Merge pull request #9738 from mpg/drop-armcc5-dev
[dev] Drop building with armcc5 in all.sh
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 46d06c2..66f52fe 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -65,7 +65,6 @@
option(ENABLE_PROGRAMS "Build Mbed TLS programs." ON)
-option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
if(CMAKE_HOST_WIN32)
# N.B. The comment on the next line is significant! If you change it,
@@ -213,36 +212,49 @@
set(CMAKE_C_EXTENSIONS OFF)
set(CMAKE_C_STANDARD 99)
-if(CMAKE_COMPILER_IS_GNU)
+function(set_base_compile_options target)
+ if(CMAKE_COMPILER_IS_GNU)
+ set_gnu_base_compile_options(${target})
+ elseif(CMAKE_COMPILER_IS_CLANG)
+ set_clang_base_compile_options(${target})
+ elseif(CMAKE_COMPILER_IS_IAR)
+ set_iar_base_compile_options(${target})
+ elseif(CMAKE_COMPILER_IS_MSVC)
+ set_msvc_base_compile_options(${target})
+ endif()
+endfunction(set_base_compile_options)
+
+function(set_gnu_base_compile_options target)
# some warnings we want are not available with old GCC versions
# note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION
execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
OUTPUT_VARIABLE GCC_VERSION)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wmissing-prototypes")
+ target_compile_options(${target} PRIVATE -Wall -Wextra -Wwrite-strings -Wmissing-prototypes)
if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat=2 -Wno-format-nonliteral")
+ target_compile_options(${target} PRIVATE -Wformat=2 -Wno-format-nonliteral)
endif()
if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla")
+ target_compile_options(${target} PRIVATE -Wvla)
endif()
if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op")
+ target_compile_options(${target} PRIVATE -Wlogical-op)
endif()
if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow")
+ target_compile_options(${target} PRIVATE -Wshadow)
endif()
if (GCC_VERSION VERSION_GREATER 5.0)
CHECK_C_COMPILER_FLAG("-Wformat-signedness" C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS)
if(C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness")
+ target_compile_options(${target} PRIVATE -Wformat-signedness)
endif()
endif()
if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation")
+ target_compile_options(${target} PRIVATE -Wformat-overflow=2 -Wformat-truncation)
endif()
- set(CMAKE_C_FLAGS_RELEASE "-O2")
- set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
- set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Release>:-O2>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Debug>:-O0 -g3>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Coverage>:-O0 -g3 --coverage>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_COVERAGE "--coverage")
# Old GCC versions hit a performance problem with test_suite_pkwrite
# "Private keey write check EC" tests when building with Asan+UBSan
# and -O3: those tests take more than 100x time than normal, with
@@ -251,63 +263,70 @@
# GCC 7.5 and above on Ubuntu 18.04 appear fine.
# To avoid the performance problem, we use -O2 when GCC version is lower than 7.0.
# It doesn't slow down much even with modern compiler versions.
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASan>:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all>)
if (GCC_VERSION VERSION_LESS 7.0)
- message(STATUS "USING O2")
- set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O2")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASan>:-O2>)
else()
- message(STATUS "USING O3")
- set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASan>:-O3>)
endif()
- set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
- set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3")
- set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
- set(CMAKE_C_FLAGS_CHECK "-Os")
- set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
-endif(CMAKE_COMPILER_IS_GNU)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASanDbg>:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_ASANDBG "-fsanitize=address -fsanitize=undefined")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:TSan>:-fsanitize=thread -O3>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_TSAN "-fsanitize=thread")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:TSanDbg>:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Check>:-Os>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:CheckFull>:-Os -Wcast-qual>)
-if(CMAKE_COMPILER_IS_CLANG)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wmissing-prototypes -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral")
- set(CMAKE_C_FLAGS_RELEASE "-O2")
- set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
- set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
- set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
- set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
- set(CMAKE_C_FLAGS_MEMSAN "-fsanitize=memory -O3")
- set(CMAKE_C_FLAGS_MEMSANDBG "-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2")
- set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3")
- set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
- set(CMAKE_C_FLAGS_CHECK "-Os")
-endif(CMAKE_COMPILER_IS_CLANG)
+ if(MBEDTLS_FATAL_WARNINGS)
+ target_compile_options(${target} PRIVATE -Werror)
+ endif(MBEDTLS_FATAL_WARNINGS)
+endfunction(set_gnu_base_compile_options)
-if(CMAKE_COMPILER_IS_IAR)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts")
- set(CMAKE_C_FLAGS_RELEASE "-Ohz")
- set(CMAKE_C_FLAGS_DEBUG "--debug -On")
-endif(CMAKE_COMPILER_IS_IAR)
+function(set_clang_base_compile_options target)
+ target_compile_options(${target} PRIVATE -Wall -Wextra -Wwrite-strings -Wmissing-prototypes -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Release>:-O2>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Debug>:-O0 -g3>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Coverage>:-O0 -g3 --coverage>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_COVERAGE "--coverage")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASan>:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASanDbg>:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_ASANDBG "-fsanitize=address -fsanitize=undefined")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:MemSan>:-fsanitize=memory>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_MEMSAN "-fsanitize=memory")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:MemSanDbg>:-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_MEMSANDBG "-fsanitize=memory")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:TSan>:-fsanitize=thread -O3>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_TSAN "-fsanitize=thread")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:TSanDbg>:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Check>:-Os>)
-if(CMAKE_COMPILER_IS_MSVC)
+ if(MBEDTLS_FATAL_WARNINGS)
+ target_compile_options(${target} PRIVATE -Werror)
+ endif(MBEDTLS_FATAL_WARNINGS)
+endfunction(set_clang_base_compile_options)
+
+function(set_iar_base_compile_options target)
+ target_compile_options(${target} PRIVATE --warn_about_c_style_casts)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Release>:-Ohz>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Debug>:--debug -On>)
+
+ if(MBEDTLS_FATAL_WARNINGS)
+ target_compile_options(${target} PRIVATE --warnings_are_errors)
+ endif(MBEDTLS_FATAL_WARNINGS)
+endfunction(set_iar_base_compile_options)
+
+function(set_msvc_base_compile_options target)
# Strictest warnings, UTF-8 source and execution charset
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3 /utf-8")
-endif(CMAKE_COMPILER_IS_MSVC)
+ target_compile_options(${target} PRIVATE /W3 /utf-8)
-if(MBEDTLS_FATAL_WARNINGS)
- if(CMAKE_COMPILER_IS_MSVC)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX")
- endif(CMAKE_COMPILER_IS_MSVC)
-
- if(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror")
- if(UNSAFE_BUILD)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error=cpp")
- set(CMAKE_C_FLAGS_ASAN "${CMAKE_C_FLAGS_ASAN} -Wno-error=cpp")
- set(CMAKE_C_FLAGS_ASANDBG "${CMAKE_C_FLAGS_ASANDBG} -Wno-error=cpp")
- endif(UNSAFE_BUILD)
- endif(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU)
-
- if (CMAKE_COMPILER_IS_IAR)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warnings_are_errors")
- endif(CMAKE_COMPILER_IS_IAR)
-endif(MBEDTLS_FATAL_WARNINGS)
+ if(MBEDTLS_FATAL_WARNINGS)
+ target_compile_options(${target} PRIVATE /WX)
+ endif(MBEDTLS_FATAL_WARNINGS)
+endfunction(set_msvc_base_compile_options)
if(CMAKE_BUILD_TYPE STREQUAL "Check" AND TEST_CPP)
set(CMAKE_CXX_STANDARD 11)
@@ -318,12 +337,6 @@
endif()
endif()
-if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
- if(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG)
- set(CMAKE_SHARED_LINKER_FLAGS "--coverage")
- endif(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG)
-endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
-
if (NOT EXISTS "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt")
message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found. Run `git submodule update --init` from the source tree to fetch the submodule contents.")
