lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-05-08 18:21:33 +03:00
Code

Merge remote-tracking branch 'origin/pr/2325' into development

Browse Source
This commit is contained in:
Jaeden Amero 2019-01-30 15:35:44 +00:00
commit c4cc2511d0
1 changed files with 846 additions and 652 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

458
tests/scripts/all.sh
View File

@ -55,6 +55,16 @@
# Notes for maintainers
# ---------------------
#
# The bulk of the code is organized into functions that follow one of the
# following naming conventions:
# * pre_XXX: things to do before running the tests, in order.
# * component_XXX: independent components. They can be run in any order.
# * component_check_XXX: quick tests that aren't worth parallelizing
# * component_build_XXX: build things but don't run them
# * component_test_XXX: build and test
# * post_XXX: things to do after running the tests.
# * other: miscellaneous support functions.
#
# The tests are roughly in order from fastest to slowest. This doesn't
# have to be exact, but in general you should add slower tests towards
# the end and fast checks near the beginning.
@ -80,6 +90,7 @@
# Abort on errors (and uninitialised variables)
set -eu
pre_check_environment () {
if [ "$( uname )" != "Linux" ]; then
echo "This script only works in Linux" >&2
exit 1
@ -87,12 +98,17 @@ elif [ -d library -a -d include -a -d tests ]; then :; else
echo "Must be run from mbed TLS root" >&2
exit 1
fi
}
pre_initialize_variables () {
CONFIG_H='include/mbedtls/config.h'
CONFIG_BAK="$CONFIG_H.bak"
COMPONENTS=
ALL_EXCEPT=0
MEMORY=0
FORCE=0
INTROSPECTION_MODE=
KEEP_GOING=0
RUN_ARMCC=1
@ -112,18 +128,42 @@ RUN_ARMCC=1
if [ -n "${MAKEFLAGS+set}" ]; then
export MAKEFLAGS="-j"
fi
}
# Test whether $1 is excluded via $COMPONENTS (a space-separated list of
# wildcard patterns).
component_is_excluded()
{
set -f
for pattern in $COMPONENTS; do
set +f
case ${1#component_} in $pattern) return 0;; esac
done
set +f
return 1
}
usage()
{
cat <<EOF
Usage: $0 [OPTION]...
-h|--help Print this help.
Usage: $0 [OPTION]... [COMPONENT]...
Run mbedtls release validation tests.
By default, run all tests. With one or more COMPONENT, run only those.
Special options:
-h|--help Print this help and exit.
--list-components List available test components and exit.
General options:
-f|--force Force the tests to overwrite any modified files.
-k|--keep-going Run all tests and report errors at the end.
-m|--memory Additional optional memory tests.
--armcc Run ARM Compiler builds (on by default).
--except If some components are passed on the command line,
run all the tests except for these components. In
this mode, you can pass shell wildcard patterns as
component names, e.g. "$0 --except 'test_*'" to
exclude all components that run tests.
--no-armcc Skip ARM Compiler builds.
--no-force Refuse to overwrite modified files (default).
--no-keep-going Stop at the first error (default).
