_no_strings () {
msg "build: no strings" # ~10s
scripts/config.py full
# Disable options that activate a large amount of string constants.
scripts/config.py unset MBEDTLS_DEBUG_C
scripts/config.py unset MBEDTLS_ERROR_C
scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY
scripts/config.py unset MBEDTLS_VERSION_FEATURES
make CFLAGS='-Werror -Os'
msg "test: no strings" # ~ 10s
make test
}
Add missing MBEDTLS_X509_REMOVE_INFO guards to ssl-opt.sh Signed-off-by: Hanno Becker <hanno.becker@arm.com> Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-10-09 12:10:42 +02:00
component_test_no_x509_info () {
msg "build: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
scripts/config.pl set MBEDTLS_X509_REMOVE_INFO
Build with -O2 when running ssl-opt SSL testing benefits from faster executables, so use -O2 rather than -O1. Some builds use -O1, but that's intended for jobs that only run unit tests, where the build takes longer than the tests. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 09:36:03 +02:00
make CFLAGS='-Werror -O2'
Add missing MBEDTLS_X509_REMOVE_INFO guards to ssl-opt.sh Signed-off-by: Hanno Becker <hanno.becker@arm.com> Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-10-09 12:10:42 +02:00
msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s
make test
msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_INFO" # ~ 1 min
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh
Add missing MBEDTLS_X509_REMOVE_INFO guards to ssl-opt.sh Signed-off-by: Hanno Becker <hanno.becker@arm.com> Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-10-09 12:10:42 +02:00
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_build_arm_none_eabi_gcc () {
Change our code size reference job to use baremetal_size In build_arm_none_eabi_gcc_m0plus, use baremetal_size instead of baremetal as the configuration, i.e. exclude debugging features. This job is the only one switching to baremetal_size because it's our primary point of reference for code size evolution, and which is the only job where we display the code size built with -Os so it's presumably the only job for which we really care about a meaningful code size report. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 20:00:33 +02:00
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" # ~ 10s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py baremetal
Pass -std=c99 to arm-none-eabi-gcc GCC up to 4.x defaults to C89. On our CI, we run the arm-none-eabi-gcc version from Ubuntu 16.04 on Travis, and that's 4.9, so the gcc-arm builds started failing on Travis when we introduced a C99 construct in the configurations that we test on arm on Travis. Other builds, and Jenkins CI, are not affected because they use GCC 5.x or newer. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-02 11:03:04 +02:00
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib
all.sh: on arm builds (GCC or Arm Compiler), show the code size Just show the code size in the logs, for human consumption. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:11:54 +02:00
Change our code size reference job to use baremetal_size In build_arm_none_eabi_gcc_m0plus, use baremetal_size instead of baremetal as the configuration, i.e. exclude debugging features. This job is the only one switching to baremetal_size because it's our primary point of reference for code size evolution, and which is the only job where we display the code size built with -Os so it's presumably the only job for which we really care about a meaningful code size report. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 20:00:33 +02:00
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug"
all.sh: on arm builds (GCC or Arm Compiler), show the code size Just show the code size in the logs, for human consumption. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:11:54 +02:00
${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add option to avoid 64-bit multiplication Motivation is similar to NO_UDBL_DIVISION. The alternative implementation of 64-bit mult is straightforward and aims at obvious correctness. Also, visual examination of the generate assembly show that it's quite efficient with clang, armcc5 and arm-clang. However current GCC generates fairly inefficient code for it. I tried to rework the code in order to make GCC generate more efficient code. Unfortunately the only way to do that is to get rid of 64-bit add and handle the carry manually, but this causes other compilers to generate less efficient code with branches, which is not acceptable from a side-channel point of view. So let's keep the obvious code that works for most compilers and hope future versions of GCC learn to manage registers in a sensible way in that context. See https://bugs.launchpad.net/gcc-arm-embedded/+bug/1775263
2018-06-07 10:51:44 +02:00
Add arm-linux-gnueabi-gcc build to all.sh Currently it can't be mandatory, since we can't install the required toolchain on Jenkins right away. Also, while at it, remove `SHELL='sh -x'` from the other arm5vte component; it was a leftover from debugging. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-18 10:28:51 +02:00
component_build_arm_linux_gnueabi_gcc_arm5vte () {
Change our code size reference job to use baremetal_size In build_arm_none_eabi_gcc_m0plus, use baremetal_size instead of baremetal as the configuration, i.e. exclude debugging features. This job is the only one switching to baremetal_size because it's our primary point of reference for code size evolution, and which is the only job where we display the code size built with -Os so it's presumably the only job for which we really care about a meaningful code size report. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 20:00:33 +02:00
msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py baremetal
Document the rationale for the armel build Call the component xxx_arm5vte, because that's what it does. Explain "armel", and more generally why this component exists, in a comment.
2019-08-09 16:05:05 +02:00
# Build for a target platform that's close to what Debian uses
# for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
Update references to old Github organisation Replace references to ARMmbed organisation with the new org, Mbed-TLS, following project migration. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 15:07:01 +02:00
# See https://github.com/Mbed-TLS/mbedtls/pull/2169 and comments.
Add arm-linux-gnueabi-gcc build to all.sh Currently it can't be mandatory, since we can't install the required toolchain on Jenkins right away. Also, while at it, remove `SHELL='sh -x'` from the other arm5vte component; it was a leftover from debugging. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-18 10:28:51 +02:00
# Build everything including programs, see for example
Update references to old Github organisation Replace references to ARMmbed organisation with the new org, Mbed-TLS, following project migration. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 15:07:01 +02:00
# https://github.com/Mbed-TLS/mbedtls/pull/3449#issuecomment-675313720
Add arm-linux-gnueabi-gcc build to all.sh Currently it can't be mandatory, since we can't install the required toolchain on Jenkins right away. Also, while at it, remove `SHELL='sh -x'` from the other arm5vte component; it was a leftover from debugging. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-18 10:28:51 +02:00
make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te'
Change our code size reference job to use baremetal_size In build_arm_none_eabi_gcc_m0plus, use baremetal_size instead of baremetal as the configuration, i.e. exclude debugging features. This job is the only one switching to baremetal_size because it's our primary point of reference for code size evolution, and which is the only job where we display the code size built with -Os so it's presumably the only job for which we really care about a meaningful code size report. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 20:00:33 +02:00
msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
Add arm-linux-gnueabi-gcc build to all.sh Currently it can't be mandatory, since we can't install the required toolchain on Jenkins right away. Also, while at it, remove `SHELL='sh -x'` from the other arm5vte component; it was a leftover from debugging. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-18 10:28:51 +02:00
${ARM_LINUX_GNUEABI_GCC_PREFIX}size library/*.o
}
support_build_arm_linux_gnueabi_gcc_arm5vte () {
type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1
}
component_build_arm_none_eabi_gcc_arm5vte () {
Change our code size reference job to use baremetal_size In build_arm_none_eabi_gcc_m0plus, use baremetal_size instead of baremetal as the configuration, i.e. exclude debugging features. This job is the only one switching to baremetal_size because it's our primary point of reference for code size evolution, and which is the only job where we display the code size built with -Os so it's presumably the only job for which we really care about a meaningful code size report. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 20:00:33 +02:00
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s
Add arm-linux-gnueabi-gcc build to all.sh Currently it can't be mandatory, since we can't install the required toolchain on Jenkins right away. Also, while at it, remove `SHELL='sh -x'` from the other arm5vte component; it was a leftover from debugging. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-18 10:28:51 +02:00
scripts/config.py baremetal
# This is an imperfect substitute for
# component_build_arm_linux_gnueabi_gcc_arm5vte
Fix missing dependency on Travis Was getting errors like: In file included from /usr/include/limits.h:25:0, from /usr/lib/gcc-cross/arm-linux-gnueabi/5/include-fixed/limits.h:168, from /usr/lib/gcc-cross/arm-linux-gnueabi/5/include-fixed/syslimits.h:7, from /usr/lib/gcc-cross/arm-linux-gnueabi/5/include-fixed/limits.h:34, from ../include/mbedtls/check_config.h:30, from ../include/mbedtls/build_info.h:81, from common.h:26, from asn1write.c:20: /usr/include/features.h:367:25: fatal error: sys/cdefs.h: No such file or directory There are two packages to choose from: armhf or armel. Since the comment in all.sh says we're trying to be close to Debian's "armel" architecture, choose that, and fix a comment that was mentioning gnueabihf for no apparent reason. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-07-06 09:44:59 +02:00