endif()
@@ -356,6 +369,7 @@
${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c
${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c)
add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES})
+ set_base_compile_options(mbedtls_test)
if(GEN_FILES)
add_custom_command(
OUTPUT
@@ -401,6 +415,7 @@
file(GLOB MBEDTLS_TEST_HELPER_FILES
${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_helpers/*.c)
add_library(mbedtls_test_helpers OBJECT ${MBEDTLS_TEST_HELPER_FILES})
+ set_base_compile_options(mbedtls_test_helpers)
target_include_directories(mbedtls_test_helpers
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
diff --git a/ChangeLog.d/psa-always-on.txt b/ChangeLog.d/psa-always-on.txt
new file mode 100644
index 0000000..49edb3e
--- /dev/null
+++ b/ChangeLog.d/psa-always-on.txt
@@ -0,0 +1,9 @@
+Default behavior changes
+ * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem
+ to perform cryptographic operations, with a few exceptions documented
+ in docs/use-psa-crypto.md. This corresponds to the behavior of
+ Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled. In effect,
+ MBEDTLS_USE_PSA_CRYPTO is now always enabled.
+ * psa_crypto_init() must be called before performing any cryptographic
+ operation, including indirect requests such as parsing a key or
+ certificate or starting a TLS handshake.
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 02dc8fd..b204166 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1955,7 +1955,7 @@
*
* Uncomment this to enable internal use of PSA Crypto and new associated APIs.
*/
-//#define MBEDTLS_USE_PSA_CRYPTO
+#define MBEDTLS_USE_PSA_CRYPTO
/**
* \def MBEDTLS_PSA_CRYPTO_CONFIG
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 0415c65..1e09d31 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -89,11 +89,11 @@
endif()
if(CMAKE_COMPILER_IS_GNUCC)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations")
+ set(LIBS_C_FLAGS -Wmissing-declarations)
endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_COMPILER_IS_CLANG)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code")
+ set(LIBS_C_FLAGS -Wmissing-declarations -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code)
endif(CMAKE_COMPILER_IS_CLANG)
if(CMAKE_COMPILER_IS_MSVC)
@@ -153,20 +153,28 @@
if(USE_STATIC_MBEDTLS_LIBRARY)
add_library(${mbedx509_static_target} STATIC ${src_x509})
+ set_base_compile_options(${mbedx509_static_target})
+ target_compile_options(${mbedx509_static_target} PRIVATE ${LIBS_C_FLAGS})
set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509)
target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target})
add_library(${mbedtls_static_target} STATIC ${src_tls})
+ set_base_compile_options(${mbedtls_static_target})
+ target_compile_options(${mbedtls_static_target} PRIVATE ${LIBS_C_FLAGS})
set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls)
target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target})
endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(${mbedx509_target} SHARED ${src_x509})
+ set_base_compile_options(${mbedx509_target})
+ target_compile_options(${mbedx509_target} PRIVATE ${LIBS_C_FLAGS})
set_target_properties(${mbedx509_target} PROPERTIES VERSION 4.0.0 SOVERSION 7)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
add_library(${mbedtls_target} SHARED ${src_tls})
+ set_base_compile_options(${mbedtls_target})
+ target_compile_options(${mbedtls_target} PRIVATE ${LIBS_C_FLAGS})
set_target_properties(${mbedtls_target} PROPERTIES VERSION 4.0.0 SOVERSION 21)
target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
endif(USE_SHARED_MBEDTLS_LIBRARY)
diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt
index 4d4c890..b6dde71 100644
--- a/programs/aes/CMakeLists.txt
+++ b/programs/aes/CMakeLists.txt
@@ -5,6 +5,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ set_base_compile_options(${exe})
target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt
index effaf8a..7d4e452 100644
--- a/programs/cipher/CMakeLists.txt
+++ b/programs/cipher/CMakeLists.txt
@@ -5,6 +5,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ set_base_compile_options(${exe})
target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt
index f5358ff..44fff9a 100644
--- a/programs/fuzz/CMakeLists.txt
+++ b/programs/fuzz/CMakeLists.txt
@@ -40,6 +40,7 @@
endif()
add_executable(${exe} ${exe_sources})
+ set_base_compile_options(${exe})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
if (NOT FUZZINGENGINE_LIB)
diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt
index 0ad974d..c27c4e7 100644
--- a/programs/hash/CMakeLists.txt
+++ b/programs/hash/CMakeLists.txt
@@ -7,6 +7,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ set_base_compile_options(${exe})
target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
index defbe28..9caec87 100644
--- a/programs/pkey/CMakeLists.txt
+++ b/programs/pkey/CMakeLists.txt
@@ -6,6 +6,7 @@
foreach(exe IN LISTS executables_mbedtls)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ set_base_compile_options(${exe})
target_link_libraries(${exe} ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
@@ -34,6 +35,7 @@
foreach(exe IN LISTS executables_mbedcrypto)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ set_base_compile_options(${exe})
target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt
index cfc983c..707de43 100644
--- a/programs/psa/CMakeLists.txt
+++ b/programs/psa/CMakeLists.txt
@@ -29,6 +29,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ set_base_compile_options(${exe})
target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
index 2734ceb..0ea434f 100644
--- a/programs/psa/key_ladder_demo.c
+++ b/programs/psa/key_ladder_demo.c
@@ -392,6 +392,7 @@
input_file = NULL;
/* Construct a header. */
+ memset(&header, 0, sizeof(header));
memcpy(&header.magic, WRAPPED_DATA_MAGIC, WRAPPED_DATA_MAGIC_LENGTH);
header.ad_size = sizeof(header);
header.payload_size = input_size;
diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt
index f0c7825..a83bf9e 100644
--- a/programs/random/CMakeLists.txt
+++ b/programs/random/CMakeLists.txt
@@ -6,6 +6,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ set_base_compile_options(${exe})
target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index 02010d8..6919a8e 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -40,6 +40,7 @@
endif()
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
${extra_sources})
+ set_base_compile_options(${exe})
target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2")
@@ -53,6 +54,7 @@
if(THREADS_FOUND)
add_executable(ssl_pthread_server ssl_pthread_server.c $<TARGET_OBJECTS:mbedtls_test>)
+ set_base_compile_options(ssl_pthread_server)
target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT})
list(APPEND executables ssl_pthread_server)
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 928ab49..83bc9bf 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -29,6 +29,7 @@
WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
)
add_executable(cpp_dummy_build "${cpp_dummy_build_cpp}")
+ set_base_compile_options(cpp_dummy_build)
target_include_directories(cpp_dummy_build
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include
@@ -39,6 +40,7 @@
if(USE_SHARED_MBEDTLS_LIBRARY AND
NOT ${CMAKE_SYSTEM_NAME} MATCHES "[Ww][Ii][Nn]")
add_executable(dlopen "dlopen.c")
+ set_base_compile_options(dlopen)
target_include_directories(dlopen
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include
@@ -82,6 +84,7 @@
endif()