@ -189,15 +229,18 @@ trap 'fatal_signal TERM' TERM
msg()
{
if [ -n "${current_component:-}" ]; then
current_section="${current_component#component_}: $1"
else
current_section="$1"
fi
echo ""
echo "******************************************************************"
echo "* $1 "
echo "* $current_section "
printf "* "; date
echo "******************************************************************"
current_section=$1
}
if [ $RUN_ARMCC -ne 0 ]; then
armc6_build_test()
{
FLAGS="$1"
@ -207,7 +250,6 @@ if [ $RUN_ARMCC -ne 0 ]; then
WARNING_CFLAGS='-xc -std=c99' make lib
make clean
}
fi
err_msg()
{
@ -232,11 +274,13 @@ check_headers_in_cpp () {
rm headers.txt
}
pre_parse_command_line () {
while [ $# -gt 0 ]; do
case "$1" in
--armcc) RUN_ARMCC=1;;
--armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
--except) ALL_EXCEPT=1;;
--force|-f) FORCE=1;;
--gnutls-cli) shift; GNUTLS_CLI="$1";;
--gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";;
@ -244,6 +288,7 @@ while [ $# -gt 0 ]; do
--gnutls-serv) shift; GNUTLS_SERV="$1";;
--help|-h) usage; exit;;
--keep-going|-k) KEEP_GOING=1;;
--list-components) INTROSPECTION_MODE=list_components;;
--memory|-m) MEMORY=1;;
--no-armcc) RUN_ARMCC=0;;
--no-force) FORCE=0;;
@ -256,15 +301,19 @@ while [ $# -gt 0 ]; do
--random-seed) unset SEED;;
--release-test|-r) SEED=1;;
--seed|-s) shift; SEED="$1";;
*)
-*)
echo >&2 "Unknown option: $1"
echo >&2 "Run $0 --help for usage."
exit 120
;;
*)
COMPONENTS="$COMPONENTS $1";;
esac
shift
done
}
pre_check_git () {
if [ $FORCE -eq 1 ]; then
git checkout-index -f -q $CONFIG_H
cleanup
@ -284,9 +333,9 @@ else
exit 1
fi
fi
}
build_status=0
if [ $KEEP_GOING -eq 1 ]; then
pre_setup_keep_going () {
failure_summary=
failure_count=0
start_red=
@ -340,11 +389,8 @@ $text"
echo "Killed by SIG$1."
fi
}
else
record_status () {
"$@"
}
fi
if_build_succeeded () {
if [ $build_status -eq 0 ]; then
record_status "$@"
@ -357,6 +403,7 @@ not() {
! "$@"
}
pre_print_configuration () {
msg "info: $0 configuration"
echo "MEMORY: $MEMORY"
echo "FORCE: $FORCE"
@ -370,7 +417,9 @@ echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI"
echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV"
echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
}
pre_check_tools () {
ARMC5_CC="$ARMC5_BIN_DIR/armcc"
ARMC5_AR="$ARMC5_BIN_DIR/armar"
ARMC6_CC="$ARMC6_BIN_DIR/armclang"
@ -395,7 +444,7 @@ check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \
if [ $RUN_ARMCC -ne 0 ]; then
check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR"
fi
}
################################################################
@ -413,32 +462,43 @@ fi
#
# Indicative running times are given for reference.
pre_print_tools () {
msg "info: output_env.sh"
OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \
GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \
GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" ARMC5_CC="$ARMC5_CC" \
ARMC6_CC="$ARMC6_CC" RUN_ARMCC="$RUN_ARMCC" scripts/output_env.sh
}
component_check_recursion () {
msg "test: recursion.pl" # < 1s
record_status tests/scripts/recursion.pl library/*.c
}
component_check_generated_files () {
msg "test: freshness of generated source files" # < 1s
record_status tests/scripts/check-generated-files.sh
}
component_check_doxy_blocks () {
msg "test: doxygen markup outside doxygen blocks" # < 1s
record_status tests/scripts/check-doxy-blocks.pl
}
component_check_files () {
msg "test: check-files.py" # < 1s
cleanup
record_status tests/scripts/check-files.py
}
component_check_names () {
msg "test/build: declared and exported names" # < 3s
cleanup
record_status tests/scripts/check-names.sh
}
component_check_doxygen_warnings () {
msg "test: doxygen warnings" # ~ 3s
cleanup
record_status tests/scripts/doxygen.sh
}
@ -446,8 +506,8 @@ record_status tests/scripts/doxygen.sh
#### Build and test many configurations and targets
################################################################
component_test_default_cmake_gcc_asan () {
msg "build: cmake, gcc, ASan" # ~ 1 min 50s
cleanup
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@ -457,18 +517,18 @@ make test
msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
