Address test review comments

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

library/aes.c

@@ -1824,6 +1824,13 @@ int mbedtls_aes_self_test(int verbose)
         } else
 #endif
 #if defined(MBEDTLS_AESNI_HAVE_CODE)
+#if MBEDTLS_AESNI_HAVE_CODE == 1
+            mbedtls_printf("  AES note: AESNI code present (assembly implementation).\n");
+#elif MBEDTLS_AESNI_HAVE_CODE == 2
+            mbedtls_printf("  AES note: AESNI code present (intrinsics implementation).\n");
+#else
+#error Unrecognised value for MBEDTLS_AESNI_HAVE_CODE
+#endif
         if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
             mbedtls_printf("  AES note: using AESNI.\n");
         } else

library/aesni.h

@@ -59,11 +59,6 @@
 #define MBEDTLS_AESNI_HAVE_INTRINSICS
 #endif
 
-/* Normally MBEDTLS_AESNI_HAVE_CODE is automatically set below. It may be
- * set from all.sh to ensure coverage of both asm and intrinsics, in which
- * case we do not over-ride it. */
-#if !defined(MBEDTLS_AESNI_HAVE_CODE)
-
 /* Choose the implementation of AESNI, if one is available.
  *
  * Favor the intrinsics-based implementation if it's available, for better
@@ -75,7 +70,6 @@
 #elif defined(MBEDTLS_HAVE_X86_64)
 #define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly
 #endif
-#endif /* !defined(MBEDTLS_AESNI_HAVE_CODE) */
 
 #if defined(MBEDTLS_AESNI_HAVE_CODE)
 

tests/scripts/all.sh

@@ -3508,25 +3508,40 @@ support_test_aesni () {
     gcc -v 2>&1 | grep Target | grep -q x86_64
 }
 
-component_test_aesni () { # ~ 40s
+component_test_aesni () { # ~ 60s
+    # This tests the two AESNI implementations (intrinsics and assembly), and also the plain C
+    # fallback. It also tests the logic that is used to select which implementation(s) to build.
+    #
+    # This test does not require the host to have support for AESNI (if it doesn't, the run-time
+    # AESNI detection will fallback to the plain C implementation, so the tests will instead
+    # exercise the plain C impl).
+
     msg "build: default config with different AES implementations"
     scripts/config.py set MBEDTLS_AESNI_C
     scripts/config.py set MBEDTLS_HAVE_ASM
 
-    # test asm
-    msg "AES tests, MBEDTLS_AESNI_HAVE_CODE=1 (asm)"
-    make test CC=gcc CFLAGS='-O2 -Werror -DMBEDTLS_AESNI_HAVE_CODE=1'
-
-    # test intrinsics
-    msg "AES tests, MBEDTLS_AESNI_HAVE_CODE=2 (intrinsics)"
+    # test the intrinsics implementation
+    msg "AES tests, test intrinsics"
     make clean
-    make test CC=gcc CFLAGS='-O2 -Werror -mpclmul -msse2 -maes -DMBEDTLS_AESNI_HAVE_CODE=2'
+    make test programs/test/selftest CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes'
+    # check that we built intrinsics - this should be used by default when supported by the compiler
+    ./programs/test/selftest | grep "AESNI code" | grep -q "intrinsics" || false "intrinsics not built when supported"
 
-    # test plain C
+    # test the asm implementation
+    msg "AES tests, test assembly"
+    make clean
+    make test programs/test/selftest CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes'
+    # check that we built assembly - this should be built if the compiler does not support intrinsics
+    ./programs/test/selftest | grep "AESNI code" | grep -q "assembly" || false "assembly not built when intrinsics not supported"
+
+    # test the plain C implementation
     scripts/config.py unset MBEDTLS_AESNI_C
     msg "AES tests, plain C"
     make clean
-    make test CC=gcc CFLAGS='-O2 -Werror'
+    make test programs/test/selftest CC=gcc CFLAGS='-O2 -Werror'
+    # check that there is no AESNI code present
+    ./programs/test/selftest | grep -q "AESNI code" && false "AESNI code built when MBEDTLS_AESNI_C unset"
+
 }
 
 component_test_aes_only_128_bit_keys () {