From 8f073121248d8af5f3b51c0a0f74fd81c3a14a34 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 Nov 2018 15:58:47 +0100 Subject: [PATCH 01/24] Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call. --- tests/scripts/all.sh | 1587 ++++++++++++++++++++++++------------------ 1 file changed, 900 insertions(+), 687 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 19baf5e8a040..a2afab3a0876 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -55,6 +55,16 @@ # Notes for maintainers # --------------------- # +# The bulk of the code is organized into functions that follow one of the +# following naming conventions: +# * pre_XXX: things to do before running the tests, in order. +# * component_XXX: independent components. They can be run in any order. +# * component_check_XXX: quick tests that aren't worth parallelizing +# * component_build_XXX: build things but don't run them +# * component_test_XXX: build and test +# * post_XXX: things to do after running the tests. +# * other: miscellaneous support functions. +# # The tests are roughly in order from fastest to slowest. This doesn't # have to be exact, but in general you should add slower tests towards # the end and fast checks near the beginning. @@ -80,38 +90,42 @@ # Abort on errors (and uninitialised variables) set -eu -if [ "$( uname )" != "Linux" ]; then - echo "This script only works in Linux" >&2 - exit 1 -elif [ -d library -a -d include -a -d tests ]; then :; else - echo "Must be run from mbed TLS root" >&2 - exit 1 -fi +pre_check_environment () { + if [ "$( uname )" != "Linux" ]; then + echo "This script only works in Linux" >&2 + exit 1 + elif [ -d library -a -d include -a -d tests ]; then :; else + echo "Must be run from mbed TLS root" >&2 + exit 1 + fi +} -CONFIG_H='include/mbedtls/config.h' -CONFIG_BAK="$CONFIG_H.bak" - -MEMORY=0 -FORCE=0 -KEEP_GOING=0 -RUN_ARMCC=1 - -# Default commands, can be overriden by the environment -: ${OPENSSL:="openssl"} -: ${OPENSSL_LEGACY:="$OPENSSL"} -: ${OPENSSL_NEXT:="$OPENSSL"} -: ${GNUTLS_CLI:="gnutls-cli"} -: ${GNUTLS_SERV:="gnutls-serv"} -: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} -: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} -: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} -: ${ARMC5_BIN_DIR:=/usr/bin} -: ${ARMC6_BIN_DIR:=/usr/bin} - -# if MAKEFLAGS is not set add the -j option to speed up invocations of make -if [ -n "${MAKEFLAGS+set}" ]; then - export MAKEFLAGS="-j" -fi +pre_initialize_variables () { + CONFIG_H='include/mbedtls/config.h' + CONFIG_BAK="$CONFIG_H.bak" + + MEMORY=0 + FORCE=0 + KEEP_GOING=0 + RUN_ARMCC=1 + + # Default commands, can be overriden by the environment + : ${OPENSSL:="openssl"} + : ${OPENSSL_LEGACY:="$OPENSSL"} + : ${OPENSSL_NEXT:="$OPENSSL"} + : ${GNUTLS_CLI:="gnutls-cli"} + : ${GNUTLS_SERV:="gnutls-serv"} + : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} + : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} + : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} + : ${ARMC5_BIN_DIR:=/usr/bin} + : ${ARMC6_BIN_DIR:=/usr/bin} + + # if MAKEFLAGS is not set add the -j option to speed up invocations of make + if [ -n "${MAKEFLAGS+set}" ]; then + export MAKEFLAGS="-j" + fi +} usage() { @@ -197,17 +211,15 @@ msg() current_section=$1 } -if [ $RUN_ARMCC -ne 0 ]; then - armc6_build_test() - { - FLAGS="$1" +armc6_build_test() +{ + FLAGS="$1" - msg "build: ARM Compiler 6 ($FLAGS), make" - ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ - WARNING_CFLAGS='-xc -std=c99' make lib - make clean - } -fi + msg "build: ARM Compiler 6 ($FLAGS), make" + ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ + WARNING_CFLAGS='-xc -std=c99' make lib + make clean +} err_msg() { @@ -232,61 +244,64 @@ check_headers_in_cpp () { rm headers.txt } -while [ $# -gt 0 ]; do - case "$1" in - --armcc) RUN_ARMCC=1;; - --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; - --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; - --force|-f) FORCE=1;; - --gnutls-cli) shift; GNUTLS_CLI="$1";; - --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; - --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; - --gnutls-serv) shift; GNUTLS_SERV="$1";; - --help|-h) usage; exit;; - --keep-going|-k) KEEP_GOING=1;; - --memory|-m) MEMORY=1;; - --no-armcc) RUN_ARMCC=0;; - --no-force) FORCE=0;; - --no-keep-going) KEEP_GOING=0;; - --no-memory) MEMORY=0;; - --openssl) shift; OPENSSL="$1";; - --openssl-legacy) shift; OPENSSL_LEGACY="$1";; - --openssl-next) shift; OPENSSL_NEXT="$1";; - --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; - --random-seed) unset SEED;; - --release-test|-r) SEED=1;; - --seed|-s) shift; SEED="$1";; - *) - echo >&2 "Unknown option: $1" - echo >&2 "Run $0 --help for usage." - exit 120 - ;; - esac - shift -done - -if [ $FORCE -eq 1 ]; then - git checkout-index -f -q $CONFIG_H - cleanup -else +pre_parse_command_line () { + while [ $# -gt 0 ]; do + case "$1" in + --armcc) RUN_ARMCC=1;; + --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; + --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; + --force|-f) FORCE=1;; + --gnutls-cli) shift; GNUTLS_CLI="$1";; + --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; + --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; + --gnutls-serv) shift; GNUTLS_SERV="$1";; + --help|-h) usage; exit;; + --keep-going|-k) KEEP_GOING=1;; + --memory|-m) MEMORY=1;; + --no-armcc) RUN_ARMCC=0;; + --no-force) FORCE=0;; + --no-keep-going) KEEP_GOING=0;; + --no-memory) MEMORY=0;; + --openssl) shift; OPENSSL="$1";; + --openssl-legacy) shift; OPENSSL_LEGACY="$1";; + --openssl-next) shift; OPENSSL_NEXT="$1";; + --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; + --random-seed) unset SEED;; + --release-test|-r) SEED=1;; + --seed|-s) shift; SEED="$1";; + *) + echo >&2 "Unknown option: $1" + echo >&2 "Run $0 --help for usage." + exit 120 + ;; + esac + shift + done +} - if [ -d "$OUT_OF_SOURCE_DIR" ]; then - echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2 - echo "You can either delete this directory manually, or force the test by rerunning" - echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR" - exit 1 - fi +pre_check_git () { + if [ $FORCE -eq 1 ]; then + git checkout-index -f -q $CONFIG_H + cleanup + else - if ! git diff-files --quiet include/mbedtls/config.h; then - err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " - echo "You can either delete or preserve your work, or force the test by rerunning the" - echo "script as: $0 --force" - exit 1 + if [ -d "$OUT_OF_SOURCE_DIR" ]; then + echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2 + echo "You can either delete this directory manually, or force the test by rerunning" + echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR" + exit 1 + fi + + if ! git diff-files --quiet include/mbedtls/config.h; then + err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " + echo "You can either delete or preserve your work, or force the test by rerunning the" + echo "script as: $0 --force" + exit 1 + fi fi -fi +} -build_status=0 -if [ $KEEP_GOING -eq 1 ]; then +pre_setup_keep_going () { failure_summary= failure_count=0 start_red= @@ -340,11 +355,8 @@ $text" echo "Killed by SIG$1." fi } -else - record_status () { - "$@" - } -fi +} + if_build_succeeded () { if [ $build_status -eq 0 ]; then record_status "$@" @@ -357,45 +369,48 @@ not() { ! "$@" } -msg "info: $0 configuration" -echo "MEMORY: $MEMORY" -echo "FORCE: $FORCE" -echo "SEED: ${SEED-"UNSET"}" -echo "OPENSSL: $OPENSSL" -echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" -echo "OPENSSL_NEXT: $OPENSSL_NEXT" -echo "GNUTLS_CLI: $GNUTLS_CLI" -echo "GNUTLS_SERV: $GNUTLS_SERV" -echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" -echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" -echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR" -echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR" - -ARMC5_CC="$ARMC5_BIN_DIR/armcc" -ARMC5_AR="$ARMC5_BIN_DIR/armar" -ARMC6_CC="$ARMC6_BIN_DIR/armclang" -ARMC6_AR="$ARMC6_BIN_DIR/armar" - -# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh -# we just export the variables they require -export OPENSSL_CMD="$OPENSSL" -export GNUTLS_CLI="$GNUTLS_CLI" -export GNUTLS_SERV="$GNUTLS_SERV" - -# Avoid passing --seed flag in every call to ssl-opt.sh -if [ -n "${SEED-}" ]; then - export SEED -fi +pre_print_configuration () { + msg "info: $0 configuration" + echo "MEMORY: $MEMORY" + echo "FORCE: $FORCE" + echo "SEED: ${SEED-"UNSET"}" + echo "OPENSSL: $OPENSSL" + echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" + echo "OPENSSL_NEXT: $OPENSSL_NEXT" + echo "GNUTLS_CLI: $GNUTLS_CLI" + echo "GNUTLS_SERV: $GNUTLS_SERV" + echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" + echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" + echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR" + echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR" +} -# Make sure the tools we need are available. -check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ - "$GNUTLS_CLI" "$GNUTLS_SERV" \ - "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ - "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" "gdb" -if [ $RUN_ARMCC -ne 0 ]; then - check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" -fi +pre_check_tools () { + ARMC5_CC="$ARMC5_BIN_DIR/armcc" + ARMC5_AR="$ARMC5_BIN_DIR/armar" + ARMC6_CC="$ARMC6_BIN_DIR/armclang" + ARMC6_AR="$ARMC6_BIN_DIR/armar" + + # To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh + # we just export the variables they require + export OPENSSL_CMD="$OPENSSL" + export GNUTLS_CLI="$GNUTLS_CLI" + export GNUTLS_SERV="$GNUTLS_SERV" + + # Avoid passing --seed flag in every call to ssl-opt.sh + if [ -n "${SEED-}" ]; then + export SEED + fi + # Make sure the tools we need are available. + check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ + "$GNUTLS_CLI" "$GNUTLS_SERV" \ + "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ + "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" "gdb" + if [ $RUN_ARMCC -ne 0 ]; then + check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" + fi +} ################################################################ @@ -413,32 +428,46 @@ fi # # Indicative running times are given for reference. -msg "info: output_env.sh" -OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \ - GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \ - GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" ARMC5_CC="$ARMC5_CC" \ - ARMC6_CC="$ARMC6_CC" RUN_ARMCC="$RUN_ARMCC" scripts/output_env.sh +pre_print_tools () { + msg "info: output_env.sh" + OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \ + GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \ + GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" ARMC5_CC="$ARMC5_CC" \ + ARMC6_CC="$ARMC6_CC" RUN_ARMCC="$RUN_ARMCC" scripts/output_env.sh +} -msg "test: recursion.pl" # < 1s -record_status tests/scripts/recursion.pl library/*.c +component_check_recursion () { + msg "test: recursion.pl" # < 1s + record_status tests/scripts/recursion.pl library/*.c +} -msg "test: freshness of generated source files" # < 1s -record_status tests/scripts/check-generated-files.sh +component_check_generated_files () { + msg "test: freshness of generated source files" # < 1s + record_status tests/scripts/check-generated-files.sh +} -msg "test: doxygen markup outside doxygen blocks" # < 1s -record_status tests/scripts/check-doxy-blocks.pl +component_check_doxy_blocks () { + msg "test: doxygen markup outside doxygen blocks" # < 1s + record_status tests/scripts/check-doxy-blocks.pl +} -msg "test: check-files.py" # < 1s -cleanup -record_status tests/scripts/check-files.py +component_check_files () { + msg "test: check-files.py" # < 1s + cleanup + record_status tests/scripts/check-files.py +} -msg "test/build: declared and exported names" # < 3s -cleanup -record_status tests/scripts/check-names.sh +component_check_names () { + msg "test/build: declared and exported names" # < 3s + cleanup + record_status tests/scripts/check-names.sh +} -msg "test: doxygen warnings" # ~ 3s -cleanup -record_status tests/scripts/doxygen.sh +component_check_doxygen_warnings () { + msg "test: doxygen warnings" # ~ 3s + cleanup + record_status tests/scripts/doxygen.sh +} @@ -446,319 +475,374 @@ record_status tests/scripts/doxygen.sh #### Build and test many configurations and targets ################################################################ -msg "build: cmake, gcc, ASan" # ~ 1 min 50s -cleanup -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make - -msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s -make test - -msg "test: ssl-opt.sh (ASan build)" # ~ 1 min -if_build_succeeded tests/ssl-opt.sh - -msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s -record_status tests/scripts/test-ref-configs.pl - -msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min -make - -msg "test: compat.sh (ASan build)" # ~ 6 min -if_build_succeeded tests/compat.sh - -msg "build: Default + SSLv3 (ASan build)" # ~ 6 min -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make - -msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s -make test - -msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min -if_build_succeeded tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' -if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' - -msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min -if_build_succeeded tests/ssl-opt.sh - -msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make - -msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s -make test - -msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min -if_build_succeeded tests/ssl-opt.sh - -msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_RSA_NO_CRT -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make - -msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s -make test - -msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s -if_build_succeeded tests/ssl-opt.sh -f RSA - -msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min -if_build_succeeded tests/compat.sh -t RSA - -msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 -scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make - -msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" -if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet" - -msg "build: small SSL_IN_CONTENT_LEN (ASan build)" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096 -scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make - -msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" -if_build_succeeded tests/ssl-opt.sh -f "Max fragment" - -msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make - -msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" -if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" - -msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make - -msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" -if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" - -msg "build: cmake, full config, clang" # ~ 50s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests -CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On . -make - -msg "test: main suites (full config)" # ~ 5s -make test - -msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s -if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' - -msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min -if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' - -msg "test: compat.sh ARIA + ChachaPoly" -if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' - -msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl set MBEDTLS_DEPRECATED_WARNING -# Build with -O -Wextra to catch a maximum of issues. -make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs -make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests - -msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s -# No cleanup, just tweak the configuration and rebuild -make clean -scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING -scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED -# Build with -O -Wextra to catch a maximum of issues. -make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs -make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests - -msg "test/build: curves.pl (gcc)" # ~ 4 min -cleanup -record_status tests/scripts/curves.pl - -msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min -cleanup -record_status tests/scripts/depends-hashes.pl - -msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min -cleanup -record_status tests/scripts/depends-pkalgs.pl - -msg "test/build: key-exchanges (gcc)" # ~ 1 min -cleanup -record_status tests/scripts/key-exchanges.pl - -msg "build: Unix make, -Os (gcc)" # ~ 30s -cleanup -make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' - -msg "test: verify header list in cpp_dummy_build.cpp" -record_status check_headers_in_cpp - -msg "build: Unix make, incremental g++" -make TEST_CPP=1 - -# Full configuration build, without platform support, file IO and net sockets. -# This should catch missing mbedtls_printf definitions, and by disabling file -# IO, it should catch missing '#include ' -msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_PLATFORM_C -scripts/config.pl unset MBEDTLS_NET_C -scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY -scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT -scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT -scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT -scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT -scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C -scripts/config.pl unset MBEDTLS_FS_IO -# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, -# to re-enable platform integration features otherwise disabled in C99 builds -make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs -make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' test - -# catch compile bugs in _uninit functions -msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' - -msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_SSL_SRV_C -make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' - -msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_SSL_CLI_C -make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' - -# Note, C99 compliance can also be tested with the sockets support disabled, -# as that requires a POSIX platform (which isn't the same as C99). -msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. -scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux -make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib - -# Run max fragment length tests with MFL disabled -msg "build: default config except MFL extension (ASan build)" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make - -msg "test: ssl-opt.sh, MFL-related tests" -if_build_succeeded tests/ssl-opt.sh -f "Max fragment length" - -msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 -scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make - -msg "test: MFL tests (disabled MFL extension case) & large packet tests" -if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer" - -msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY -scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES -scripts/config.pl set MBEDTLS_ENTROPY_C -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT -scripts/config.pl unset MBEDTLS_HAVEGE_C -CC=gcc cmake -D UNSAFE_BUILD=ON -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" . -make - -msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)" -make test - -msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_PLATFORM_MEMORY -scripts/config.pl set MBEDTLS_PLATFORM_CALLOC_MACRO calloc -scripts/config.pl set MBEDTLS_PLATFORM_FREE_MACRO free -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make - -msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" -make test - -msg "build: default config with AES_FEWER_TABLES enabled" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_AES_FEWER_TABLES -make CC=gcc CFLAGS='-Werror -Wall -Wextra' - -msg "test: AES_FEWER_TABLES" -make test - -msg "build: default config with AES_ROM_TABLES enabled" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_AES_ROM_TABLES -make CC=gcc CFLAGS='-Werror -Wall -Wextra' - -msg "test: AES_ROM_TABLES" -make test - -msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_AES_FEWER_TABLES -scripts/config.pl set MBEDTLS_AES_ROM_TABLES -make CC=gcc CFLAGS='-Werror -Wall -Wextra' - -msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" -make test +component_test_default_cmake_gcc_asan () { + msg "build: cmake, gcc, ASan" # ~ 1 min 50s + cleanup + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -if uname -a | grep -F Linux >/dev/null; then + msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s + make test + + msg "test: ssl-opt.sh (ASan build)" # ~ 1 min + if_build_succeeded tests/ssl-opt.sh + + msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s + record_status tests/scripts/test-ref-configs.pl + + msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min + make + + msg "test: compat.sh (ASan build)" # ~ 6 min + if_build_succeeded tests/compat.sh +} + +component_test_sslv3 () { + msg "build: Default + SSLv3 (ASan build)" # ~ 6 min + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s + make test + + msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min + if_build_succeeded tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' + if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' + + msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min + if_build_succeeded tests/ssl-opt.sh +} + +component_test_no_renegotiation () { + msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s + make test + + msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min + if_build_succeeded tests/ssl-opt.sh +} + +component_test_rsa_no_crt () { + msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_RSA_NO_CRT + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s + make test + + msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s + if_build_succeeded tests/ssl-opt.sh -f RSA + + msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min + if_build_succeeded tests/compat.sh -t RSA +} + +component_test_small_ssl_out_content_len () { + msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 + scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" + if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet" +} + +component_test_small_ssl_in_content_len () { + msg "build: small SSL_IN_CONTENT_LEN (ASan build)" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096 + scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" + if_build_succeeded tests/ssl-opt.sh -f "Max fragment" +} + +component_test_small_ssl_dtls_max_buffering () { + msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" + if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" +} + +component_test_small_mbedtls_ssl_dtls_max_buffering () { + msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" + if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" +} + +component_test_full_cmake_clang () { + msg "build: cmake, full config, clang" # ~ 50s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On . + make + + msg "test: main suites (full config)" # ~ 5s + make test + + msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s + if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' + + msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min + if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' + + msg "test: compat.sh ARIA + ChachaPoly" + if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' +} + +component_build_deprecated () { + msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl set MBEDTLS_DEPRECATED_WARNING + # Build with -O -Wextra to catch a maximum of issues. + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests + + msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s + # No cleanup, just tweak the configuration and rebuild + make clean + scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING + scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED + # Build with -O -Wextra to catch a maximum of issues. + make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs + make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests +} + + +component_test_depends_curves () { + msg "test/build: curves.pl (gcc)" # ~ 4 min + cleanup + record_status tests/scripts/curves.pl +} + +component_test_depends_hashes () { + msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min + cleanup + record_status tests/scripts/depends-hashes.pl +} + +component_test_depends_pkalgs () { + msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min + cleanup + record_status tests/scripts/depends-pkalgs.pl +} + +component_build_key_exchanges () { + msg "test/build: key-exchanges (gcc)" # ~ 1 min + cleanup + record_status tests/scripts/key-exchanges.pl +} + +component_build_default_make_gcc_and_cxx () { + msg "build: Unix make, -Os (gcc)" # ~ 30s + cleanup + make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' + + msg "test: verify header list in cpp_dummy_build.cpp" + record_status check_headers_in_cpp + + msg "build: Unix make, incremental g++" + make TEST_CPP=1 +} + +component_test_no_platform () { + # Full configuration build, without platform support, file IO and net sockets. + # This should catch missing mbedtls_printf definitions, and by disabling file + # IO, it should catch missing '#include ' + msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_PLATFORM_C + scripts/config.pl unset MBEDTLS_NET_C + scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY + scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.pl unset MBEDTLS_FS_IO + # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, + # to re-enable platform integration features otherwise disabled in C99 builds + make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' test +} + +component_build_no_std_function () { + # catch compile bugs in _uninit functions + msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' +} + +component_build_no_ssl_srv () { + msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_SSL_SRV_C + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' +} + +component_build_no_ssl_cli () { + msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_SSL_CLI_C + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' +} + +component_build_no_sockets () { + # Note, C99 compliance can also be tested with the sockets support disabled, + # as that requires a POSIX platform (which isn't the same as C99). + msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. + scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib +} + +component_test_no_max_fragment_length () { + # Run max fragment length tests with MFL disabled + msg "build: default config except MFL extension (ASan build)" # ~ 30s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: ssl-opt.sh, MFL-related tests" + if_build_succeeded tests/ssl-opt.sh -f "Max fragment length" +} + +component_test_no_max_fragment_length_small_ssl_out_content_len () { + msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 + scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: MFL tests (disabled MFL extension case) & large packet tests" + if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer" +} + +component_test_null_entropy () { + msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY + scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES + scripts/config.pl set MBEDTLS_ENTROPY_C + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT + scripts/config.pl unset MBEDTLS_HAVEGE_C + CC=gcc cmake -D UNSAFE_BUILD=ON -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" . + make + + msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)" + make test +} + +component_test_platform_calloc_macro () { + msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_PLATFORM_MEMORY + scripts/config.pl set MBEDTLS_PLATFORM_CALLOC_MACRO calloc + scripts/config.pl set MBEDTLS_PLATFORM_FREE_MACRO free + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" + make test +} + +component_test_aes_fewer_tables () { + msg "build: default config with AES_FEWER_TABLES enabled" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_AES_FEWER_TABLES + make CC=gcc CFLAGS='-Werror -Wall -Wextra' + + msg "test: AES_FEWER_TABLES" + make test +} + +component_test_aes_rom_tables () { + msg "build: default config with AES_ROM_TABLES enabled" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_AES_ROM_TABLES + make CC=gcc CFLAGS='-Werror -Wall -Wextra' + + msg "test: AES_ROM_TABLES" + make test +} + +component_test_aes_fewer_tables_and_rom_tables () { + msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_AES_FEWER_TABLES + scripts/config.pl set MBEDTLS_AES_ROM_TABLES + make CC=gcc CFLAGS='-Werror -Wall -Wextra' + + msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" + make test +} + +component_test_make_shared () { msg "build/test: make shared" # ~ 40s cleanup make SHARED=1 all check -fi +} -if uname -a | grep -F x86_64 >/dev/null; then +component_test_m32_o0 () { # Build once with -O0, to compile out the i386 specific inline assembly msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s cleanup @@ -768,7 +852,9 @@ if uname -a | grep -F x86_64 >/dev/null; then msg "test: i386, make, gcc -O0 (ASan build)" make test +} +component_test_m32_o1 () { # Build again with -O1, to compile in the i386 specific inline assembly msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s cleanup @@ -778,7 +864,9 @@ if uname -a | grep -F x86_64 >/dev/null; then msg "test: i386, make, gcc -O1 (ASan build)" make test +} +component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s cleanup cp "$CONFIG_H" "$CONFIG_BAK" @@ -787,187 +875,204 @@ if uname -a | grep -F x86_64 >/dev/null; then msg "test: 64-bit ILP32, make, gcc" make test -fi # x86_64 - -msg "build: gcc, force 32-bit bignum