Merge branch 'development-psa-proposed' into development

Resolve conflicts by performing the following. - Take the upstream Mbed TLS ChangeLog verbatim. - Reject changes to Makefiles and CMake that are related to using Mbed Crypto as a submodule. It doesn't make sense to use Mbed Crypto as a submodule of itself. - Reject README changes, as Mbed Crypto has its own, different README. - Reject PSA-related changes to config.h. We don't want to disable the availability of the PSA Crypto API by default in the Mbed Crypto config.h. - Don't inadvertently revert dead code removal in mbedtls_cipher_write_tag() which was added in f2a7529403 ("Fix double return statement in cipher.c") - Where Mbed Crypto already had some MBEDTLS_USE_PSA_CRYPTO code (from past companion PRs) take the latest version from Mbed TLS which includes integration with MBEDTLS_CHECK_PARAMS. - Update the version of the shared library files to match what's currently present in Mbed TLS. - Reject removal of testing with PSA from config full tests. - Resolve conflicts in test tests/suites/helpers.function, where both Mbed Crypto and Mbed TLS both added documentation for TEST_ASSERT. Combine text from both documentation efforts. - Reject adding a submodule of ourselves. - Reject addition of submodule tests in all.sh. - Reject addition of submodule to library path in tests/scripts/run-test-suites.pl. - Avoid using USE_CRYPTO_SUBMODULE=1 in component_test_use_psa_crypto_full_cmake_asan() in all.sh.
2025-08-08 17:42:09 +03:00 · 2019-02-11 12:05:54 +00:00
parent 1fb011f2a6 eb5087126f
commit 67ea2c5e6d
203 changed files with 10220 additions and 2430 deletions
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -120,7 +120,7 @@ pre_initialize_variables () {
    FORCE=0
    KEEP_GOING=0

-    # Default commands, can be overriden by the environment
+    # Default commands, can be overridden by the environment
    : ${OPENSSL:="openssl"}
    : ${OPENSSL_LEGACY:="$OPENSSL"}
    : ${OPENSSL_NEXT:="$OPENSSL"}
@@ -227,7 +227,7 @@ cleanup()
    command make clean

    # Remove CMake artefacts
-    find . -name .git -prune \
+    find . -name .git -prune -o \
           -iname CMakeFiles -exec rm -rf {} \+ -o \
           \( -iname cmake_install.cmake -o \
              -iname CTestTestfile.cmake -o \
@@ -393,6 +393,12 @@ pre_check_git () {
    fi
 }

+pre_check_seedfile () {
+    if [ ! -f "./tests/seedfile" ]; then
+        dd if=/dev/urandom of=./tests/seedfile bs=32 count=1
+    fi
+}
+
 pre_setup_keep_going () {
    failure_summary=
    failure_count=0
@@ -774,6 +780,59 @@ component_build_default_make_gcc_and_cxx () {
    make TEST_CPP=1
 }

+component_test_use_psa_crypto_full_cmake_asan() {
+    # MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
+    msg "build: cmake, full config + MBEDTLS_USE_PSA_CRYPTO, ASan"
+    scripts/config.pl full
+    scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+    scripts/config.pl set MBEDTLS_PSA_CRYPTO_C
+    scripts/config.pl set MBEDTLS_USE_PSA_CRYPTO
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    make
+
+    msg "test: main suites (MBEDTLS_USE_PSA_CRYPTO)"
+    make test
+
+    msg "test: ssl-opt.sh (MBEDTLS_USE_PSA_CRYPTO)"
+    if_build_succeeded tests/ssl-opt.sh
+
+    msg "test: compat.sh default (MBEDTLS_USE_PSA_CRYPTO)"
+    if_build_succeeded tests/compat.sh
+
+    msg "test: compat.sh ssl3 (MBEDTLS_USE_PSA_CRYPTO)"
+    if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
+
+    msg "test: compat.sh RC4, DES & NULL (MBEDTLS_USE_PSA_CRYPTO)"
+    if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
+
+    msg "test: compat.sh ARIA + ChachaPoly (MBEDTLS_USE_PSA_CRYPTO)"
+    if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
+}
+
+component_test_check_params_without_platform () {
+    msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C"
+    scripts/config.pl full # includes CHECK_PARAMS
+    scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+    scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
+    scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
+    scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
+    scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
+    scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY
+    scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT
+    scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
+    scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
+    scripts/config.pl unset MBEDTLS_PLATFORM_C
+    make CC=gcc CFLAGS='-Werror -O1' all test
+}
+
+component_test_check_params_silent () {
+    msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()"
+    scripts/config.pl full # includes CHECK_PARAMS
+    scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+    sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H"
+    make CC=gcc CFLAGS='-Werror -O1' all test
+}
+
 component_test_no_platform () {
    # Full configuration build, without platform support, file IO and net sockets.
    # This should catch missing mbedtls_printf definitions, and by disabling file
@@ -1271,6 +1330,8 @@ pre_initialize_variables
 pre_parse_command_line "$@"

 pre_check_git
+pre_check_seedfile
+
 build_status=0
 if [ $KEEP_GOING -eq 1 ]; then
    pre_setup_keep_going