mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-08-08 17:42:09 +03:00
Merge branch 'development' into 'development-restricted'
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This commit is contained in:
Minos Galanakis
@@ -1296,19 +1296,68 @@ component_build_psa_crypto_spm () {
|
||||
check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
|
||||
}
|
||||
|
||||
component_test_psa_crypto_client () {
|
||||
msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make"
|
||||
# Get a list of library-wise undefined symbols and ensure that they only
|
||||
# belong to psa_xxx() functions and not to mbedtls_yyy() ones.
|
||||
# This function is a common helper used by both:
|
||||
# - component_test_default_psa_crypto_client_without_crypto_provider
|
||||
# - component_build_full_psa_crypto_client_without_crypto_provider.
|
||||
common_check_mbedtls_missing_symbols() {
|
||||
nm library/libmbedcrypto.a | grep ' [TRrDC] ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_def.txt
|
||||
nm library/libmbedcrypto.a | grep ' U ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_undef.txt
|
||||
comm sym_def.txt sym_undef.txt -13 > linking_errors.txt
|
||||
not grep mbedtls_ linking_errors.txt
|
||||
|
||||
rm sym_def.txt sym_undef.txt linking_errors.txt
|
||||
}
|
||||
|
||||
component_test_default_psa_crypto_client_without_crypto_provider () {
|
||||
msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
|
||||
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT
|
||||
scripts/config.py unset MBEDTLS_LMS_C
|
||||
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
||||
|
||||
make
|
||||
|
||||
msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make"
|
||||
msg "check missing symbols: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
|
||||
common_check_mbedtls_missing_symbols
|
||||
|
||||
msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
|
||||
make test
|
||||
}
|
||||
|
||||
component_build_full_psa_crypto_client_without_crypto_provider () {
|
||||
msg "build: full config - PSA_CRYPTO_C"
|
||||
|
||||
# Use full config which includes USE_PSA and CRYPTO_CLIENT.
|
||||
scripts/config.py full
|
||||
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
# Dynamic secure element support is a deprecated feature and it is not
|
||||
# available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled.
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||
|
||||
# Since there is no crypto provider in this build it is not possible to
|
||||
# build all the test executables and progrems due to missing PSA functions
|
||||
# at link time. Therefore we will just build libraries and we'll check
|
||||
# that symbols of interest are there.
|
||||
make lib
|
||||
|
||||
msg "check missing symbols: full config - PSA_CRYPTO_C"
|
||||
|
||||
common_check_mbedtls_missing_symbols
|
||||
|
||||
# Ensure that desired functions are included into the build (extend the
|
||||
# following list as required).
|
||||
grep mbedtls_pk_get_psa_attributes library/libmbedcrypto.a
|
||||
grep mbedtls_pk_import_into_psa library/libmbedcrypto.a
|
||||
grep mbedtls_pk_copy_from_psa library/libmbedcrypto.a
|
||||
}
|
||||
|
||||
component_test_psa_crypto_rsa_no_genprime() {
|
||||
msg "build: default config minus MBEDTLS_GENPRIME"
|
||||
scripts/config.py unset MBEDTLS_GENPRIME
|
||||
@@ -1565,6 +1614,23 @@ component_test_sw_inet_pton () {
|
||||
make test
|
||||
}
|
||||
|
||||
component_full_no_pkparse_pkwrite() {
|
||||
msg "build: full without pkparse and pkwrite"
|
||||
|
||||
scripts/config.py crypto_full
|
||||
scripts/config.py unset MBEDTLS_PK_PARSE_C
|
||||
scripts/config.py unset MBEDTLS_PK_WRITE_C
|
||||
|
||||
make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
# Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config).
|
||||
not grep mbedtls_pk_parse_key library/pkparse.o
|
||||
not grep mbedtls_pk_write_key_der library/pkwrite.o
|
||||
|
||||
msg "test: full without pkparse and pkwrite"
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_crypto_full_md_light_only () {
|
||||
msg "build: crypto_full with only the light subset of MD"
|
||||
scripts/config.py crypto_full
|
||||
@@ -1789,6 +1855,8 @@ component_test_tls1_2_default_stream_cipher_only () {
|
||||
scripts/config.py unset MBEDTLS_GCM_C
|
||||
scripts/config.py unset MBEDTLS_CCM_C
|
||||
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
||||
#Disable TLS 1.3 (as no AEAD)
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
||||
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
||||
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
@@ -1815,6 +1883,8 @@ component_test_tls1_2_default_stream_cipher_only_use_psa () {
|
||||
scripts/config.py unset MBEDTLS_GCM_C
|
||||
scripts/config.py unset MBEDTLS_CCM_C
|
||||
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
||||
#Disable TLS 1.3 (as no AEAD)
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
||||
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
||||
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
@@ -1840,6 +1910,8 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () {
|
||||
scripts/config.py unset MBEDTLS_GCM_C
|
||||
scripts/config.py unset MBEDTLS_CCM_C
|
||||
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
||||
#Disable TLS 1.3 (as no AEAD)
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
||||
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
||||
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
@@ -1867,6 +1939,8 @@ component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () {
|
||||
scripts/config.py unset MBEDTLS_GCM_C
|
||||
scripts/config.py unset MBEDTLS_CCM_C
|
||||
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
||||
#Disable TLS 1.3 (as no AEAD)
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
||||
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
||||
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
@@ -1893,6 +1967,8 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () {
|
||||
scripts/config.py unset MBEDTLS_GCM_C
|
||||
scripts/config.py unset MBEDTLS_CCM_C
|
||||
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
||||
#Disable TLS 1.3 (as no AEAD)
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
||||
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
||||
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
@@ -1920,6 +1996,8 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () {
|
||||
scripts/config.py unset MBEDTLS_GCM_C
|
||||
scripts/config.py unset MBEDTLS_CCM_C
|
||||
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
||||
#Disable TLS 1.3 (as no AEAD)