limbs" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_HAVE_ASM -scripts/config.pl unset MBEDTLS_AESNI_C -scripts/config.pl unset MBEDTLS_PADLOCK_C -make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' - -msg "test: gcc, force 32-bit bignum limbs" -make test - -msg "build: gcc, force 64-bit bignum limbs" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_HAVE_ASM -scripts/config.pl unset MBEDTLS_AESNI_C -scripts/config.pl unset MBEDTLS_PADLOCK_C -make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' - -msg "test: gcc, force 64-bit bignum limbs" -make test - - -msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests -scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION -make CFLAGS='-Werror -O1' - -msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s -make test - - -msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests -scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION -make CFLAGS='-Werror -O1' - -msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s -make test - - -msg "build: arm-none-eabi-gcc, make" # ~ 10s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_NET_C -scripts/config.pl unset MBEDTLS_TIMING_C -scripts/config.pl unset MBEDTLS_FS_IO -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY -# following things are not in the default config -scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c -scripts/config.pl unset MBEDTLS_THREADING_PTHREAD -scripts/config.pl unset MBEDTLS_THREADING_C -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h -scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib - -msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_NET_C -scripts/config.pl unset MBEDTLS_TIMING_C -scripts/config.pl unset MBEDTLS_FS_IO -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY -# following things are not in the default config -scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c -scripts/config.pl unset MBEDTLS_THREADING_PTHREAD -scripts/config.pl unset MBEDTLS_THREADING_C -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h -scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION -make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib -echo "Checking that software 64-bit division is not required" -if_build_succeeded not grep __aeabi_uldiv library/*.o - -msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_NET_C -scripts/config.pl unset MBEDTLS_TIMING_C -scripts/config.pl unset MBEDTLS_FS_IO -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY -# following things are not in the default config -scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c -scripts/config.pl unset MBEDTLS_THREADING_PTHREAD -scripts/config.pl unset MBEDTLS_THREADING_C -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h -scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION -make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib -echo "Checking that software 64-bit multiplication is not required" -if_build_succeeded not grep __aeabi_lmul library/*.o - -msg "build: ARM Compiler 5, make" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_NET_C -scripts/config.pl unset MBEDTLS_TIMING_C -scripts/config.pl unset MBEDTLS_FS_IO -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl unset MBEDTLS_HAVE_TIME -scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE -scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY -# following things are not in the default config -scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING -scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c -scripts/config.pl unset MBEDTLS_THREADING_PTHREAD -scripts/config.pl unset MBEDTLS_THREADING_C -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h -scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME - -if [ $RUN_ARMCC -ne 0 ]; then - make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib - make clean +} + +component_test_have_int32 () { + msg "build: gcc, force 32-bit bignum limbs" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_HAVE_ASM + scripts/config.pl unset MBEDTLS_AESNI_C + scripts/config.pl unset MBEDTLS_PADLOCK_C + make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' - # ARM Compiler 6 - Target ARMv7-A - armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" + msg "test: gcc, force 32-bit bignum limbs" + make test +} - # ARM Compiler 6 - Target ARMv7-M - armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" +component_test_have_int64 () { + msg "build: gcc, force 64-bit bignum limbs" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_HAVE_ASM + scripts/config.pl unset MBEDTLS_AESNI_C + scripts/config.pl unset MBEDTLS_PADLOCK_C + make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' - # ARM Compiler 6 - Target ARMv8-A - AArch32 - armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" + msg "test: gcc, force 64-bit bignum limbs" + make test +} - # ARM Compiler 6 - Target ARMv8-M - armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" +component_test_no_udbl_division () { + msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION + make CFLAGS='-Werror -O1' - # ARM Compiler 6 - Target ARMv8-A - AArch64 - armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" -fi + msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s + make test +} -msg "build: allow SHA1 in certificates by default" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES -make CFLAGS='-Werror -Wall -Wextra' -msg "test: allow SHA1 in certificates by default" -make test -if_build_succeeded tests/ssl-opt.sh -f SHA-1 - -msg "build: Default + MBEDTLS_RSA_NO_CRT (ASan build)" # ~ 6 min -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_RSA_NO_CRT -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make - -msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)" -make test - -msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s -cleanup -make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs - -# note Make tests only builds the tests, but doesn't run them -make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests -make WINDOWS_BUILD=1 clean - -msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s -make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs -make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests -make WINDOWS_BUILD=1 clean +component_test_no_64bit_multiplication () { + msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION + make CFLAGS='-Werror -O1' -# MemSan currently only available on Linux 64 bits -if uname -a | grep 'Linux.*x86_64' >/dev/null; then + msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s + make test +} + +component_build_arm_none_eabi_gcc () { + msg "build: arm-none-eabi-gcc, make" # ~ 10s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_NET_C + scripts/config.pl unset MBEDTLS_TIMING_C + scripts/config.pl unset MBEDTLS_FS_IO + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY + # following things are not in the default config + scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c + scripts/config.pl unset MBEDTLS_THREADING_PTHREAD + scripts/config.pl unset MBEDTLS_THREADING_C + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib +} + +component_build_arm_none_eabi_gcc_no_udbl_division () { + msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_NET_C + scripts/config.pl unset MBEDTLS_TIMING_C + scripts/config.pl unset MBEDTLS_FS_IO + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY + # following things are not in the default config + scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c + scripts/config.pl unset MBEDTLS_THREADING_PTHREAD + scripts/config.pl unset MBEDTLS_THREADING_C + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION + make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib + echo "Checking that software 64-bit division is not required" + if_build_succeeded not grep __aeabi_uldiv library/*.o +} + +component_build_arm_none_eabi_gcc_no_64bit_multiplication () { + msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_NET_C + scripts/config.pl unset MBEDTLS_TIMING_C + scripts/config.pl unset MBEDTLS_FS_IO + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY + # following things are not in the default config + scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c + scripts/config.pl unset MBEDTLS_THREADING_PTHREAD + scripts/config.pl unset MBEDTLS_THREADING_C + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION + make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib + echo "Checking that software 64-bit multiplication is not required" + if_build_succeeded not grep __aeabi_lmul library/*.o +} + +component_build_armcc () { + msg "build: ARM Compiler 5, make" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_NET_C + scripts/config.pl unset MBEDTLS_TIMING_C + scripts/config.pl unset MBEDTLS_FS_IO + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl unset MBEDTLS_HAVE_TIME + scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE + scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY + # following things are not in the default config + scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING + scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c + scripts/config.pl unset MBEDTLS_THREADING_PTHREAD + scripts/config.pl unset MBEDTLS_THREADING_C + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME + + if [ $RUN_ARMCC -ne 0 ]; then + make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib + make clean + + # ARM Compiler 6 - Target ARMv7-A + armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" + + # ARM Compiler 6 - Target ARMv7-M + armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" + + # ARM Compiler 6 - Target ARMv8-A - AArch32 + armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" + + # ARM Compiler 6 - Target ARMv8-M + armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" + # ARM Compiler 6 - Target ARMv8-A - AArch64 + armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" + fi +} + +component_test_allow_sha1 () { + msg "build: allow SHA1 in certificates by default" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES + make CFLAGS='-Werror -Wall -Wextra' + msg "test: allow SHA1 in certificates by default" + make test + if_build_succeeded tests/ssl-opt.sh -f SHA-1 +} + +component_test_rsa_no_crt () { + msg "build: Default + MBEDTLS_RSA_NO_CRT (ASan build)" # ~ 6 min + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_RSA_NO_CRT + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)" + make test +} + +component_build_mingw () { + msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s + cleanup + make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs + + # note Make tests only builds the tests, but doesn't run them + make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests + make WINDOWS_BUILD=1 clean + + msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s + make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs + make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests + make WINDOWS_BUILD=1 clean +} + +component_test_memsan () { msg "build: MSan (clang)" # ~ 1 min 20s cleanup cp "$CONFIG_H" "$CONFIG_BAK" @@ -987,9 +1092,9 @@ if uname -a | grep 'Linux.*x86_64' >/dev/null; then msg "test: compat.sh (MSan)" # ~ 6 min 20s if_build_succeeded tests/compat.sh fi +} -else # no MemSan - +component_test_memcheck () { msg "build: Release (clang)" cleanup CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . @@ -1011,63 +1116,171 @@ else # no MemSan msg "test: compat.sh --memcheck (Release)" if_build_succeeded tests/compat.sh --memcheck fi +} -fi # MemSan - -msg "build: cmake 'out-of-source' build" -cleanup -MBEDTLS_ROOT_DIR="$PWD" -mkdir "$OUT_OF_SOURCE_DIR" -cd "$OUT_OF_SOURCE_DIR" -cmake "$MBEDTLS_ROOT_DIR" -make - -msg "test: cmake 'out-of-source' build" -make test -# Test an SSL option that requires an auxiliary script in test/scripts/. -# Also ensure that there are no error messages such as -# "No such file or directory", which would indicate that some required -# file is missing (ssl-opt.sh tolerates the absence of some files so -# may exit with status 0 but emit errors). -if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err -if [ -s ssl-opt.err ]; then - cat ssl-opt.err >&2 - record_status [ ! -s ssl-opt.err ] - rm ssl-opt.err -fi -cd "$MBEDTLS_ROOT_DIR" -rm -rf "$OUT_OF_SOURCE_DIR" -unset MBEDTLS_ROOT_DIR - -# Test that the function mbedtls_platform_zeroize() is not optimized away by -# different combinations of compilers and optimization flags by using an -# auxiliary GDB script. Unfortunately, GDB does not return error values to the -# system in all cases that the script fails, so we must manually search the -# output to check whether the pass string is present and no failure strings -# were printed. -for optimization_flag in -O2 -O3 -Ofast -Os; do - for compiler in clang gcc; do - msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" - cleanup - make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" - if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log - if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log - if_build_succeeded not grep -i "error" test_zeroize.log - rm -f test_zeroize.log +component_test_cmake_out_of_source () { + msg "build: cmake 'out-of-source' build" + cleanup + MBEDTLS_ROOT_DIR="$PWD" + mkdir "$OUT_OF_SOURCE_DIR" + cd "$OUT_OF_SOURCE_DIR" + cmake "$MBEDTLS_ROOT_DIR" + make + + msg "test: cmake 'out-of-source' build" + make test + # Test an SSL option that requires an auxiliary script in test/scripts/. + # Also ensure that there are no error messages such as + # "No such file or directory", which would indicate that some required + # file is missing (ssl-opt.sh tolerates the absence of some files so + # may exit with status 0 but emit errors). + if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err + if [ -s ssl-opt.err ]; then + cat ssl-opt.err >&2 + record_status [ ! -s ssl-opt.err ] + rm ssl-opt.err + fi + cd "$MBEDTLS_ROOT_DIR" + rm -rf "$OUT_OF_SOURCE_DIR" + unset MBEDTLS_ROOT_DIR +} + +component_test_zeroize () { + # Test that the function mbedtls_platform_zeroize() is not optimized away by + # different combinations of compilers and optimization flags by using an + # auxiliary GDB script. Unfortunately, GDB does not return error values to the + # system in all cases that the script fails, so we must manually search the + # output to check whether the pass string is present and no failure strings + # were printed. + for optimization_flag in -O2 -O3 -Ofast -Os; do + for compiler in clang gcc; do + msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" + cleanup + make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" + if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log + if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log + if_build_succeeded not grep -i "error" test_zeroize.log + rm -f test_zeroize.log + done done -done +} -msg "Lint: Python scripts" -record_status tests/scripts/check-python-files.sh +component_check_python_files () { + msg "Lint: Python scripts" + record_status