mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-12-24 17:41:01 +03:00
Merge pull request #9828 from ronald-cron-arm/finalize-split-preparation-2
Finalize split preparation-2
This commit is contained in:
Ronald Cron
GitHub
@@ -146,10 +146,15 @@ if [ -d tf-psa-crypto ]; then
|
||||
check ../framework/scripts/generate_ecp_tests.py $(../framework/scripts/generate_ecp_tests.py --list)
|
||||
check ../framework/scripts/generate_psa_tests.py $(../framework/scripts/generate_psa_tests.py --list)
|
||||
cd ..
|
||||
# Generated files that are present in the repository even in the development
|
||||
# branch. (This is intended to be temporary, until the generator scripts are
|
||||
# fully reviewed and the build scripts support a generated header file.)
|
||||
check framework/scripts/generate_psa_wrappers.py tf-psa-crypto/tests/include/test/psa_test_wrappers.h tf-psa-crypto/tests/src/psa_test_wrappers.c
|
||||
check tf-psa-crypto/scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \
|
||||
${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c
|
||||
check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.mbedtls_boolean.data
|
||||
else
|
||||
check scripts/generate_psa_constants.py ./programs/psa/psa_constant_names_generated.c
|
||||
check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bignum_tests.py --list)
|
||||
if in_tf_psa_crypto_repo; then
|
||||
check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.psa_boolean.data
|
||||
@@ -160,9 +165,13 @@ else
|
||||
check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list)
|
||||
check scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \
|
||||
${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c
|
||||
# Generated files that are present in the repository even in the development
|
||||
# branch. (This is intended to be temporary, until the generator scripts are
|
||||
# fully reviewed and the build scripts support a generated header file.)
|
||||
check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c
|
||||
fi
|
||||
|
||||
check framework/scripts/generate_test_keys.py framework/tests/src/test_keys.h
|
||||
check framework/scripts/generate_test_keys.py framework/tests/include/test/test_keys.h
|
||||
|
||||
# Additional checks for Mbed TLS only
|
||||
if in_mbedtls_repo; then
|
||||
@@ -177,8 +186,3 @@ if in_mbedtls_repo; then
|
||||
# the step that creates or updates these files.
|
||||
check scripts/generate_visualc_files.pl visualc/VS2017
|
||||
fi
|
||||
|
||||
# Generated files that are present in the repository even in the development
|
||||
# branch. (This is intended to be temporary, until the generator scripts are
|
||||
# fully reviewed and the build scripts support a generated header file.)
|
||||
check framework/scripts/generate_psa_wrappers.py tf-psa-crypto/tests/include/test/psa_test_wrappers.h tf-psa-crypto/tests/src/psa_test_wrappers.c
|
||||
|
||||
@@ -106,6 +106,8 @@ class FileIssueTracker:
|
||||
BINARY_FILE_PATH_RE_LIST = [
|
||||
r'docs/.*\.pdf\Z',
|
||||
r'docs/.*\.png\Z',
|
||||
r'tf-psa-crypto/docs/.*\.pdf\Z',
|
||||
r'tf-psa-crypto/docs/.*\.png\Z',
|
||||
r'programs/fuzz/corpuses/[^.]+\Z',
|
||||
r'framework/data_files/[^.]+\Z',
|
||||
r'framework/data_files/.*\.(crt|csr|db|der|key|pubkey)\Z',
|
||||
|
||||
@@ -114,7 +114,7 @@ component_build_zeroize_checks () {
|
||||
scripts/config.py full
|
||||
|
||||
# Only compile - we're looking for sizeof-pointer-memaccess warnings
|
||||
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess"
|
||||
make CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess"
|
||||
}
|
||||
|
||||
component_test_zeroize () {
|
||||
|
||||
@@ -413,16 +413,7 @@ component_test_config_symmetric_only () {
|
||||
msg "build: configs/config-symmetric-only.h"
|
||||
MBEDTLS_CONFIG="configs/config-symmetric-only.h"
|
||||
CRYPTO_CONFIG="configs/crypto-config-symmetric-only.h"