if_build_succeeded tests/ssl-opt.sh
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
record_status tests/scripts/test-ref-configs.pl
msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min
make
msg "test: compat.sh (ASan build)" # ~ 6 min
if_build_succeeded tests/compat.sh
}
component_test_ref_configs () {
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
record_status tests/scripts/test-ref-configs.pl
}
component_test_sslv3 () {
msg "build: Default + SSLv3 (ASan build)" # ~ 6 min
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@ -482,10 +542,10 @@ if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
if_build_succeeded tests/ssl-opt.sh
}
component_test_no_renegotiation () {
msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@ -495,10 +555,10 @@ make test
msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
if_build_succeeded tests/ssl-opt.sh
}
component_test_rsa_no_crt () {
msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl set MBEDTLS_RSA_NO_CRT
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@ -511,10 +571,10 @@ if_build_succeeded tests/ssl-opt.sh -f RSA
msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
if_build_succeeded tests/compat.sh -t RSA
}
component_test_small_ssl_out_content_len () {
msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
@ -522,10 +582,10 @@ make
msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet"
}
component_test_small_ssl_in_content_len () {
msg "build: small SSL_IN_CONTENT_LEN (ASan build)"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096
scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
@ -533,30 +593,30 @@ make
msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
if_build_succeeded tests/ssl-opt.sh -f "Max fragment"
}
component_test_small_ssl_dtls_max_buffering () {
msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg"
}
component_test_small_mbedtls_ssl_dtls_max_buffering () {
msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket"
}
component_test_full_cmake_clang () {
msg "build: cmake, full config, clang" # ~ 50s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On .
@ -573,10 +633,10 @@ if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_
msg "test: compat.sh ARIA + ChachaPoly"
if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
}
component_build_deprecated () {
msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl set MBEDTLS_DEPRECATED_WARNING
# Build with -O -Wextra to catch a maximum of issues.
@ -591,25 +651,31 @@ scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED
# Build with -O -Wextra to catch a maximum of issues.
make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs
make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
}
component_test_depends_curves () {
msg "test/build: curves.pl (gcc)" # ~ 4 min
cleanup
record_status tests/scripts/curves.pl
}
component_test_depends_hashes () {
msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min
cleanup
record_status tests/scripts/depends-hashes.pl
}
component_test_depends_pkalgs () {
msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min
cleanup
record_status tests/scripts/depends-pkalgs.pl
}
component_build_key_exchanges () {
msg "test/build: key-exchanges (gcc)" # ~ 1 min
cleanup
record_status tests/scripts/key-exchanges.pl
}
component_build_default_make_gcc_and_cxx () {
msg "build: Unix make, -Os (gcc)" # ~ 30s
cleanup
make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
msg "test: verify header list in cpp_dummy_build.cpp"
@ -617,11 +683,10 @@ record_status check_headers_in_cpp
msg "build: Unix make, incremental g++"
make TEST_CPP=1
}
component_test_check_params_without_platform () {
msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full # includes CHECK_PARAMS
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
@ -634,22 +699,21 @@ scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_PLATFORM_C
make CC=gcc CFLAGS='-Werror -O1' all test
}
component_test_check_params_silent () {
msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full # includes CHECK_PARAMS
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H"