# in case the gcc-arm-linux-gnueabi toolchain is not available
Pass -std=c99 to arm-none-eabi-gcc GCC up to 4.x defaults to C89. On our CI, we run the arm-none-eabi-gcc version from Ubuntu 16.04 on Travis, and that's 4.9, so the gcc-arm builds started failing on Travis when we introduced a C99 construct in the configurations that we test on arm on Travis. Other builds, and Jenkins CI, are not affected because they use GCC 5.x or newer. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-02 11:03:04 +02:00
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
all.sh: on arm builds (GCC or Arm Compiler), show the code size Just show the code size in the logs, for human consumption. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:11:54 +02:00
Change our code size reference job to use baremetal_size In build_arm_none_eabi_gcc_m0plus, use baremetal_size instead of baremetal as the configuration, i.e. exclude debugging features. This job is the only one switching to baremetal_size because it's our primary point of reference for code size evolution, and which is the only job where we display the code size built with -Os so it's presumably the only job for which we really care about a meaningful code size report. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 20:00:33 +02:00
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
all.sh: on arm builds (GCC or Arm Compiler), show the code size Just show the code size in the logs, for human consumption. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:11:54 +02:00
${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
Add a build on ARMv5TE in ARM mode Non-regression test for "bn_mul.h: require at least ARMv6 to enable the ARM DSP code"
2019-08-05 11:34:25 +02:00
}
all.sh: add a Cortex-M0+ build It's pretty fast and adds a little variety. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:00:53 +02:00
component_build_arm_none_eabi_gcc_m0plus () {
Change our code size reference job to use baremetal_size In build_arm_none_eabi_gcc_m0plus, use baremetal_size instead of baremetal as the configuration, i.e. exclude debugging features. This job is the only one switching to baremetal_size because it's our primary point of reference for code size evolution, and which is the only job where we display the code size built with -Os so it's presumably the only job for which we really care about a meaningful code size report. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 20:00:33 +02:00
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus, baremetal_size" # ~ 10s
scripts/config.py baremetal_size
Pass -std=c99 to arm-none-eabi-gcc GCC up to 4.x defaults to C89. On our CI, we run the arm-none-eabi-gcc version from Ubuntu 16.04 on Travis, and that's 4.9, so the gcc-arm builds started failing on Travis when we introduced a C99 construct in the configurations that we test on arm on Travis. Other builds, and Jenkins CI, are not affected because they use GCC 5.x or newer. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-02 11:03:04 +02:00
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib
all.sh: on arm builds (GCC or Arm Compiler), show the code size Just show the code size in the logs, for human consumption. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:11:54 +02:00
Change our code size reference job to use baremetal_size In build_arm_none_eabi_gcc_m0plus, use baremetal_size instead of baremetal as the configuration, i.e. exclude debugging features. This job is the only one switching to baremetal_size because it's our primary point of reference for code size evolution, and which is the only job where we display the code size built with -Os so it's presumably the only job for which we really care about a meaningful code size report. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 20:00:33 +02:00
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size"
all.sh: on arm builds (GCC or Arm Compiler), show the code size Just show the code size in the logs, for human consumption. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:11:54 +02:00
${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
all.sh: add a Cortex-M0+ build It's pretty fast and adds a little variety. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:00:53 +02:00
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_build_arm_none_eabi_gcc_no_udbl_division () {
Rename --arm-gcc-prefix to --arm-none-eabi-gcc-prefix This is supposed to be for GCC (or a compiler with a compatible command line interface) targeting arm-none-eabi, so name it accordingly. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 18:19:32 +02:00
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py baremetal
scripts/config.py set MBEDTLS_NO_UDBL_DIVISION
Pass -std=c99 to arm-none-eabi-gcc GCC up to 4.x defaults to C89. On our CI, we run the arm-none-eabi-gcc version from Ubuntu 16.04 on Travis, and that's 4.9, so the gcc-arm builds started failing on Travis when we introduced a C99 construct in the configurations that we test on arm on Travis. Other builds, and Jenkins CI, are not affected because they use GCC 5.x or newer. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-02 11:03:04 +02:00
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
echo "Checking that software 64-bit division is not required"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
not grep __aeabi_uldiv library/*.o
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Add option to avoid 64-bit multiplication Motivation is similar to NO_UDBL_DIVISION. The alternative implementation of 64-bit mult is straightforward and aims at obvious correctness. Also, visual examination of the generate assembly show that it's quite efficient with clang, armcc5 and arm-clang. However current GCC generates fairly inefficient code for it. I tried to rework the code in order to make GCC generate more efficient code. Unfortunately the only way to do that is to get rid of 64-bit add and handle the carry manually, but this causes other compilers to generate less efficient code with branches, which is not acceptable from a side-channel point of view. So let's keep the obvious code that works for most compilers and hope future versions of GCC learn to manage registers in a sensible way in that context. See https://bugs.launchpad.net/gcc-arm-embedded/+bug/1775263
2018-06-07 10:51:44 +02:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
Rename --arm-gcc-prefix to --arm-none-eabi-gcc-prefix This is supposed to be for GCC (or a compiler with a compatible command line interface) targeting arm-none-eabi, so name it accordingly. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 18:19:32 +02:00
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py baremetal
scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION
Pass -std=c99 to arm-none-eabi-gcc GCC up to 4.x defaults to C89. On our CI, we run the arm-none-eabi-gcc version from Ubuntu 16.04 on Travis, and that's 4.9, so the gcc-arm builds started failing on Travis when we introduced a C99 construct in the configurations that we test on arm on Travis. Other builds, and Jenkins CI, are not affected because they use GCC 5.x or newer. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-02 11:03:04 +02:00
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
echo "Checking that software 64-bit multiplication is not required"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
not grep __aeabi_lmul library/*.o
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
component_build_armcc () {
all.sh: on arm builds (GCC or Arm Compiler), show the code size Just show the code size in the logs, for human consumption. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:11:54 +02:00
msg "build: ARM Compiler 5"
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py baremetal
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be specified. If used, it is necessary to compile with -march=armv8.2-a+sha3. The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO. There should be minimal code size impact if no A64_CRYPTO option is set. The SHA-512 implementation was originally written by Simon Tatham for PuTTY, under the MIT licence; dual-licensed as Apache 2 with his kind permission. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-15 11:51:52 +01:00
# armc[56] don't support SHA-512 intrinsics
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
Enable inline assembly in armcc all.sh component The test script all.sh contains the component component_build_armcc testing that Mbed TLS builds using Arm Compiler 5 and 6, on a variety of platforms. However, the component does not exercise inline assembly for Arm, since - MBEDTLS_HAVE_ASM is unset, and - Some Arm inline assembly is only used if the level of optimization is not 0. This commit changes the test component to ensure that inline assembly is built by setting MBEDTLS_HAVE_ASM as well as enabling optimization level 1 (-O1). Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-07-15 13:08:19 +02:00
scripts/config.py set MBEDTLS_HAVE_ASM
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be specified. If used, it is necessary to compile with -march=armv8.2-a+sha3. The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO. There should be minimal code size impact if no A64_CRYPTO option is set. The SHA-512 implementation was originally written by Simon Tatham for PuTTY, under the MIT licence; dual-licensed as Apache 2 with his kind permission. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-15 11:51:52 +01:00
all.sh: new option --no-armcc With this option, don't run anything that requires armcc or yotta, so the script can run offline.