|
||||
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
||||
# want to re-generate generated files that depend on it, quite correctly.
|
||||
# However this doesn't work as the generation script expects a specific
|
||||
# format for mbedtls_config.h, which the other files don't follow. Also,
|
||||
# cmake can't know this, but re-generation is actually not necessary as
|
||||
# the generated files only depend on the list of available options, not
|
||||
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
||||
# dependency resolution for generated files and just rely on them being
|
||||
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
||||
CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: configs/config-symmetric-only.h - unit tests"
|
||||
@@ -2167,6 +2158,8 @@ component_test_ccm_aes_sha256 () {
|
||||
|
||||
# Setting a blank config disables everyhing in the library side.
|
||||
echo '#define MBEDTLS_CONFIG_H ' >"$CONFIG_H"
|
||||
cp configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H"
|
||||
|
||||
make
|
||||
msg "test: CCM + AES + SHA256 configuration"
|
||||
make test
|
||||
@@ -2299,11 +2292,6 @@ component_test_sha3_variations () {
|
||||
|
||||
# define minimal config sufficient to test SHA3
|
||||
cat > include/mbedtls/mbedtls_config.h << END
|
||||
#define MBEDTLS_AES_C
|
||||
#define MBEDTLS_CTR_DRBG_C
|
||||
#define MBEDTLS_ENTROPY_C
|
||||
#define MBEDTLS_PSA_CRYPTO_C
|
||||
#define MBEDTLS_SELF_TEST
|
||||
END
|
||||
|
||||
cat > tf-psa-crypto/include/psa/crypto_config.h << END
|
||||
@@ -2312,6 +2300,11 @@ END
|
||||
#define PSA_WANT_ALG_SHA3_256 1
|
||||
#define PSA_WANT_ALG_SHA3_384 1
|
||||
#define PSA_WANT_ALG_SHA3_512 1
|
||||
#define MBEDTLS_AES_C
|
||||
#define MBEDTLS_CTR_DRBG_C
|
||||
#define MBEDTLS_ENTROPY_C
|
||||
#define MBEDTLS_PSA_CRYPTO_C
|
||||
#define MBEDTLS_SELF_TEST
|
||||
END
|
||||
|
||||
msg "all loops unrolled"
|
||||
|
||||
@@ -13,16 +13,7 @@ component_test_config_suite_b () {
|
||||
msg "build: configs/config-suite-b.h"
|
||||
MBEDTLS_CONFIG="configs/config-suite-b.h"
|
||||
CRYPTO_CONFIG="configs/crypto-config-suite-b.h"
|
||||
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
||||
# want to re-generate generated files that depend on it, quite correctly.
|
||||
# However this doesn't work as the generation script expects a specific
|
||||
# format for mbedtls_config.h, which the other files don't follow. Also,
|
||||
# cmake can't know this, but re-generation is actually not necessary as
|
||||
# the generated files only depend on the list of available options, not
|
||||
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
||||
# dependency resolution for generated files and just rely on them being
|
||||
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
||||
CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: configs/config-suite-b.h - unit tests"
|
||||
@@ -161,16 +152,7 @@ component_test_config_thread () {
|
||||
msg "build: configs/config-thread.h"
|
||||
MBEDTLS_CONFIG="configs/config-thread.h"
|
||||
CRYPTO_CONFIG="configs/crypto-config-thread.h"
|
||||
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
||||
# want to re-generate generated files that depend on it, quite correctly.
|
||||
# However this doesn't work as the generation script expects a specific
|
||||
# format for mbedtls_config.h, which the other files don't follow. Also,
|
||||
# cmake can't know this, but re-generation is actually not necessary as
|
||||
# the generated files only depend on the list of available options, not
|
||||
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
||||
# dependency resolution for generated files and just rely on them being
|
||||
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
||||
CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: configs/config-thread.h - unit tests"
|
||||
@@ -184,16 +166,7 @@ component_test_tls1_2_ccm_psk () {
|
||||
msg "build: configs/config-ccm-psk-tls1_2.h"
|
||||
MBEDTLS_CONFIG="configs/config-ccm-psk-tls1_2.h"
|
||||
CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h"