make CC=gcc CFLAGS='-Werror -O1' all test
}
component_test_no_platform () {
# Full configuration build, without platform support, file IO and net sockets.
# This should catch missing mbedtls_printf definitions, and by disabling file
# IO, it should catch missing '#include <stdio.h>'
msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_PLATFORM_C
scripts/config.pl unset MBEDTLS_NET_C
@ -666,54 +730,54 @@ scripts/config.pl unset MBEDTLS_FS_IO
# to re-enable platform integration features otherwise disabled in C99 builds
make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' test
}
component_build_no_std_function () {
# catch compile bugs in _uninit functions
msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
}
component_build_no_ssl_srv () {
msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_SSL_SRV_C
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
}
component_build_no_ssl_cli () {
msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_SSL_CLI_C
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
}
component_build_no_sockets () {
# Note, C99 compliance can also be tested with the sockets support disabled,
# as that requires a POSIX platform (which isn't the same as C99).
msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib
}
component_test_no_max_fragment_length () {
# Run max fragment length tests with MFL disabled
msg "build: default config except MFL extension (ASan build)" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: ssl-opt.sh, MFL-related tests"
if_build_succeeded tests/ssl-opt.sh -f "Max fragment length"
}
component_test_no_max_fragment_length_small_ssl_out_content_len () {
msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
@ -722,10 +786,10 @@ make
msg "test: MFL tests (disabled MFL extension case) & large packet tests"
if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
}
component_test_null_entropy () {
msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY
scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
scripts/config.pl set MBEDTLS_ENTROPY_C
@ -737,10 +801,10 @@ make
msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)"
make test
}
component_test_platform_calloc_macro () {
msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl set MBEDTLS_PLATFORM_MEMORY
scripts/config.pl set MBEDTLS_PLATFORM_CALLOC_MACRO calloc
scripts/config.pl set MBEDTLS_PLATFORM_FREE_MACRO free
@ -749,75 +813,72 @@ make
msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
make test
}
component_test_aes_fewer_tables () {
msg "build: default config with AES_FEWER_TABLES enabled"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl set MBEDTLS_AES_FEWER_TABLES
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
msg "test: AES_FEWER_TABLES"
make test
}
component_test_aes_rom_tables () {
msg "build: default config with AES_ROM_TABLES enabled"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl set MBEDTLS_AES_ROM_TABLES
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
msg "test: AES_ROM_TABLES"
make test
}
component_test_aes_fewer_tables_and_rom_tables () {
msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl set MBEDTLS_AES_FEWER_TABLES
scripts/config.pl set MBEDTLS_AES_ROM_TABLES
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
msg "test: AES_FEWER_TABLES + AES_ROM_TABLES"
make test
}
if uname -a | grep -F Linux >/dev/null; then
component_test_make_shared () {
msg "build/test: make shared" # ~ 40s
cleanup
make SHARED=1 all check
fi
}
if uname -a | grep -F x86_64 >/dev/null; then
component_test_m32_o0 () {
# Build once with -O0, to compile out the i386 specific inline assembly
msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address'
msg "test: i386, make, gcc -O0 (ASan build)"
make test
}
component_test_m32_o1 () {
# Build again with -O1, to compile in the i386 specific inline assembly
msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address'
msg "test: i386, make, gcc -O1 (ASan build)"
make test
}
component_test_mx32 () {
msg "build: 64-bit ILP32, make, gcc" # ~ 30s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32'
msg "test: 64-bit ILP32, make, gcc"
make test
fi # x86_64
}
component_test_have_int32 () {
msg "build: gcc, force 32-bit bignum limbs"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl unset MBEDTLS_HAVE_ASM
scripts/config.pl unset MBEDTLS_AESNI_C
scripts/config.pl unset MBEDTLS_PADLOCK_C
@ -825,10 +886,10 @@ make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32'
msg "test: gcc, force 32-bit bignum limbs"
make test
}
component_test_have_int64 () {
