From eb075c5de48e3c029e61e7509dad856cb311e34c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 4 Oct 2023 18:38:14 +0100 Subject: [PATCH 01/23] Add cmake build type for tsan Building with clang ThreadSanitizer can now be done by setting the build type: cmake -D CMAKE_BUILD_TYPE:String=TSan . (ThreadSanitizer is available in clang 3.2 and gcc 4.8, README.md states that we test with clang 3.8 and gcc 5.4.) Signed-off-by: Janos Follath --- CMakeLists.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 36baa3b402..3badb5f726 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -117,7 +117,7 @@ endif() # If this is the root project add longer list of available CMAKE_BUILD_TYPE values if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR) set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} - CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull" + CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull TSan" FORCE) endif() @@ -208,6 +208,7 @@ if(CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation") endif() set(CMAKE_C_FLAGS_RELEASE "-O2") + set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -g3 -O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") @@ -219,6 +220,7 @@ endif(CMAKE_COMPILER_IS_GNU) if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral") set(CMAKE_C_FLAGS_RELEASE "-O2") + set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -g3 -O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") From 9338cac0509a862e64135799472f0c24bf2efc79 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 4 Oct 2023 18:55:39 +0100 Subject: [PATCH 02/23] Add tsan to all.sh component_test_tsan now builds and tests the library with clang ThreadSanitizer enabled. There are no multi-threaded unit tests so far, the goal is that they are automatically tested with TSan when they are added. Signed-off-by: Janos Follath --- tests/scripts/all.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 40a8fe0bf4..05fc1a0d54 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2159,6 +2159,18 @@ component_release_test_valgrind_constant_flow_psa () { make memcheck } +component_test_tsan () { + msg "build: TSan (clang)" + scripts/config.py set MBEDTLS_THREADING_C + scripts/config.py set MBEDTLS_THREADING_PTHREAD + + CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan . + make + + msg "test: main suites (TSan)" + make test +} + component_test_default_no_deprecated () { # Test that removing the deprecated features from the default # configuration leaves something consistent. From a16ee6b7d4789c501baf5955e492cc27189b2706 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 4 Oct 2023 19:05:26 +0100 Subject: [PATCH 03/23] Add multi-threaded unit test The unit test we add is designed to fail. The goal is to test the tests and show that they catch the problem. A later commit will fix the unit test and will make it pass. Signed-off-by: Janos Follath --- tests/suites/test_suite_ctr_drbg.data | 6 +++ tests/suites/test_suite_ctr_drbg.function | 64 +++++++++++++++++++++++ 2 files changed, 70 insertions(+) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index a72d8afa0d..70206e7d9a 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1096,5 +1096,11 @@ ctr_drbg_seed_file:"no_such_dir/file":MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR CTR_DRBG Special Behaviours ctr_drbg_special_behaviours: +CTR_DRBG Threads: no reseed +ctr_drbg_threads:"1fafa98bc83d95e10f2d5ed339a553e1":10000 + +CTR_DRBG Threads: reseed +ctr_drbg_threads:"0d2dda60286dc738ddcc2dd3520bb988":25 + CTR_DRBG self test ctr_drbg_selftest: diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 066e70b352..bdf3dca59a 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -90,6 +90,19 @@ exit: mbedtls_ctr_drbg_free(&ctx); } +static const int thread_random_reps = 10; +void *thread_random_function( void* ctx ) +{ + unsigned char out[16]; + memset(out, 0, sizeof(out)); + + for(int i = 0; i < thread_random_reps; i++) { + TEST_EQUAL(mbedtls_ctr_drbg_random_with_add((mbedtls_ctr_drbg_context*) ctx, out, sizeof(out), NULL, 0), 0); + } + +exit: + return NULL; +} /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -325,6 +338,57 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_THREADING_PTHREAD */ +void ctr_drbg_threads(data_t *expected_result, int reseed_interval) +{ +#define THREAD_CNT 5 + pthread_t threads[THREAD_CNT]; + + unsigned char