tests/scripts/check-python-files.sh +} -msg "uint test: generate_test_code.py" -record_status ./tests/scripts/test_generate_test_code.py +component_check_generate_test_code () { + msg "uint test: generate_test_code.py" + record_status ./tests/scripts/test_generate_test_code.py +} ################################################################ #### Termination ################################################################ -msg "Done, cleaning up" -cleanup +post_report () { + msg "Done, cleaning up" + cleanup + + final_report +} + + + +################################################################ +#### Run all the things +################################################################ + +# Run one component. Currently trivial. +run_component () { + "$@" +} + +# Preliminary setup +pre_check_environment +pre_initialize_variables +pre_parse_command_line "$@" +pre_check_git +build_status=0 +if [ $KEEP_GOING -eq 1 ]; then + pre_setup_keep_going +else + record_status () { + "$@" + } +fi +pre_print_configuration +pre_check_tools +pre_print_tools + +# Small things +run_component component_check_recursion +run_component component_check_generated_files +run_component component_check_doxy_blocks +run_component component_check_files +run_component component_check_names +run_component component_check_doxygen_warnings + +# Test many different configurations +run_component component_test_default_cmake_gcc_asan +run_component component_test_sslv3 +run_component component_test_no_renegotiation +run_component component_test_rsa_no_crt +run_component component_test_small_ssl_out_content_len +run_component component_test_small_ssl_in_content_len +run_component component_test_small_ssl_dtls_max_buffering +run_component component_test_small_mbedtls_ssl_dtls_max_buffering +run_component component_test_full_cmake_clang +run_component component_build_deprecated +run_component component_test_depends_curves +run_component component_test_depends_hashes +run_component component_test_depends_pkalgs +run_component component_build_key_exchanges +run_component component_build_default_make_gcc_and_cxx +run_component component_test_no_platform +run_component component_build_no_std_function +run_component component_build_no_ssl_srv +run_component component_build_no_ssl_cli +run_component component_build_no_sockets +run_component component_test_no_max_fragment_length +run_component component_test_no_max_fragment_length_small_ssl_out_content_len +run_component component_test_null_entropy +run_component component_test_platform_calloc_macro +run_component component_test_aes_fewer_tables +run_component component_test_aes_rom_tables +run_component component_test_aes_fewer_tables_and_rom_tables +if uname -a | grep -F Linux >/dev/null; then + run_component component_test_make_shared +fi +if uname -a | grep -F x86_64 >/dev/null; then + run_component component_test_m32_o0 + run_component component_test_m32_o1 + run_component component_test_mx32 +fi +run_component component_test_have_int32 +run_component component_test_have_int64 +run_component component_test_no_udbl_division +run_component component_test_no_64bit_multiplication +run_component component_build_arm_none_eabi_gcc +run_component component_build_arm_none_eabi_gcc_no_udbl_division +run_component component_build_arm_none_eabi_gcc_no_64bit_multiplication +run_component component_build_armcc +run_component component_test_allow_sha1 +run_component component_test_rsa_no_crt +run_component component_build_mingw +# MemSan currently only available on Linux 64 bits +if uname -a | grep 'Linux.*x86_64' >/dev/null; then + run_component component_test_memsan +else # no MemSan + run_component component_test_memcheck +fi +run_component component_test_cmake_out_of_source + +# More small things +run_component component_test_zeroize +run_component component_check_python_files +run_component component_check_generate_test_code -final_report +# We're done. +post_report From 9f8f92ca9b1cd65fab0f78e0b164bb703ab7b873 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 Nov 2018 15:59:31 +0100 Subject: [PATCH 02/24] Remove duplicate component for RSA_NO_CRT --- tests/scripts/all.sh | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a2afab3a0876..a521c74b1b13 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1045,18 +1045,6 @@ component_test_allow_sha1 () { if_build_succeeded tests/ssl-opt.sh -f SHA-1 } -component_test_rsa_no_crt () { - msg "build: Default + MBEDTLS_RSA_NO_CRT (ASan build)" # ~ 6 min - cleanup - cp "$CONFIG_H" "$CONFIG_BAK" - scripts/config.pl set MBEDTLS_RSA_NO_CRT - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)" - make test -} - component_build_mingw () { msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s cleanup @@ -1267,7 +1255,6 @@ run_component component_build_arm_none_eabi_gcc_no_udbl_division run_component component_build_arm_none_eabi_gcc_no_64bit_multiplication run_component component_build_armcc run_component component_test_allow_sha1 -run_component component_test_rsa_no_crt run_component component_build_mingw # MemSan currently only available on Linux 64 bits if uname -a | grep 'Linux.*x86_64' >/dev/null; then From e48351a33f4fd129694bd2cc87d7a6b617265d82 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 Nov 2018 16:06:30 +0100 Subject: [PATCH 03/24] Move cleanup into the common wrapper function Call cleanup from run_component instead of calling it from each individual component function. Clean up after each component rather than before. With the new structure it makes more sense for each component to leave the place clean. Run cleanup once at the beginning to start from a clean slate. --- tests/scripts/all.sh | 53 ++++---------------------------------------- 1 file changed, 4 insertions(+), 49 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a521c74b1b13..1b33c65be005 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -453,19 +453,16 @@ component_check_doxy_blocks () { component_check_files () { msg "test: check-files.py" # < 1s - cleanup record_status tests/scripts/check-files.py } component_check_names () { msg "test/build: declared and exported names" # < 3s - cleanup record_status tests/scripts/check-names.sh } component_check_doxygen_warnings () { msg "test: doxygen warnings" # ~ 3s - cleanup record_status tests/scripts/doxygen.sh } @@ -477,7 +474,6 @@ component_check_doxygen_warnings () { component_test_default_cmake_gcc_asan () { msg "build: cmake, gcc, ASan" # ~ 1 min 50s - cleanup CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -499,7 +495,6 @@ component_test_default_cmake_gcc_asan () { component_test_sslv3 () { msg "build: Default + SSLv3 (ASan build)" # ~ 6 min - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . @@ -518,7 +513,6 @@ component_test_sslv3 () { component_test_no_renegotiation () { msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . @@ -533,7 +527,6 @@ component_test_no_renegotiation () { component_test_rsa_no_crt () { msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_RSA_NO_CRT CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . @@ -551,7 +544,6 @@ component_test_rsa_no_crt () { component_test_small_ssl_out_content_len () { msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 @@ -564,7 +556,6 @@ component_test_small_ssl_out_content_len () { component_test_small_ssl_in_content_len () { msg "build: small SSL_IN_CONTENT_LEN (ASan build)" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096 scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 @@ -577,7 +568,6 @@ component_test_small_ssl_in_content_len () { component_test_small_ssl_dtls_max_buffering () { msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . @@ -589,7 +579,6 @@ component_test_small_ssl_dtls_max_buffering () { component_test_small_mbedtls_ssl_dtls_max_buffering () { msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . @@ -601,7 +590,6 @@ component_test_small_mbedtls_ssl_dtls_max_buffering () { component_test_full_cmake_clang () { msg "build: cmake, full config, clang" # ~ 50s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests @@ -623,7 +611,6 @@ component_test_full_cmake_clang () { component_build_deprecated () { msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl set MBEDTLS_DEPRECATED_WARNING @@ -644,31 +631,26 @@ component_build_deprecated () { component_test_depends_curves () { msg "test/build: curves.pl (gcc)" # ~ 4 min - cleanup record_status tests/scripts/curves.pl } component_test_depends_hashes () { msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min - cleanup record_status tests/scripts/depends-hashes.pl } component_test_depends_pkalgs () { msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min - cleanup record_status tests/scripts/depends-pkalgs.pl } component_build_key_exchanges () { msg "test/build: key-exchanges (gcc)" # ~ 1 min - cleanup record_status tests/scripts/key-exchanges.pl } component_build_default_make_gcc_and_cxx () { msg "build: Unix make, -Os (gcc)" # ~ 30s - cleanup make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' msg "test: verify header list in cpp_dummy_build.cpp" @@ -683,7 +665,6 @@ component_test_no_platform () { # This should catch missing mbedtls_printf definitions, and by disabling file # IO, it should catch missing '#include ' msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_PLATFORM_C @@ -706,7 +687,6 @@ component_test_no_platform () { component_build_no_std_function () { # catch compile bugs in _uninit functions msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS @@ -716,7 +696,6 @@ component_build_no_std_function () { component_build_no_ssl_srv () { msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_SRV_C @@ -725,7 +704,6 @@ component_build_no_ssl_srv () { component_build_no_ssl_cli () { msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_CLI_C @@ -736,7 +714,6 @@ component_build_no_sockets () { # Note, C99 compliance can also be tested with the sockets support disabled, # as that requires a POSIX platform (which isn't the same as C99). msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. @@ -747,7 +724,6 @@ component_build_no_sockets () { component_test_no_max_fragment_length () { # Run max fragment length tests with MFL disabled msg "build: default config except MFL extension (ASan build)" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . @@ -759,7 +735,6 @@ component_test_no_max_fragment_length () { component_test_no_max_fragment_length_small_ssl_out_content_len () { msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 @@ -773,7 +748,6 @@ component_test_no_max_fragment_length_small_ssl_out_content_len () { component_test_null_entropy () { msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES @@ -790,7 +764,6 @@ component_test_null_entropy () { component_test_platform_calloc_macro () { msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_PLATFORM_MEMORY scripts/config.pl set MBEDTLS_PLATFORM_CALLOC_MACRO calloc @@ -804,7 +777,6 @@ component_test_platform_calloc_macro () { component_test_aes_fewer_tables () { msg "build: default config with AES_FEWER_TABLES enabled" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_FEWER_TABLES make CC=gcc CFLAGS='-Werror -Wall -Wextra' @@ -815,7 +787,6 @@ component_test_aes_fewer_tables () { component_test_aes_rom_tables () { msg "build: default config with AES_ROM_TABLES enabled" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_ROM_TABLES make CC=gcc CFLAGS='-Werror -Wall -Wextra' @@ -826,7 +797,6 @@ component_test_aes_rom_tables () { component_test_aes_fewer_tables_and_rom_tables () { msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_FEWER_TABLES scripts/config.pl set MBEDTLS_AES_ROM_TABLES @@ -838,14 +808,12 @@ component_test_aes_fewer_tables_and_rom_tables () { component_test_make_shared () { msg "build/test: make shared" # ~ 40s - cleanup make SHARED=1 all check } component_test_m32_o0 () { # Build once with -O0, to compile out the i386 specific inline assembly msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' @@ -857,7 +825,6 @@ component_test_m32_o0 () { component_test_m32_o1 () { # Build again with -O1, to compile in the i386 specific inline assembly msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' @@ -868,7 +835,6 @@ component_test_m32_o1 () { component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' @@ -879,7 +845,6 @@ component_test_mx32 () { component_test_have_int32 () { msg "build: gcc, force 32-bit bignum limbs" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C @@ -892,7 +857,6 @@ component_test_have_int32 () { component_test_have_int64 () { msg "build: gcc, force 64-bit bignum limbs" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C @@ -905,7 +869,6 @@ component_test_have_int64 () { component_test_no_udbl_division () { msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests @@ -918,7 +881,6 @@ component_test_no_udbl_division () { component_test_no_64bit_multiplication () { msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests @@ -931,7 +893,6 @@ component_test_no_64bit_multiplication () { component_build_arm_none_eabi_gcc () { msg "build: arm-none-eabi-gcc, make" # ~ 10s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C @@ -950,7 +911,6 @@ component_build_arm_none_eabi_gcc () { component_build_arm_none_eabi_gcc_no_udbl_division () { msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C @@ -972,7 +932,6 @@ component_build_arm_none_eabi_gcc_no_udbl_division () { component_build_arm_none_eabi_gcc_no_64bit_multiplication () { msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C @@ -994,7 +953,6 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () { component_build_armcc () { msg "build: ARM Compiler 5, make" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C @@ -1036,7 +994,6 @@ component_build_armcc () { component_test_allow_sha1 () { msg "build: allow SHA1 in certificates by default" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES make CFLAGS='-Werror -Wall -Wextra' @@ -1047,7 +1004,6 @@ component_test_allow_sha1 () { component_build_mingw () { msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s - cleanup make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs # note Make tests only builds the tests, but doesn't run them @@ -1062,7 +1018,6 @@ component_build_mingw () { component_test_memsan () { msg "build: MSan (clang)" # ~ 1 min 20s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_AESNI_C # memsan doesn't grok asm CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . @@ -1084,7 +1039,6 @@ component_test_memsan () { component_test_memcheck () { msg "build: Release (clang)" - cleanup CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . make @@ -1108,7 +1062,6 @@ component_test_memcheck () { component_test_cmake_out_of_source () { msg "build: cmake 'out-of-source' build" - cleanup MBEDTLS_ROOT_DIR="$PWD" mkdir "$OUT_OF_SOURCE_DIR" cd "$OUT_OF_SOURCE_DIR" @@ -1143,12 +1096,12 @@ component_test_zeroize () { for optimization_flag in -O2 -O3 -Ofast -Os; do for compiler in clang gcc; do msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" - cleanup make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log if_build_succeeded not grep -i "error" test_zeroize.log rm -f test_zeroize.log + make clean done done } @@ -1180,9 +1133,10 @@ post_report () { #### Run all the things ################################################################ -# Run one component. Currently trivial. +# Run one component and clean up afterwards. run_component () { "$@" + cleanup } # Preliminary setup @@ -1201,6 +1155,7 @@ fi pre_print_configuration pre_check_tools pre_print_tools +cleanup # Small things run_component component_check_recursion From 782f411bf501af065a216899abeac17b39b69136 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 Nov 2018 16:11:09 +0100 Subject: [PATCH 04/24] Move test-ref-configs into its own component --- tests/scripts/all.