2017-12-19 18:24:31 +01:00
make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
all.sh: on arm builds (GCC or Arm Compiler), show the code size Just show the code size in the logs, for human consumption. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:11:54 +02:00
msg "size: ARM Compiler 5"
"$ARMC5_FROMELF" -z library/*.o
all.sh: new option --no-armcc With this option, don't run anything that requires armcc or yotta, so the script can run offline.
2017-12-19 18:24:31 +01:00
make clean
Add ARM Compiler 6 build tests to all.sh
2016-09-27 16:05:15 +02:00
Enable inline assembly in armcc all.sh component The test script all.sh contains the component component_build_armcc testing that Mbed TLS builds using Arm Compiler 5 and 6, on a variety of platforms. However, the component does not exercise inline assembly for Arm, since - MBEDTLS_HAVE_ASM is unset, and - Some Arm inline assembly is only used if the level of optimization is not 0. This commit changes the test component to ensure that inline assembly is built by setting MBEDTLS_HAVE_ASM as well as enabling optimization level 1 (-O1). Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-07-15 13:08:19 +02:00
# Compile with -O1 since some Arm inline assembly is disabled for -O0.
all.sh: new option --no-armcc With this option, don't run anything that requires armcc or yotta, so the script can run offline.
2017-12-19 18:24:31 +01:00
# ARM Compiler 6 - Target ARMv7-A
Add armcc plain armv7-m target; tidy up arg order Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-17 15:35:29 +02:00
armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a"
Fixes test for MBEDTLS_NO_UDBL_DIVISION The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h for the next test. Also added comments to ARM Compiler 6 tests to better explain them.
2017-07-23 13:42:36 +02:00
all.sh: new option --no-armcc With this option, don't run anything that requires armcc or yotta, so the script can run offline.
2017-12-19 18:24:31 +01:00
# ARM Compiler 6 - Target ARMv7-M
Add armcc plain armv7-m target; tidy up arg order Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-17 15:35:29 +02:00
armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m"
# ARM Compiler 6 - Target ARMv7-M+DSP
armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m+dsp"
Fixes test for MBEDTLS_NO_UDBL_DIVISION The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h for the next test. Also added comments to ARM Compiler 6 tests to better explain them.
2017-07-23 13:42:36 +02:00
all.sh: new option --no-armcc With this option, don't run anything that requires armcc or yotta, so the script can run offline.
2017-12-19 18:24:31 +01:00
# ARM Compiler 6 - Target ARMv8-A - AArch32
Add armcc plain armv7-m target; tidy up arg order Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-17 15:35:29 +02:00
armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8.2-a"
Fixes test for MBEDTLS_NO_UDBL_DIVISION The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h for the next test. Also added comments to ARM Compiler 6 tests to better explain them.
2017-07-23 13:42:36 +02:00
all.sh: new option --no-armcc With this option, don't run anything that requires armcc or yotta, so the script can run offline.
2017-12-19 18:24:31 +01:00
# ARM Compiler 6 - Target ARMv8-M
Add armcc plain armv7-m target; tidy up arg order Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-17 15:35:29 +02:00
armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main"
Fixes test for MBEDTLS_NO_UDBL_DIVISION The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h for the next test. Also added comments to ARM Compiler 6 tests to better explain them.
2017-07-23 13:42:36 +02:00
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be specified. If used, it is necessary to compile with -march=armv8.2-a+sha3. The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO. There should be minimal code size impact if no A64_CRYPTO option is set. The SHA-512 implementation was originally written by Simon Tatham for PuTTY, under the MIT licence; dual-licensed as Apache 2 with his kind permission. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-15 11:51:52 +01:00
# ARM Compiler 6 - Target ARMv8.2-A - AArch64
Add armcc plain armv7-m target; tidy up arg order Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-17 15:35:29 +02:00
armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
all.sh: test with SHA-1 enabled Enabling SHA-1 for certificates is deprecated but we still want it to work. Thanks to @andresag01
2017-05-12 15:26:58 +02:00
fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-27 06:01:01 +01:00
component_test_tls13_only () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2"
tls13_only: add tls13_only test component Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-24 11:45:45 +01:00
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
Always enable MBEDTLS_TEST_HOOKS in TLS 1.3-only test configurations MBEDTLS_TEST_HOOKS is not supposed to change the behavior of the library, so it's generally good to have it on in functional tests. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-29 17:44:19 +02:00
msg "test: TLS 1.3 only, all key exchange modes enabled"
make test
Add check tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-15 03:26:40 +01:00
all.sh: Add components testing TLS 1.3 kex partial enablement Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-17 17:35:32 +02:00
msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled"
tests/ssl-opt.sh
}
component_test_tls13_only_psk () {
msg "build: TLS 1.3 only from default, only PSK key exchange mode"
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
scripts/config.py unset MBEDTLS_ECDH_C
scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_PKCS1_V21
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
msg "test_suite_ssl: TLS 1.3 only, only PSK key exchange mode enabled"
cd tests; ./test_suite_ssl; cd ..
msg "ssl-opt.sh: TLS 1.3 only, only PSK key exchange mode enabled"
tests/ssl-opt.sh
}
component_test_tls13_only_ephemeral () {
msg "build: TLS 1.3 only from default, only ephemeral key exchange mode"
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Update early data test cases with latest code message Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-15 11:52:57 +01:00
scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
all.sh: Add components testing TLS 1.3 kex partial enablement Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-17 17:35:32 +02:00
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
msg "test_suite_ssl: TLS 1.3 only, only ephemeral key exchange mode"
cd tests; ./test_suite_ssl; cd ..
msg "ssl-opt.sh: TLS 1.3 only, only ephemeral key exchange mode"
tests/ssl-opt.sh
}
component_test_tls13_only_psk_ephemeral () {
msg "build: TLS 1.3 only from default, only PSK ephemeral key exchange mode"
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_PKCS1_V21
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral key exchange mode"
cd tests; ./test_suite_ssl; cd ..
msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral key exchange mode"
tests/ssl-opt.sh
}
component_test_tls13_only_psk_all () {
msg "build: TLS 1.3 only from default, without ephemeral key exchange mode"
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_PKCS1_V21
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
msg "test_suite_ssl: TLS 1.3 only, PSK and PSK ephemeral key exchange modes"
cd tests; ./test_suite_ssl; cd ..
msg "ssl-opt.sh: TLS 1.3 only, PSK and PSK ephemeral key exchange modes"
tests/ssl-opt.sh
}
component_test_tls13_only_ephemeral_all () {
msg "build: TLS 1.3 only from default, without PSK key exchange mode"
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
cd tests; ./test_suite_ssl; cd ..
msg "ssl-opt.sh: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
tests/ssl-opt.sh
tls13_only: add tls13_only test component Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-24 11:45:45 +01:00
}
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-08 16:57:54 +01:00
component_test_tls13 () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
ssl-opt.sh: TLS 1.3: Run tests with middlebox compatibility enabled Run tests with middlebox compatibility enabled but tests dedicated to middlebox compatibility disabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 10:39:19 +01:00
scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-08 16:57:54 +01:00
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
ssl-opt.sh: TLS 1.3: Run tests with middlebox compatibility enabled Run tests with middlebox compatibility enabled but tests dedicated to middlebox compatibility disabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 10:39:19 +01:00
make test
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-08 16:57:54 +01:00
msg "ssl-opt.sh (TLS 1.3)"
Remove obsolete calls to if_build_succeeded This is now a no-op. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:30:54 +01:00
tests/ssl-opt.sh
ssl-opt.sh: TLS 1.3: Run tests with middlebox compatibility enabled Run tests with middlebox compatibility enabled but tests dedicated to middlebox compatibility disabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 10:39:19 +01:00
}
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-08 16:57:54 +01:00
component_test_tls13_no_compatibility_mode () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
ssl-opt.sh: TLS 1.3: Run tests with middlebox compatibility enabled Run tests with middlebox compatibility enabled but tests dedicated to middlebox compatibility disabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 10:39:19 +01:00
scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
Add 'build+unit test' test for experimental TLS 1.3 code to all.sh Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-04 13:03:51 +02:00
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-08 16:57:54 +01:00
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
all.sh: Run basic TLS 1.3 with and without record padding Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-01 20:20:10 +02:00
make test
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-08 16:57:54 +01:00
msg "ssl-opt.sh (TLS 1.3 no compatibility mode)"
Remove obsolete calls to if_build_succeeded This is now a no-op. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:30:54 +01:00
tests/ssl-opt.sh
all.sh: Run basic TLS 1.3 with and without record padding Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-01 20:20:10 +02:00
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_build_mingw () {
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
Enable parallel shared target tests Now that the dependency issues for shared target are fixed, the feature can be enabled in tests.