out[16]; + memset(out, 0, sizeof(out)); + + unsigned char entropy[1024]; + memset(entropy, 0, sizeof(entropy)); + + test_offset_idx = 0; + test_max_idx = sizeof(entropy); + + mbedtls_ctr_drbg_context ctx; + mbedtls_ctr_drbg_init(&ctx); + + mbedtls_ctr_drbg_set_reseed_interval(&ctx, reseed_interval); + + /* There are too many calls in this test to conveniently provide enough + * entropy for this to be on. Test cases can trigger reseeding by setting + * \p reseed_interval appropriately. */ + mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_OFF); + + TEST_EQUAL( + mbedtls_ctr_drbg_seed(&ctx, mbedtls_test_entropy_func, entropy, NULL, 0), + 0); + + for (size_t i = 0; i < THREAD_CNT; i++) { + TEST_EQUAL( + pthread_create(&threads[i], NULL, + thread_random_function, (void*) &ctx), + 0); + } + + for (size_t i = 0; i < THREAD_CNT; i++) { + TEST_EQUAL(pthread_join(threads[i], NULL), 0); + } + + /* Take a last output for comparing and thus verifying the DRBG state */ + TEST_EQUAL(mbedtls_ctr_drbg_random(&ctx, out, sizeof(out)), 0); + + TEST_MEMORY_COMPARE(out, sizeof(out), expected_result->x, expected_result->len); + +exit: + mbedtls_ctr_drbg_free(&ctx); +} +#undef THREAD_CNT +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ void ctr_drbg_seed_file(char *path, int ret) { From 178bf3ee8acdb40a10dbd149ee301cd87679b056 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 4 Oct 2023 19:08:23 +0100 Subject: [PATCH 04/23] Fix failing multi-threaded unit test Signed-off-by: Janos Follath --- tests/suites/test_suite_ctr_drbg.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index bdf3dca59a..0f1237c7e0 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -97,7 +97,7 @@ void *thread_random_function( void* ctx ) memset(out, 0, sizeof(out)); for(int i = 0; i < thread_random_reps; i++) { - TEST_EQUAL(mbedtls_ctr_drbg_random_with_add((mbedtls_ctr_drbg_context*) ctx, out, sizeof(out), NULL, 0), 0); + TEST_EQUAL(mbedtls_ctr_drbg_random((mbedtls_ctr_drbg_context*) ctx, out, sizeof(out)), 0); } exit: From 20b2efa2930e801c61ef1e9390cea1e11aad0e84 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 21 Nov 2023 14:46:51 +0000 Subject: [PATCH 05/23] Fix missing include Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.function | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 0f1237c7e0..7123d146cb 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -3,6 +3,10 @@ #include "mbedtls/ctr_drbg.h" #include "string.h" +#if defined(MBEDTLS_THREADING_PTHREAD) +#include "mbedtls/threading.h" +#endif + /* Modes for ctr_drbg_validate */ enum reseed_mode { RESEED_NEVER, /* never reseed */ From bda25dd29c64d91b2df7a223f424b0bd3624e8af Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 21 Nov 2023 17:07:40 +0000 Subject: [PATCH 06/23] Add re-seeding option to test Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.data | 4 +-- tests/suites/test_suite_ctr_drbg.function | 33 ++++++++++++++--------- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index 70206e7d9a..827d74a4aa 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1097,10 +1097,10 @@ CTR_DRBG Special Behaviours ctr_drbg_special_behaviours: CTR_DRBG Threads: no reseed -ctr_drbg_threads:"1fafa98bc83d95e10f2d5ed339a553e1":10000 +ctr_drbg_threads:"1fafa98bc83d95e10f2d5ed339a553e1":0 CTR_DRBG Threads: reseed -ctr_drbg_threads:"0d2dda60286dc738ddcc2dd3520bb988":25 +ctr_drbg_threads:"B10A961F2EA39927B4C48AEDDD299026":1 CTR_DRBG self test ctr_drbg_selftest: diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 7123d146cb..72cbf7bc99 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -343,29 +343,37 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_THREADING_PTHREAD */ -void ctr_drbg_threads(data_t *expected_result, int reseed_interval) +void ctr_drbg_threads(data_t *expected_result, int reseed) { #define THREAD_CNT 5 pthread_t threads[THREAD_CNT]; unsigned char out[16]; + unsigned char *entropy = NULL; + + const size_t n_random_calls = THREAD_CNT * thread_random_reps + 1; + memset(out, 0, sizeof(out)); - unsigned char entropy[1024]; - memset(entropy, 0, sizeof(entropy)); - - test_offset_idx = 0; - test_max_idx = sizeof(entropy); - mbedtls_ctr_drbg_context ctx; mbedtls_ctr_drbg_init(&ctx); - mbedtls_ctr_drbg_set_reseed_interval(&ctx, reseed_interval); + test_offset_idx = 0; - /* There are too many calls in this test to conveniently provide enough - * entropy for this to be