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
${extra_sources})
+ set_base_compile_options(${exe})
target_include_directories(${exe}
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
target_include_directories(${exe}
diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt
index 9ceb13f..ac713dc 100644
--- a/programs/util/CMakeLists.txt
+++ b/programs/util/CMakeLists.txt
@@ -11,6 +11,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ set_base_compile_options(${exe})
target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt
index a09813c..a31bada 100644
--- a/programs/x509/CMakeLists.txt
+++ b/programs/x509/CMakeLists.txt
@@ -14,6 +14,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ set_base_compile_options(${exe})
target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index a9d5c84..8318e8b 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -156,6 +156,8 @@
add_executable(test_suite_${data_name} test_suite_${data_name}.c
$<TARGET_OBJECTS:mbedtls_test>
$<TARGET_OBJECTS:mbedtls_test_helpers>)
+ set_base_compile_options(test_suite_${data_name})
+ target_compile_options(test_suite_${data_name} PRIVATE ${TEST_C_FLAGS})
add_dependencies(test_suite_${data_name} ${dependency})
target_link_libraries(test_suite_${data_name} ${libs})
# Include test-specific header files from ./include and private header
@@ -183,13 +185,12 @@
add_definitions("-D_POSIX_C_SOURCE=200809L")
if(CMAKE_COMPILER_IS_CLANG)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code")
+ set(TEST_C_FLAGS -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code)
endif(CMAKE_COMPILER_IS_CLANG)
if(MSVC)
# If a warning level has been defined, suppress all warnings for test code
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W0")
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-")
+ set(TEST_C_FLAGS /W0 /WX-)
endif(MSVC)
file(GLOB test_suites RELATIVE "${CMAKE_CURRENT_SOURCE_DIR}" suites/*.data)
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index a54e125..9c83af6 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -11,7 +11,8 @@
#include "test/helpers.h"
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+#if (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_PSA_CRYPTO_C)) || \
+ (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT))
#include "test/psa_helpers.h"
#include <psa/crypto.h>
#endif
@@ -40,7 +41,7 @@
mbedtls_psa_crypto_free(); \
} \
while (0)
-#elif defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
+#elif MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#define PSA_INIT() PSA_ASSERT(psa_crypto_init())
#define PSA_DONE() mbedtls_psa_crypto_free();
#else /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
@@ -48,7 +49,8 @@
#define PSA_DONE() ((void) 0)
#endif /* MBEDTLS_PSA_CRYPTO_C */
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+#if (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_PSA_CRYPTO_C)) || \
+ (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT))
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
@@ -253,16 +255,18 @@
* \param key_type Key type
* \param key_bits Key length in number of bits.
*/
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
-#define MBEDTLS_TEST_HAVE_ALT_AES 1
+#if defined(MBEDTLS_AES_ALT) || \
+ defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
+#define MBEDTLS_TEST_HAVE_ACCEL_AES 1
#else
-#define MBEDTLS_TEST_HAVE_ALT_AES 0
+#define MBEDTLS_TEST_HAVE_ACCEL_AES 0
#endif
#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_bits) \
do \
{ \
- if ((MBEDTLS_TEST_HAVE_ALT_AES) && \
+ if ((MBEDTLS_TEST_HAVE_ACCEL_AES) && \
((key_type) == PSA_KEY_TYPE_AES) && \
(key_bits == 192)) \
{ \
@@ -295,7 +299,8 @@
* \param nonce_length The nonce length in number of bytes.
*/
-#if defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
+#if defined(MBEDTLS_GCM_ALT) || \
+ defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
#define MBEDTLS_TEST_HAVE_ACCEL_GCM 1
#else
#define MBEDTLS_TEST_HAVE_ACCEL_GCM 0
@@ -316,7 +321,22 @@
} \
while (0)
-#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT || MBEDTLS_PSA_CRYPTO_C */
+
+#if MBEDTLS_VERSION_MAJOR >= 4
+/* Legacy PSA_INIT() / PSA_DONE() variants from 3.6 */
+#define USE_PSA_INIT() PSA_INIT()
+#define USE_PSA_DONE() PSA_DONE()
+#define MD_PSA_INIT() PSA_INIT()
+#define MD_PSA_DONE() PSA_DONE()
+#define BLOCK_CIPHER_PSA_INIT() PSA_INIT()
+#define BLOCK_CIPHER_PSA_DONE() PSA_DONE()
+#define MD_OR_USE_PSA_INIT() PSA_INIT()
+#define MD_OR_USE_PSA_DONE() PSA_DONE()
+#define AES_PSA_INIT() PSA_INIT()
+#define AES_PSA_DONE() PSA_DONE()
+
+#else /* MBEDTLS_VERSION_MAJOR < 4 */
/** \def USE_PSA_INIT
*
@@ -335,9 +355,18 @@
* This is like #PSA_DONE except it does nothing under the same conditions as
* #USE_PSA_INIT.
*/
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define USE_PSA_INIT() PSA_INIT()
#define USE_PSA_DONE() PSA_DONE()
+#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
+/* TLS 1.3 must work without having called psa_crypto_init(), for backward
+ * compatibility with Mbed TLS <= 3.5 when connecting with a peer that
+ * supports both TLS 1.2 and TLS 1.3. See mbedtls_ssl_tls13_crypto_init()
+ * and https://github.com/Mbed-TLS/mbedtls/issues/9072 . */
+#define USE_PSA_INIT() ((void) 0)
+/* TLS 1.3 may have initialized the PSA subsystem. Shut it down cleanly,
+ * otherwise Asan and Valgrind would notice a resource leak. */
+#define USE_PSA_DONE() PSA_DONE()
#else /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
/* Define empty macros so that we can use them in the preamble and teardown
* of every test function that uses PSA conditionally based on
@@ -409,13 +438,12 @@
* This is like #PSA_DONE except it does nothing under the same conditions as
* #MD_OR_USE_PSA_INIT.
*/
-#if defined(MBEDTLS_MD_SOME_PSA) || \
- defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_MD_SOME_PSA)
#define MD_OR_USE_PSA_INIT() PSA_INIT()
#define MD_OR_USE_PSA_DONE() PSA_DONE()
#else
-#define MD_OR_USE_PSA_INIT() ((void) 0)
-#define MD_OR_USE_PSA_DONE() ((void) 0)
+#define MD_OR_USE_PSA_INIT() USE_PSA_INIT()
+#define MD_OR_USE_PSA_DONE() USE_PSA_DONE()
#endif
/** \def AES_PSA_INIT
@@ -441,6 +469,8 @@
#define AES_PSA_DONE() ((void) 0)
#endif /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_VERSION_MAJOR >= 4 */
+
#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \
defined(MBEDTLS_CTR_DRBG_C) && \
defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
diff --git a/tests/scripts/all-core.sh b/tests/scripts/all-core.sh
index d0bfd6f..926ee45 100644
--- a/tests/scripts/all-core.sh
+++ b/tests/scripts/all-core.sh
@@ -226,6 +226,8 @@
: ${ARMC6_BIN_DIR:=/usr/bin}
: ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
: ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
+ : ${ARM_LINUX_GNUEABIHF_GCC_PREFIX:=arm-linux-gnueabihf-}
+ : ${AARCH64_LINUX_GNU_GCC_PREFIX:=aarch64-linux-gnu-}
: ${CLANG_LATEST:="clang-latest"}
: ${CLANG_EARLIEST:="clang-earliest"}
: ${GCC_LATEST:="gcc-latest"}
@@ -322,6 +324,12 @@
--arm-linux-gnueabi-gcc-prefix=<string>
Prefix for a cross-compiler for arm-linux-gnueabi
(default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}")
+ --arm-linux-gnueabihf-gcc-prefix=<string>
+ Prefix for a cross-compiler for arm-linux-gnueabihf
+ (default: "${ARM_LINUX_GNUEABIHF_GCC_PREFIX}")
+ --aarch64-linux-gnu-gcc-prefix=<string>
+ Prefix for a cross-compiler for aarch64-linux-gnu
+ (default: "${AARCH64_LINUX_GNU_GCC_PREFIX}")
--armcc Run ARM Compiler builds (on by default).