2019-10-03 09:18:01 +02:00
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs
Make the test builds much stricter for warnings Tighten up the test options in all.sh, test-ref-configs.pl and curves.pl to ensure the builds are strict for all warnings, warnings are treated as errors, and that wherever possible builds are strict to the C99 standard. (Note that builds that use the Unix sockets API cannot be).
2016-11-10 18:25:58 +01:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
# note Make tests only builds the tests, but doesn't run them
Enable parallel shared target tests Now that the dependency issues for shared target are fixed, the feature can be enabled in tests.
2019-10-03 09:18:01 +02:00
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
make WINDOWS_BUILD=1 clean
Add mingw cross-compile test to all.sh
2015-02-16 17:18:36 +01:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
Enable parallel shared target tests Now that the dependency issues for shared target are fixed, the feature can be enabled in tests.
2019-10-03 09:18:01 +02:00
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
make WINDOWS_BUILD=1 clean
}
all.sh: Require i686-w64-mingw32-gcc version >= 6 Require mingw gcc version 6 or greater in order to ensure BCryptGenRandom() is available.
2019-04-17 16:19:26 +02:00
support_build_mingw() {
case $(i686-w64-mingw32-gcc -dumpversion) in
[0-5]*) false;;
*) true;;
esac
}
Adapt all.sh for OS X (no MemSan)
2015-01-26 15:03:56 +01:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_memsan () {
all.sh: indent
2017-12-10 23:22:20 +01:00
msg "build: MSan (clang)" # ~ 1 min 20s
Invoke config.py instead of config.pl git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g' Also: * Change one comment in include/mbedtls/check_config.h. * Change PERL to PYTHON in CMakeLists.txt.
2019-07-27 23:52:53 +02:00
scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
all.sh: indent
2017-12-10 23:22:20 +01:00
CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
make
Rework all.sh to use MSan instead of valgrind
2014-11-20 13:10:22 +01:00
all.sh: indent
2017-12-10 23:22:20 +01:00
msg "test: main suites (MSan)" # ~ 10s
make test
Test memory a bit more often in all.sh
2014-05-09 13:46:59 +02:00
all.sh: indent
2017-12-10 23:22:20 +01:00
msg "test: ssl-opt.sh (MSan)" # ~ 1 min
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh
Test memory a bit more often in all.sh
2014-05-09 13:46:59 +02:00
all.sh: indent
2017-12-10 23:22:20 +01:00
# Optional part(s)
Rework all.sh to use MSan instead of valgrind
2014-11-20 13:10:22 +01:00
all.sh: indent
2017-12-10 23:22:20 +01:00
if [ "$MEMORY" -gt 0 ]; then
msg "test: compat.sh (MSan)" # ~ 6 min 20s
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/compat.sh
all.sh: indent
2017-12-10 23:22:20 +01:00
fi
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
all.sh: one test script to run them all
2014-03-19 18:29:01 +01:00
Rename test_memcheck to test_valgrind Valgrind is what it does. `memcheck` is how it's implemented.
2019-01-10 00:11:42 +01:00
component_test_valgrind () {
all.sh: indent
2017-12-10 23:22:20 +01:00
msg "build: Release (clang)"
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
make
Adapt all.sh for OS X (no MemSan)
2015-01-26 15:03:56 +01:00
all.sh: indent
2017-12-10 23:22:20 +01:00
msg "test: main suites valgrind (Release)"
make memcheck
Adapt all.sh for OS X (no MemSan)
2015-01-26 15:03:56 +01:00
Restore full tls coverage to all.sh The merge of mbed-crypto removed some tls coverage. Restore it. Also remove references to the `crypto` subdirectory brought by the mbedtls side of the merge. In more detail: * `tests/scripts/all.sh`: * `fuzz` in comments (×2): restore it. * `CTEST_OUTPUT_ON_FAILURE=1`: don't remove it. * `cd crypto` for `make clean`: don't restore it. * `cleanup`: do restore `programs/fuzz/Makefile`. Don't go into `crypto`. Keep only one copy of the calls to `rm` in `cmake_subproject`. * Comment legacy options: don't remove it. * `crypto/Makefile` and `pre_check_seedfile`: don't restore either. See below regarding the lack of need for `pre_check_seedfile`. * blank line in `pre_print_configuration`: restore it. * blank line before `#### Build and test`: restore it. * SSL tests in `component_test_full_cmake_gcc_asan` and zlib components: restore it. * `component_test_no_pem_no_fs` (×2): the merge placed two copies in different locations. Reconcile them: unset PSA storage like in crypto, and call `ssl-opt.sh` like in tls. Put the merged version at the tls location. * `component_test_everest`: do add it at the tls location. * `component_test_small_mbedtls_ssl_dtls_max_buffering`: restore the tls value. * `component_test_new_ecdh_context`…: move `component_test_new_ecdh_context` before `component_test_everest` and add a calls to `compat.sh` and `ssl-opt.sh` like in `component_test_everest`. Remove the redundant crypto-only `component_test_everest`. Don't remove `component_test_psa_collect_statuses`. * `component_test_full_cmake_clang`: don't remove `clang` in the `msg` call. Don't remove the call to `test_psa_constant_names.py`. * `component_test_full_make_gcc_o0`: remove it. It's subsumed by `component_test_gcc_opt`. * `component_build_deprecated`: don't remove anything. * `component_test_memory_buffer_allocator`: restore `ssl-opt.sh`. * `component_test_when_no_ciphersuites_have_mac`: restore it. * `component_test_platform_calloc_macro`: don't restore `unset MBEDTLS_MEMORY_BUFFER_ALLOC_C` which is now redundant. Don't restore explicit flags instead of `$ASAN_CFLAGS`. * `component_test_aes_fewer_tables`…: don't remove it. * `component_test_m32_o1`: restore SSL testing. * `component_test_m32_everest`: restore SSL testing. * `component_test_min_mpi_window_size`…: don't remove it. * `component_test_valgrind`: do restore the tls version of the comment. * `run_component`: don't remove the seedfile creation. This is better than `pre_check_seedfile` (see below). * `pre_check_seedfile`: don't restore it. `pre_check_seedfile` (from tls) creates a seedfile once and for all. This is not good enough if a component fails in such a way as to leave a broken seedfile, or if a component leaves a seedfile with a size that's wrong for the next component to run. Instead (from crypto), `run_component` creates a sufficiently large seedfile before each component.