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1b33c65be005..17f90027024c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -483,16 +483,16 @@ component_test_default_cmake_gcc_asan () { msg "test: ssl-opt.sh (ASan build)" # ~ 1 min if_build_succeeded tests/ssl-opt.sh - msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s - record_status tests/scripts/test-ref-configs.pl - - msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min - make - msg "test: compat.sh (ASan build)" # ~ 6 min if_build_succeeded tests/compat.sh } +component_test_ref_configs () { + msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + record_status tests/scripts/test-ref-configs.pl +} + component_test_sslv3 () { msg "build: Default + SSLv3 (ASan build)" # ~ 6 min cp "$CONFIG_H" "$CONFIG_BAK" @@ -1167,6 +1167,7 @@ run_component component_check_doxygen_warnings # Test many different configurations run_component component_test_default_cmake_gcc_asan +run_component component_test_ref_configs run_component component_test_sslv3 run_component component_test_no_renegotiation run_component component_test_rsa_no_crt From 348fb9a597da3b1c85af30f60b8c820e5e9f61ea Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 Nov 2018 17:04:29 +0100 Subject: [PATCH 05/24] New option --list-components Add an option to list the available components. This is not useful yet, but a subsequent commit will add the ability to run specific components. --- tests/scripts/all.sh | 57 ++++++++++++++++++++++++++++++++------------ 1 file changed, 42 insertions(+), 15 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 17f90027024c..645cdd9a232a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -106,6 +106,7 @@ pre_initialize_variables () { MEMORY=0 FORCE=0 + INTROSPECTION_MODE= KEEP_GOING=0 RUN_ARMCC=1 @@ -131,7 +132,11 @@ usage() { cat < Date: Tue, 27 Nov 2018 18:15:35 +0100 Subject: [PATCH 06/24] all.sh: with non-option arguments, run only these components --- tests/scripts/all.sh | 152 +++++++++++++++++++++++-------------------- 1 file changed, 83 insertions(+), 69 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 645cdd9a232a..f56b23bcfb12 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -104,6 +104,7 @@ pre_initialize_variables () { CONFIG_H='include/mbedtls/config.h' CONFIG_BAK="$CONFIG_H.bak" + COMPONENTS= MEMORY=0 FORCE=0 INTROSPECTION_MODE= @@ -131,8 +132,9 @@ pre_initialize_variables () { usage() { cat <&2 "Unknown option: $1" echo >&2 "Run $0 --help for usage." exit 120 ;; + *) + COMPONENTS="$COMPONENTS $1";; esac shift done @@ -1139,6 +1143,76 @@ post_report () { #### Run all the things ################################################################ +run_all_components () { + # Small things + run_component component_check_recursion + run_component component_check_generated_files + run_component component_check_doxy_blocks + run_component component_check_files + run_component component_check_names + run_component component_check_doxygen_warnings + + # Test many different configurations + run_component component_test_default_cmake_gcc_asan + run_component component_test_ref_configs + run_component component_test_sslv3 + run_component component_test_no_renegotiation + run_component component_test_rsa_no_crt + run_component component_test_small_ssl_out_content_len + run_component component_test_small_ssl_in_content_len + run_component component_test_small_ssl_dtls_max_buffering + run_component component_test_small_mbedtls_ssl_dtls_max_buffering + run_component component_test_full_cmake_clang + run_component component_build_deprecated + run_component component_test_depends_curves + run_component component_test_depends_hashes + run_component component_test_depends_pkalgs + run_component component_build_key_exchanges + run_component component_build_default_make_gcc_and_cxx + run_component component_test_no_platform + run_component component_build_no_std_function + run_component component_build_no_ssl_srv + run_component component_build_no_ssl_cli + run_component component_build_no_sockets + run_component component_test_no_max_fragment_length + run_component component_test_no_max_fragment_length_small_ssl_out_content_len + run_component component_test_null_entropy + run_component component_test_platform_calloc_macro + run_component component_test_aes_fewer_tables + run_component component_test_aes_rom_tables + run_component component_test_aes_fewer_tables_and_rom_tables + if uname -a | grep -F Linux >/dev/null; then + run_component component_test_make_shared + fi + if uname -a | grep -F x86_64 >/dev/null; then + run_component component_test_m32_o0 + run_component component_test_m32_o1 + run_component component_test_mx32 + fi + run_component component_test_have_int32 + run_component component_test_have_int64 + run_component component_test_no_udbl_division + run_component component_test_no_64bit_multiplication + run_component component_build_arm_none_eabi_gcc + run_component component_build_arm_none_eabi_gcc_no_udbl_division + run_component component_build_arm_none_eabi_gcc_no_64bit_multiplication + run_component component_build_armcc + run_component component_test_allow_sha1 + run_component component_build_mingw + # MemSan currently only available on Linux 64 bits + if uname -a | grep 'Linux.*x86_64' >/dev/null; then + run_component component_test_memsan + else # no MemSan + run_component component_test_memcheck + fi + run_component component_test_cmake_out_of_source + + # More small things + run_component component_test_zeroize + run_component component_check_python_files + run_component component_check_generate_test_code +} + # Run one component and clean up afterwards. run_component () { "$@" @@ -1156,7 +1230,7 @@ case "$INTROSPECTION_MODE" in newline=' ' run_component () { - components="${components}${newline}${1}" + components="${components}${newline}${1#component_}" } ;; @@ -1177,73 +1251,13 @@ case "$INTROSPECTION_MODE" in ;; esac -# Small things -run_component component_check_recursion -run_component component_check_generated_files -run_component component_check_doxy_blocks -run_component component_check_files -run_component component_check_names -run_component component_check_doxygen_warnings - -# Test many different configurations -run_component component_test_default_cmake_gcc_asan -run_component component_test_ref_configs -run_component component_test_sslv3 -run_component component_test_no_renegotiation -run_component component_test_rsa_no_crt -run_component component_test_small_ssl_out_content_len -run_component component_test_small_ssl_in_content_len -run_component component_test_small_ssl_dtls_max_buffering -run_component component_test_small_mbedtls_ssl_dtls_max_buffering -run_component component_test_full_cmake_clang -run_component component_build_deprecated -run_component component_test_depends_curves -run_component component_test_depends_hashes -run_component component_test_depends_pkalgs -run_component component_build_key_exchanges -run_component component_build_default_make_gcc_and_cxx -run_component component_test_no_platform -run_component component_build_no_std_function -run_component component_build_no_ssl_srv -run_component component_build_no_ssl_cli -run_component component_build_no_sockets -run_component component_test_no_max_fragment_length -run_component component_test_no_max_fragment_length_small_ssl_out_content_len -run_component component_test_null_entropy -run_component component_test_platform_calloc_macro -run_component component_test_aes_fewer_tables -run_component component_test_aes_rom_tables -run_component component_test_aes_fewer_tables_and_rom_tables -if uname -a | grep -F Linux >/dev/null; then - run_component component_test_make_shared -fi -if uname -a | grep -F x86_64 >/dev/null; then - run_component component_test_m32_o0 - run_component component_test_m32_o1 - run_component component_test_mx32 -fi -run_component component_test_have_int32 -run_component component_test_have_int64 -run_component component_test_no_udbl_division -run_component component_test_no_64bit_multiplication -run_component component_build_arm_none_eabi_gcc -run_component component_build_arm_none_eabi_gcc_no_udbl_division -run_component component_build_arm_none_eabi_gcc_no_64bit_multiplication -run_component component_build_armcc -run_component component_test_allow_sha1 -run_component component_build_mingw -# MemSan currently only available on Linux 64 bits -if uname -a | grep 'Linux.*x86_64' >/dev/null; then - run_component component_test_memsan -else # no MemSan - run_component component_test_memcheck +if [ -n "$COMPONENTS" ]; then + for component in $COMPONENTS; do + run_component "component_$component" + done +else + run_all_components fi -run_component component_test_cmake_out_of_source - -# More small things -run_component component_test_zeroize -run_component component_check_python_files -run_component component_check_generate_test_code # We're done. case "$INTROSPECTION_MODE" in From 81b96ed6034441960ba54ffe33989ad5b2b8ac69 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 Nov 2018 21:37:53 +0100 Subject: [PATCH 07/24] Add --except mode: run all components except a list Allow the list to use wildcards, e.g. you can run the sanity checks with all.sh --except "test_*" "build_*" --- tests/scripts/all.sh | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f56b23bcfb12..2799b6689392 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -105,6 +105,7 @@ pre_initialize_variables () { CONFIG_BAK="$CONFIG_H.bak" COMPONENTS= + ALL_EXCEPT=0 MEMORY=0 FORCE=0 INTROSPECTION_MODE= @@ -129,6 +130,19 @@ pre_initialize_variables () { fi } +# Test whether $1 is excluded via $COMPONENTS (a space-separated list of +# wildcard patterns). +component_is_excluded() +{ + set -f + for pattern in $COMPONENTS; do + set +f + case ${1#component_} in $pattern) return 0;; esac + done + set +f + return 1 +} + usage() { cat < Date: Tue, 4 Dec 2018 12:49:28 +0100 Subject: [PATCH 08/24] Add the current component name to msg output and the final report --- tests/scripts/all.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2799b6689392..5dd2acf99400 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -229,12 +229,16 @@ trap 'fatal_signal TERM' TERM msg() { + if [ -n "${current_component:-}" ]; then + current_section="${current_component#component_}: $1" + else + current_section="$1" + fi echo "" echo "******************************************************************" - echo "* $1 " + echo "* $current_section " printf "* "; date echo "******************************************************************" - current_section=$1 } armc6_build_test() @@ -1238,6 +1242,7 @@ run_component () { if [ $ALL_EXCEPT -ne 0 ] && component_is_excluded "$1"; then return fi + current_component="$1" "$@" cleanup } From 8ae15ddcf8417991a5ddbcb2dc7646c5850533c8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 2 Jan 2019 18:57:02 +0100 Subject: [PATCH 09/24] Back up and restore config.h systematically In all.sh, always save config.h before running a component, instead of doing it manually in each component that requires it (except when we forget, which has happened). This would break a script that requires config.h.bak not to exist, but we don't have any of those. --- tests/scripts/all.sh | 37 +++---------------------------------- 1 file changed, 3 insertions(+), 34 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5dd2acf99400..d63a948a34f6 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -529,7 +529,6 @@ component_test_ref_configs () { component_test_sslv3 () { msg "build: Default + SSLv3 (ASan build)" # ~ 6 min - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -547,7 +546,6 @@ component_test_sslv3 () { component_test_no_renegotiation () { msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -561,7 +559,6 @@ component_test_no_renegotiation () { component_test_rsa_no_crt () { msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_RSA_NO_CRT CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -578,7 +575,6 @@ component_test_rsa_no_crt () { component_test_small_ssl_out_content_len () { msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . @@ -590,7 +586,6 @@ component_test_small_ssl_out_content_len () { component_test_small_ssl_in_content_len () { msg "build: small SSL_IN_CONTENT_LEN (ASan build)" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096 scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . @@ -602,7 +597,6 @@ component_test_small_ssl_in_content_len () { component_test_small_ssl_dtls_max_buffering () { msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -613,7 +607,6 @@ component_test_small_ssl_dtls_max_buffering () { component_test_small_mbedtls_ssl_dtls_max_buffering () { msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -624,7 +617,6 @@ component_test_small_mbedtls_ssl_dtls_max_buffering () { component_test_full_cmake_clang () { msg "build: cmake, full config, clang" # ~ 50s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On . @@ -645,7 +637,6 @@ component_test_full_cmake_clang () { component_build_deprecated () { msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl set MBEDTLS_DEPRECATED_WARNING # Build with -O -Wextra to catch a maximum of issues. @@ -699,7 +690,6 @@ component_test_no_platform () { # This should catch missing mbedtls_printf definitions, and by disabling file # IO, it should catch missing '#include ' msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_PLATFORM_C scripts/config.pl unset MBEDTLS_NET_C @@ -721,7 +711,6 @@ component_test_no_platform () { component_build_no_std_function () { # catch compile bugs in _uninit functions msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED @@ -730,7 +719,6 @@ component_build_no_std_function () { component_build_no_ssl_srv () { msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_SRV_C make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' @@ -738,7 +726,6 @@ component_build_no_ssl_srv () { component_build_no_ssl_cli () { msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_CLI_C make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' @@ -748,7 +735,6 @@ component_build_no_sockets () { # Note, C99 