Merge branch 'development-psa-proposed' into development Resolve conflicts by performing the following. - Take the upstream Mbed TLS ChangeLog verbatim. - Reject changes to Makefiles and CMake that are related to using Mbed Crypto as a submodule. It doesn't make sense to use Mbed Crypto as a submodule of itself. - Reject README changes, as Mbed Crypto has its own, different README. - Reject PSA-related changes to config.h. We don't want to disable the availability of the PSA Crypto API by default in the Mbed Crypto config.h. - Don't inadvertently revert dead code removal in mbedtls_cipher_write_tag() which was added in f2a752940307 ("Fix double return statement in cipher.c") - Where Mbed Crypto already had some MBEDTLS_USE_PSA_CRYPTO code (from past companion PRs) take the latest version from Mbed TLS which includes integration with MBEDTLS_CHECK_PARAMS. - Update the version of the shared library files to match what's currently present in Mbed TLS. - Reject removal of testing with PSA from config full tests. - Resolve conflicts in test tests/suites/helpers.function, where both Mbed Crypto and Mbed TLS both added documentation for TEST_ASSERT. Combine text from both documentation efforts. - Reject adding a submodule of ourselves. - Reject addition of submodule tests in all.sh. - Reject addition of submodule to library path in tests/scripts/run-test-suites.pl. - Avoid using USE_CRYPTO_SUBMODULE=1 in component_test_use_psa_crypto_full_cmake_asan() in all.sh.

commit: 67ea2c5e6d9c624e23d8b104c35a019df34eaf5e [log] [tgz]
author: Jaeden Amero <jaeden.amero@arm.com> Mon Feb 11 12:05:54 2019 +0000
committer: Jaeden Amero <jaeden.amero@arm.com> Thu Feb 14 15:58:43 2019 +0000
tree: 24178fdda939971417eee234474d955f6ab910f2
parent: 1fb011f2a61b8ae817c0786d00b20adfefaf737e [diff]
parent: eb5087126fb6f6e771fd4451b2ee66bf55541e77 [diff]
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index ad59cfe..844e4bc 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh

@@ -120,7 +120,7 @@
     FORCE=0
     KEEP_GOING=0
 
-    # Default commands, can be overriden by the environment
+    # Default commands, can be overridden by the environment
     : ${OPENSSL:="openssl"}
     : ${OPENSSL_LEGACY:="$OPENSSL"}
     : ${OPENSSL_NEXT:="$OPENSSL"}
@@ -227,7 +227,7 @@
     command make clean
 
     # Remove CMake artefacts
-    find . -name .git -prune \
+    find . -name .git -prune -o \
            -iname CMakeFiles -exec rm -rf {} \+ -o \
            \( -iname cmake_install.cmake -o \
               -iname CTestTestfile.cmake -o \
@@ -393,6 +393,12 @@
     fi
 }
 
+pre_check_seedfile () {
+    if [ ! -f "./tests/seedfile" ]; then
+        dd if=/dev/urandom of=./tests/seedfile bs=32 count=1
+    fi
+}
+
 pre_setup_keep_going () {
     failure_summary=
     failure_count=0
@@ -774,6 +780,59 @@
     make TEST_CPP=1
 }
 
+component_test_use_psa_crypto_full_cmake_asan() {
+    # MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
+    msg "build: cmake, full config + MBEDTLS_USE_PSA_CRYPTO, ASan"
+    scripts/config.pl full
+    scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+    scripts/config.pl set MBEDTLS_PSA_CRYPTO_C
+    scripts/config.pl set MBEDTLS_USE_PSA_CRYPTO
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    make
+
+    msg "test: main suites (MBEDTLS_USE_PSA_CRYPTO)"
+    make test
+
+    msg "test: ssl-opt.sh (MBEDTLS_USE_PSA_CRYPTO)"
+    if_build_succeeded tests/ssl-opt.sh
+
+    msg "test: compat.sh default (MBEDTLS_USE_PSA_CRYPTO)"
+    if_build_succeeded tests/compat.sh
+
+    msg "test: compat.sh ssl3 (MBEDTLS_USE_PSA_CRYPTO)"
+    if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
+
+    msg "test: compat.sh RC4, DES & NULL (MBEDTLS_USE_PSA_CRYPTO)"
+    if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
+
+    msg "test: compat.sh ARIA + ChachaPoly (MBEDTLS_USE_PSA_CRYPTO)"
+    if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
+}
+
+component_test_check_params_without_platform () {
+    msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C"
+    scripts/config.pl full # includes CHECK_PARAMS
+    scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+    scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
+    scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
+    scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
+    scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
+    scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY
+    scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT
+    scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
+    scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
+    scripts/config.pl unset MBEDTLS_PLATFORM_C
+    make CC=gcc CFLAGS='-Werror -O1' all test
+}
+
+component_test_check_params_silent () {
+    msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()"
+    scripts/config.pl full # includes CHECK_PARAMS
+    scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+    sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H"
+    make CC=gcc CFLAGS='-Werror -O1' all test
+}
+
 component_test_no_platform () {
     # Full configuration build, without platform support, file IO and net sockets.
     # This should catch missing mbedtls_printf definitions, and by disabling file
@@ -1271,6 +1330,8 @@
 pre_parse_command_line "$@"
 
 pre_check_git
+pre_check_seedfile
+
 build_status=0
 if [ $KEEP_GOING -eq 1 ]; then
     pre_setup_keep_going

diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index fbe757d..28fc687 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh

@@ -93,6 +93,9 @@
     GNUTLS_SERV="$GNUTLS_LEGACY_SERV"                               \
     sh compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' | \
     tee -a compat-test-$TEST_OUTPUT
+OPENSSL_CMD="$OPENSSL_NEXT"                     \
+    sh compat.sh -e '^$' -f 'ARIA\|CHACHA' |    \
+    tee -a compat-test-$TEST_OUTPUT
 echo
 
 # Step 3 - Process the coverage report

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index ce6f88c..1258024 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py

@@ -184,7 +184,13 @@
 END_CASE_REGEX = r'/\*\s*END_CASE\s*\*/'
 
 DEPENDENCY_REGEX = r'depends_on:(?P<dependencies>.*)'
-C_IDENTIFIER_REGEX = r'!?[a-z_][a-z0-9_]*$'
+C_IDENTIFIER_REGEX = r'!?[a-z_][a-z0-9_]*'
+CONDITION_OPERATOR_REGEX = r'[!=]=|[<>]=?'
+# forbid 0ddd which might be accidentally octal or accidentally decimal
+CONDITION_VALUE_REGEX = r'[-+]?(0x[0-9a-f]+|0|[1-9][0-9]*)'
+CONDITION_REGEX = r'({})(?:\s*({})\s*({}))?$'.format(C_IDENTIFIER_REGEX,
+                                                     CONDITION_OPERATOR_REGEX,
+                                                     CONDITION_VALUE_REGEX)
 TEST_FUNCTION_VALIDATION_REGEX = r'\s*void\s+(?P<func_name>\w+)\s*\('
 INT_CHECK_REGEX = r'int\s+.*'
 CHAR_CHECK_REGEX = r'char\s*\*\s*.*'
@@ -383,7 +389,7 @@
     :return: input dependency stripped of leading & trailing white spaces.
     """
     dependency = dependency.strip()
-    if not re.match(C_IDENTIFIER_REGEX, dependency, re.I):
+    if not re.match(CONDITION_REGEX, dependency, re.I):
         raise GeneratorInputError('Invalid dependency %s' % dependency)
     return dependency
 
@@ -733,16 +739,27 @@
     _not, dep = ('!', dep[1:]) if dep[0] == '!' else ('', dep)
     if not dep:
         raise GeneratorInputError("Dependency should not be an empty string.")
+
+    dependency = re.match(CONDITION_REGEX, dep, re.I)
+    if not dependency:
+        raise GeneratorInputError('Invalid dependency %s' % dep)
+
+    _defined = '' if dependency.group(2) else 'defined'
+    _cond = dependency.group(2) if dependency.group(2) else ''
+    _value = dependency.group(3) if dependency.group(3) else ''
+
     dep_check = '''
         case {id}:
             {{
-#if {_not}defined({macro})
+#if {_not}{_defined}({macro}{_cond}{_value})
                 ret = DEPENDENCY_SUPPORTED;
 #else
                 ret = DEPENDENCY_NOT_SUPPORTED;
 #endif
             }}
-            break;'''.format(_not=_not, macro=dep, id=dep_id)
+            break;'''.format(_not=_not, _defined=_defined,
+                             macro=dependency.group(1), id=dep_id,
+                             _cond=_cond, _value=_value)
     return dep_check
 
 

diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
index f9e88cf..c702765 100755
--- a/tests/scripts/mbedtls_test.py
+++ b/tests/scripts/mbedtls_test.py

@@ -75,11 +75,10 @@
         :param split_char: Split character
         :return: List of splits
         """
+        split_colon_fn = lambda x: re.sub(r'\\' + split_char, split_char, x)
         if len(split_char) > 1:
             raise ValueError('Expected split character. Found string!')
-        out = re.sub(r'(\\.)|' + split_char,
-                     lambda m: m.group(1) or '\n', inp_str,
-                     len(inp_str)).split('\n')
+        out = map(split_colon_fn, re.split(r'(?<!\\)' + split_char, inp_str))
         out = [x for x in out if x]
         return out
 
@@ -112,8 +111,8 @@
             args = parts[1:]
             args_count = len(args)
             if args_count % 2 != 0:
-                raise TestDataParserError("Number of test arguments should "
-                                          "be even: %s" % line)
+                err_str_fmt = "Number of test arguments({}) should be even: {}"
+                raise TestDataParserError(err_str_fmt.format(args_count, line))
             grouped_args = [(args[i * 2], args[(i * 2) + 1])
                             for i in range(len(args)/2)]
             self.tests.append((name, function_name, dependencies,
@@ -163,6 +162,7 @@
         self.tests = []
         self.test_index = -1
         self.dep_index = 0
+        self.suite_passed = True
         self.error_str = dict()
         self.error_str[self.DEPENDENCY_SUPPORTED] = \
             'DEPENDENCY_SUPPORTED'
@@ -293,7 +293,7 @@
             name, function_id, dependencies, args = self.tests[self.test_index]
             self.run_test(name, function_id, dependencies, args)
         else:
-            self.notify_complete(True)
+            self.notify_complete(self.suite_passed)
 
     def run_test(self, name, function_id, dependencies, args):
         """
@@ -353,6 +353,8 @@
         self.log('{{__testcase_start;%s}}' % name)
         self.log('{{__testcase_finish;%s;%d;%d}}' % (name, int_val == 0,
                                                      int_val != 0))
+        if int_val != 0:
+            self.suite_passed = False
         self.run_next_test()
 
     @event_callback("F")

diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb
index 2f995d2..c929c88 100644
--- a/tests/scripts/test_zeroize.gdb
+++ b/tests/scripts/test_zeroize.gdb

@@ -17,7 +17,7 @@
 # seem to be a mechanism to reliably check whether the zeroize calls are being
 # eliminated by compiler optimizations from within the compiled program. The
 # problem is that a compiler would typically remove what it considers to be
-# "unecessary" assignments as part of redundant code elimination. To identify
+# "unnecessary" assignments as part of redundant code elimination. To identify
 # such code, the compilar will create some form dependency graph between
 # reads and writes to variables (among other situations). It will then use this
 # data structure to remove redundant code that does not have an impact on the
commit	67ea2c5e6d9c624e23d8b104c35a019df34eaf5e	[log] [tgz]
author	Jaeden Amero <jaeden.amero@arm.com>	Mon Feb 11 12:05:54 2019 +0000
committer	Jaeden Amero <jaeden.amero@arm.com>	Thu Feb 14 15:58:43 2019 +0000
tree	24178fdda939971417eee234474d955f6ab910f2
parent	1fb011f2a61b8ae817c0786d00b20adfefaf737e [diff]
parent	eb5087126fb6f6e771fd4451b2ee66bf55541e77 [diff]