--restore First clean up the build tree, restoring backed up
files. Do not run any components unless they are
@@ -503,6 +511,8 @@
--append-outcome) append_outcome=1;;
--arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
--arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";;
+ --arm-linux-gnueabihf-gcc-prefix) shift; ARM_LINUX_GNUEABIHF_GCC_PREFIX="$1";;
+ --aarch64-linux-gnu-gcc-prefix) shift; AARCH64_LINUX_GNU_GCC_PREFIX="$1";;
--armcc) no_armcc=;;
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
--clang-earliest) shift; CLANG_EARLIEST="$1";;
diff --git a/tests/scripts/all-helpers.sh b/tests/scripts/all-helpers.sh
index 0e97f39..cdb3f4e 100644
--- a/tests/scripts/all-helpers.sh
+++ b/tests/scripts/all-helpers.sh
@@ -265,3 +265,63 @@
echo 0 # report version 0 for "no clang"
fi
}
+
+gcc_version() {
+ gcc="$1"
+ if command -v "$gcc" > /dev/null ; then
+ "$gcc" --version | sed -En '1s/^[^ ]* \([^)]*\) ([0-9]+).*/\1/p'
+ else
+ echo 0 # report version 0 for "no gcc"
+ fi
+}
+
+can_run_cc_output() {
+ cc="$1"
+ result=false
+ if type "$cc" >/dev/null 2>&1; then
+ testbin=$(mktemp)
+ if echo 'int main(void){return 0;}' | "$cc" -o "$testbin" -x c -; then
+ if "$testbin" 2>/dev/null; then
+ result=true
+ fi
+ fi
+ rm -f "$testbin"
+ fi
+ $result
+}
+
+can_run_arm_linux_gnueabi=
+can_run_arm_linux_gnueabi () {
+ if [ -z "$can_run_arm_linux_gnueabi" ]; then
+ if can_run_cc_output "${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc"; then
+ can_run_arm_linux_gnueabi=true
+ else
+ can_run_arm_linux_gnueabi=false
+ fi
+ fi
+ $can_run_arm_linux_gnueabi
+}
+
+can_run_arm_linux_gnueabihf=
+can_run_arm_linux_gnueabihf () {
+ if [ -z "$can_run_arm_linux_gnueabihf" ]; then
+ if can_run_cc_output "${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc"; then
+ can_run_arm_linux_gnueabihf=true
+ else
+ can_run_arm_linux_gnueabihf=false
+ fi
+ fi
+ $can_run_arm_linux_gnueabihf
+}
+
+can_run_aarch64_linux_gnu=
+can_run_aarch64_linux_gnu () {
+ if [ -z "$can_run_aarch64_linux_gnu" ]; then
+ if can_run_cc_output "${AARCH64_LINUX_GNU_GCC_PREFIX}gcc"; then
+ can_run_aarch64_linux_gnu=true
+ else
+ can_run_aarch64_linux_gnu=false
+ fi
+ fi
+ $can_run_aarch64_linux_gnu
+}
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index c2ec34e..f19d4b6 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -85,12 +85,6 @@
# TLS doesn't use restartable ECDH yet.
# https://github.com/Mbed-TLS/mbedtls/issues/7294
re.compile(r'EC restart:.*no USE_PSA.*'),
- # It seems that we don't run `ssl-opt.sh` with
- # `MBEDTLS_USE_PSA_CRYPTO` enabled but `MBEDTLS_SSL_ASYNC_PRIVATE`
- # disabled.
- # https://github.com/Mbed-TLS/mbedtls/issues/9581
- 'Opaque key for server authentication: invalid key: decrypt with ECC key, no async',
- 'Opaque key for server authentication: invalid key: ecdh with RSA key, no async',
],
'test_suite_config.mbedtls_boolean': [
# https://github.com/Mbed-TLS/mbedtls/issues/9583
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index edb73a0..6ee0f91 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -183,29 +183,6 @@
tests/context-info.sh
}
-component_test_no_ctr_drbg_classic () {
- msg "build: Full minus CTR_DRBG, classic crypto in TLS"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_CTR_DRBG_C
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
-
- CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: Full minus CTR_DRBG, classic crypto - main suites"
- make test
-
- # In this configuration, the TLS test programs use HMAC_DRBG.
- # The SSL tests are slow, so run a small subset, just enough to get
- # confidence that the SSL code copes with HMAC_DRBG.
- msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)"
- tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
-
- msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)"
- tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
-}
-
component_test_no_ctr_drbg_use_psa () {
msg "build: Full minus CTR_DRBG, PSA crypto in TLS"
scripts/config.py full
@@ -228,34 +205,6 @@
tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
}
-component_test_no_hmac_drbg_classic () {
- msg "build: Full minus HMAC_DRBG, classic crypto in TLS"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_HMAC_DRBG_C
- scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
-
- CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: Full minus HMAC_DRBG, classic crypto - main suites"
- make test
-
- # Normally our ECDSA implementation uses deterministic ECDSA. But since
- # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used
- # instead.
- # Test SSL with non-deterministic ECDSA. Only test features that
- # might be affected by how ECDSA signature is performed.
- msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)"
- tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
-
- # To save time, only test one protocol version, since this part of
- # the protocol is identical in (D)TLS up to 1.2.
- msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)"
- tests/compat.sh -m tls12 -t 'ECDSA'
-}
-
component_test_no_hmac_drbg_use_psa () {
msg "build: Full minus HMAC_DRBG, PSA crypto in TLS"
scripts/config.py full
@@ -283,30 +232,6 @@
tests/compat.sh -m tls12 -t 'ECDSA'
}
-component_test_psa_external_rng_no_drbg_classic () {
- msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
- scripts/config.py unset MBEDTLS_ENTROPY_C
- scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
- scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
- scripts/config.py unset MBEDTLS_CTR_DRBG_C
- scripts/config.py unset MBEDTLS_HMAC_DRBG_C
- scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
- # When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG,
- # the SSL test programs don't have an RNG and can't work. Explicitly
- # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG.
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS"
-
- msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites"
- make test
-
- msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)"
- tests/ssl-opt.sh -f 'Default'
-}
-
component_test_psa_external_rng_no_drbg_use_psa () {
msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS"
scripts/config.py full
@@ -1576,17 +1501,17 @@
# - component_test_psa_ecc_key_pair_no_generate
# The goal is to test with all PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy symbols
# enabled, but one. Input arguments are as follows:
-# - $1 is the key type under test, i.e. ECC/RSA/DH
-# - $2 is the key option to be unset (i.e. generate, derive, etc)
+# - $1 is the configuration to start from
+# - $2 is the key type under test, i.e. ECC/RSA/DH
+# - $3 is the key option to be unset (i.e. generate, derive, etc)
build_and_test_psa_want_key_pair_partial () {
- key_type=$1
- unset_option=$2
+ base_config=$1
+ key_type=$2
+ unset_option=$3
disabled_psa_want="PSA_WANT_KEY_TYPE_${key_type}_KEY_PAIR_${unset_option}"
- msg "build: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ msg "build: $base_config - ${disabled_psa_want}"
+ scripts/config.py "$base_config"
# All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in
# crypto_config.h so we just disable the one we don't want.
@@ -1594,16 +1519,20 @@
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
- msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
+ msg "test: $base_config - ${disabled_psa_want}"
make test
}
component_test_psa_ecc_key_pair_no_derive () {
- build_and_test_psa_want_key_pair_partial "ECC" "DERIVE"
+ build_and_test_psa_want_key_pair_partial full "ECC" "DERIVE"
}
component_test_psa_ecc_key_pair_no_generate () {
- build_and_test_psa_want_key_pair_partial "ECC" "GENERATE"
+ # TLS needs ECC key generation whenever ephemeral ECDH is enabled.