2020-03-04 20:46:15 +01:00
# Optional parts (slow; currently broken on OS X because programs don't
# seem to receive signals under valgrind on OS X).
all.sh: indent
2017-12-10 23:22:20 +01:00
if [ "$MEMORY" -gt 0 ]; then
msg "test: ssl-opt.sh --memcheck (Release)"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/ssl-opt.sh --memcheck
all.sh: indent
2017-12-10 23:22:20 +01:00
fi
Adapt all.sh for OS X (no MemSan)
2015-01-26 15:03:56 +01:00
all.sh: indent
2017-12-10 23:22:20 +01:00
if [ "$MEMORY" -gt 1 ]; then
msg "test: compat.sh --memcheck (Release)"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/compat.sh --memcheck
all.sh: indent
2017-12-10 23:22:20 +01:00
fi
Add tests for the ssl_context_info program Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-07 16:07:05 +02:00
if [ "$MEMORY" -gt 0 ]; then
msg "test: context-info.sh --memcheck (Release)"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/context-info.sh --memcheck
Add tests for the ssl_context_info program Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-07 16:07:05 +02:00
fi
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
Adapt all.sh for OS X (no MemSan)
2015-01-26 15:03:56 +01:00
Stop CMake out of source tests running on 16.04 Running the out of source CMake test on Ubuntu 16.04 using more than one processor (as the CI does) can create a race condition whereby the build fails to see a generated file, despite that file actually having been generated. This problem appears to go away with 18.04 or newer, so make the out of source tests not supported on Ubuntu 16.04 Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-25 18:29:40 +01:00
support_test_cmake_out_of_source () {
distrib_id=""
distrib_ver=""
distrib_ver_minor=""
distrib_ver_major=""
# Attempt to parse lsb-release to find out distribution and version. If not
# found this should fail safe (test is supported).
if [[ -f /etc/lsb-release ]]; then
while read -r lsb_line; do
case "$lsb_line" in
"DISTRIB_ID"*) distrib_id=${lsb_line/#DISTRIB_ID=};;
"DISTRIB_RELEASE"*) distrib_ver=${lsb_line/#DISTRIB_RELEASE=};;
esac
done < /etc/lsb-release
distrib_ver_major="${distrib_ver%%.*}"
distrib_ver="${distrib_ver#*.}"
distrib_ver_minor="${distrib_ver%%.*}"
fi
# Running the out of source CMake test on Ubuntu 16.04 using more than one
# processor (as the CI does) can create a race condition whereby the build
# fails to see a generated file, despite that file actually having been
# generated. This problem appears to go away with 18.04 or newer, so make
# the out of source tests unsupported on Ubuntu 16.04.
[ "$distrib_id" != "Ubuntu" ] || [ "$distrib_ver_major" -gt 16 ]
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_cmake_out_of_source () {
msg "build: cmake 'out-of-source' build"
MBEDTLS_ROOT_DIR="$PWD"
mkdir "$OUT_OF_SOURCE_DIR"
cd "$OUT_OF_SOURCE_DIR"
Switch cmake -O2 builds around to where we test a lot Use Release mode (-O2) for component_test_full_cmake_clang which runs SSL tests. To have some coverage with Check mode (which enables more compiler warnings but compiles with -Os), change a few other builds that only run unit tests at most to Check mode. Don't add any new builds, to keep the total build volume down. We don't need extensive coverage of all combinations, just a reasonable set. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-07 19:34:57 +02:00
cmake -D CMAKE_BUILD_TYPE:String=Check "$MBEDTLS_ROOT_DIR"
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
make
Adapt all.sh for OS X (no MemSan)
2015-01-26 15:03:56 +01:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
msg "test: cmake 'out-of-source' build"
make test
test_cmake_out_of_source: run an ssl-opt test case that exists component_test_cmake_out_of_source was running the ssl-opt.sh test case "Fallback SCSV: beginning of list", but this test case was removed in Mbed TLS 3.0, so ssl-opt.sh was running nothing, which is not an effective test. In 2.x, the test case was chosen because it uses an additional auxiliary program tests/scripts/tcp_client.pl. This auxiliary program is no longer used. So instead, run at least one test case that's sure to exist. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-16 11:31:25 +02:00
# Check that ssl-opt.sh can find the test programs.
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
# Also ensure that there are no error messages such as
# "No such file or directory", which would indicate that some required
# file is missing (ssl-opt.sh tolerates the absence of some files so
# may exit with status 0 but emit errors).
test_cmake_out_of_source: run an ssl-opt test case that exists component_test_cmake_out_of_source was running the ssl-opt.sh test case "Fallback SCSV: beginning of list", but this test case was removed in Mbed TLS 3.0, so ssl-opt.sh was running nothing, which is not an effective test. In 2.x, the test case was chosen because it uses an additional auxiliary program tests/scripts/tcp_client.pl. This auxiliary program is no longer used. So instead, run at least one test case that's sure to exist. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-16 11:31:25 +02:00
./tests/ssl-opt.sh -f 'Default' >ssl-opt.out 2>ssl-opt.err
test_cmake_out_of_source: validate that ssl-opt passed If the ssl-opt test case was skipped, the test was ineffective. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 22:43:38 +02:00
grep PASS ssl-opt.out
component_test_cmake_out_of_source: simplify and fix error handling Remove ssl-opt.err even if it's empty. Call cat unconditionally: it'll have no visible effect if the file is empty. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:56:09 +01:00
cat ssl-opt.err >&2
# If ssl-opt.err is non-empty, record an error and keep going.
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
[ ! -s ssl-opt.err ]
test_cmake_out_of_source: validate that ssl-opt passed If the ssl-opt test case was skipped, the test was ineffective. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 22:43:38 +02:00
rm ssl-opt.out ssl-opt.err
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
cd "$MBEDTLS_ROOT_DIR"
rm -rf "$OUT_OF_SOURCE_DIR"
}
CMake: Add a subdirectory build regression test If we have a regression with the "build Mbed TLS as a subdirectory with CMake" feature and fail to build, fail the test.
2019-06-20 18:38:22 +02:00
component_test_cmake_as_subdirectory () {
msg "build: cmake 'as-subdirectory' build"
cd programs/test/cmake_subproject
cmake .
make
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
./cmake_subproject
CMake: Add a subdirectory build regression test If we have a regression with the "build Mbed TLS as a subdirectory with CMake" feature and fail to build, fail the test.
2019-06-20 18:38:22 +02:00
}
Stop CMake out of source tests running on 16.04 (continued) The race condition mentioned in the previous commit "Stop CMake out of source tests running on 16.04" has also been observed with test_cmake_as_subdirectory and can presumably happen with test_cmake_as_package and test_cmake_as_package_install as well. So skip all of these components on Ubuntu 16.04. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:21:12 +01:00
support_test_cmake_as_subdirectory () {
support_test_cmake_out_of_source
CMake: Add a subdirectory build regression test If we have a regression with the "build Mbed TLS as a subdirectory with CMake" feature and fail to build, fail the test.
2019-06-20 18:38:22 +02:00
}
Add CMake package config file This change enables automatic detection and consumption of Mbed TLS library targets from within other CMake projects. By generating an `MbedTLSConfig.cmake` file, consuming projects receive a more complete view of these targets, allowing them to be used as dependencies which properly inherit the transitive dependencies of the libraries. This is fairly fragile, as it seems Mbed TLS's libraries do not appear to properly model their dependencies on other targets, including third-party dependencies. It is, however, sufficient for building and linking the compiled Mbed TLS libraries when there are no third-party dependencies involved. Further work is needed for more complex use-cases, but this will likely meet the needs of most projects. Resolves #298. Probably useful for #2857. Signed-off-by: Chris Kay <chris.kay@arm.com>
2021-03-25 17:03:25 +01:00
component_test_cmake_as_package () {
msg "build: cmake 'as-package' build"
cd programs/test/cmake_package
cmake .