msg "build: gcc, force 64-bit bignum limbs"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl unset MBEDTLS_HAVE_ASM
scripts/config.pl unset MBEDTLS_AESNI_C
scripts/config.pl unset MBEDTLS_PADLOCK_C
@ -836,11 +897,10 @@ make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64'
msg "test: gcc, force 64-bit bignum limbs"
make test
}
component_test_no_udbl_division () {
msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
@ -848,11 +908,10 @@ make CFLAGS='-Werror -O1'
msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
make test
}
component_test_no_64bit_multiplication () {
msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
@ -860,11 +919,10 @@ make CFLAGS='-Werror -O1'
msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
make test
}
component_build_arm_none_eabi_gcc () {
msg "build: arm-none-eabi-gcc, make" # ~ 10s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_NET_C
scripts/config.pl unset MBEDTLS_TIMING_C
@ -878,10 +936,10 @@ scripts/config.pl unset MBEDTLS_THREADING_C
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
}
component_build_arm_none_eabi_gcc_no_udbl_division () {
msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_NET_C
scripts/config.pl unset MBEDTLS_TIMING_C
@ -898,10 +956,10 @@ scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
echo "Checking that software 64-bit division is not required"
if_build_succeeded not grep __aeabi_uldiv library/*.o
}
component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_NET_C
scripts/config.pl unset MBEDTLS_TIMING_C
@ -918,10 +976,10 @@ scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib
echo "Checking that software 64-bit multiplication is not required"
if_build_succeeded not grep __aeabi_lmul library/*.o
}
component_build_armcc () {
msg "build: ARM Compiler 5, make"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_NET_C
scripts/config.pl unset MBEDTLS_TIMING_C
@ -958,28 +1016,19 @@ if [ $RUN_ARMCC -ne 0 ]; then
# ARM Compiler 6 - Target ARMv8-A - AArch64
armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
fi
}
component_test_allow_sha1 () {
msg "build: allow SHA1 in certificates by default"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
make CFLAGS='-Werror -Wall -Wextra'
msg "test: allow SHA1 in certificates by default"
make test
if_build_succeeded tests/ssl-opt.sh -f SHA-1
}
msg "build: Default + MBEDTLS_RSA_NO_CRT (ASan build)" # ~ 6 min
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl set MBEDTLS_RSA_NO_CRT
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)"
make test
component_build_mingw () {
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
cleanup
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs
# note Make tests only builds the tests, but doesn't run them
@ -990,13 +1039,10 @@ msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests
make WINDOWS_BUILD=1 clean
}
# MemSan currently only available on Linux 64 bits
if uname -a | grep 'Linux.*x86_64' >/dev/null; then
component_test_memsan () {
msg "build: MSan (clang)" # ~ 1 min 20s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl unset MBEDTLS_AESNI_C # memsan doesn't grok asm
CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
make
@ -1013,11 +1059,10 @@ if uname -a | grep 'Linux.*x86_64' >/dev/null; then
msg "test: compat.sh (MSan)" # ~ 6 min 20s
if_build_succeeded tests/compat.sh
fi
}
else # no MemSan
component_test_memcheck () {
msg "build: Release (clang)"
cleanup
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
make
@ -1037,11 +1082,10 @@ else # no MemSan
msg "test: compat.sh --memcheck (Release)"
if_build_succeeded tests/compat.sh --memcheck
fi
}
fi # MemSan
component_test_cmake_out_of_source () {
msg "build: cmake 'out-of-source' build"
cleanup
MBEDTLS_ROOT_DIR="$PWD"
mkdir "$OUT_OF_SOURCE_DIR"
cd "$OUT_OF_SOURCE_DIR"
@ -1064,7 +1108,9 @@ fi
cd "$MBEDTLS_ROOT_DIR"
rm -rf "$OUT_OF_SOURCE_DIR"
unset MBEDTLS_ROOT_DIR
}
component_test_zeroize () {
# Test that the function mbedtls_platform_zeroize() is not optimized away by
# different combinations of compilers and optimization flags by using an
# auxiliary GDB script. Unfortunately, GDB does not return error values to the
@ -1074,26 +1120,174 @@ unset MBEDTLS_ROOT_DIR
for optimization_flag in -O2 -O3 -Ofast -Os; do
for compiler in clang gcc; do
msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
cleanup
make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag"
if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log
if_build_succeeded not grep -i "error" test_zeroize.log
rm -f test_zeroize.log
make clean
done
done
}
component_check_python_files () {
msg "Lint: Python scripts"
record_status tests/scripts/check-python-files.sh
}
component_check_generate_test_code () {
msg "uint test: generate_test_code.py"
record_status ./tests/scripts/test_generate_test_code.py
}
################################################################
#### Termination
################################################################
post_report () {
msg "Done, cleaning up"
cleanup
final_report
}
################################################################
#### Run all the things
################################################################
run_all_components () {
# Small things
run_component component_check_recursion
run_component component_check_generated_files
run_component component_check_doxy_blocks
run_component component_check_files
run_component component_check_names
run_component component_check_doxygen_warnings
# Test many different configurations
run_component component_test_default_cmake_gcc_asan
run_component component_test_ref_configs
run_component component_test_sslv3
run_component component_test_no_renegotiation
run_component component_test_rsa_no_crt
run_component component_test_small_ssl_out_content_len
run_component component_test_small_ssl_in_content_len
run_component component_test_small_ssl_dtls_max_buffering
run_component component_test_small_mbedtls_ssl_dtls_max_buffering
run_component component_test_full_cmake_clang
run_component component_build_deprecated
run_component component_test_depends_curves
run_component component_test_depends_hashes
run_component component_test_depends_pkalgs
run_component component_build_key_exchanges
run_component component_build_default_make_gcc_and_cxx
run_component component_test_check_params_without_platform
run_component component_test_check_params_silent
run_component component_test_no_platform
run_component component_build_no_std_function
run_component component_build_no_ssl_srv
run_component component_build_no_ssl_cli
run_component component_build_no_sockets
run_component component_test_no_max_fragment_length
run_component component_test_no_max_fragment_length_small_ssl_out_content_len
run_component component_test_null_entropy
run_component component_test_platform_calloc_macro
run_component component_test_aes_fewer_tables
run_component component_test_aes_rom_tables
run_component component_test_aes_fewer_tables_and_rom_tables
if uname -a | grep -F Linux >/dev/null; then
run_component component_test_make_shared
fi
if uname -a | grep -F x86_64 >/dev/null; then
run_component component_test_m32_o0
run_component component_test_m32_o1
run_component component_test_mx32
fi
run_component component_test_have_int32
run_component component_test_have_int64
run_component component_test_no_udbl_division
run_component component_test_no_64bit_multiplication
run_component component_build_arm_none_eabi_gcc
run_component component_build_arm_none_eabi_gcc_no_udbl_division
run_component component_build_arm_none_eabi_gcc_no_64bit_multiplication
run_component component_build_armcc
run_component component_test_allow_sha1
run_component component_build_mingw
# MemSan currently only available on Linux 64 bits
if uname -a | grep 'Linux.*x86_64' >/dev/null; then
run_component component_test_memsan
else # no MemSan
run_component component_test_memcheck
fi
run_component component_test_cmake_out_of_source
# More small things
run_component component_test_zeroize
run_component component_check_python_files
run_component component_check_generate_test_code
}
# Run one component and clean up afterwards.
run_component () {
if [ $ALL_EXCEPT -ne 0 ] && component_is_excluded "$1"; then
return
fi
# Back up the configuration in case the component modifies it.
# The cleanup function will restore it.
cp -p "$CONFIG_H" "$CONFIG_BAK"
current_component="$1"
"$@"
cleanup
}
# Preliminary setup
pre_check_environment
pre_initialize_variables
pre_parse_command_line "$@"
case "$INTROSPECTION_MODE" in
list_components)
components=
newline='
'
run_component () {
components="${components}${newline}${1#component_}"
}
;;
*)
pre_check_git
build_status=0
if [ $KEEP_GOING -eq 1 ]; then
pre_setup_keep_going
else
record_status () {
"$@"
}
fi
pre_print_configuration
pre_check_tools
pre_print_tools
cleanup
;;
esac
if [ -n "$COMPONENTS" ] && [ $ALL_EXCEPT -eq 0 ]; then
for component in $COMPONENTS; do
run_component "component_$component"
done
else
run_all_components
fi
# We're done.
case "$INTROSPECTION_MODE" in
list_components)
echo "$components" | sort
;;
*)
post_report
;;
esac