on. Test cases can trigger reseeding by setting - * \p reseed_interval appropriately. */ - mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_OFF); + if (reseed == 0) { + mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_OFF); + mbedtls_ctr_drbg_set_reseed_interval(&ctx, n_random_calls + 1); + + TEST_CALLOC(entropy, MBEDTLS_CTR_DRBG_ENTROPY_LEN); + test_max_idx = MBEDTLS_CTR_DRBG_ENTROPY_LEN; + } else { + const size_t entropy_size = (n_random_calls + 1) * MBEDTLS_CTR_DRBG_ENTROPY_LEN; + + mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_ON); + + TEST_CALLOC(entropy, entropy_size); + test_max_idx = entropy_size; + } TEST_EQUAL( mbedtls_ctr_drbg_seed(&ctx, mbedtls_test_entropy_func, entropy, NULL, 0), @@ -389,6 +397,7 @@ void ctr_drbg_threads(data_t *expected_result, int reseed_interval) exit: mbedtls_ctr_drbg_free(&ctx); + mbedtls_free(entropy); } #undef THREAD_CNT /* END_CASE */ From bbdfc8ad2c8a8479c161d0601f67a41c23c9256b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 23 Nov 2023 14:07:43 +0000 Subject: [PATCH 07/23] Add TsanDbg, standardise Tsan with other sanitisers Signed-off-by: Paul Elliott --- CMakeLists.txt | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 3badb5f726..ad056466ad 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -117,7 +117,7 @@ endif() # If this is the root project add longer list of available CMAKE_BUILD_TYPE values if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR) set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} - CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull TSan" + CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull TSan TSanDbg" FORCE) endif() @@ -208,11 +208,12 @@ if(CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation") endif() set(CMAKE_C_FLAGS_RELEASE "-O2") - set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -g3 -O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") + set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3") + set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") set(CMAKE_C_FLAGS_CHECK "-Os") set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual") endif(CMAKE_COMPILER_IS_GNU) @@ -220,13 +221,14 @@ endif(CMAKE_COMPILER_IS_GNU) if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral") set(CMAKE_C_FLAGS_RELEASE "-O2") - set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -g3 -O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") set(CMAKE_C_FLAGS_MEMSAN "-fsanitize=memory -O3") set(CMAKE_C_FLAGS_MEMSANDBG "-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2") + set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3") + set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") set(CMAKE_C_FLAGS_CHECK "-Os") endif(CMAKE_COMPILER_IS_CLANG) From 8860021abcc77872d6e016d3a27b014b4fe775d3 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 23 Nov 2023 14:24:30 +0000 Subject: [PATCH 08/23] Fix false claim of variables used unitialised GCC with TSan + O3 causes an error where it claims key_len and iv_len may be used uninitialised. This is, as far as I can tell incorrect (the only way it could not be set is in the error case, and then it is not used), however the simplest option seemed to be just to fix it. Signed-off-by: Paul Elliott --- library/ssl_tls13_keys.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index a6a2915d86..9b775ec954 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1140,8 +1140,8 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl, size_t hash_len; unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; size_t transcript_len; - size_t key_len; - size_t iv_len; + size_t key_len = 0; + size_t iv_len = 0; mbedtls_ssl_tls13_early_secrets tls13_early_secrets; mbedtls_ssl_handshake_params *handshake = ssl->handshake; @@ -1341,8 +1341,8 @@ static int ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl, size_t hash_len; unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; size_t transcript_len; - size_t key_len; - size_t iv_len; + size_t key_len = 0; + size_t iv_len = 0; mbedtls_ssl_handshake_params *handshake = ssl->handshake; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = @@ -1592,7 +1592,7 @@ static int ssl_tls13_generate_application_keys( size_t hash_len; /* Variables relating to the cipher for the chosen ciphersuite. */ - size_t key_len, iv_len; + size_t key_len = 0, iv_len = 0; MBEDTLS_SSL_DEBUG_MSG(2, ("=> derive application