make
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
./cmake_package
Add CMake package config file This change enables automatic detection and consumption of Mbed TLS library targets from within other CMake projects. By generating an `MbedTLSConfig.cmake` file, consuming projects receive a more complete view of these targets, allowing them to be used as dependencies which properly inherit the transitive dependencies of the libraries. This is fairly fragile, as it seems Mbed TLS's libraries do not appear to properly model their dependencies on other targets, including third-party dependencies. It is, however, sufficient for building and linking the compiled Mbed TLS libraries when there are no third-party dependencies involved. Further work is needed for more complex use-cases, but this will likely meet the needs of most projects. Resolves #298. Probably useful for #2857. Signed-off-by: Chris Kay <chris.kay@arm.com>
2021-03-25 17:03:25 +01:00
}
Stop CMake out of source tests running on 16.04 (continued) The race condition mentioned in the previous commit "Stop CMake out of source tests running on 16.04" has also been observed with test_cmake_as_subdirectory and can presumably happen with test_cmake_as_package and test_cmake_as_package_install as well. So skip all of these components on Ubuntu 16.04. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:21:12 +01:00
support_test_cmake_as_package () {
support_test_cmake_out_of_source
Add CMake package config file This change enables automatic detection and consumption of Mbed TLS library targets from within other CMake projects. By generating an `MbedTLSConfig.cmake` file, consuming projects receive a more complete view of these targets, allowing them to be used as dependencies which properly inherit the transitive dependencies of the libraries. This is fairly fragile, as it seems Mbed TLS's libraries do not appear to properly model their dependencies on other targets, including third-party dependencies. It is, however, sufficient for building and linking the compiled Mbed TLS libraries when there are no third-party dependencies involved. Further work is needed for more complex use-cases, but this will likely meet the needs of most projects. Resolves #298. Probably useful for #2857. Signed-off-by: Chris Kay <chris.kay@arm.com>
2021-03-25 17:03:25 +01:00
}
component_test_cmake_as_package_install () {
msg "build: cmake 'as-installed-package' build"
cd programs/test/cmake_package_install
cmake .
make
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
./cmake_package_install
Add CMake package config file This change enables automatic detection and consumption of Mbed TLS library targets from within other CMake projects. By generating an `MbedTLSConfig.cmake` file, consuming projects receive a more complete view of these targets, allowing them to be used as dependencies which properly inherit the transitive dependencies of the libraries. This is fairly fragile, as it seems Mbed TLS's libraries do not appear to properly model their dependencies on other targets, including third-party dependencies. It is, however, sufficient for building and linking the compiled Mbed TLS libraries when there are no third-party dependencies involved. Further work is needed for more complex use-cases, but this will likely meet the needs of most projects. Resolves #298. Probably useful for #2857. Signed-off-by: Chris Kay <chris.kay@arm.com>
2021-03-25 17:03:25 +01:00
}
Stop CMake out of source tests running on 16.04 (continued) The race condition mentioned in the previous commit "Stop CMake out of source tests running on 16.04" has also been observed with test_cmake_as_subdirectory and can presumably happen with test_cmake_as_package and test_cmake_as_package_install as well. So skip all of these components on Ubuntu 16.04. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:21:12 +01:00
support_test_cmake_as_package_install () {
support_test_cmake_out_of_source
Add CMake package config file This change enables automatic detection and consumption of Mbed TLS library targets from within other CMake projects. By generating an `MbedTLSConfig.cmake` file, consuming projects receive a more complete view of these targets, allowing them to be used as dependencies which properly inherit the transitive dependencies of the libraries. This is fairly fragile, as it seems Mbed TLS's libraries do not appear to properly model their dependencies on other targets, including third-party dependencies. It is, however, sufficient for building and linking the compiled Mbed TLS libraries when there are no third-party dependencies involved. Further work is needed for more complex use-cases, but this will likely meet the needs of most projects. Resolves #298. Probably useful for #2857. Signed-off-by: Chris Kay <chris.kay@arm.com>
2021-03-25 17:03:25 +01:00
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_test_zeroize () {
# Test that the function mbedtls_platform_zeroize() is not optimized away by
# different combinations of compilers and optimization flags by using an
# auxiliary GDB script. Unfortunately, GDB does not return error values to the
# system in all cases that the script fails, so we must manually search the
# output to check whether the pass string is present and no failure strings
# were printed.
Gdb script: improve portability of ASLR disabling disabling Call `set disable-randomization off` only if it seems to be supported. The goal is to neither get an error about disable-randomization not being supported (e.g. on FreeBSD), nor get an error if it is supported but fails (e.g. on Ubuntu). Only fiddle with disable-randomization from all.sh, which cares because it reports the failure of ASLR disabling as an error. If a developer invokes the Gdb script manually, a warning about ASLR doesn't matter.
2019-01-06 20:52:22 +01:00
# Don't try to disable ASLR. We don't care about ASLR here. We do care
# about a spurious message if Gdb tries and fails, so suppress that.
gdb_disable_aslr=
if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then
gdb_disable_aslr='set disable-randomization off'
fi
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
for optimization_flag in -O2 -O3 -Ofast -Os; do
Fix inconsistent indentation Only whitespace changes in this commit.
2019-01-09 22:28:21 +01:00
for compiler in clang gcc; do
msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
grep "The buffer was correctly zeroized" test_zeroize.log
not grep -i "error" test_zeroize.log
Fix inconsistent indentation Only whitespace changes in this commit.
2019-01-09 22:28:21 +01:00
rm -f test_zeroize.log
make clean
done
Extend zeroize tests to multiple optimizations Extend the all.sh test to cover multiple compiler optimization levels. At the momment, the test is run using gcc and clang.
2017-10-25 11:35:51 +02:00
done
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
all.sh: add some documentation
2017-12-21 15:59:21 +01:00
Run the PSA Compliance test suite in all.sh This commit adds a component to all.sh which clones, builds and runs the compliance test suite. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-10-19 15:05:36 +02:00
component_test_psa_compliance () {
msg "build: make, default config (out-of-box), libmbedcrypto.a only"
Make the changes easier to backport The code replaced in this patch was not compatible with the development_2.x branch. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-10-25 19:29:07 +02:00
make -C library libmbedcrypto.a
Run the PSA Compliance test suite in all.sh This commit adds a component to all.sh which clones, builds and runs the compliance test suite. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-10-19 15:05:36 +02:00
msg "unit test: test_psa_compliance.py"
./tests/scripts/test_psa_compliance.py
}
support_test_psa_compliance () {
Explain why support_test_psa_compliance is needed Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-03 11:36:09 +01:00
# psa-compliance-tests only supports CMake >= 3.10.0
Make the changes easier to backport The code replaced in this patch was not compatible with the development_2.x branch. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-10-25 19:29:07 +02:00
ver="$(cmake --version)"
ver="${ver#cmake version }"
ver_major="${ver%%.*}"
ver="${ver#*.}"
ver_minor="${ver%%.*}"
[ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ]
Run the PSA Compliance test suite in all.sh This commit adds a component to all.sh which clones, builds and runs the compliance test suite. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-10-19 15:05:36 +02:00
}
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
component_check_python_files () {
msg "Lint: Python scripts"
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
tests/scripts/check-python-files.sh
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
all.sh: add some documentation
2017-12-21 15:59:21 +01:00
Include translate ciphers tests in all.sh To run test_translate_ciphers_names.py and _format.sh in the CI, include it in all.sh component_check_generate_test_code. Rename check_generate_test_code to check_test_helpers Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-07-29 12:18:29 +02:00
component_check_test_helpers () {
msg "unit test: generate_test_code.py"
Make check_generate_test_code more -q friendly Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 11:40:08 +02:00