|
||||
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
||||
# want to re-generate generated files that depend on it, quite correctly.
|
||||
# However this doesn't work as the generation script expects a specific
|
||||
# format for mbedtls_config.h, which the other files don't follow. Also,
|
||||
# cmake can't know this, but re-generation is actually not necessary as
|
||||
# the generated files only depend on the list of available options, not
|
||||
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
||||
# dependency resolution for generated files and just rely on them being
|
||||
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
||||
CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: configs/config-ccm-psk-tls1_2.h - unit tests"
|
||||
@@ -207,16 +180,7 @@ component_test_tls1_2_ccm_psk_dtls () {
|
||||
msg "build: configs/config-ccm-psk-dtls1_2.h"
|
||||
MBEDTLS_CONFIG="configs/config-ccm-psk-dtls1_2.h"
|
||||
CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h"
|
||||
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
||||
# want to re-generate generated files that depend on it, quite correctly.
|
||||
# However this doesn't work as the generation script expects a specific
|
||||
# format for mbedtls_config.h, which the other files don't follow. Also,
|
||||
# cmake can't know this, but re-generation is actually not necessary as
|
||||
# the generated files only depend on the list of available options, not
|
||||
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
||||
# dependency resolution for generated files and just rely on them being
|
||||
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
||||
CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: configs/config-ccm-psk-dtls1_2.h - unit tests"
|
||||
@@ -463,6 +427,8 @@ component_test_tls13_only () {
|
||||
msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_2"
|
||||
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
||||
scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT
|
||||
|
||||
scripts/config.py set MBEDTLS_TEST_HOOKS
|
||||
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
||||
|
||||
msg "test: TLS 1.3 only, all key exchange modes enabled"
|
||||
@@ -482,6 +448,7 @@ component_test_tls13_only_psk () {
|
||||
scripts/config.py unset MBEDTLS_PKCS7_C
|
||||
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
||||
|
||||
scripts/config.py set MBEDTLS_TEST_HOOKS
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
@@ -518,6 +485,8 @@ component_test_tls13_only_ephemeral () {
|
||||
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
||||
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
|
||||
|
||||
scripts/config.py set MBEDTLS_TEST_HOOKS
|
||||
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
||||
|
||||
msg "test_suite_ssl: TLS 1.3 only, only ephemeral key exchange mode"
|
||||
@@ -533,6 +502,7 @@ component_test_tls13_only_ephemeral_ffdh () {
|
||||
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
|
||||
|
||||
scripts/config.py set MBEDTLS_TEST_HOOKS
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH
|
||||
# Note: The unset below is to be removed for Mbed TLS 4.0
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
@@ -556,6 +526,7 @@ component_test_tls13_only_psk_ephemeral () {
|
||||
scripts/config.py unset MBEDTLS_PKCS7_C
|
||||
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
||||
|
||||
scripts/config.py set MBEDTLS_TEST_HOOKS
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP
|
||||
@@ -583,6 +554,7 @@ component_test_tls13_only_psk_ephemeral_ffdh () {
|
||||
scripts/config.py unset MBEDTLS_PKCS7_C
|
||||
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
||||
|
||||
scripts/config.py set MBEDTLS_TEST_HOOKS
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
@@ -611,6 +583,7 @@ component_test_tls13_only_psk_all () {
|
||||
scripts/config.py unset MBEDTLS_PKCS7_C
|
||||
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
||||
|
||||
scripts/config.py set MBEDTLS_TEST_HOOKS
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP
|
||||
@@ -632,6 +605,8 @@ component_test_tls13_only_ephemeral_all () {
|
||||
msg "build: TLS 1.3 only from default, without PSK key exchange mode"
|
||||
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
||||
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
||||
|
||||
scripts/config.py set MBEDTLS_TEST_HOOKS
|
||||
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
||||
|
||||
msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
|
||||
|
||||
@@ -249,7 +249,7 @@ component_build_tfm () {
|
||||
component_test_malloc_0_null () {
|
||||
msg "build: malloc(0) returns NULL (ASan+UBSan build)"
|
||||
scripts/config.py full
|
||||
make CC=$ASAN_CC CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
||||
make CC=$ASAN_CC CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
msg "test: malloc(0) returns NULL (ASan+UBSan build)"
|
||||
make test
|
||||
|
||||
Reference in New Issue
Block a user