compliance can also be tested with the sockets support disabled, # as that requires a POSIX platform (which isn't the same as C99). msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux @@ -758,7 +744,6 @@ component_build_no_sockets () { component_test_no_max_fragment_length () { # Run max fragment length tests with MFL disabled msg "build: default config except MFL extension (ASan build)" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -769,7 +754,6 @@ component_test_no_max_fragment_length () { component_test_no_max_fragment_length_small_ssl_out_content_len () { msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 @@ -782,7 +766,6 @@ component_test_no_max_fragment_length_small_ssl_out_content_len () { component_test_null_entropy () { msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES scripts/config.pl set MBEDTLS_ENTROPY_C @@ -798,7 +781,6 @@ component_test_null_entropy () { component_test_platform_calloc_macro () { msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_PLATFORM_MEMORY scripts/config.pl set MBEDTLS_PLATFORM_CALLOC_MACRO calloc scripts/config.pl set MBEDTLS_PLATFORM_FREE_MACRO free @@ -811,7 +793,6 @@ component_test_platform_calloc_macro () { component_test_aes_fewer_tables () { msg "build: default config with AES_FEWER_TABLES enabled" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_FEWER_TABLES make CC=gcc CFLAGS='-Werror -Wall -Wextra' @@ -821,7 +802,6 @@ component_test_aes_fewer_tables () { component_test_aes_rom_tables () { msg "build: default config with AES_ROM_TABLES enabled" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_ROM_TABLES make CC=gcc CFLAGS='-Werror -Wall -Wextra' @@ -831,7 +811,6 @@ component_test_aes_rom_tables () { component_test_aes_fewer_tables_and_rom_tables () { msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_FEWER_TABLES scripts/config.pl set MBEDTLS_AES_ROM_TABLES make CC=gcc CFLAGS='-Werror -Wall -Wextra' @@ -848,7 +827,6 @@ component_test_make_shared () { component_test_m32_o0 () { # Build once with -O0, to compile out the i386 specific inline assembly msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' @@ -859,7 +837,6 @@ component_test_m32_o0 () { component_test_m32_o1 () { # Build again with -O1, to compile in the i386 specific inline assembly msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' @@ -869,7 +846,6 @@ component_test_m32_o1 () { component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' @@ -879,7 +855,6 @@ component_test_mx32 () { component_test_have_int32 () { msg "build: gcc, force 32-bit bignum limbs" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C @@ -891,7 +866,6 @@ component_test_have_int32 () { component_test_have_int64 () { msg "build: gcc, force 64-bit bignum limbs" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C @@ -903,7 +877,6 @@ component_test_have_int64 () { component_test_no_udbl_division () { msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION @@ -915,7 +888,6 @@ component_test_no_udbl_division () { component_test_no_64bit_multiplication () { msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION @@ -927,7 +899,6 @@ component_test_no_64bit_multiplication () { component_build_arm_none_eabi_gcc () { msg "build: arm-none-eabi-gcc, make" # ~ 10s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C @@ -945,7 +916,6 @@ component_build_arm_none_eabi_gcc () { component_build_arm_none_eabi_gcc_no_udbl_division () { msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C @@ -966,7 +936,6 @@ component_build_arm_none_eabi_gcc_no_udbl_division () { component_build_arm_none_eabi_gcc_no_64bit_multiplication () { msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C @@ -987,7 +956,6 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () { component_build_armcc () { msg "build: ARM Compiler 5, make" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C @@ -1028,7 +996,6 @@ component_build_armcc () { component_test_allow_sha1 () { msg "build: allow SHA1 in certificates by default" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES make CFLAGS='-Werror -Wall -Wextra' msg "test: allow SHA1 in certificates by default" @@ -1052,7 +1019,6 @@ component_build_mingw () { component_test_memsan () { msg "build: MSan (clang)" # ~ 1 min 20s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_AESNI_C # memsan doesn't grok asm CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . make @@ -1242,6 +1208,9 @@ run_component () { if [ $ALL_EXCEPT -ne 0 ] && component_is_excluded "$1"; then return fi + # Back up the configuration in case the component modifies it. + # The cleanup function will restore it. + cp -p "$CONFIG_H" "$CONFIG_BAK" current_component="$1" "$@" cleanup From 06b385fabe4b7555758e420e030702d1b8665eb8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jan 2019 22:28:21 +0100 Subject: [PATCH 10/24] Fix inconsistent indentation Only whitespace changes in this commit. --- tests/scripts/all.sh | 86 ++++++++++++++++++++++---------------------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1dc458057ffe..f09c632105ed 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -276,40 +276,40 @@ check_headers_in_cpp () { pre_parse_command_line () { while [ $# -gt 0 ]; do - case "$1" in - --armcc) RUN_ARMCC=1;; - --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; - --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; - --except) ALL_EXCEPT=1;; - --force|-f) FORCE=1;; - --gnutls-cli) shift; GNUTLS_CLI="$1";; - --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; - --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; - --gnutls-serv) shift; GNUTLS_SERV="$1";; - --help|-h) usage; exit;; - --keep-going|-k) KEEP_GOING=1;; - --list-components) INTROSPECTION_MODE=list_components;; - --memory|-m) MEMORY=1;; - --no-armcc) RUN_ARMCC=0;; - --no-force) FORCE=0;; - --no-keep-going) KEEP_GOING=0;; - --no-memory) MEMORY=0;; - --openssl) shift; OPENSSL="$1";; - --openssl-legacy) shift; OPENSSL_LEGACY="$1";; - --openssl-next) shift; OPENSSL_NEXT="$1";; - --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; - --random-seed) unset SEED;; - --release-test|-r) SEED=1;; - --seed|-s) shift; SEED="$1";; - -*) - echo >&2 "Unknown option: $1" - echo >&2 "Run $0 --help for usage." - exit 120 - ;; - *) - COMPONENTS="$COMPONENTS $1";; - esac - shift + case "$1" in + --armcc) RUN_ARMCC=1;; + --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; + --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; + --except) ALL_EXCEPT=1;; + --force|-f) FORCE=1;; + --gnutls-cli) shift; GNUTLS_CLI="$1";; + --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; + --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; + --gnutls-serv) shift; GNUTLS_SERV="$1";; + --help|-h) usage; exit;; + --keep-going|-k) KEEP_GOING=1;; + --list-components) INTROSPECTION_MODE=list_components;; + --memory|-m) MEMORY=1;; + --no-armcc) RUN_ARMCC=0;; + --no-force) FORCE=0;; + --no-keep-going) KEEP_GOING=0;; + --no-memory) MEMORY=0;; + --openssl) shift; OPENSSL="$1";; + --openssl-legacy) shift; OPENSSL_LEGACY="$1";; + --openssl-next) shift; OPENSSL_NEXT="$1";; + --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; + --random-seed) unset SEED;; + --release-test|-r) SEED=1;; + --seed|-s) shift; SEED="$1";; + -*) + echo >&2 "Unknown option: $1" + echo >&2 "Run $0 --help for usage." + exit 120 + ;; + *) + COMPONENTS="$COMPONENTS $1";; + esac + shift done } @@ -1103,15 +1103,15 @@ component_test_zeroize () { # output to check whether the pass string is present and no failure strings # were printed. for optimization_flag in -O2 -O3 -Ofast -Os; do - for compiler in clang gcc; do - msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" - make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" - if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log - if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log - if_build_succeeded not grep -i "error" test_zeroize.log - rm -f test_zeroize.log - make clean - done + for compiler in clang gcc; do + msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" + make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" + if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log + if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log + if_build_succeeded not grep -i "error" test_zeroize.log + rm -f test_zeroize.log + make clean + done done } From 1927565f9bb7ebcf1efa145d1696917c99221315 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 19:48:30 +0000 Subject: [PATCH 11/24] Use CMAKE_BUILD_TYPE to do Asan builds Use `cmake -D CMAKE_BUILD_TYPE=Asan` rather than manually setting `-fsanitize=address`. This lets cmake determine the necessary compiler and linker flags. With UNSAFE_BUILD on, force -Wno-error. This is necessary to build with MBEDTLS_TEST_NULL_ENTROPY. --- library/CMakeLists.txt | 6 ++++++ tests/scripts/all.sh | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 3a3f61bcffb2..3b56c44454b3 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -103,6 +103,12 @@ if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code") endif(CMAKE_COMPILER_IS_CLANG) +if(UNSAFE_BUILD) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error") + set(CMAKE_C_FLAGS_ASAN "${CMAKE_C_FLAGS_ASAN} -Wno-error") + set(CMAKE_C_FLAGS_ASANDBG "${CMAKE_C_FLAGS_ASANDBG} -Wno-error") +endif(UNSAFE_BUILD) + if(WIN32) set(libs ${libs} ws2_32) endif(WIN32) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f09c632105ed..8c9c9ce4393d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -773,7 +773,7 @@ component_test_null_entropy () { scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT scripts/config.pl unset MBEDTLS_HAVEGE_C - CC=gcc cmake -D UNSAFE_BUILD=ON -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" . + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON . make msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)" From 74851d8dd94e13c534eefa9d633bca1657ec9869 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 19:52:22 +0000 Subject: [PATCH 12/24] Gdb script: improve portability of ASLR disabling disabling Call `set disable-randomization off` only if it seems to be supported. The goal is to neither get an error about disable-randomization not being supported (e.g. on FreeBSD), nor get an error if it is supported but fails (e.g. on Ubuntu). Only fiddle with disable-randomization from all.sh, which cares because it reports the failure of ASLR disabling as an error. If a developer invokes the Gdb script manually, a warning about ASLR doesn't matter. --- tests/scripts/all.sh | 12 +++++++++++- tests/scripts/test_zeroize.gdb | 2 -- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8c9c9ce4393d..1e710745651f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1102,17 +1102,27 @@ component_test_zeroize () { # system in all cases that the script fails, so we must manually search the # output to check whether the pass string is present and no failure strings # were printed. + + # Don't try to disable ASLR. We don't care about ASLR here. We do care + # about a spurious message if Gdb tries and fails, so suppress that. + gdb_disable_aslr= + if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then + gdb_disable_aslr='set disable-randomization off' + fi + for optimization_flag in -O2 -O3 -Ofast -Os; do for compiler in clang gcc; do msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" - if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log + if_build_succeeded gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log if_build_succeeded not grep -i "error" test_zeroize.log rm -f test_zeroize.log make clean done done + + unset gdb_disable_aslr } component_check_python_files () { diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 77c812a0b6cc..2f995d2a3b17 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -41,8 +41,6 @@ # number does not need to be updated often. set confirm off -# We don't need to turn off ASLR, so don't try. -set disable-randomization off file ./programs/test/zeroize break zeroize.c:100 From bdf3f5271019a60e97f3131bdf06cefcd97d8687 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 19:58:02 +0000 Subject: [PATCH 13/24] all.sh: don't insist on Linux; always run Valgrind Don't bail out of all.sh if the OS isn't Linux. We only expect everything to pass on a recent Linux x86_64, but it's useful to call all.sh to run some components on any platform. In all.sh, always run both MemorySanitizer and Valgrind. Valgrind is slower than ASan and MSan but finds some things that they don't. Run MSan unconditionally, not just on Linux/x86_64. MSan is supported on some other OSes and CPUs these days. Use `all.sh --except test_memsan` if you want to omit MSan because it isn't supported on your platform. Use `all.sh --except test_memcheck` if you want to omit Valgrind because it's too slow. Make the test scripts more portable (tested on FreeBSD): don't insist on GNU sed, and recognize amd64 as well as x86_64 for `uname -m`. The `make` utility must still be GNU make. --- tests/scripts/all.sh | 29 +++++++++++------------------ tests/ssl-opt.sh | 2 +- 2 files changed, 12 insertions(+), 19 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1e710745651f..c2d6635239ab 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -91,10 +91,7 @@ set -eu pre_check_environment () { - if [ "$( uname )" != "Linux" ]; then - echo "This script only works in Linux" >&2 - exit 1 - elif [ -d library -a -d include -a -d tests ]; then :; else + if [ -d library -a -d include -a -d tests ]; then :; else echo "Must be run from mbed TLS root" >&2 exit 1 fi @@ -1190,14 +1187,14 @@ run_all_components () { run_component component_test_aes_fewer_tables run_component component_test_aes_rom_tables run_component component_test_aes_fewer_tables_and_rom_tables - if uname -a | grep -F Linux >/dev/null; then - run_component component_test_make_shared - fi - if uname -a | grep -F x86_64 >/dev/null; then - run_component component_test_m32_o0 - run_component component_test_m32_o1 - run_component component_test_mx32 - fi + run_component component_test_make_shared + case $(uname -m) in + amd64|x86_64) + run_component component_test_m32_o0 + run_component component_test_m32_o1 + run_component component_test_mx32 + ;; + esac run_component component_test_have_int32 run_component component_test_have_int64 run_component component_test_no_udbl_division @@ -1208,12 +1205,8 @@ run_all_components () { run_component component_build_armcc run_component component_test_allow_sha1 run_component component_build_mingw - # MemSan currently only available on Linux 64 bits - if uname -a | grep 'Linux.*x86_64' >/dev/null; then - run_component component_test_memsan - else # no MemSan - run_component component_test_memcheck - fi + run_component component_test_memsan + run_component component_test_memcheck run_component component_test_cmake_out_of_source # More small things diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2ccecc4b1b8a..26830fe63930 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -167,7 +167,7 @@ requires_config_disabled() { get_config_value_or_default() { NAME="$1" DEF_VAL=$( grep ".