+ # We don't have proper guards for configurations with ECC key generation
+ # disabled (https://github.com/Mbed-TLS/mbedtls/issues/9481). Until
+ # then (if ever), just test the crypto part of the library.
+ build_and_test_psa_want_key_pair_partial crypto_full "ECC" "GENERATE"
}
config_psa_crypto_accel_rsa () {
diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh
index fc7092f..abae283 100644
--- a/tests/scripts/components-platform.sh
+++ b/tests/scripts/components-platform.sh
@@ -334,6 +334,118 @@
not grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s
}
+component_test_arm_linux_gnueabi_gcc_arm5vte () {
+ # Mimic Debian armel port
+ msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, default config" # ~4m
+ make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1'
+
+ msg "test: main suites make, default config (out-of-box)" # ~7m 40s
+ make test
+
+ msg "selftest: make, default config (out-of-box)" # ~0s
+ programs/test/selftest
+
+ msg "program demos: make, default config (out-of-box)" # ~0s
+ tests/scripts/run_demos.py
+}
+
+support_test_arm_linux_gnueabi_gcc_arm5vte () {
+ can_run_arm_linux_gnueabi
+}
+
+# The hard float ABI is not implemented for Thumb 1, so use gnueabi
+# Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os
+component_test_arm_linux_gnueabi_gcc_thumb_1_opt_0 () {
+ msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -O0, thumb 1, default config" # ~2m 10s
+ make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O0 -mcpu=arm1136j-s -mthumb'
+
+ msg "test: main suites make, default config (out-of-box)" # ~36m
+ make test
+
+ msg "selftest: make, default config (out-of-box)" # ~10s
+ programs/test/selftest
+
+ msg "program demos: make, default config (out-of-box)" # ~0s
+ tests/scripts/run_demos.py
+}
+
+support_test_arm_linux_gnueabi_gcc_thumb_1_opt_0 () {
+ can_run_arm_linux_gnueabi
+}
+
+component_test_arm_linux_gnueabi_gcc_thumb_1_opt_s () {
+ msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -Os, thumb 1, default config" # ~3m 10s
+ make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -Os -mcpu=arm1136j-s -mthumb'
+
+ msg "test: main suites make, default config (out-of-box)" # ~21m 10s
+ make test
+
+ msg "selftest: make, default config (out-of-box)" # ~2s
+ programs/test/selftest
+
+ msg "program demos: make, default config (out-of-box)" # ~0s
+ tests/scripts/run_demos.py
+}
+
+support_test_arm_linux_gnueabi_gcc_thumb_1_opt_s () {
+ can_run_arm_linux_gnueabi
+}
+
+component_test_arm_linux_gnueabihf_gcc_armv7 () {
+ msg "test: ${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc -O2, A32, default config" # ~4m 30s
+ make CC="${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O2 -march=armv7-a -marm'
+
+ msg "test: main suites make, default config (out-of-box)" # ~3m 30s
+ make test
+
+ msg "selftest: make, default config (out-of-box)" # ~0s
+ programs/test/selftest
+
+ msg "program demos: make, default config (out-of-box)" # ~0s
+ tests/scripts/run_demos.py
+}
+
+support_test_arm_linux_gnueabihf_gcc_armv7 () {
+ can_run_arm_linux_gnueabihf
+}
+
+component_test_arm_linux_gnueabihf_gcc_thumb_2 () {
+ msg "test: ${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc -Os, thumb 2, default config" # ~4m
+ make CC="${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -Os -march=armv7-a -mthumb'
+
+ msg "test: main suites make, default config (out-of-box)" # ~3m 40s
+ make test
+
+ msg "selftest: make, default config (out-of-box)" # ~0s
+ programs/test/selftest
+
+ msg "program demos: make, default config (out-of-box)" # ~0s
+ tests/scripts/run_demos.py
+}
+
+support_test_arm_linux_gnueabihf_gcc_thumb_2 () {
+ can_run_arm_linux_gnueabihf
+}
+
+component_test_aarch64_linux_gnu_gcc () {
+ msg "test: ${AARCH64_LINUX_GNU_GCC_PREFIX}gcc -O2, default config" # ~3m 50s
+ make CC="${AARCH64_LINUX_GNU_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O2'
+
+ msg "test: main suites make, default config (out-of-box)" # ~1m 50s
+ make test
+
+ msg "selftest: make, default config (out-of-box)" # ~0s
+ programs/test/selftest
+
+ msg "program demos: make, default config (out-of-box)" # ~0s
+ tests/scripts/run_demos.py
+}
+
+support_test_aarch64_linux_gnu_gcc () {
+ # Minimum version of GCC for MBEDTLS_AESCE_C is 6.0
+ [ "$(gcc_version "${AARCH64_LINUX_GNU_GCC_PREFIX}gcc")" -ge 6 ] && can_run_aarch64_linux_gnu
+}
+
component_build_arm_none_eabi_gcc () {
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" # ~ 10s
scripts/config.py baremetal
diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh
index a3c150b..e872af0 100644
--- a/tests/scripts/components-sanitizers.sh
+++ b/tests/scripts/components-sanitizers.sh
@@ -37,26 +37,6 @@
export SKIP_TEST_SUITES
}
-component_test_memsan_constant_flow () {
- # This tests both (1) accesses to undefined memory, and (2) branches or
- # memory access depending on secret values. To distinguish between those:
- # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
- # - or alternatively, change the build type to MemSanDbg, which enables
- # origin tracking and nicer stack traces (which are useful for debugging
- # anyway), and check if the origin was TEST_CF_SECRET() or something else.
- msg "build: cmake MSan (clang), full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
- scripts/config.py full
- scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
- scripts/config.py unset MBEDTLS_HAVE_ASM
- CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
- make
-
- msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, Msan + constant flow)"
- make test
-}
-
component_test_memsan_constant_flow_psa () {
# This tests both (1) accesses to undefined memory, and (2) branches or
# memory access depending on secret values. To distinguish between those:
@@ -76,39 +56,6 @@
make test
}
-component_release_test_valgrind_constant_flow () {
- # This tests both (1) everything that valgrind's memcheck usually checks
- # (heap buffer overflows, use of uninitialized memory, use-after-free,
- # etc.) and (2) branches or memory access depending on secret values,
- # which will be reported as uninitialized memory. To distinguish between
- # secret and actually uninitialized:
- # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
- # - or alternatively, build with debug info and manually run the offending
- # test suite with valgrind --track-origins=yes, then check if the origin
- # was TEST_CF_SECRET() or something else.
- msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
- scripts/config.py full
- scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- skip_suites_without_constant_flow
- cmake -D CMAKE_BUILD_TYPE:String=Release .