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
||||
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
||||
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
@@ -2214,6 +2292,9 @@ component_test_tsan () {
|
||||
# Self-tests do not currently use multiple threads.
|
||||
scripts/config.py unset MBEDTLS_SELF_TEST
|
||||
|
||||
# The deprecated MBEDTLS_PSA_CRYPTO_SE_C interface is not thread safe.
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||
|
||||
CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan .
|
||||
make
|
||||
|
||||
@@ -2552,7 +2633,6 @@ component_test_psa_crypto_config_accel_ecdsa () {
|
||||
|
||||
# Start from default config (no USE_PSA) + TLS 1.3
|
||||
helper_libtestdriver1_adjust_config "default"
|
||||
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
|
||||
|
||||
# Disable the module that's accelerated
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
@@ -2593,7 +2673,7 @@ component_test_psa_crypto_config_accel_ecdh () {
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# Start from default config (no TLS 1.3, no USE_PSA)
|
||||
# Start from default config (no USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "default"
|
||||
|
||||
# Disable the module that's accelerated
|
||||
@@ -3586,7 +3666,7 @@ component_test_psa_crypto_config_accel_hash () {
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# Start from default config (no TLS 1.3, no USE_PSA)
|
||||
# Start from default config (no USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "default"
|
||||
|
||||
# Disable the things that are being accelerated
|
||||
@@ -3630,7 +3710,7 @@ component_test_psa_crypto_config_accel_hash_keep_builtins () {
|
||||
ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
|
||||
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
|
||||
|
||||
# Start from default config (no TLS 1.3, no USE_PSA)
|
||||
# Start from default config (no USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "default"
|
||||
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
||||
@@ -4125,7 +4205,6 @@ component_build_psa_accel_alg_hkdf() {
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
|
||||
scripts/config.py full
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py unset MBEDTLS_HKDF_C
|
||||
# Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it.
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
@@ -4588,6 +4667,7 @@ component_test_no_max_fragment_length () {
|
||||
component_test_asan_remove_peer_certificate () {
|
||||
msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)"
|
||||
scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
@@ -5803,8 +5883,24 @@ support_build_armcc () {
|
||||
(check_tools "$armc5_cc" "$armc6_cc" > /dev/null 2>&1)
|
||||
}
|
||||
|
||||
component_test_tls12_only () {
|
||||
msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_3, cmake, gcc, ASan"
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: main suites (inc. selftests) (ASan build)"
|
||||
make test
|
||||
|
||||
msg "test: ssl-opt.sh (ASan build)"
|
||||
tests/ssl-opt.sh
|
||||
|
||||
msg "test: compat.sh (ASan build)"
|
||||
tests/compat.sh
|
||||
}
|
||||
|
||||
component_test_tls13_only () {
|
||||
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2"
|
||||
msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_2"
|
||||
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
||||
scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT
|
||||
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
||||
@@ -5941,29 +6037,25 @@ component_test_tls13_only_ephemeral_all () {
|
||||
tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
component_test_tls13 () {
|
||||
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
|
||||
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
component_test_tls13_no_padding () {
|
||||
msg "build: default config plus early data minus padding"
|
||||
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
|
||||
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
||||
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
|
||||
msg "test: default config plus early data minus padding"
|
||||
make test
|
||||
msg "ssl-opt.sh (TLS 1.3)"
|
||||
msg "ssl-opt.sh (TLS 1.3 no padding)"
|
||||
tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
component_test_tls13_no_compatibility_mode () {
|
||||
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
|
||||
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
|
||||
msg "build: default config plus early data minus middlebox compatibility mode"
|
||||
scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
|
||||
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
||||
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
|
||||
msg "test: default config plus early data minus middlebox compatibility mode"
|
||||
make test
|
||||
msg "ssl-opt.sh (TLS 1.3 no compatibility mode)"
|
||||
tests/ssl-opt.sh
|
||||
|
||||
Reference in New Issue
Block a user