# unittest writes out mundane stuff like number or tests run on stderr.
# Our convention is to reserve stderr for actual errors, and write
# harmless info on stdout so it can be suppress with --quiet.
Stop dispatching through obsolete functions Remove the obsolete functions record_status and if_build_succeeded. They didn't affect error detection, but they made error reporting worse since $BASH_COMMAND would be the unexpanded "$@". Keep the function definitions for the sake of pull requests using them that may still be in flight. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:41:16 +02:00
./tests/scripts/test_generate_test_code.py 2>&1
Include translate ciphers tests in all.sh To run test_translate_ciphers_names.py and _format.sh in the CI, include it in all.sh component_check_generate_test_code. Rename check_generate_test_code to check_test_helpers Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-07-29 12:18:29 +02:00
Integrate tests as unit tests into one file Rather than having the tests seperated into different files, they were integrated into translate_ciphers.py and can be run from root using: `python -m unittest tests/scripts/translate_ciphers.py` test_translate_ciphers_format.sh was originally made as a testing ground before having the translation tool being implmented into compat.sh. Translating it to python code makes it redundant and therefore it will be removed. Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-06 10:41:27 +02:00
msg "unit test: translate_ciphers.py"
python3 -m unittest tests/scripts/translate_ciphers.py 2>&1
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
all.sh: add some documentation
2017-12-21 15:59:21 +01:00
################################################################
#### Termination
################################################################
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
post_report () {
msg "Done, cleaning up"
Don't restore *config.h before backing it up Back up the config files at the beginning of all.sh, rather than before each component. In particular, create the backup before running cleanup for the first time. This fixes #3139 (all.sh using a config.h.bak from a previous job), and makes all.sh more robust against accidentally using a modified config.h midway through because a component messed with the backup. Use a different extension (*.all.bak rather than *.bak) for the backups. This is necessary to ensure that auxiliary scripts such as depends*.pl that make their own backup don't remove all.sh's backup, which the code from this commit does not support. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-30 20:11:39 +02:00
final_cleanup
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
final_report
}
################################################################
#### Run all the things
################################################################
Add --error-test option to test error detection and reporting Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 21:09:21 +01:00
# Function invoked by --error-test to test error reporting.
pseudo_component_error_test () {
Improve --error-test reporting Count invocations from 1 to n instead of n to 1. Explain how changing the loop variable would cause an error if the function was not executed in a subshell. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 23:28:00 +02:00
msg "Testing error reporting $error_test_i"
Add --error-test option to test error detection and reporting Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 21:09:21 +01:00
if [ $KEEP_GOING -ne 0 ]; then
echo "Expect three failing commands."
fi
Improve --error-test reporting Count invocations from 1 to n instead of n to 1. Explain how changing the loop variable would cause an error if the function was not executed in a subshell. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 23:28:00 +02:00
# If the component doesn't run in a subshell, changing error_test_i to an
# invalid integer will cause an error in the loop that runs this function.
error_test_i=this_should_not_be_used_since_the_component_runs_in_a_subshell
Clarify some comments Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 23:14:03 +02:00
# Expected error: 'grep non_existent /dev/null -> 1'
Add --error-test option to test error detection and reporting Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 21:09:21 +01:00
grep non_existent /dev/null
Clarify some comments Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 23:14:03 +02:00
# Expected error: '! grep -q . tests/scripts/all.sh -> 1'
Add --error-test option to test error detection and reporting Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 21:09:21 +01:00
not grep -q . "$0"
Clarify some comments Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 23:14:03 +02:00
# Expected error: 'make unknown_target -> 2'
Add --error-test option to test error detection and reporting Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 21:09:21 +01:00
make unknown_target
false "this should not be executed"
}
Move cleanup into the common wrapper function Call cleanup from run_component instead of calling it from each individual component function. Clean up after each component rather than before. With the new structure it makes more sense for each component to leave the place clean. Run cleanup once at the beginning to start from a clean slate.
2018-11-27 16:06:30 +01:00
# Run one component and clean up afterwards.
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
run_component () {
Add the current component name to msg output and the final report
2018-12-04 12:49:28 +01:00
current_component="$1"
Set meaningful test configuration names when running tests Set MBEDTLS_TEST_PLATFORM and MBEDTLS_TEST_CONFIGURATION to meaningful values in all.sh. These environment variables are used when writing an outcome file, which happens if MBEDTLS_TEST_OUTCOME_FILE is also set. When running one of the try-multiple-configuration scripts, set MBEDTLS_TEST_CONFIGURATION to a value that uniquely describes the configuration.
2019-09-16 15:20:36 +02:00
export MBEDTLS_TEST_CONFIGURATION="$current_component"
all.sh: support variable seedfile size The size of the seedfile used by the entropy module when MBEDTLS_ENTROPY_NV_SEED is enabled is 32 byte when MBEDTLS_ENTROPY_FORCE_SHA256 is enabled or MBEDTLS_SHA512_C is disabled, and 64 bytes otherwise. A larger seedfile is ok on entry (the code just grabs the first N bytes), but a smaller seedfile is not ok. Therefore, if you run a component with a 32-byte seedfile and then a component with a 64-byte seedfile, the second component fails in the unit tests (up to test_suite_entropy which erases the seedfile and creates a fresh one). This is ok up to now because we only enable MBEDTLS_ENTROPY_NV_SEED together with MBEDTLS_ENTROPY_FORCE_SHA256. But it prevents enabling MBEDTLS_ENTROPY_NV_SEED without MBEDTLS_ENTROPY_FORCE_SHA256. To fix this, unconditionally create a seedfile before each component.
2019-10-07 18:44:21 +02:00
# Unconditionally create a seedfile that's sufficiently long.
# Do this before each component, because a previous component may
# have messed it up or shortened it.
Remove barely-used redirect functions redirect_out was no longer used and redirect_err was only used to quiet dd. Change the dd invocation to only print diagnostics on error (on platforms where this is possible). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 19:03:50 +02:00
local dd_cmd
dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1)
case $OSTYPE in
Fix running of all.sh on macOS Was getting 'dd: unknown operand status' Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-16 15:11:07 +01:00
linux*|freebsd*|openbsd*) dd_cmd+=(status=none)
Remove barely-used redirect functions redirect_out was no longer used and redirect_err was only used to quiet dd. Change the dd invocation to only print diagnostics on error (on platforms where this is possible). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 19:03:50 +02:00
esac
"${dd_cmd[@]}"
all.sh: support variable seedfile size The size of the seedfile used by the entropy module when MBEDTLS_ENTROPY_NV_SEED is enabled is 32 byte when MBEDTLS_ENTROPY_FORCE_SHA256 is enabled or MBEDTLS_SHA512_C is disabled, and 64 bytes otherwise. A larger seedfile is ok on entry (the code just grabs the first N bytes), but a smaller seedfile is not ok. Therefore, if you run a component with a 32-byte seedfile and then a component with a 64-byte seedfile, the second component fails in the unit tests (up to test_suite_entropy which erases the seedfile and creates a fresh one). This is ok up to now because we only enable MBEDTLS_ENTROPY_NV_SEED together with MBEDTLS_ENTROPY_FORCE_SHA256. But it prevents enabling MBEDTLS_ENTROPY_NV_SEED without MBEDTLS_ENTROPY_FORCE_SHA256. To fix this, unconditionally create a seedfile before each component.
