Merge remote-tracking branch 'upstream/mbedtls-3.6' into pre-3.6.3-upstream-merge

tests/scripts/check-generated-files.sh

@@ -135,6 +135,7 @@ if in_mbedtls_repo; then
     check scripts/generate_query_config.pl programs/test/query_config.c
     check scripts/generate_features.pl library/version_features.c
     check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
+    check framework/scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh
     check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh
     check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h
     # generate_visualc_files enumerates source files (library/*.c). It doesn't

tests/scripts/components-build-system.sh

@@ -13,7 +13,7 @@ component_test_make_shared () {
     msg "build/test: make shared" # ~ 40s
     make SHARED=1 TEST_CPP=1 all check
     ldd programs/util/strerror | grep libmbedcrypto
-    programs/test/dlopen_demo.sh
+    $FRAMEWORK/tests/programs/dlopen_demo.sh
 }
 
 component_test_cmake_shared () {
@@ -22,7 +22,7 @@ component_test_cmake_shared () {
     make
     ldd programs/util/strerror | grep libmbedcrypto
     make test
-    programs/test/dlopen_demo.sh
+    $FRAMEWORK/tests/programs/dlopen_demo.sh
 }
 
 support_test_cmake_out_of_source () {

tests/scripts/components-compiler.sh

@@ -135,7 +135,7 @@ component_test_zeroize () {
         for compiler in clang gcc; do
             msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
             make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag"
-            gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
+            gdb -ex "$gdb_disable_aslr" -x $FRAMEWORK/tests/programs/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
             grep "The buffer was correctly zeroized" test_zeroize.log
             not grep -i "error" test_zeroize.log
             rm -f test_zeroize.log

tests/scripts/test_zeroize.gdb

@@ -1,64 +0,0 @@
-# test_zeroize.gdb
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-# Purpose
-#
-# Run a test using the debugger to check that the mbedtls_platform_zeroize()
-# function in platform_util.h is not being optimized out by the compiler. To do
-# so, the script loads the test program at programs/test/zeroize.c and sets a
-# breakpoint at the last return statement in main(). When the breakpoint is
-# hit, the debugger manually checks the contents to be zeroized and checks that
-# it is actually cleared.
-#
-# The mbedtls_platform_zeroize() test is debugger driven because there does not
-# seem to be a mechanism to reliably check whether the zeroize calls are being
-# eliminated by compiler optimizations from within the compiled program. The
-# problem is that a compiler would typically remove what it considers to be
-# "unnecessary" assignments as part of redundant code elimination. To identify
-# such code, the compilar will create some form dependency graph between
-# reads and writes to variables (among other situations). It will then use this
-# data structure to remove redundant code that does not have an impact on the
-# program's observable behavior. In the case of mbedtls_platform_zeroize(), an
-# intelligent compiler could determine that this function clears a block of
-# memory that is not accessed later in the program, so removing the call to
-# mbedtls_platform_zeroize() does not have an observable behavior. However,
-# inserting a test after a call to mbedtls_platform_zeroize() to check whether
-# the block of memory was correctly zeroed would force the compiler to not
-# eliminate the mbedtls_platform_zeroize() call. If this does not occur, then
-# the compiler potentially has a bug.
-#
-# Note: This test requires that the test program is compiled with -g3.
-
-set confirm off
-
-file ./programs/test/zeroize
-
-search GDB_BREAK_HERE
-break $_
-
-set args ./programs/test/zeroize.c
-run
-
-set $i = 0
-set $len = sizeof(buf)
-set $buf = buf
-
-while $i < $len
-    if $buf[$i++] != 0
-        echo The buffer at was not zeroized\n
-        quit 1
-    end
-end
-
-echo The buffer was correctly zeroized\n
-
-continue
-
-if $_exitcode != 0
-    echo The program did not terminate correctly\n
-    quit 1
-end
-
-quit 0