- make
-
- # this only shows a summary of the results (how many of each type)
- # details are left in Testing/<date>/DynamicAnalysis.xml
- msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)"
- make memcheck
-
- # Test asm path in constant time module - by default, it will test the plain C
- # path under Valgrind or Memsan. Running only the constant_time tests is fast (<1s)
- msg "test: valgrind asm constant_time"
- skip_all_except_given_suite test_suite_constant_time
- cmake -D CMAKE_BUILD_TYPE:String=Release .
- make clean
- make
- make memcheck
-}
-
component_release_test_valgrind_constant_flow_no_asm () {
# This tests both (1) everything that valgrind's memcheck usually checks
# (heap buffer overflows, use of uninitialized memory, use-after-free,
@@ -122,7 +69,6 @@
msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO, minus MBEDTLS_HAVE_ASM with constant flow testing"
scripts/config.py full
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_HAVE_ASM
skip_suites_without_constant_flow
diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c
index 5d938ea..54aec93 100644
--- a/tests/src/drivers/hash.c
+++ b/tests/src/drivers/hash.c
@@ -13,8 +13,12 @@
#include "test/drivers/hash.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
+#if MBEDTLS_VERSION_MAJOR < 4
+#include "libtestdriver1/library/psa_crypto_hash.h"
+#else
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.h"
#endif
+#endif
mbedtls_test_driver_hash_hooks_t
mbedtls_test_driver_hash_hooks = MBEDTLS_TEST_DRIVER_HASH_INIT;
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index 9c0677a..6992a06 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -16,8 +16,12 @@
#include "mbedtls/constant_time.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
+#if MBEDTLS_VERSION_MAJOR < 4
+#include "libtestdriver1/library/psa_crypto_aead.h"
+#else
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_aead.h"
#endif
+#endif
mbedtls_test_driver_aead_hooks_t
mbedtls_test_driver_aead_hooks = MBEDTLS_TEST_DRIVER_AEAD_INIT;
diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c
index 3264400..6fdbe43 100644
--- a/tests/src/drivers/test_driver_asymmetric_encryption.c
+++ b/tests/src/drivers/test_driver_asymmetric_encryption.c
@@ -16,8 +16,12 @@
#include "test/drivers/key_management.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
+#if MBEDTLS_VERSION_MAJOR < 4
+#include "libtestdriver1/library/psa_crypto_rsa.h"
+#else
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h"
#endif
+#endif
#define PSA_RSA_KEY_PAIR_MAX_SIZE \
PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)
diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c
index 136610b..90256fc 100644
--- a/tests/src/drivers/test_driver_cipher.c
+++ b/tests/src/drivers/test_driver_cipher.c
@@ -19,8 +19,12 @@
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
+#if MBEDTLS_VERSION_MAJOR < 4
+#include "libtestdriver1/library/psa_crypto_cipher.h"
+#else
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_cipher.h"
#endif
+#endif
#include <string.h>
diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c
index b99d7cd..8a7a9ea 100644
--- a/tests/src/drivers/test_driver_key_agreement.c
+++ b/tests/src/drivers/test_driver_key_agreement.c
@@ -20,10 +20,16 @@
#include <string.h>
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
+#if MBEDTLS_VERSION_MAJOR < 4
+#include "libtestdriver1/include/psa/crypto.h"
+#include "libtestdriver1/library/psa_crypto_ecp.h"
+#include "libtestdriver1/library/psa_crypto_ffdh.h"
+#else
#include "libtestdriver1/tf-psa-crypto/include/psa/crypto.h"
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h"
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.h"
#endif
+#endif
mbedtls_test_driver_key_agreement_hooks_t
mbedtls_test_driver_key_agreement_hooks = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT;
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
index 337c254..d2ca157 100644
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -23,10 +23,16 @@
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
+#if MBEDTLS_VERSION_MAJOR < 4
+#include "libtestdriver1/library/psa_crypto_ecp.h"
+#include "libtestdriver1/library/psa_crypto_rsa.h"
+#include "libtestdriver1/library/psa_crypto_ffdh.h"
+#else
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h"
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h"
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.h"
#endif
+#endif
#include <string.h>
diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c
index 9b671b8..f1cf504 100644
--- a/tests/src/drivers/test_driver_mac.c
+++ b/tests/src/drivers/test_driver_mac.c
@@ -13,8 +13,12 @@
#include "test/drivers/mac.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
+#if MBEDTLS_VERSION_MAJOR < 4
+#include "libtestdriver1/library/psa_crypto_mac.h"
+#else
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_mac.h"
#endif
+#endif
mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks =
MBEDTLS_TEST_DRIVER_MAC_INIT;
diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c
index bcef6b5..c3ce326 100644
--- a/tests/src/drivers/test_driver_pake.c
+++ b/tests/src/drivers/test_driver_pake.c
@@ -14,8 +14,12 @@
#include "string.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
+#if MBEDTLS_VERSION_MAJOR < 4
+#include "libtestdriver1/library/psa_crypto_pake.h"
+#else
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_pake.h"
#endif
+#endif
mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks =
MBEDTLS_TEST_DRIVER_PAKE_INIT;
diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c
index 92ec93b..a6eef57 100644
--- a/tests/src/drivers/test_driver_signature.c
+++ b/tests/src/drivers/test_driver_signature.c
@@ -26,10 +26,16 @@
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
+#if MBEDTLS_VERSION_MAJOR < 4
+#include "libtestdriver1/library/psa_crypto_ecp.h"
+#include "libtestdriver1/library/psa_crypto_hash.h"
+#include "libtestdriver1/library/psa_crypto_rsa.h"
+#else
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h"
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.h"
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h"
#endif
+#endif
#include <string.h>
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index ee83997..032c489 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -11,7 +11,8 @@
#include <test/macros.h>
#include <test/psa_exercise_key.h>
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+#if (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_PSA_CRYPTO_C)) || \
+ (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT))
#include <mbedtls/asn1.h>
#include <psa/crypto.h>
@@ -1332,4 +1333,4 @@
}
#endif /* MBEDTLS_PK_C */
-#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
+#endif /* MBEDTLS_PSA_CRYPTO_C || MBEDTLS_PSA_CRYPTO_CLIENT */
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 15380b0..d962f34 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -899,10 +899,6 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1
x509_verify:"../framework/data_files/server9-defaults.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL"
-X509 CRT verification #68 (RSASSA-PSS, wrong salt_len, !USE_PSA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:!MBEDTLS_USE_PSA_CRYPTO
-x509_verify:"../framework/data_files/server9-bad-saltlen.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
X509 CRT verification #68 (RSASSA-PSS, wrong salt_len, USE_PSA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_USE_PSA_CRYPTO
x509_verify:"../framework/data_files/server9-bad-saltlen.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL"
diff --git a/tf-psa-crypto/TF-PSA-Crypto.cmake b/tf-psa-crypto/TF-PSA-Crypto.cmake
index b96dab2..13b7a45 100644
--- a/tf-psa-crypto/TF-PSA-Crypto.cmake
+++ b/tf-psa-crypto/TF-PSA-Crypto.cmake
@@ -29,7 +29,6 @@
option(ENABLE_PROGRAMS "Build TF-PSA-Crypto programs." ON)
-option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
option(TF_PSA_CRYPTO_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
if(CMAKE_HOST_WIN32)
# N.B. The comment on the next line is significant! If you change it,
@@ -178,87 +177,121 @@
set(CMAKE_C_EXTENSIONS OFF)
set(CMAKE_C_STANDARD 99)
-if(CMAKE_COMPILER_IS_GNU)
+function(set_base_compile_options target)
+ if(CMAKE_COMPILER_IS_GNU)
+ set_gnu_base_compile_options(${target})
+ elseif(CMAKE_COMPILER_IS_CLANG)
+ set_clang_base_compile_options(${target})
+ elseif(CMAKE_COMPILER_IS_IAR)
+ set_iar_base_compile_options(${target})
+ elseif(CMAKE_COMPILER_IS_MSVC)
+ set_msvc_base_compile_options(${target})
+ endif()
+endfunction(set_base_compile_options)
+
+function(set_gnu_base_compile_options target)
# some warnings we want are not available with old GCC versions
# note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION
execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
OUTPUT_VARIABLE GCC_VERSION)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wmissing-prototypes")
+ target_compile_options(${target} PRIVATE -Wall -Wextra -Wwrite-strings -Wmissing-prototypes)
if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat=2 -Wno-format-nonliteral")
+ target_compile_options(${target} PRIVATE -Wformat=2 -Wno-format-nonliteral)
endif()
if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla")
+ target_compile_options(${target} PRIVATE -Wvla)
endif()
if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op")
+ target_compile_options(${target} PRIVATE -Wlogical-op)
endif()
if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow")
+ target_compile_options(${target} PRIVATE -Wshadow)
endif()
if (GCC_VERSION VERSION_GREATER 5.0)
CHECK_C_COMPILER_FLAG("-Wformat-signedness" C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS)
if(C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness")
+ target_compile_options(${target} PRIVATE -Wformat-signedness)
endif()
endif()
if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation")
+ target_compile_options(${target} PRIVATE -Wformat-overflow=2 -Wformat-truncation)
endif()
- set(CMAKE_C_FLAGS_RELEASE "-O2")
- set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
- set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
- set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
- set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
- set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3")
- set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
- set(CMAKE_C_FLAGS_CHECK "-Os")
- set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
-endif(CMAKE_COMPILER_IS_GNU)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Release>:-O2>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Debug>:-O0 -g3>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Coverage>:-O0 -g3 --coverage>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_COVERAGE "--coverage")
+ # Old GCC versions hit a performance problem with test_suite_pkwrite
+ # "Private keey write check EC" tests when building with Asan+UBSan
+ # and -O3: those tests take more than 100x time than normal, with
+ # test_suite_pkwrite taking >3h on the CI. Observed with GCC 5.4 on
+ # Ubuntu 16.04 x86_64 and GCC 6.5 on Ubuntu 18.04 x86_64.
+ # GCC 7.5 and above on Ubuntu 18.04 appear fine.
+ # To avoid the performance problem, we use -O2 when GCC version is lower than 7.0.
+ # It doesn't slow down much even with modern compiler versions.
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASan>:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all>)
+ if (GCC_VERSION VERSION_LESS 7.0)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASan>:-O2>)
+ else()
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASan>:-O3>)
+ endif()
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASanDbg>:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_ASANDBG "-fsanitize=address -fsanitize=undefined")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:TSan>:-fsanitize=thread -O3>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_TSAN "-fsanitize=thread")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:TSanDbg>:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Check>:-Os>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:CheckFull>:-Os -Wcast-qual>)
-if(CMAKE_COMPILER_IS_CLANG)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wmissing-prototypes -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral")
- set(CMAKE_C_FLAGS_RELEASE "-O2")
- set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
- set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
- set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
- set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
- set(CMAKE_C_FLAGS_MEMSAN "-fsanitize=memory -O3")
- set(CMAKE_C_FLAGS_MEMSANDBG "-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2")
- set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3")
- set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
- set(CMAKE_C_FLAGS_CHECK "-Os")
-endif(CMAKE_COMPILER_IS_CLANG)
+ if(TF_PSA_CRYPTO_FATAL_WARNINGS)
+ target_compile_options(${target} PRIVATE -Werror)
+ endif(TF_PSA_CRYPTO_FATAL_WARNINGS)
+endfunction(set_gnu_base_compile_options)
-if(CMAKE_COMPILER_IS_IAR)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts")
- set(CMAKE_C_FLAGS_RELEASE "-Ohz")
- set(CMAKE_C_FLAGS_DEBUG "--debug -On")
-endif(CMAKE_COMPILER_IS_IAR)
+function(set_clang_base_compile_options target)
+ target_compile_options(${target} PRIVATE -Wall -Wextra -Wwrite-strings -Wmissing-prototypes -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Release>:-O2>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Debug>:-O0 -g3>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Coverage>:-O0 -g3 --coverage>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_COVERAGE "--coverage")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASan>:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASanDbg>:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_ASANDBG "-fsanitize=address -fsanitize=undefined")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:MemSan>:-fsanitize=memory>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_MEMSAN "-fsanitize=memory")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:MemSanDbg>:-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_MEMSANDBG "-fsanitize=memory")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:TSan>:-fsanitize=thread -O3>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_TSAN "-fsanitize=thread")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:TSanDbg>:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Check>:-Os>)
-if(CMAKE_COMPILER_IS_MSVC)
+ if(MBEDTLS_FATAL_WARNINGS)
+ target_compile_options(${target} PRIVATE -Werror)
+ endif(MBEDTLS_FATAL_WARNINGS)
+endfunction(set_clang_base_compile_options)
+
+function(set_iar_base_compile_options target)
+ target_compile_options(${target} PRIVATE --warn_about_c_style_casts)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Release>:-Ohz>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Debug>:--debug -On>)
+
+ if(MBEDTLS_FATAL_WARNINGS)
+ target_compile_options(${target} PRIVATE --warnings_are_errors)
+ endif(MBEDTLS_FATAL_WARNINGS)
+endfunction(set_iar_base_compile_options)
+
+function(set_msvc_base_compile_options target)
# Strictest warnings, UTF-8 source and execution charset
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3 /utf-8")
-endif(CMAKE_COMPILER_IS_MSVC)
+ target_compile_options(${target} PRIVATE /W3 /utf-8)
-if(TF_PSA_CRYPTO_FATAL_WARNINGS)
- if(CMAKE_COMPILER_IS_MSVC)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX")
- endif(CMAKE_COMPILER_IS_MSVC)
-
- if(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror")
- if(UNSAFE_BUILD)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error=cpp")
- set(CMAKE_C_FLAGS_ASAN "${CMAKE_C_FLAGS_ASAN} -Wno-error=cpp")
- set(CMAKE_C_FLAGS_ASANDBG "${CMAKE_C_FLAGS_ASANDBG} -Wno-error=cpp")
- endif(UNSAFE_BUILD)
- endif(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU)
-
- if (CMAKE_COMPILER_IS_IAR)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warnings_are_errors")
- endif(CMAKE_COMPILER_IS_IAR)
-endif(TF_PSA_CRYPTO_FATAL_WARNINGS)
+ if(MBEDTLS_FATAL_WARNINGS)
+ target_compile_options(${target} PRIVATE /WX)
+ endif(MBEDTLS_FATAL_WARNINGS)
+endfunction(set_msvc_base_compile_options)
if(CMAKE_BUILD_TYPE STREQUAL "Check" AND TEST_CPP)
set(CMAKE_CXX_STANDARD 11)
@@ -269,12 +302,6 @@
endif()
endif()
-if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
- if(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG)
- set(CMAKE_SHARED_LINKER_FLAGS "--coverage")
- endif(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG)
-endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
-
if (NOT EXISTS "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt")
message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found. Run `git submodule update --init` from the source tree to fetch the submodule contents.")
endif()
@@ -303,6 +330,7 @@
${MBEDTLS_DIR}/tests/src/*.c
${MBEDTLS_DIR}/tests/src/drivers/*.c)
add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES})
+ set_base_compile_options(mbedtls_test)
if(GEN_FILES)
add_custom_command(
OUTPUT
diff --git a/tf-psa-crypto/core/CMakeLists.txt b/tf-psa-crypto/core/CMakeLists.txt
index 0917cae..1264acf 100644
--- a/tf-psa-crypto/core/CMakeLists.txt
+++ b/tf-psa-crypto/core/CMakeLists.txt
@@ -28,11 +28,11 @@
endif()
if(CMAKE_COMPILER_IS_GNUCC)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes")
+ set(LIBS_C_FLAGS -Wmissing-declarations -Wmissing-prototypes)
endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_COMPILER_IS_CLANG)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code")
+ set(LIBS_C_FLAGS -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code)
endif(CMAKE_COMPILER_IS_CLANG)
if(CMAKE_COMPILER_IS_MSVC)
@@ -91,6 +91,8 @@
if(USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
add_library(${mbedcrypto_static_target} STATIC ${src_crypto})
+ set_base_compile_options(${mbedcrypto_static_target})
+ target_compile_options(${mbedcrypto_static_target} PRIVATE ${LIBS_C_FLAGS})
set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs})
@@ -108,6 +110,8 @@
if(USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
add_library(${mbedcrypto_target} SHARED ${src_crypto})
+ set_base_compile_options(${mbedcrypto_target})
+ target_compile_options(${mbedcrypto_static_target} PRIVATE ${LIBS_C_FLAGS})
set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 4.0.0 SOVERSION 16)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
diff --git a/tf-psa-crypto/drivers/builtin/CMakeLists.txt b/tf-psa-crypto/drivers/builtin/CMakeLists.txt
index 9ec1a87..dd1a113 100644
--- a/tf-psa-crypto/drivers/builtin/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/builtin/CMakeLists.txt
@@ -3,11 +3,11 @@
file(GLOB src_builtin RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} src/*.c)
if(CMAKE_COMPILER_IS_GNUCC)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes")
+ set(LIBS_C_FLAGS -Wmissing-declarations -Wmissing-prototypes)
endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_COMPILER_IS_CLANG)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code")
+ set(LIBS_C_FLAGS -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code)
endif(CMAKE_COMPILER_IS_CLANG)
if(CMAKE_COMPILER_IS_MSVC)
@@ -54,6 +54,8 @@
if(USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
add_library(${builtin_static_target} STATIC ${src_builtin})
+ set_base_compile_options(${builtin_static_target})
+ target_compile_options(${builtin_static_target} PRIVATE ${LIBS_C_FLAGS})
target_link_libraries(${builtin_static_target} PUBLIC ${libs})
if(TARGET ${everest_target})
target_link_libraries(${builtin_static_target} PUBLIC ${everest_target})
@@ -66,6 +68,8 @@
if(USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
add_library(${builtin_target} SHARED ${src_builtin})
+ set_base_compile_options(${builtin_target})
+ target_compile_options(${builtin_static_target} PRIVATE ${LIBS_C_FLAGS})
target_link_libraries(${builtin_target} PUBLIC ${libs})
if(TARGET ${everest_target})
target_link_libraries(${builtin_target} PUBLIC ${everest_target})
diff --git a/tf-psa-crypto/drivers/everest/CMakeLists.txt b/tf-psa-crypto/drivers/everest/CMakeLists.txt
index e704859..5671200 100644
--- a/tf-psa-crypto/drivers/everest/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/everest/CMakeLists.txt
@@ -5,6 +5,7 @@
library/x25519.c
library/Hacl_Curve25519_joined.c)
+set_base_compile_options(${everest_target})
target_include_directories(${everest_target}
PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
diff --git a/tf-psa-crypto/drivers/p256-m/CMakeLists.txt b/tf-psa-crypto/drivers/p256-m/CMakeLists.txt
index ede2831..af046da 100644
--- a/tf-psa-crypto/drivers/p256-m/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/p256-m/CMakeLists.txt
@@ -4,6 +4,8 @@
p256-m_driver_entrypoints.c
p256-m/p256-m.c)
+set_base_compile_options(${p256m_target})
+
target_include_directories(${p256m_target}
PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/p256-m>
diff --git a/tf-psa-crypto/tests/CMakeLists.txt b/tf-psa-crypto/tests/CMakeLists.txt
index 0e84bab..0793dbe 100644
--- a/tf-psa-crypto/tests/CMakeLists.txt
+++ b/tf-psa-crypto/tests/CMakeLists.txt
@@ -294,6 +294,8 @@
add_executable(test_suite_${data_name} test_suite_${data_name}.c
$<TARGET_OBJECTS:mbedtls_test>)
+ set_base_compile_options(test_suite_${data_name})
+ target_compile_options(test_suite_${data_name} PRIVATE ${TEST_C_FLAGS})
add_dependencies(test_suite_${data_name} ${dependency})
target_link_libraries(test_suite_${data_name} ${libs})
# Include test-specific header files from ./include and private header
@@ -321,13 +323,12 @@
add_definitions("-D_POSIX_C_SOURCE=200809L")
if(CMAKE_COMPILER_IS_CLANG)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code")
+ set(TEST_C_FLAGS -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code)
endif(CMAKE_COMPILER_IS_CLANG)
if(MSVC)
# If a warning level has been defined, suppress all warnings for test code
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W0")
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-")
+ set(TEST_C_FLAGS /W0 /WX-)
endif(MSVC)
file(GLOB test_suites RELATIVE "${CMAKE_CURRENT_SOURCE_DIR}" suites/*.data)
diff --git a/tf-psa-crypto/tests/suites/test_suite_pk.data b/tf-psa-crypto/tests/suites/test_suite_pk.data
index b76a2e4..6e3d5f4 100644
--- a/tf-psa-crypto/tests/suites/test_suite_pk.data
+++ b/tf-psa-crypto/tests/suites/test_suite_pk.data
@@ -526,10 +526,6 @@
depends_on:MBEDTLS_PKCS1_V21:PSA_WANT_ALG_SHA_256
pk_rsa_verify_ext_test_vec:"c0719e9a8d5d838d861dc6f675c899d2b309a3a65bb9fe6b11e5afcbf9a2c0b1":MBEDTLS_MD_SHA256:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:128:0
-Verify ext RSA #5a (PKCS1 v2.1, wrong salt_len) !USE_PSA
-depends_on:MBEDTLS_PKCS1_V21:PSA_WANT_ALG_SHA_256:!MBEDTLS_USE_PSA_CRYPTO
-pk_rsa_verify_ext_test_vec:"c0719e9a8d5d838d861dc6f675c899d2b309a3a65bb9fe6b11e5afcbf9a2c0b1":MBEDTLS_MD_SHA256:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:32:128:MBEDTLS_ERR_RSA_INVALID_PADDING
-
Verify ext RSA #5b (PKCS1 v2.1, wrong salt_len) USE_PSA
depends_on:MBEDTLS_PKCS1_V21:PSA_WANT_ALG_SHA_256:MBEDTLS_USE_PSA_CRYPTO
pk_rsa_verify_ext_test_vec:"c0719e9a8d5d838d861dc6f675c899d2b309a3a65bb9fe6b11e5afcbf9a2c0b1":MBEDTLS_MD_SHA256:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:32:128:0