From 06af417cea6ee8bdc4f8758813b259638e52af36 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 8 Jan 2025 17:26:01 +0100 Subject: [PATCH 1/7] Disable warning from gcc -pedantic on dlsym/dlopen Signed-off-by: Gilles Peskine --- programs/test/dlopen.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index ec4ee7ea77..bb7fba88af 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -50,8 +50,15 @@ int main(void) #if defined(MBEDTLS_SSL_TLS_C) void *tls_so = dlopen(TLS_SO_FILENAME, RTLD_NOW); CHECK_DLERROR("dlopen", TLS_SO_FILENAME); +#pragma GCC diagnostic push + /* dlsym() returns an object pointer which is meant to be used as a + * function pointer. This has undefined behavior in standard C, so + * "gcc -std=c99 -pedantic" complains about it, but it is perfectly + * fine on platforms that have dlsym(). */ +#pragma GCC diagnostic ignored "-Wpedantic" const int *(*ssl_list_ciphersuites)(void) = dlsym(tls_so, "mbedtls_ssl_list_ciphersuites"); +#pragma GCC diagnostic pop CHECK_DLERROR("dlsym", "mbedtls_ssl_list_ciphersuites"); const int *ciphersuites = ssl_list_ciphersuites(); for (n = 0; ciphersuites[n] != 0; n++) {/* nothing to do, we're just counting */ @@ -85,9 +92,15 @@ int main(void) CHECK_DLERROR("dlopen", TFPSACRYPTO_SO_FILENAME); crypto_so_filename = TFPSACRYPTO_SO_FILENAME; } - +#pragma GCC diagnostic push + /* dlsym() returns an object pointer which is meant to be used as a + * function pointer. This has undefined behavior in standard C, so + * "gcc -std=c99 -pedantic" complains about it, but it is perfectly + * fine on platforms that have dlsym(). */ +#pragma GCC diagnostic ignored "-Wpedantic" const int *(*md_list)(void) = dlsym(crypto_so, "mbedtls_md_list"); +#pragma GCC diagnostic pop CHECK_DLERROR("dlsym", "mbedtls_md_list"); const int *mds = md_list(); for (n = 0; mds[n] != 0; n++) {/* nothing to do, we're just counting */ From 579475d5d3bb80a1a69a9897c75408ca28e7ac12 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 7 Dec 2024 15:08:35 +0100 Subject: [PATCH 2/7] Test with GCC 15 Non-regression for https://github.com/Mbed-TLS/mbedtls/issues/9814 Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 74543b13e9..83fcf9b130 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -73,6 +73,23 @@ support_test_gcc_latest_opt () { type "$GCC_LATEST" >/dev/null 2>/dev/null } +# Prepare for a non-regression for https://github.com/Mbed-TLS/mbedtls/issues/9814 : +# test with GCC 15 (initially, a snapshot, since GCC 15 isn't released yet +# at the time of writing). +# Eventually, $GCC_LATEST will be GCC 15 or above, and we can remove this +# separate component. +# For the time being, we don't make $GCC_LATEST be GCC 15 on the CI +# platform, because that would break branches where #9814 isn'f fixed yet. +support_test_gcc15_opt () { + test -x /usr/local/gcc-15/bin/gcc-15 +} +component_test_gcc15_opt () { + scripts/config.py full + # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, + # disable the new problematic optimization. + test_build_opt 'full config' "/usr/local/gcc-15/bin/gcc-15 -fzero-init-padding-bits=unions" -O2 +} + component_test_gcc_earliest_opt () { scripts/config.py full test_build_opt 'full config' "$GCC_EARLIEST" -O2 From 6e245040d45f563b11282095289929231394665a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 7 Dec 2024 23:32:22 +0100 Subject: [PATCH 3/7] GCC 15: Silence -Wunterminated-string-initialization This is a new warning in GCC 15 that our code base triggers in many places. Silence it for the time being. Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 83fcf9b130..5b78c83a85 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -87,7 +87,9 @@ component_test_gcc15_opt () { scripts/config.py full # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, # disable the new problematic optimization. - test_build_opt 'full config' "/usr/local/gcc-15/bin/gcc-15 -fzero-init-padding-bits=unions" -O2 + # Also disable a warning that we don't yet comply to. + make CC="/usr/local/gcc-15/bin/gcc-15" CFLAGS="-O2 -Wall -Wextra -Werror -fzero-init-padding-bits=unions -Wno-error=unterminated-string-initialization" + make test } component_test_gcc_earliest_opt () { From 27f0713988e62187202615cb315c4b0d30dcc812 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Feb 2025 20:01:52 +0100 Subject: [PATCH 4/7] Enable drivers when testing with GCC 15 The goal of testing with GCC 15 is to validate fixes for https://github.com/Mbed-TLS/mbedtls/issues/9814 . The bug is present in multiple places, and some of them affect third-party drivers but not our built-in implementation. (The bug is that driver contexts might not be zero-initialized, but some of our built-in implementations happen not to care about this.) Thus, enable the test drivers in the test component that uses GCC 15, to gain the extra checks performed in the driver wrappers. Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 5b78c83a85..0110d704dd 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -80,15 +80,23 @@ support_test_gcc_latest_opt () { # separate component. # For the time being, we don't make $GCC_LATEST be GCC 15 on the CI # platform, because that would break branches where #9814 isn'f fixed yet. -support_test_gcc15_opt () { +support_test_gcc15_drivers_opt () { test -x /usr/local/gcc-15/bin/gcc-15 } -component_test_gcc15_opt () { +component_test_gcc15_drivers_opt () { + msg "build: GCC 15: full + test drivers dispatching to builtins" scripts/config.py full + loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" + loc_cflags="${loc_cflags} -I../framework/tests/include -O2" # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, # disable the new problematic optimization. + loc_cflags="${loc_cflags} -fzero-init-padding-bits=unions" # Also disable a warning that we don't yet comply to. - make CC="/usr/local/gcc-15/bin/gcc-15" CFLAGS="-O2 -Wall -Wextra -Werror -fzero-init-padding-bits=unions -Wno-error=unterminated-string-initialization" + loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization" + + make CC=/usr/local/gcc-15/bin/gcc-15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + + msg "test: GCC 15: full + test drivers dispatching to builtins" make test } From d69bfb9044189c7fe3608dc80b293f68ba867a42 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Feb 2025 20:26:21 +0100 Subject: [PATCH 5/7] Allow gcc-15 to be in $PATH Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 0110d704dd..e0dfe49e0d 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -81,7 +81,13 @@ support_test_gcc_latest_opt () { # For the time being, we don't make $GCC_LATEST be GCC 15 on the CI # platform, because that would break branches where #9814 isn'f fixed yet. support_test_gcc15_drivers_opt () { - test -x /usr/local/gcc-15/bin/gcc-15 + if type gcc-15 >/dev/null 2>/dev/null; then + GCC_15=gcc-15 + elif [ -x /usr/local/gcc-15/bin/gcc-15 ]; then + GCC_15=/usr/local/gcc-15/bin/gcc-15 + else + return 1 + fi } component_test_gcc15_drivers_opt () { msg "build: GCC 15: full + test drivers dispatching to builtins" @@ -94,7 +100,7 @@ component_test_gcc15_drivers_opt () { # Also disable a warning that we don't yet comply to. loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization" - make CC=/usr/local/gcc-15/bin/gcc-15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + make CC=$GCC_15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" msg "test: GCC 15: full + test drivers dispatching to builtins" make test From d0e799ad8bfd865f43c0d4178fd6b762c853594a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 30 Apr 2025 16:57:07 +0200 Subject: [PATCH 6/7] Improve comments Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index e0dfe49e0d..52ba8bf732 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -74,12 +74,11 @@ support_test_gcc_latest_opt () { } # Prepare for a non-regression for https://github.com/Mbed-TLS/mbedtls/issues/9814 : -# test with GCC 15 (initially, a snapshot, since GCC 15 isn't released yet -# at the time of writing). +# test with GCC 15. # Eventually, $GCC_LATEST will be GCC 15 or above, and we can remove this # separate component. # For the time being, we don't make $GCC_LATEST be GCC 15 on the CI -# platform, because that would break branches where #9814 isn'f fixed yet. +# platform, because that would break branches where #9814 isn't fixed yet. support_test_gcc15_drivers_opt () { if type gcc-15 >/dev/null 2>/dev/null; then GCC_15=gcc-15 @@ -97,7 +96,8 @@ component_test_gcc15_drivers_opt () { # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, # disable the new problematic optimization. loc_cflags="${loc_cflags} -fzero-init-padding-bits=unions" - # Also disable a warning that we don't yet comply to. + # Also allow a warning that we don't yet comply to. + # https://github.com/Mbed-TLS/mbedtls/issues/9944 loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization" make CC=$GCC_15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" From dcff079ea43dde755eff64e61168399b2c762fdc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 29 Apr 2025 22:17:26 +0200 Subject: [PATCH 7/7] Update submodules Signed-off-by: Gilles Peskine --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 5ab6c9c8d6..dc6c60204b 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 5ab6c9c8d6fae90fa46f51fbc7d5d1327a041388 +Subproject commit dc6c60204bbf841f0b118840813e561a399e4d73