traffic keys")); From 2667eda785009e075a12e4d291bff7e6fd08f54d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 29 Nov 2023 15:53:00 +0000 Subject: [PATCH 09/23] Explicitly link tests with pthreads Required to use pthreads within tests. Signed-off-by: Paul Elliott --- tests/CMakeLists.txt | 3 +++ tests/Makefile | 1 + 2 files changed, 4 insertions(+) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 0869aaa018..68bc57f5a5 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -1,5 +1,8 @@ +find_package(Threads) + set(libs ${mbedtls_target} + ${CMAKE_THREAD_LIBS_INIT} ) # Set the project root directory if it's not already defined, as may happen if diff --git a/tests/Makefile b/tests/Makefile index 2249a55df6..bcc3b9307f 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -57,6 +57,7 @@ else DLEXT ?= so EXEXT= SHARED_SUFFIX= +LOCAL_LDFLAGS += -lpthread endif ifdef WINDOWS From 6a997c9994694b7c338a8ad8ebc22489872239c3 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 30 Nov 2023 14:47:17 +0000 Subject: [PATCH 10/23] Fix code style Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 72cbf7bc99..5a77c1d433 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -95,13 +95,13 @@ exit: } static const int thread_random_reps = 10; -void *thread_random_function( void* ctx ) +void *thread_random_function(void *ctx) { unsigned char out[16]; memset(out, 0, sizeof(out)); - for(int i = 0; i < thread_random_reps; i++) { - TEST_EQUAL(mbedtls_ctr_drbg_random((mbedtls_ctr_drbg_context*) ctx, out, sizeof(out)), 0); + for (int i = 0; i < thread_random_reps; i++) { + TEST_EQUAL(mbedtls_ctr_drbg_random((mbedtls_ctr_drbg_context *) ctx, out, sizeof(out)), 0); } exit: @@ -382,7 +382,7 @@ void ctr_drbg_threads(data_t *expected_result, int reseed) for (size_t i = 0; i < THREAD_CNT; i++) { TEST_EQUAL( pthread_create(&threads[i], NULL, - thread_random_function, (void*) &ctx), + thread_random_function, (void *) &ctx), 0); } From 811c600d88108b6df02e86168666e9a931e643ba Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 30 Nov 2023 19:04:28 +0000 Subject: [PATCH 11/23] Guard tests correctly All guarded options change output, thus failing the test. Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.data | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index 827d74a4aa..1cc51e302f 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1097,9 +1097,11 @@ CTR_DRBG Special Behaviours ctr_drbg_special_behaviours: CTR_DRBG Threads: no reseed +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_ENTROPY_FORCE_SHA256:MBEDTLS_SHA512_C ctr_drbg_threads:"1fafa98bc83d95e10f2d5ed339a553e1":0 CTR_DRBG Threads: reseed +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_ENTROPY_FORCE_SHA256:MBEDTLS_SHA512_C ctr_drbg_threads:"B10A961F2EA39927B4C48AEDDD299026":1 CTR_DRBG self test From fed410f58e4370cbd6025d959ac6084fe5864d73 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 30 Nov 2023 20:40:55 +0000 Subject: [PATCH 12/23] Increase entropy buffer sizes Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.function | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 5a77c1d433..329c222cf9 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -364,10 +364,11 @@ void ctr_drbg_threads(data_t *expected_result, int reseed) mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_OFF); mbedtls_ctr_drbg_set_reseed_interval(&ctx, n_random_calls + 1); - TEST_CALLOC(entropy, MBEDTLS_CTR_DRBG_ENTROPY_LEN); - test_max_idx = MBEDTLS_CTR_DRBG_ENTROPY_LEN; + TEST_CALLOC(entropy, MBEDTLS_CTR_DRBG_ENTROPY_LEN + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN); + test_max_idx = MBEDTLS_CTR_DRBG_ENTROPY_LEN + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN; } else { - const size_t entropy_size = (n_random_calls + 1) * MBEDTLS_CTR_DRBG_ENTROPY_LEN; + const size_t entropy_size = ((n_random_calls + 1) * MBEDTLS_CTR_DRBG_ENTROPY_LEN) + + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN; mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_ON); From bb0e48f94f456e099ae58848537c22c87438ea9f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 1 Dec 2023 18:05:19 +0000 Subject: [PATCH 13/23] Make number of threads a test argument Remove hard coded number of threads. Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.data | 4 ++-- tests/suites/test_suite_ctr_drbg.function | 15 ++++++++------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index 1cc51e302f..b519da8951 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1098,11 +1098,11 @@ ctr_drbg_special_behaviours: CTR_DRBG Threads: no reseed depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_ENTROPY_FORCE_SHA256:MBEDTLS_SHA512_C -ctr_drbg_threads:"1fafa98bc83d95e10f2d5ed339a553e1":0 +ctr_drbg_threads:"1fafa98bc83d95e10f2d5ed339a553e1":0:5 CTR_DRBG Threads: reseed depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_ENTROPY_FORCE_SHA256:MBEDTLS_SHA512_C -ctr_drbg_threads:"B10A961F2EA39927B4C48AEDDD299026":1 +ctr_drbg_threads:"B10A961F2EA39927B4C48AEDDD299026":1:5 CTR_DRBG self test ctr_drbg_selftest: diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 329c222cf9..a5a85a0eba 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -343,16 +343,17 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_THREADING_PTHREAD */ -void ctr_drbg_threads(data_t *expected_result, int reseed) +void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) { -#define THREAD_CNT 5 - pthread_t threads[THREAD_CNT]; + size_t thread_count = (size_t) arg_thread_count; + pthread_t *threads = NULL; unsigned char out[16]; unsigned char *entropy = NULL; - const size_t n_random_calls = THREAD_CNT * thread_random_reps + 1; + const size_t n_random_calls = thread_count * thread_random_reps + 1; + TEST_CALLOC(threads, sizeof(pthread_t) * thread_count); memset(out, 0, sizeof(out)); mbedtls_ctr_drbg_context ctx; @@ -380,14 +381,14 @@ void ctr_drbg_threads(data_t *expected_result, int reseed) mbedtls_ctr_drbg_seed(&ctx, mbedtls_test_entropy_func, entropy, NULL, 0), 0); - for (size_t i = 0; i < THREAD_CNT; i++) { + for (size_t i = 0; i < thread_count; i++) { TEST_EQUAL( pthread_create(&threads[i], NULL, thread_random_function, (void *) &ctx), 0); } - for (size_t i = 0; i < THREAD_CNT; i++) { + for (size_t i = 0; i < thread_count; i++) { TEST_EQUAL(pthread_join(threads[i], NULL), 0); } @@ -399,8 +400,8 @@ void ctr_drbg_threads(data_t *expected_result, int reseed) exit: mbedtls_ctr_drbg_free(&ctx); mbedtls_free(entropy); + mbedtls_free(threads); } -#undef THREAD_CNT /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ From 356597f077c32d7206e252ecd93780a4c61e931e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 1 Dec 2023 18:09:41 +0000 Subject: [PATCH 14/23] Make TSan test run operate on full config Signed-off-by: Paul Elliott --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 05fc1a0d54..315c6e5cd7 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2161,6 +2161,7 @@ component_release_test_valgrind_constant_flow_psa () { component_test_tsan () { msg "build: TSan (clang)" + scripts/config.py full scripts/config.py set MBEDTLS_THREADING_C scripts/config.py set MBEDTLS_THREADING_PTHREAD From 80fa88e2fab1850e2b5eb38eb8bc2759a7606269 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 24 Nov 2023 17:12:24 +0000 Subject: [PATCH 15/23] Remove warning with GCC 12 and TSan Compiler is unhappy that the return from mbedtls_cipher_get_name() could be NULL as this is used in a printf statement. Signed-off-by: Paul Elliott --- programs/aes/crypt_and_hash.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 226718bc63..f15b85e2c0 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -103,7 +103,14 @@ int main(int argc, char *argv[]) list = mbedtls_cipher_list(); while (*list) { cipher_info = mbedtls_cipher_info_from_type(*list); - mbedtls_printf(" %s\n", mbedtls_cipher_info_get_name(cipher_info)); + if (cipher_info) { + const char *name = mbedtls_cipher_info_get_name(cipher_info); + + if (name) { + mbedtls_printf(" %s\n", mbedtls_cipher_info_get_name(cipher_info)); + } + } + list++; } From be978a8c4fc52965b486125f2993251025b1a399 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 7 Dec 2023 11:46:04 +0000 Subject: [PATCH 16/23] Add option to pass make variables to depends.py Signed-off-by: Paul Elliott --- tests/scripts/depends.