2019-10-07 18:44:21 +02:00
Clarify some comments Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 23:14:03 +02:00
# Run the component in a subshell, with error trapping and output
# redirection set up based on the relevant options.
Run each component in a subshell and handle errors more robustly This commit completely rewrites keep-going mode. Instead of relying solely on "set -e", which has some subtle limitations (such as being off anywhere inside a conditional), use an ERR trap to record errors. Run each component in a subshell. This way a component can set environment variables, change the current directory, etc., without affecting other components. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:50:43 +01:00
if [ $KEEP_GOING -eq 1 ]; then
Clarify some comments Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 23:14:03 +02:00
# We want to keep running if the subshell fails, so 'set -e' must
# be off when the subshell runs.
Run each component in a subshell and handle errors more robustly This commit completely rewrites keep-going mode. Instead of relying solely on "set -e", which has some subtle limitations (such as being off anywhere inside a conditional), use an ERR trap to record errors. Run each component in a subshell. This way a component can set environment variables, change the current directory, etc., without affecting other components. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 18:50:43 +01:00
set +e
fi
(
if [ $QUIET -eq 1 ]; then
# msg() will be silenced, so just print the component name here.
echo "${current_component#component_}"
exec >/dev/null
fi
if [ $KEEP_GOING -eq 1 ]; then
# Keep "set -e" off, and run an ERR trap instead to record failures.
set -E
trap err_trap ERR
fi
# The next line is what runs the component
"$@"
if [ $KEEP_GOING -eq 1 ]; then
trap - ERR
exit $last_failure_status
fi
)
component_status=$?
if [ $KEEP_GOING -eq 1 ]; then
set -e
if [ $component_status -ne 0 ]; then
failure_count=$((failure_count + 1))
fi
Add a --quiet option to all.sh The primary purpose is to use it to run all.sh -k -q in the pre-push hook, but this can be useful in any circumstance where you're not interested in the full output from each component and just want a short summary of which components were run (and if any failed). Note that only stdout from components is suppressed, stderr is preserved so that errors are reported. This means components should avoid printing to stderr in normal usage (ie in the absence of errors). Currently all the `check_*` components obey this convention except: - check_generate_test_code: unittest prints progress to stderr - check_test_cases: lots of non-fatal warnings printed to stderr These components will be fixed in follow-up commits. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 11:28:07 +02:00
fi
all.sh: support variable seedfile size The size of the seedfile used by the entropy module when MBEDTLS_ENTROPY_NV_SEED is enabled is 32 byte when MBEDTLS_ENTROPY_FORCE_SHA256 is enabled or MBEDTLS_SHA512_C is disabled, and 64 bytes otherwise. A larger seedfile is ok on entry (the code just grabs the first N bytes), but a smaller seedfile is not ok. Therefore, if you run a component with a 32-byte seedfile and then a component with a 64-byte seedfile, the second component fails in the unit tests (up to test_suite_entropy which erases the seedfile and creates a fresh one). This is ok up to now because we only enable MBEDTLS_ENTROPY_NV_SEED together with MBEDTLS_ENTROPY_FORCE_SHA256. But it prevents enabling MBEDTLS_ENTROPY_NV_SEED without MBEDTLS_ENTROPY_FORCE_SHA256. To fix this, unconditionally create a seedfile before each component.
2019-10-07 18:44:21 +02:00
# Restore the build tree to a clean state.
Move cleanup into the common wrapper function Call cleanup from run_component instead of calling it from each individual component function. Clean up after each component rather than before. With the new structure it makes more sense for each component to leave the place clean. Run cleanup once at the beginning to start from a clean slate.
2018-11-27 16:06:30 +01:00
cleanup
all.sh: clean up some uses of "local" variables While pure sh doesn't have a concept of local variables, we can partially emulate them by unsetting variables before we exit the function, and use the convention of giving them lowercase names to distinguish from global variables. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 10:59:41 +02:00
unset current_component
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
}
# Preliminary setup
pre_check_environment
pre_initialize_variables
pre_parse_command_line "$@"
New option --list-components Add an option to list the available components. This is not useful yet, but a subsequent commit will add the ability to run specific components.
2018-11-27 17:04:29 +01:00
all.sh: list components automatically Extract the list of available components by looking for definitions of functions called component_xxx. The previous code explicitly listed all components in run_all_components, which opened the risk of forgetting to list a component there. Add a conditional execution facility: if a function support_xxx exists and returns false then component_xxx is not executed (except when the command line lists an explicit set of components to execute).
2019-01-06 21:50:38 +01:00
pre_check_git
Don't unconditionally restore **/Makefile all.sh restores **/Makefile from git in case the version in the worktree was from doing a cmake in-tree build. Instead of doing this unconditionally, do it only if the toplevel Makefile seems to have been automatically generated (by cmake or otherwise, e.g. by mbedtls-prepare-build). This way all.sh no longer silently wipes changes made to Makefile but not committed yet. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-12 18:16:01 +02:00
pre_restore_files
Don't restore *config.h before backing it up Back up the config files at the beginning of all.sh, rather than before each component. In particular, create the backup before running cleanup for the first time. This fixes #3139 (all.sh using a config.h.bak from a previous job), and makes all.sh more robust against accidentally using a modified config.h midway through because a component messed with the backup. Use a different extension (*.all.bak rather than *.bak) for the backups. This is necessary to ensure that auxiliary scripts such as depends*.pl that make their own backup don't remove all.sh's backup, which the code from this commit does not support. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-30 20:11:39 +02:00
pre_back_up
all.sh: add a seedfile generation step When using PSA with MBEDTLS_ENTROPY_NV_SEED, some test suites require the seed file for PSA initialization, which was normally generated later, when entropy tests were run. This change creates an initial seedfile in all.sh.
2019-02-14 13:18:59 +01:00
all.sh: list components automatically Extract the list of available components by looking for definitions of functions called component_xxx. The previous code explicitly listed all components in run_all_components, which opened the risk of forgetting to list a component there. Add a conditional execution facility: if a function support_xxx exists and returns false then component_xxx is not executed (except when the command line lists an explicit set of components to execute).
2019-01-06 21:50:38 +01:00
build_status=0
if [ $KEEP_GOING -eq 1 ]; then
pre_setup_keep_going
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
fi
all.sh --outcome-file creates an outcome file By default, remove the outcome file before starting. With --append-outcome, append to the existing outcome file if there is one.
2019-09-16 15:55:46 +02:00
pre_prepare_outcome_file
all.sh: list components automatically Extract the list of available components by looking for definitions of functions called component_xxx. The previous code explicitly listed all components in run_all_components, which opened the risk of forgetting to list a component there. Add a conditional execution facility: if a function support_xxx exists and returns false then component_xxx is not executed (except when the command line lists an explicit set of components to execute).
2019-01-06 21:50:38 +01:00
pre_print_configuration
pre_check_tools
all.sh: one test script to run them all
2014-03-19 18:29:01 +01:00
cleanup
Generate source files before running any components Now that generated source files are no longer checked in version control, they must be generated before running any tests. Do not check the generated files for freshness: it's no longer relevant. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-22 01:10:12 +02:00
pre_generate_files
all.sh: one test script to run them all
2014-03-19 18:29:01 +01:00
all.sh: Always build the list of components to run Build the list of components to run in $RUN_COMPONENTS as part of command line parsing. After parsing the command line, it no longer matters how this list was built.
2019-01-06 23:11:25 +01:00
# Run the requested tests.
Improve --error-test reporting Count invocations from 1 to n instead of n to 1. Explain how changing the loop variable would cause an error if the function was not executed in a subshell. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 23:28:00 +02:00
for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do
Add --error-test option to test error detection and reporting Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-28 21:09:21 +01:00
run_component pseudo_component_error_test
done
Improve --error-test reporting Count invocations from 1 to n instead of n to 1. Explain how changing the loop variable would cause an error if the function was not executed in a subshell. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 23:28:00 +02:00
unset error_test_i
all.sh: Always build the list of components to run Build the list of components to run in $RUN_COMPONENTS as part of command line parsing. After parsing the command line, it no longer matters how this list was built.
2019-01-06 23:11:25 +01:00
for component in $RUN_COMPONENTS; do
run_component "component_$component"
done
all.sh: one test script to run them all
2014-03-19 18:29:01 +01:00
Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call.
2018-11-27 15:58:47 +01:00
# We're done.
all.sh: list components automatically Extract the list of available components by looking for definitions of functions called component_xxx. The previous code explicitly listed all components in run_all_components, which opened the risk of forgetting to list a component there. Add a conditional execution facility: if a function support_xxx exists and returns false then component_xxx is not executed (except when the command line lists an explicit set of components to execute).
2019-01-06 21:50:38 +01:00
post_report
Reference in a new issue Copy permalink