*#define.*${NAME}" ../include/mbedtls/config.h | - sed 's/^.*\s\([0-9]*\)$/\1/' ) + sed 's/^.* \([0-9]*\)$/\1/' ) ../scripts/config.pl get $NAME || echo "$DEF_VAL" } From 55ae162559bd16f3115bbe750ccd82dd5f412674 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 20:15:26 +0000 Subject: [PATCH 14/24] all.sh: fix MAKEFLAGS setting MAKEFLAGS was set to -j if it was already set, instead of being set if not previously set as intended. So now all.sh will do parallel builds if invoked without MAKEFLAGS in the environment. --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c2d6635239ab..11cdbe80cd6e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -122,7 +122,7 @@ pre_initialize_variables () { : ${ARMC6_BIN_DIR:=/usr/bin} # if MAKEFLAGS is not set add the -j option to speed up invocations of make - if [ -n "${MAKEFLAGS+set}" ]; then + if [ -z "${MAKEFLAGS+set}" ]; then export MAKEFLAGS="-j" fi } From 1072610e149bf6bc63459d8088f0382363455f22 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 20:50:38 +0000 Subject: [PATCH 15/24] all.sh: list components automatically Extract the list of available components by looking for definitions of functions called component_xxx. The previous code explicitly listed all components in run_all_components, which opened the risk of forgetting to list a component there. Add a conditional execution facility: if a function support_xxx exists and returns false then component_xxx is not executed (except when the command line lists an explicit set of components to execute). --- tests/scripts/all.sh | 174 ++++++++++++++++--------------------------- 1 file changed, 63 insertions(+), 111 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 11cdbe80cd6e..8faa441fe277 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -62,6 +62,8 @@ # * component_check_XXX: quick tests that aren't worth parallelizing # * component_build_XXX: build things but don't run them # * component_test_XXX: build and test +# * support_XXX: if support_XXX exists and returns false then +# component_XXX is not run by default. # * post_XXX: things to do after running the tests. # * other: miscellaneous support functions. # @@ -105,7 +107,6 @@ pre_initialize_variables () { ALL_EXCEPT=0 MEMORY=0 FORCE=0 - INTROSPECTION_MODE= KEEP_GOING=0 RUN_ARMCC=1 @@ -125,12 +126,29 @@ pre_initialize_variables () { if [ -z "${MAKEFLAGS+set}" ]; then export MAKEFLAGS="-j" fi + + # Gather the list of available components. These are the functions + # defined in this script whose name starts with "component_". + # Parse the script with sed, because in sh there is no way to list + # defined functions. + ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0") + + # Exclude components that are not supported on this platform. + SUPPORTED_COMPONENTS= + for component in $ALL_COMPONENTS; do + case $(type "support_$component" 2>&1) in + *' function'*) + if ! support_$component; then continue; fi;; + esac + SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component" + done } -# Test whether $1 is excluded via $COMPONENTS (a space-separated list of -# wildcard patterns). -component_is_excluded() +# Test whether $1 is excluded via the command line. +is_component_excluded() { + # Is $1 excluded via $COMPONENTS (a space-separated list of wildcard + # patterns)? set -f for pattern in $COMPONENTS; do set +f @@ -149,7 +167,8 @@ By default, run all tests. With one or more COMPONENT, run only those. Special options: -h|--help Print this help and exit. - --list-components List available test components and exit. + --list-all-components List all available test components and exit. + --list-components List components supported on this platform and exit. General options: -f|--force Force the tests to overwrite any modified files. @@ -285,7 +304,8 @@ pre_parse_command_line () { --gnutls-serv) shift; GNUTLS_SERV="$1";; --help|-h) usage; exit;; --keep-going|-k) KEEP_GOING=1;; - --list-components) INTROSPECTION_MODE=list_components;; + --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;; + --list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;; --memory|-m) MEMORY=1;; --no-armcc) RUN_ARMCC=0;; --no-force) FORCE=0;; @@ -831,6 +851,12 @@ component_test_m32_o0 () { msg "test: i386, make, gcc -O0 (ASan build)" make test } +support_test_m32_o0 () { + case $(uname -m) in + *64*) true;; + *) false;; + esac +} component_test_m32_o1 () { # Build again with -O1, to compile in the i386 specific inline assembly @@ -841,6 +867,9 @@ component_test_m32_o1 () { msg "test: i386, make, gcc -O1 (ASan build)" make test } +support_test_m32_o1 () { + support_test_m32_o0 "$@" +} component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s @@ -850,6 +879,12 @@ component_test_mx32 () { msg "test: 64-bit ILP32, make, gcc" make test } +support_test_mx32 () { + case $(uname -m) in + amd64|x86_64) true;; + *) false;; + esac +} component_test_have_int32 () { msg "build: gcc, force 32-bit bignum limbs" @@ -1149,77 +1184,8 @@ post_report () { #### Run all the things ################################################################ -run_all_components () { - # Small things - run_component component_check_recursion - run_component component_check_generated_files - run_component component_check_doxy_blocks - run_component component_check_files - run_component component_check_names - run_component component_check_doxygen_warnings - - # Test many different configurations - run_component component_test_default_cmake_gcc_asan - run_component component_test_ref_configs - run_component component_test_sslv3 - run_component component_test_no_renegotiation - run_component component_test_rsa_no_crt - run_component component_test_small_ssl_out_content_len - run_component component_test_small_ssl_in_content_len - run_component component_test_small_ssl_dtls_max_buffering - run_component component_test_small_mbedtls_ssl_dtls_max_buffering - run_component component_test_full_cmake_clang - run_component component_build_deprecated - run_component component_test_depends_curves - run_component component_test_depends_hashes - run_component component_test_depends_pkalgs - run_component component_build_key_exchanges - run_component component_build_default_make_gcc_and_cxx - run_component component_test_no_platform - run_component component_build_no_std_function - run_component component_build_no_ssl_srv - run_component component_build_no_ssl_cli - run_component component_build_no_sockets - run_component component_test_no_max_fragment_length - run_component component_test_no_max_fragment_length_small_ssl_out_content_len - run_component component_test_null_entropy - run_component component_test_platform_calloc_macro - run_component component_test_aes_fewer_tables - run_component component_test_aes_rom_tables - run_component component_test_aes_fewer_tables_and_rom_tables - run_component component_test_make_shared - case $(uname -m) in - amd64|x86_64) - run_component component_test_m32_o0 - run_component component_test_m32_o1 - run_component component_test_mx32 - ;; - esac - run_component component_test_have_int32 - run_component component_test_have_int64 - run_component component_test_no_udbl_division - run_component component_test_no_64bit_multiplication - run_component component_build_arm_none_eabi_gcc - run_component component_build_arm_none_eabi_gcc_no_udbl_division - run_component component_build_arm_none_eabi_gcc_no_64bit_multiplication - run_component component_build_armcc - run_component component_test_allow_sha1 - run_component component_build_mingw - run_component component_test_memsan - run_component component_test_memcheck - run_component component_test_cmake_out_of_source - - # More small things - run_component component_test_zeroize - run_component component_check_python_files - run_component component_check_generate_test_code -} - # Run one component and clean up afterwards. run_component () { - if [ $ALL_EXCEPT -ne 0 ] && component_is_excluded "$1"; then - return - fi # Back up the configuration in case the component modifies it. # The cleanup function will restore it. cp -p "$CONFIG_H" "$CONFIG_BAK" @@ -1233,47 +1199,33 @@ pre_check_environment pre_initialize_variables pre_parse_command_line "$@" -case "$INTROSPECTION_MODE" in - list_components) - components= - newline=' -' - run_component () { - components="${components}${newline}${1#component_}" - } - ;; - - *) - pre_check_git - build_status=0 - if [ $KEEP_GOING -eq 1 ]; then - pre_setup_keep_going - else - record_status () { - "$@" - } - fi - pre_print_configuration - pre_check_tools - pre_print_tools - cleanup - ;; -esac +pre_check_git +build_status=0 +if [ $KEEP_GOING -eq 1 ]; then + pre_setup_keep_going +else + record_status () { + "$@" + } +fi +pre_print_configuration +pre_check_tools +pre_print_tools +cleanup if [ -n "$COMPONENTS" ] && [ $ALL_EXCEPT -eq 0 ]; then + # Run the components passed on the command line. for component in $COMPONENTS; do - run_component "component_$component" + run_component "component_$component" done else - run_all_components + # Run all components except those excluded on the command line. + for component in $SUPPORTED_COMPONENTS; do + if ! is_component_excluded "$component"; then + run_component "component_$component" + fi + done fi # We're done. -case "$INTROSPECTION_MODE" in - list_components) - echo "$components" | sort - ;; - *) - post_report - ;; -esac +post_report From 1bcb1c8e284d3bcce7b57062201215afdcd7c7fe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 22:11:25 +0000 Subject: [PATCH 16/24] all.sh: Always build the list of components to run Build the list of components to run in $RUN_COMPONENTS as part of command line parsing. After parsing the command line, it no longer matters how this list was built. --- tests/scripts/all.sh | 47 ++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 19 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8faa441fe277..46ca5d5f4d63 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -103,8 +103,6 @@ pre_initialize_variables () { CONFIG_H='include/mbedtls/config.h' CONFIG_BAK="$CONFIG_H.bak" - COMPONENTS= - ALL_EXCEPT=0 MEMORY=0 FORCE=0 KEEP_GOING=0 @@ -150,7 +148,7 @@ is_component_excluded() # Is $1 excluded via $COMPONENTS (a space-separated list of wildcard # patterns)? set -f - for pattern in $COMPONENTS; do + for pattern in $COMMAND_LINE_COMPONENTS; do set +f case ${1#component_} in $pattern) return 0;; esac done @@ -291,12 +289,15 @@ check_headers_in_cpp () { } pre_parse_command_line () { + COMMAND_LINE_COMPONENTS= + all_except= + while [ $# -gt 0 ]; do case "$1" in --armcc) RUN_ARMCC=1;; --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; - --except) ALL_EXCEPT=1;; + --except) all_except=1;; --force|-f) FORCE=1;; --gnutls-cli) shift; GNUTLS_CLI="$1";; --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; @@ -323,11 +324,28 @@ pre_parse_command_line () { echo >&2 "Run $0 --help for usage." exit 120 ;; - *) - COMPONENTS="$COMPONENTS $1";; + *) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";; esac shift done + + if [ -z "$COMMAND_LINE_COMPONENTS" ]; then + all_except=1 + fi + + # Build the list of components to run. + if [ -n "$all_except" ]; then + RUN_COMPONENTS= + for component in $SUPPORTED_COMPONENTS; do + if ! is_component_excluded "$component"; then + RUN_COMPONENTS="$RUN_COMPONENTS $component" + fi + done + else + RUN_COMPONENTS="$COMMAND_LINE_COMPONENTS" + fi + + unset all_except } pre_check_git () { @@ -1213,19 +1231,10 @@ pre_check_tools pre_print_tools cleanup -if [ -n "$COMPONENTS" ] && [ $ALL_EXCEPT -eq 0 ]; then - # Run the components passed on the command line. - for component in $COMPONENTS; do - run_component "component_$component" - done -else - # Run all components except those excluded on the command line. - for component in $SUPPORTED_COMPONENTS; do - if ! is_component_excluded "$component"; then - run_component "component_$component" - fi - done -fi +# Run the requested tests. +for component in $RUN_COMPONENTS; do + run_component "component_$component" +done # We're done. post_report From e26ab189cb3b08b8460e419a69589a6861e8b541 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 22:23:42 +0000 Subject: [PATCH 17/24] all.sh: only look for armcc if it is used Only look for armcc if component_build_armcc is to be executed, instead of requiring the option --no-armcc. You can still pass --no-armcc, but it's no longer required when listing components to run. With no list of components or an exclude list on the command line, --no-armcc is equivalent to having build_armcc in the exclude list. --- tests/scripts/all.sh | 60 ++++++++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 24 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 46ca5d5f4d63..a0523de8d2a8 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -106,7 +106,6 @@ pre_initialize_variables () { MEMORY=0 FORCE=0 KEEP_GOING=0 - RUN_ARMCC=1 # Default commands, can be overriden by the environment : ${OPENSSL:="openssl"} @@ -291,10 +290,11 @@ check_headers_in_cpp () { pre_parse_command_line () { COMMAND_LINE_COMPONENTS= all_except= + no_armcc= while [ $# -gt 0 ]; do case "$1" in - --armcc) RUN_ARMCC=1;; + --armcc) no_armcc=;; --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; --except) all_except=1;; @@ -308,7 +308,7 @@ pre_parse_command_line () { --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;; --list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;; --memory|-m) MEMORY=1;; - --no-armcc) RUN_ARMCC=0;; + --no-armcc) no_armcc=1;; --no-force) FORCE=0;; --no-keep-going) KEEP_GOING=0;; --no-memory) MEMORY=0;; @@ -333,6 +333,12 @@ pre_parse_command_line () { all_except=1 fi + # --no-armcc is a legacy option. The modern way is --except '*_armcc*'. + # Ignore it if components are listed explicitly on the command line. + if [ -n "$no_armcc" ] && [ -n "$all_except" ]; then + COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*" + fi + # Build the list of components to run. if [ -n "$all_except" ]; then RUN_COMPONENTS= @@ -346,6 +352,7 @@ pre_parse_command_line () { fi unset all_except + unset no_armcc } pre_check_git () { @@ -476,9 +483,10 @@ pre_check_tools () { "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" "gdb" - if [ $RUN_ARMCC -ne 0 ]; then - check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" - fi + case $RUN_COMPONENTS in + *_armcc*) + check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR";; + esac } @@ -499,10 +507,16 @@ pre_check_tools () { pre_print_tools () { msg "info: output_env.sh" - OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \ - GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \ - GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" ARMC5_CC="$ARMC5_CC" \ - ARMC6_CC="$ARMC6_CC" RUN_ARMCC="$RUN_ARMCC" scripts/output_env.sh + set env + set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" + set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV" + set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" + case $RUN_COMPONENTS in + *_armcc*) + set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;; + *) set "$@" RUN_ARMCC=0;; + esac + "$@" scripts/output_env.sh } component_check_recursion () { @@ -1032,25 +1046,23 @@ component_build_armcc () { scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME - if [ $RUN_ARMCC -ne 0 ]; then - make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib - make clean + make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib + make clean - # ARM Compiler 6 - Target ARMv7-A - armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" + # ARM Compiler 6 - Target ARMv7-A + armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" - # ARM Compiler 6 - Target ARMv7-M - armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" + # ARM Compiler 6 - Target ARMv7-M + armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" - # ARM Compiler 6 - Target ARMv8-A - AArch32 - armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" + # ARM Compiler 6 - Target ARMv8-A - AArch32 + armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" - # ARM Compiler 6 - Target ARMv8-M - armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" + # ARM Compiler 6 - Target ARMv8-M + armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" - # ARM Compiler 6 - Target ARMv8-A - AArch64 - armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" - fi + # ARM Compiler 6 - Target ARMv8-A - AArch64 + armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" } component_test_allow_sha1 () { From 657f59a5208a4399bcdc6d19212ddaf598b529cf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 22:40:00 +0000 Subject: [PATCH 18/24] all.sh: only check tools that are going to be used Don't require openssl, mingw, etc. if we aren't going to run a component that uses them. --- tests/scripts/all.sh | 62 +++++++++++++++++++++++++++++--------------- 1 file changed, 41 insertions(+), 21 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a0523de8d2a8..766be095b5fc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -461,30 +461,50 @@ pre_print_configuration () { echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR" } +# Make sure the tools we need are available. pre_check_tools () { - ARMC5_CC="$ARMC5_BIN_DIR/armcc" - ARMC5_AR="$ARMC5_BIN_DIR/armar" - ARMC6_CC="$ARMC6_BIN_DIR/armclang" - ARMC6_AR="$ARMC6_BIN_DIR/armar" - - # To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh - # we just export the variables they require - export OPENSSL_CMD="$OPENSSL" - export GNUTLS_CLI="$GNUTLS_CLI" - export GNUTLS_SERV="$GNUTLS_SERV" - - # Avoid passing --seed flag in every call to ssl-opt.sh - if [ -n "${SEED-}" ]; then - export SEED - fi + case " $RUN_COMPONENTS " in + # Require OpenSSL and GnuTLS if running any tests (as opposed to + # only doing builds). Not all tests run OpenSSL and GnuTLS, but this + # is a good enough approximation in practice. + *" test_"*) + # To avoid setting OpenSSL and GnuTLS for each call to compat.sh + # and ssl-opt.sh, we just export the variables they require. + export OPENSSL_CMD="$OPENSSL" + export GNUTLS_CLI="$GNUTLS_CLI" + export GNUTLS_SERV="$GNUTLS_SERV" + # Avoid passing --seed flag in every call to ssl-opt.sh + if [ -n "${SEED-}" ]; then + export SEED + fi + check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ + "$GNUTLS_CLI" "$GNUTLS_SERV" \ + "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" + ;; + esac - # Make sure the tools we need are available. - check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ - "$GNUTLS_CLI" "$GNUTLS_SERV" \ - "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ - "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" "gdb" - case $RUN_COMPONENTS in + case " $RUN_COMPONENTS " in + *_doxygen[_\ ]*) check_tools "doxygen" "dot";; + esac + + case " $RUN_COMPONENTS " in + *_arm_none_eabi_gcc[_\ ]*) check_tools "arm-none-eabi-gcc";; + esac + + case " $RUN_COMPONENTS " in + *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";; + esac + + case " $RUN_COMPONENTS " in + *" test_zeroize "*) check_tools "gdb";; + esac + + case " $RUN_COMPONENTS " in *_armcc*) + ARMC5_CC="$ARMC5_BIN_DIR/armcc" + ARMC5_AR="$ARMC5_BIN_DIR/armar" + ARMC6_CC="$ARMC6_BIN_DIR/armclang" + ARMC6_AR="$ARMC6_BIN_DIR/armar" check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR";; esac } From 2edf47c2c395eb023fd7bbff1d1f2c59429d344b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 22:46:21 +0000 Subject: [PATCH 19/24] Merge the code to call output_env.sh into pre_check_tools It's all about tool detection. --- tests/scripts/all.sh | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 766be095b5fc..a061d10337dc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -463,6 +463,9 @@ pre_print_configuration () { # Make sure the tools we need are available. pre_check_tools () { + # Build the list of variables to pass to output_env.sh. + set env + case " $RUN_COMPONENTS " in # Require OpenSSL and GnuTLS if running any tests (as opposed to # only doing builds). Not all tests run OpenSSL and GnuTLS, but this @@ -477,6 +480,10 @@ pre_check_tools () { if [ -n "${SEED-}" ]; then export SEED fi + set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" + set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV" + set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" + set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" @@ -507,9 +514,18 @@ pre_check_tools () { ARMC6_AR="$ARMC6_BIN_DIR/armar" check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR";; esac + + msg "info: output_env.sh" + case $RUN_COMPONENTS in + *_armcc*) + set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;; + *) set "$@" RUN_ARMCC=0;; + esac + "$@" scripts/output_env.sh } + ################################################################ #### Basic checks ################################################################ @@ -525,20 +541,6 @@ pre_check_tools () { # # Indicative running times are given for reference. -pre_print_tools () { - msg "info: output_env.sh" - set env - set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" - set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV" - set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" - case $RUN_COMPONENTS in - *_armcc*) - set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;; - *) set "$@" RUN_ARMCC=0;; - esac - "$@" scripts/output_env.sh -} - component_check_recursion () { msg "test: recursion.pl" # < 1s record_status tests/scripts/recursion.pl library/*.c @@ -1260,7 +1262,6 @@ else fi pre_print_configuration pre_check_tools -pre_print_tools cleanup # Run the requested tests. From 92bff7f9bfbcb6b95ab3975afccd5a6afee8f72a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jan 2019 22:29:17 +0100 Subject: [PATCH 20/24] all.sh: Update the maintainer documentation --- tests/scripts/all.sh | 43 ++++++++++++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 15 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a061d10337dc..56e715afbc12 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -59,29 +59,42 @@ # following naming conventions: # * pre_XXX: things to do before running the tests, in order. # * component_XXX: independent components. They can be run in any order. -# * component_check_XXX: quick tests that aren't worth parallelizing -# * component_build_XXX: build things but don't run them -# * component_test_XXX: build and test +# * component_check_XXX: quick tests that aren't worth parallelizing. +# * component_build_XXX: build things but don't run them. +# * component_test_XXX: build and test. # * support_XXX: if support_XXX exists and returns false then # component_XXX is not run by default. # * post_XXX: things to do after running the tests. # * other: miscellaneous support functions. # +# Each component must start by invoking `msg` with a short informative message. +# +# The framework performs some cleanup tasks after each component. This +# means that components can assume that the working directory is in a +# cleaned-up state, and don't need to perform the cleanup themselves. +# * Run `make clean`. +# * Restore `include/mbedtks/config.h` from a backup made before running +# the component. +# * Check out `Makefile`, `library/Makefile`, `programs/Makefile` and +# `tests/Makefile` from git. This cleans up after an in-tree use of +# CMake. +# +# Any command that is expected to fail must be protected so that the +# script keeps running in --keep-going mode despite `set -e`. In keep-going +# mode, if a protected command fails, this is logged as a failure and the +# script will exit with a failure status once it has run all components. +# Commands can be protected in any of the following ways: +# * `make` is a function which runs the `make` command with protection. +# Note that you must write `make VAR=value`, not `VAR=value make`, +# because the `VAR=value make` syntax doesn't work with functions. +# * Put `report_status` before the command to protect it. +# * Put `if_build_successful` before a command. This protects it, and +# additionally skips it if a prior invocation of `make` in the same +# component failed. +# # The tests are roughly in order from fastest to slowest. This doesn't # have to be exact, but in general you should add slower tests towards # the end and fast checks near the beginning. -# -# Sanity checks have the following form: -# 1. msg "short description of what is about to be done" -# 2. run sanity check (failure stops the script) -# -# Build or build-and-test steps have the following form: -# 1. msg "short description of what is about to be done" -# 2. cleanup -# 3. preparation (config.pl, cmake, ...) (failure stops the script) -# 4. make -# 5. Run tests if relevant. All tests must be prefixed with -# if_build_successful for the sake of --keep-going. From add1d23b26242f8287a50770b12c5062d32ca59b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jan 2019 22:30:01 +0100 Subject: [PATCH 21/24] Fix sometimes-spurious warning about changed config.h After backing up and restoring config.h, `git diff-files` may report it as potentially-changed because it isn't sure whether the index is up to date. Use `git diff` instead: it actually reads the file. --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 56e715afbc12..01e7a5fe294d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -381,7 +381,7 @@ pre_check_git () { exit 1 fi - if ! git diff-files --quiet include/mbedtls/config.h; then + if ! git diff --quiet include/mbedtls/config.h; then err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " echo "You can either delete or preserve your work, or force the test by rerunning the" echo "script as: $0 --force" From d692e11309961f84e9e1bd3f47524539adfa237e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jan 2019 23:17:35 +0100 Subject: [PATCH 22/24] Delete $OUT_OF_SOURCE_DIR under --force The deletion of "$OUT_OF_SOURCE_DIR" had mistakenly been lumped together with Yotta and then removed when Yotta support was removed. Bring it back. --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 01e7a5fe294d..66980b1bd2b7 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -370,6 +370,7 @@ pre_parse_command_line () { pre_check_git () { if [ $FORCE -eq 1 ]; then + rm -rf "$OUT_OF_SOURCE_DIR" git checkout-index -f -q $CONFIG_H cleanup else From a49b00f2ede8b5e293f5d5001f952b5b27c466ea Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 10 Jan 2019 00:05:18 +0100 Subject: [PATCH 23/24] Support wildcard patterns with a positive list of components to run Wildcard patterns now work with command line COMPONENT arguments without --except as well as with. You can now run e.g. `all.sh "check_*` to run all the sanity checks. --- tests/scripts/all.sh | 41 ++++++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 66980b1bd2b7..5ee3571f965b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -154,11 +154,9 @@ pre_initialize_variables () { done } -# Test whether $1 is excluded via the command line. -is_component_excluded() +# Test whether the component $1 is included in the command line patterns. +is_component_included() { - # Is $1 excluded via $COMPONENTS (a space-separated list of wildcard - # patterns)? set -f for pattern in $COMMAND_LINE_COMPONENTS; do set +f @@ -174,6 +172,13 @@ usage() Usage: $0 [OPTION]... [COMPONENT]... Run mbedtls release validation tests. By default, run all tests. With one or more COMPONENT, run only those. +COMPONENT can be the name of a component or a shell wildcard pattern. + +Examples: + $0 "check_*" + Run all sanity checks. + $0 --no-armcc --except test_memsan + Run everything except builds that require armcc and MemSan. Special options: -h|--help Print this help and exit. @@ -185,11 +190,8 @@ General options: -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. --armcc Run ARM Compiler builds (on by default). - --except If some components are passed on the command line, - run all the tests except for these components. In - this mode, you can pass shell wildcard patterns as - component names, e.g. "$0 --except 'test_*'" to - exclude all components that run tests. + --except Exclude the COMPONENTs listed on the command line, + instead of running only those. --no-armcc Skip ARM Compiler builds. --no-force Refuse to overwrite modified files (default). --no-keep-going Stop at the first error (default). @@ -302,7 +304,7 @@ check_headers_in_cpp () { pre_parse_command_line () { COMMAND_LINE_COMPONENTS= - all_except= + all_except=0 no_armcc= while [ $# -gt 0 ]; do @@ -342,27 +344,24 @@ pre_parse_command_line () { shift done + # With no list of components, run everything. if [ -z "$COMMAND_LINE_COMPONENTS" ]; then all_except=1 fi # --no-armcc is a legacy option. The modern way is --except '*_armcc*'. # Ignore it if components are listed explicitly on the command line. - if [ -n "$no_armcc" ] && [ -n "$all_except" ]; then + if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*" fi # Build the list of components to run. - if [ -n "$all_except" ]; then - RUN_COMPONENTS= - for component in $SUPPORTED_COMPONENTS; do - if ! is_component_excluded "$component"; then - RUN_COMPONENTS="$RUN_COMPONENTS $component" - fi - done - else - RUN_COMPONENTS="$COMMAND_LINE_COMPONENTS" - fi + RUN_COMPONENTS= + for component in $SUPPORTED_COMPONENTS; do + if is_component_included "$component"; [ $? -eq $all_except ]; then + RUN_COMPONENTS="$RUN_COMPONENTS $component" + fi + done unset all_except unset no_armcc From e87898709c7817eadcbf88ac79ac51ba0513d0ae Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 10 Jan 2019 00:11:42 +0100 Subject: [PATCH 24/24] Rename test_memcheck to test_valgrind Valgrind is what it does. `memcheck` is how it's implemented. --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5ee3571f965b..11d10a36764b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1143,7 +1143,7 @@ component_test_memsan () { fi } -component_test_memcheck () { +component_test_valgrind () { msg "build: Release (clang)" CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . make