blob: 9b215a7f3bb1a87b7f76203e590300047a4869fa [file] [log] [blame]
Minos Galanakis6aab5b72024-07-25 14:24:37 +01001# components.sh
2#
3# Copyright The Mbed TLS Contributors
4# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
5
6# This file contains the test components that are executed by all.sh
7
8# The functions below are named as follows:
9# * component_XXX: independent components. They can be run in any order.
10# * component_check_XXX: quick tests that aren't worth parallelizing.
11# * component_build_XXX: build things but don't run them.
12# * component_test_XXX: build and test.
13# * component_release_XXX: tests that the CI should skip during PR testing.
14# * support_XXX: if support_XXX exists and returns false then
15# component_XXX is not run by default.
16
17# Each component must start by invoking `msg` with a short informative message.
18#
19# Warning: due to the way bash detects errors, the failure of a command
20# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'.
21#
22# Each component is executed in a separate shell process. The component
23# fails if any command in it returns a non-zero status.
24#
25# The framework in all.sh performs some cleanup tasks after each component.
26# This means that components can assume that the working directory is in a
27# cleaned-up state, and don't need to perform the cleanup themselves.
28# * Run `make clean`.
29# * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running
30# the component.
31# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`,
32# `tests/Makefile` and `programs/fuzz/Makefile` from git.
33# This cleans up after an in-tree use of CMake.
34#
35# The tests are roughly in order from fastest to slowest. This doesn't
36# have to be exact, but in general you should add slower tests towards
37# the end and fast checks near the beginning.
38
39
40################################################################
41#### Build and test many configurations and targets
42################################################################
Minos Galanakisada21b02024-07-26 12:34:19 +010043
44# Helper function for controlling (start & stop) the psasim server.
45helper_psasim_server() {
46 OPERATION=$1
47 if [ "$OPERATION" == "start" ]; then
48 (
49 cd tests
50 msg "start server in tests"
51 psa-client-server/psasim/test/start_server.sh
52 msg "start server in tf-psa-crypto/tests"
53 cd ../tf-psa-crypto/tests
54 ../../tests/psa-client-server/psasim/test/start_server.sh
55 )
56 else
57 (
58 msg "terminate servers and cleanup"
59 tests/psa-client-server/psasim//test/kill_servers.sh
60
61 # Remove temporary files and logs
62 cd tests
63 rm -f psa_notify_*
64 rm -f psa_service_*
65 rm -f psa_server.log
66
67 cd ../tf-psa-crypto/tests
68 rm -f psa_notify_*
69 rm -f psa_service_*
70 rm -f psa_server.log
71 )
72 fi
73}
74
75################################################################
Minos Galanakisada21b02024-07-26 12:34:19 +010076#### Build and test many configurations and targets
77################################################################
78
79component_test_default_out_of_box () {
80 msg "build: make, default config (out-of-box)" # ~1min
81 make
82 # Disable fancy stuff
83 unset MBEDTLS_TEST_OUTCOME_FILE
84
85 msg "test: main suites make, default config (out-of-box)" # ~10s
86 make test
87
88 msg "selftest: make, default config (out-of-box)" # ~10s
89 programs/test/selftest
90
91 msg "program demos: make, default config (out-of-box)" # ~10s
92 tests/scripts/run_demos.py
93}
94
95component_test_default_cmake_gcc_asan () {
96 msg "build: cmake, gcc, ASan" # ~ 1 min 50s
97 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
98 make
99
100 msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
101 make test
102
103 msg "program demos (ASan build)" # ~10s
104 tests/scripts/run_demos.py
105
106 msg "test: selftest (ASan build)" # ~ 10s
107 programs/test/selftest
108
109 msg "test: metatests (GCC, ASan build)"
110 tests/scripts/run-metatests.sh any asan poison
111
112 msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
113 tests/ssl-opt.sh
114
115 msg "test: compat.sh (ASan build)" # ~ 6 min
116 tests/compat.sh
117
118 msg "test: context-info.sh (ASan build)" # ~ 15 sec
119 tests/context-info.sh
120}
121
122component_test_default_cmake_gcc_asan_new_bignum () {
123 msg "build: cmake, gcc, ASan" # ~ 1 min 50s
124 scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT
125 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
126 make
127
128 msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
129 make test
130
131 msg "test: selftest (ASan build)" # ~ 10s
132 programs/test/selftest
133
134 msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
135 tests/ssl-opt.sh
136
137 msg "test: compat.sh (ASan build)" # ~ 6 min
138 tests/compat.sh
139
140 msg "test: context-info.sh (ASan build)" # ~ 15 sec
141 tests/context-info.sh
142}
143
144component_test_full_cmake_gcc_asan () {
145 msg "build: full config, cmake, gcc, ASan"
146 scripts/config.py full
147 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
148 make
149
150 msg "test: main suites (inc. selftests) (full config, ASan build)"
151 make test
152
153 msg "test: selftest (full config, ASan build)" # ~ 10s
154 programs/test/selftest
155
156 msg "test: ssl-opt.sh (full config, ASan build)"
157 tests/ssl-opt.sh
158
159 # Note: the next two invocations cover all compat.sh test cases.
160 # We should use the same here and in basic-build-test.sh.
161 msg "test: compat.sh: default version (full config, ASan build)"
162 tests/compat.sh -e 'ARIA\|CHACHA'
163
164 msg "test: compat.sh: next: ARIA, Chacha (full config, ASan build)"
165 env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
166
167 msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
168 tests/context-info.sh
169}
170
171
172component_test_full_cmake_gcc_asan_new_bignum () {
173 msg "build: full config, cmake, gcc, ASan"
174 scripts/config.py full
175 scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT
176 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
177 make
178
179 msg "test: main suites (inc. selftests) (full config, new bignum, ASan)"
180 make test
181
182 msg "test: selftest (full config, new bignum, ASan)" # ~ 10s
183 programs/test/selftest
184
185 msg "test: ssl-opt.sh (full config, new bignum, ASan)"
186 tests/ssl-opt.sh
187
188 # Note: the next two invocations cover all compat.sh test cases.
189 # We should use the same here and in basic-build-test.sh.
190 msg "test: compat.sh: default version (full config, new bignum, ASan)"
191 tests/compat.sh -e 'ARIA\|CHACHA'
192
193 msg "test: compat.sh: next: ARIA, Chacha (full config, new bignum, ASan)"
194 env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
195
196 msg "test: context-info.sh (full config, new bignum, ASan)" # ~ 15 sec
197 tests/context-info.sh
198}
199
Minos Galanakisada21b02024-07-26 12:34:19 +0100200component_test_no_rsa_key_pair_generation() {
201 msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
202 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
203 scripts/config.py unset MBEDTLS_GENPRIME
204 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
205 make
206
207 msg "test: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
208 make test
209}
210
211component_test_ref_configs () {
212 msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
213 # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
214 # want to re-generate generated files that depend on it, quite correctly.
215 # However this doesn't work as the generation script expects a specific
216 # format for mbedtls_config.h, which the other files don't follow. Also,
217 # cmake can't know this, but re-generation is actually not necessary as
218 # the generated files only depend on the list of available options, not
219 # whether they're on or off. So, disable cmake's (over-sensitive here)
220 # dependency resolution for generated files and just rely on them being
221 # present (thanks to pre_generate_files) by turning GEN_FILES off.
222 CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
223 tests/scripts/test-ref-configs.pl config-tfm.h
224}
225
Minos Galanakisada21b02024-07-26 12:34:19 +0100226component_test_full_no_cipher () {
227 msg "build: full no CIPHER"
228
229 scripts/config.py full
230 scripts/config.py unset MBEDTLS_CIPHER_C
231
232 # The built-in implementation of the following algs/key-types depends
233 # on CIPHER_C so we disable them.
234 # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305
235 # so we keep them enabled.
236 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
237 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
238 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
239 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
240 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
241 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
242 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
243 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
244 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
245 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
246 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
247
248 # The following modules directly depends on CIPHER_C
249 scripts/config.py unset MBEDTLS_CMAC_C
250 scripts/config.py unset MBEDTLS_NIST_KW_C
251
252 make
253
254 # Ensure that CIPHER_C was not re-enabled
255 not grep mbedtls_cipher_init ${BUILTIN_SRC_PATH}/cipher.o
256
257 msg "test: full no CIPHER"
258 make test
259}
260
Minos Galanakisada21b02024-07-26 12:34:19 +0100261component_test_full_cmake_clang () {
262 msg "build: cmake, full config, clang" # ~ 50s
263 scripts/config.py full
264 CC=clang CXX=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On -D TEST_CPP=1 .
265 make
266
267 msg "test: main suites (full config, clang)" # ~ 5s
268 make test
269
270 msg "test: cpp_dummy_build (full config, clang)" # ~ 1s
271 programs/test/cpp_dummy_build
272
273 msg "test: metatests (clang)"
274 tests/scripts/run-metatests.sh any pthread
275
276 msg "program demos (full config, clang)" # ~10s
277 tests/scripts/run_demos.py
278
279 msg "test: psa_constant_names (full config, clang)" # ~ 1s
280 tests/scripts/test_psa_constant_names.py
281
282 msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
283 tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
284}
285
286skip_suites_without_constant_flow () {
287 # Skip the test suites that don't have any constant-flow annotations.
288 # This will need to be adjusted if we ever start declaring things as
289 # secret from macros or functions inside tests/include or tests/src.
290 SKIP_TEST_SUITES=$(
291 git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' |
292 sed 's/test_suite_//; s/\.function$//' |
293 tr '\n' ,),$(
294 git -C tf-psa-crypto/tests/suites grep -L TEST_CF_ 'test_suite_*.function' |
295 sed 's/test_suite_//; s/\.function$//' |
296 tr '\n' ,)
297 export SKIP_TEST_SUITES
298}
299
300skip_all_except_given_suite () {
301 # Skip all but the given test suite
302 SKIP_TEST_SUITES=$(
303 ls -1 tests/suites/test_suite_*.function |
304 grep -v $1.function |
305 sed 's/tests.suites.test_suite_//; s/\.function$//' |
306 tr '\n' ,),$(
307 ls -1 tf-psa-crypto/tests/suites/test_suite_*.function |
308 grep -v $1.function |
309 sed 's/tf-psa-crypto.tests.suites.test_suite_//; s/\.function$//' |
310 tr '\n' ,)
311 export SKIP_TEST_SUITES
312}
313
314component_test_memsan_constant_flow () {
315 # This tests both (1) accesses to undefined memory, and (2) branches or
316 # memory access depending on secret values. To distinguish between those:
317 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
318 # - or alternatively, change the build type to MemSanDbg, which enables
319 # origin tracking and nicer stack traces (which are useful for debugging
320 # anyway), and check if the origin was TEST_CF_SECRET() or something else.
321 msg "build: cmake MSan (clang), full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
322 scripts/config.py full
323 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
324 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
325 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
326 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
327 make
328
329 msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, Msan + constant flow)"
330 make test
331}
332
333component_test_memsan_constant_flow_psa () {
334 # This tests both (1) accesses to undefined memory, and (2) branches or
335 # memory access depending on secret values. To distinguish between those:
336 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
337 # - or alternatively, change the build type to MemSanDbg, which enables
338 # origin tracking and nicer stack traces (which are useful for debugging
339 # anyway), and check if the origin was TEST_CF_SECRET() or something else.
340 msg "build: cmake MSan (clang), full config with constant flow testing"
341 scripts/config.py full
342 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
343 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
344 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
345 make
346
347 msg "test: main suites (Msan + constant flow)"
348 make test
349}
350
351component_release_test_valgrind_constant_flow () {
352 # This tests both (1) everything that valgrind's memcheck usually checks
353 # (heap buffer overflows, use of uninitialized memory, use-after-free,
354 # etc.) and (2) branches or memory access depending on secret values,
355 # which will be reported as uninitialized memory. To distinguish between
356 # secret and actually uninitialized:
357 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
358 # - or alternatively, build with debug info and manually run the offending
359 # test suite with valgrind --track-origins=yes, then check if the origin
360 # was TEST_CF_SECRET() or something else.
361 msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
362 scripts/config.py full
363 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
364 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
365 skip_suites_without_constant_flow
366 cmake -D CMAKE_BUILD_TYPE:String=Release .
367 make
368
369 # this only shows a summary of the results (how many of each type)
370 # details are left in Testing/<date>/DynamicAnalysis.xml
371 msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)"
372 make memcheck
373
374 # Test asm path in constant time module - by default, it will test the plain C
375 # path under Valgrind or Memsan. Running only the constant_time tests is fast (<1s)
376 msg "test: valgrind asm constant_time"
377 scripts/config.py --force set MBEDTLS_TEST_CONSTANT_FLOW_ASM
378 skip_all_except_given_suite test_suite_constant_time
379 cmake -D CMAKE_BUILD_TYPE:String=Release .
380 make clean
381 make
382 make memcheck
383}
384
385component_release_test_valgrind_constant_flow_psa () {
386 # This tests both (1) everything that valgrind's memcheck usually checks
387 # (heap buffer overflows, use of uninitialized memory, use-after-free,
388 # etc.) and (2) branches or memory access depending on secret values,
389 # which will be reported as uninitialized memory. To distinguish between
390 # secret and actually uninitialized:
391 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
392 # - or alternatively, build with debug info and manually run the offending
393 # test suite with valgrind --track-origins=yes, then check if the origin
394 # was TEST_CF_SECRET() or something else.
395 msg "build: cmake release GCC, full config with constant flow testing"
396 scripts/config.py full
397 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
398 skip_suites_without_constant_flow
399 cmake -D CMAKE_BUILD_TYPE:String=Release .
400 make
401
402 # this only shows a summary of the results (how many of each type)
403 # details are left in Testing/<date>/DynamicAnalysis.xml
404 msg "test: some suites (valgrind + constant flow)"
405 make memcheck
406}
407
408component_test_tsan () {
409 msg "build: TSan (clang)"
410 scripts/config.py full
411 scripts/config.py set MBEDTLS_THREADING_C
412 scripts/config.py set MBEDTLS_THREADING_PTHREAD
413 # Self-tests do not currently use multiple threads.
414 scripts/config.py unset MBEDTLS_SELF_TEST
415
416 # The deprecated MBEDTLS_PSA_CRYPTO_SE_C interface is not thread safe.
417 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
418
419 CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan .
420 make
421
422 msg "test: main suites (TSan)"
423 make test
424}
425
426component_test_default_no_deprecated () {
427 # Test that removing the deprecated features from the default
428 # configuration leaves something consistent.
429 msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s
430 scripts/config.py set MBEDTLS_DEPRECATED_REMOVED
431 make CFLAGS='-O -Werror -Wall -Wextra'
432
433 msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s
434 make test
435}
436
437component_test_full_no_deprecated () {
438 msg "build: make, full_no_deprecated config" # ~ 30s
439 scripts/config.py full_no_deprecated
440 make CFLAGS='-O -Werror -Wall -Wextra'
441
442 msg "test: make, full_no_deprecated config" # ~ 5s
443 make test
444
445 msg "test: ensure that X509 has no direct dependency on BIGNUM_C"
446 not grep mbedtls_mpi library/libmbedx509.a
447}
448
449component_test_full_no_deprecated_deprecated_warning () {
450 # Test that there is nothing deprecated in "full_no_deprecated".
451 # A deprecated feature would trigger a warning (made fatal) from
452 # MBEDTLS_DEPRECATED_WARNING.
453 msg "build: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 30s
454 scripts/config.py full_no_deprecated
455 scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED
456 scripts/config.py set MBEDTLS_DEPRECATED_WARNING
457 make CFLAGS='-O -Werror -Wall -Wextra'
458
459 msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s
460 make test
461}
462
463component_test_full_deprecated_warning () {
464 # Test that when MBEDTLS_DEPRECATED_WARNING is enabled, the build passes
465 # with only certain whitelisted types of warnings.
466 msg "build: make, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s
467 scripts/config.py full
468 scripts/config.py set MBEDTLS_DEPRECATED_WARNING
469 # Expect warnings from '#warning' directives in check_config.h.
470 # Note that gcc is required to allow the use of -Wno-error=cpp, which allows us to
471 # display #warning messages without them being treated as errors.
472 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs
473
474 msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s
475 # Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features.
476 # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set.
477 # Expect warnings from '#warning' directives in check_config.h and
478 # from the use of deprecated functions in test suites.
479 make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests
480
481 msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s
482 make test
483
484 msg "program demos: full config + MBEDTLS_TEST_DEPRECATED" # ~10s
485 tests/scripts/run_demos.py
486}
487
Minos Galanakisada21b02024-07-26 12:34:19 +0100488component_build_baremetal () {
489 msg "build: make, baremetal config"
490 scripts/config.py baremetal
491 make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
492}
493support_build_baremetal () {
494 # Older Glibc versions include time.h from other headers such as stdlib.h,
495 # which makes the no-time.h-in-baremetal check fail. Ubuntu 16.04 has this
496 # problem, Ubuntu 18.04 is ok.
497 ! grep -q -F time.h /usr/include/x86_64-linux-gnu/sys/types.h
498}
499
Minos Galanakisada21b02024-07-26 12:34:19 +0100500component_test_no_psa_crypto_full_cmake_asan() {
501 # full minus MBEDTLS_PSA_CRYPTO_C: run the same set of tests as basic-build-test.sh
502 msg "build: cmake, full config minus PSA crypto, ASan"
503 scripts/config.py full
504 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
505 scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT
506 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
507 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
508 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
509 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
510 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
511 scripts/config.py unset MBEDTLS_LMS_C
512 scripts/config.py unset MBEDTLS_LMS_PRIVATE
513 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
514 make
515
516 msg "test: main suites (full minus PSA crypto)"
517 make test
518
519 # Note: ssl-opt.sh has some test cases that depend on
520 # MBEDTLS_ECP_RESTARTABLE && !MBEDTLS_USE_PSA_CRYPTO
521 # This is the only component where those tests are not skipped.
522 msg "test: ssl-opt.sh (full minus PSA crypto)"
523 tests/ssl-opt.sh
524
525 # Note: the next two invocations cover all compat.sh test cases.
526 # We should use the same here and in basic-build-test.sh.
527 msg "test: compat.sh: default version (full minus PSA crypto)"
528 tests/compat.sh -e 'ARIA\|CHACHA'
529
530 msg "test: compat.sh: next: ARIA, Chacha (full minus PSA crypto)"
531 env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
532}
533
Minos Galanakisada21b02024-07-26 12:34:19 +0100534component_build_tfm() {
535 # Check that the TF-M configuration can build cleanly with various
536 # warning flags enabled. We don't build or run tests, since the
537 # TF-M configuration needs a TF-M platform. A tweaked version of
538 # the configuration that works on mainstream platforms is in
539 # configs/config-tfm.h, tested via test-ref-configs.pl.
540 cp configs/config-tfm.h "$CONFIG_H"
541
542 msg "build: TF-M config, clang, armv7-m thumb2"
543 make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe"
544
545 msg "build: TF-M config, gcc native build"
546 make clean
547 make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../tests/include/spe"
548}
549
Minos Galanakisada21b02024-07-26 12:34:19 +0100550component_test_no_platform () {
551 # Full configuration build, without platform support, file IO and net sockets.
552 # This should catch missing mbedtls_printf definitions, and by disabling file
553 # IO, it should catch missing '#include <stdio.h>'
554 msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s
555 scripts/config.py full_no_platform
556 scripts/config.py unset MBEDTLS_PLATFORM_C
557 scripts/config.py unset MBEDTLS_NET_C
558 scripts/config.py unset MBEDTLS_FS_IO
559 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
560 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
561 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
562 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
563 # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
564 # to re-enable platform integration features otherwise disabled in C99 builds
565 make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs
566 make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test
567}
568
Minos Galanakisada21b02024-07-26 12:34:19 +0100569component_test_malloc_0_null () {
570 msg "build: malloc(0) returns NULL (ASan+UBSan build)"
571 scripts/config.py full
572 make CC=$ASAN_CC CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
573
574 msg "test: malloc(0) returns NULL (ASan+UBSan build)"
575 make test
576
577 msg "selftest: malloc(0) returns NULL (ASan+UBSan build)"
578 # Just the calloc selftest. "make test" ran the others as part of the
579 # test suites.
580 programs/test/selftest calloc
581
582 msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)"
583 # Run a subset of the tests. The choice is a balance between coverage
584 # and time (including time indirectly wasted due to flaky tests).
585 # The current choice is to skip tests whose description includes
586 # "proxy", which is an approximation of skipping tests that use the
587 # UDP proxy, which tend to be slower and flakier.
588 tests/ssl-opt.sh -e 'proxy'
589}
590
Minos Galanakisada21b02024-07-26 12:34:19 +0100591component_build_mbedtls_config_file () {
592 msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s
593 scripts/config.py -w full_config.h full
594 echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H"
595 make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'"
596 # Make sure this feature is enabled. We'll disable it in the next phase.
597 programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
598 make clean
599
600 msg "build: make with MBEDTLS_CONFIG_FILE + MBEDTLS_USER_CONFIG_FILE"
601 # In the user config, disable one feature (for simplicity, pick a feature
602 # that nothing else depends on).
603 echo '#undef MBEDTLS_NIST_KW_C' >user_config.h
604 make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'"
605 not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
606
607 rm -f user_config.h full_config.h
608}
609
Minos Galanakisada21b02024-07-26 12:34:19 +0100610
Minos Galanakisada21b02024-07-26 12:34:19 +0100611
Minos Galanakisada21b02024-07-26 12:34:19 +0100612
Minos Galanakisada21b02024-07-26 12:34:19 +0100613
614component_test_m32_no_asm () {
615 # Build without assembly, so as to use portable C code (in a 32-bit
616 # build) and not the i386-specific inline assembly.
617 #
618 # Note that we require gcc, because clang Asan builds fail to link for
619 # this target (cannot find libclang_rt.lsan-i386.a - this is a known clang issue).
620 msg "build: i386, make, gcc, no asm (ASan build)" # ~ 30s
621 scripts/config.py full
622 scripts/config.py unset MBEDTLS_HAVE_ASM
623 scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
624 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
625
626 msg "test: i386, make, gcc, no asm (ASan build)"
627 make test
628}
629support_test_m32_no_asm () {
630 case $(uname -m) in
631 amd64|x86_64) true;;
632 *) false;;
633 esac
634}
635
636component_test_m32_o2 () {
637 # Build with optimization, to use the i386 specific inline assembly
638 # and go faster for tests.
639 msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s
640 scripts/config.py full
641 scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
642 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
643
644 msg "test: i386, make, gcc -O2 (ASan build)"
645 make test
646
647 msg "test ssl-opt.sh, i386, make, gcc-O2"
648 tests/ssl-opt.sh
649}
650support_test_m32_o2 () {
651 support_test_m32_no_asm "$@"
652}
653
654component_test_m32_everest () {
655 msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min
656 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
657 scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
658 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
659
660 msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
661 make test
662
663 msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
664 tests/ssl-opt.sh -f ECDH
665
666 msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
667 # Exclude some symmetric ciphers that are redundant here to gain time.
668 tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
669}
670support_test_m32_everest () {
671 support_test_m32_no_asm "$@"
672}
673
674component_test_mx32 () {
675 msg "build: 64-bit ILP32, make, gcc" # ~ 30s
676 scripts/config.py full
677 make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -mx32' LDFLAGS='-mx32'
678
679 msg "test: 64-bit ILP32, make, gcc"
680 make test
681}
682support_test_mx32 () {
683 case $(uname -m) in
684 amd64|x86_64) true;;
685 *) false;;
686 esac
687}
688
Minos Galanakisada21b02024-07-26 12:34:19 +0100689component_test_memsan () {
690 msg "build: MSan (clang)" # ~ 1 min 20s
691 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
692 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
693 make
694
695 msg "test: main suites (MSan)" # ~ 10s
696 make test
697
698 msg "test: metatests (MSan)"
699 tests/scripts/run-metatests.sh any msan
700
701 msg "program demos (MSan)" # ~20s
702 tests/scripts/run_demos.py
703
704 msg "test: ssl-opt.sh (MSan)" # ~ 1 min
705 tests/ssl-opt.sh
706
707 # Optional part(s)
708
709 if [ "$MEMORY" -gt 0 ]; then
710 msg "test: compat.sh (MSan)" # ~ 6 min 20s
711 tests/compat.sh
712 fi
713}
714
715component_release_test_valgrind () {
716 msg "build: Release (clang)"
717 # default config, in particular without MBEDTLS_USE_PSA_CRYPTO
718 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
719 make
720
721 msg "test: main suites, Valgrind (default config)"
722 make memcheck
723
724 # Optional parts (slow; currently broken on OS X because programs don't
725 # seem to receive signals under valgrind on OS X).
726 # These optional parts don't run on the CI.
727 if [ "$MEMORY" -gt 0 ]; then
728 msg "test: ssl-opt.sh --memcheck (default config)"
729 tests/ssl-opt.sh --memcheck
730 fi
731
732 if [ "$MEMORY" -gt 1 ]; then
733 msg "test: compat.sh --memcheck (default config)"
734 tests/compat.sh --memcheck
735 fi
736
737 if [ "$MEMORY" -gt 0 ]; then
738 msg "test: context-info.sh --memcheck (default config)"
739 tests/context-info.sh --memcheck
740 fi
741}
742
743component_release_test_valgrind_psa () {
744 msg "build: Release, full (clang)"
745 # full config, in particular with MBEDTLS_USE_PSA_CRYPTO
746 scripts/config.py full
747 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
748 make
749
750 msg "test: main suites, Valgrind (full config)"
751 make memcheck
752}
753
Minos Galanakisada21b02024-07-26 12:34:19 +0100754component_build_zeroize_checks () {
755 msg "build: check for obviously wrong calls to mbedtls_platform_zeroize()"
756
757 scripts/config.py full
758
759 # Only compile - we're looking for sizeof-pointer-memaccess warnings
760 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess"
761}
762
Minos Galanakisdb7b1bb2024-07-26 13:39:09 +0100763component_test_psasim () {
Minos Galanakisada21b02024-07-26 12:34:19 +0100764 msg "build server library and application"
765 scripts/config.py crypto
766 helper_psasim_config server
767 helper_psasim_build server
768
769 helper_psasim_cleanup_before_client
770
771 msg "build library for client"
772 helper_psasim_config client
773 helper_psasim_build client
774
775 msg "build basic psasim client"
776 make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_base
777 msg "test basic psasim client"
778 tests/psa-client-server/psasim/test/run_test.sh psa_client_base
779
780 msg "build full psasim client"
781 make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_full
782 msg "test full psasim client"
783 tests/psa-client-server/psasim/test/run_test.sh psa_client_full
784
785 make -C tests/psa-client-server/psasim clean
786}
787
Minos Galanakisdb7b1bb2024-07-26 13:39:09 +0100788component_test_suite_with_psasim () {
Minos Galanakisada21b02024-07-26 12:34:19 +0100789 msg "build server library and application"
790 helper_psasim_config server
791 # Modify server's library configuration here (if needed)
792 helper_psasim_build server
793
794 helper_psasim_cleanup_before_client
795
796 msg "build client library"
797 helper_psasim_config client
798 # PAKE functions are still unsupported from PSASIM
799 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
800 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
801 helper_psasim_build client
802
803 msg "build test suites"
804 make PSASIM=1 CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" tests
805
806 helper_psasim_server kill
807 helper_psasim_server start
808
809 # psasim takes an extremely long execution time on some test suites so we
810 # exclude them from the list.
811 SKIP_TEST_SUITES="constant_time_hmac,lmots,lms"
812 export SKIP_TEST_SUITES
813
814 msg "run test suites"
815 make PSASIM=1 test
816
817 helper_psasim_server kill
Minos Galanakis85c78f52024-07-26 14:11:08 +0100818}