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 38c184a6ae..5fe26f158b 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -381,7 +381,7 @@ class DomainData: def __init__(self, options, conf): """Gather data about the library and establish a list of domains to test.""" - build_command = [options.make_command, 'CFLAGS=-Werror'] + build_command = [options.make_command] + options.make_vars.split(' ') + ['CFLAGS=-Werror'] build_and_test = [build_command, [options.make_command, 'test']] self.all_config_symbols = set(conf.settings.keys()) # Find hash modules by name. @@ -526,6 +526,9 @@ def main(): parser.add_argument('--make-command', metavar='CMD', help='Command to run instead of make (e.g. gmake)', action='store', default='make') + parser.add_argument('--make-vars', + help='optional variable/value pairs to pass to make', + action='store', default='') parser.add_argument('--unset-use-psa', help='Unset MBEDTLS_USE_PSA_CRYPTO before any test', action='store_true', dest='unset_use_psa') From 6587959a32f978aeb02766c27cf30b04d8a245e1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 7 Dec 2023 20:08:10 +0000 Subject: [PATCH 17/23] Add ability to pass make variables to psa_collect_statuses.py Signed-off-by: Paul Elliott --- tests/scripts/psa_collect_statuses.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py index 11bbebcc1f..6291d7898e 100755 --- a/tests/scripts/psa_collect_statuses.py +++ b/tests/scripts/psa_collect_statuses.py @@ -82,10 +82,15 @@ def collect_status_logs(options): cwd='tests', stdout=sys.stderr) with open(os.devnull, 'w') as devnull: - make_q_ret = subprocess.call(['make', '-q', 'lib', 'tests'], - stdout=devnull, stderr=devnull) + build_command = ['make', '-q'] + options.make_vars.split(' ') + \ + ['lib', 'tests'] + make_q_ret = subprocess.call(build_command, stdout=devnull, + stderr=devnull) + print("blagh") if make_q_ret != 0: - subprocess.check_call(['make', 'RECORD_PSA_STATUS_COVERAGE_LOG=1'], + build_command = ['make'] + options.make_vars.split(' ') + \ + ['RECORD_PSA_STATUS_COVERAGE_LOG=1'] + subprocess.check_call(build_command, stdout=sys.stderr) rebuilt = True subprocess.check_call(['make', 'test'], @@ -112,6 +117,9 @@ def main(): help='Log file location (default: {})'.format( DEFAULT_STATUS_LOG_FILE )) + parser.add_argument('--make-vars', + help='optional variable/value pairs to pass to make', + action='store', default='') parser.add_argument('--psa-constant-names', metavar='PROGRAM', default=DEFAULT_PSA_CONSTANT_NAMES, help='Path to psa_constant_names (default: {})'.format( From 20a95bc09a540918da70d4e96d8a615cea934692 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 6 Dec 2023 19:24:49 +0000 Subject: [PATCH 18/23] Remove explicit linking of PThread in make This would break platforms that do not have pthread. Put the linking instead behind a define and add this define where required to all.sh. Signed-off-by: Paul Elliott --- tests/Makefile | 3 + tests/scripts/all.sh | 169 ++++++++++++++++++++++--------------------- 2 files changed, 89 insertions(+), 83 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index bcc3b9307f..72429a6429 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -57,8 +57,11 @@ else DLEXT ?= so EXEXT= SHARED_SUFFIX= + +ifdef PTHREAD LOCAL_LDFLAGS += -lpthread endif +endif ifdef WINDOWS PYTHON ?= python diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 315c6e5cd7..65203e8771 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -216,6 +216,9 @@ pre_initialize_variables () { esac SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component" done + + # Option to enable linking with pthreads under make + MAKE_THREADING_FLAGS="PTHREAD=1" } # Test whether the component $1 is included in the command line patterns. @@ -930,7 +933,7 @@ helper_get_psa_key_type_list() { # Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed. helper_libtestdriver1_make_drivers() { loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # Build the main libraries, programs and tests, @@ -948,7 +951,7 @@ helper_libtestdriver1_make_main() { # we need flags both with and without the LIBTESTDRIVER1_ prefix loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" $MAKE_THREADING_FLAGS "$@" } ################################################################ @@ -1443,7 +1446,7 @@ component_test_psa_external_rng_no_drbg_classic () { # When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG, # the SSL test programs don't have an RNG and can't work. Explicitly # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG. - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites" make test @@ -1462,7 +1465,7 @@ component_test_psa_external_rng_no_drbg_use_psa () { scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" make test @@ -1477,7 +1480,7 @@ component_test_psa_external_rng_use_psa_crypto () { scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_CTR_DRBG_C - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" make test @@ -1495,7 +1498,7 @@ component_test_psa_inject_entropy () { scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_READ scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_WRITE - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY" make test @@ -1529,14 +1532,14 @@ component_test_crypto_full_md_light_only () { # Note: MD-light is auto-enabled in build_info.h by modules that need it, # which we haven't disabled, so no need to explicitly enable it. - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS # Make sure we don't have the HMAC functions, but the hashing functions not grep mbedtls_md_hmac library/md.o grep mbedtls_md library/md.o msg "test: crypto_full with only the light subset of MD" - make test + make $MAKE_THREADING_FLAGS test } component_test_full_no_cipher () { @@ -1562,7 +1565,7 @@ component_test_full_no_cipher () { scripts/config.py unset MBEDTLS_LMS_PRIVATE msg "test: full no CIPHER no PSA_CRYPTO_C" - make test + make $MAKE_THREADING_FLAGS test } # This is a common configurator and test function that is used in: @@ -1611,7 +1614,7 @@ common_test_full_no_cipher_with_psa_crypto () { scripts/config.py unset MBEDTLS_PKCS12_C scripts/config.py unset MBEDTLS_PKCS5_C - make + make $MAKE_THREADING_FLAGS # Ensure that CIPHER_C was not re-enabled not grep mbedtls_cipher_init library/cipher.o @@ -1644,7 +1647,7 @@ component_test_full_no_ccm() { # PSA_WANT_ALG_CCM to be re-enabled. scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM - make + make $MAKE_THREADING_FLAGS msg "test: full no PSA_WANT_ALG_CCM" make test @@ -1672,7 +1675,7 @@ component_test_full_no_ccm_star_no_tag() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - make + make $MAKE_THREADING_FLAGS # Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled not grep mbedtls_psa_cipher library/psa_crypto_cipher.o @@ -1729,7 +1732,7 @@ component_test_full_no_bignum () { scripts/config.py unset MBEDTLS_SSL_ASYNC_PRIVATE scripts/config.py unset MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK - make + make $MAKE_THREADING_FLAGS msg "test: full minus bignum" make test @@ -2007,7 +2010,7 @@ component_test_small_mbedtls_ssl_dtls_max_buffering () { component_test_psa_collect_statuses () { msg "build+test: psa_collect_statuses" # ~30s scripts/config.py full - tests/scripts/psa_collect_statuses.py + tests/scripts/psa_collect_statuses.py --make-vars="$MAKE_THREADING_FLAGS" # Check that psa_crypto_init() succeeded at least once grep -q '^0:psa_crypto_init:' tests/statuses.log rm -f tests/statuses.log @@ -2186,7 +2189,7 @@ component_test_default_no_deprecated () { component_test_full_no_deprecated () { msg "build: make, full_no_deprecated config" # ~ 30s scripts/config.py full_no_deprecated - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' $MAKE_THREADING_FLAGS msg "test: make, full_no_deprecated config" # ~ 5s make test @@ -2203,7 +2206,7 @@ component_test_full_no_deprecated_deprecated_warning () { scripts/config.py full_no_deprecated scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED scripts/config.py set MBEDTLS_DEPRECATED_WARNING - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' $MAKE_THREADING_FLAGS msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s make test @@ -2223,7 +2226,7 @@ component_test_full_deprecated_warning () { # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set. # Expect warnings from '#warning' directives in check_config.h and # from the use of deprecated functions in test suites. - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' $MAKE_THREADING_FLAGS tests msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s make test @@ -2248,7 +2251,7 @@ component_build_crypto_default () { component_build_crypto_full () { msg "build: make, crypto only, full config" scripts/config.py crypto_full - make CFLAGS='-O1 -Werror' + make CFLAGS='-O1 -Werror' $MAKE_THREADING_FLAGS are_empty_libraries library/libmbedx509.* library/libmbedtls.* } @@ -2308,73 +2311,73 @@ support_build_baremetal () { # depends.py family of tests component_test_depends_py_cipher_id () { msg "test/build: depends.py cipher_id (gcc)" - tests/scripts/depends.py cipher_id --unset-use-psa + tests/scripts/depends.py cipher_id --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_cipher_chaining () { msg "test/build: depends.py cipher_chaining (gcc)" - tests/scripts/depends.py cipher_chaining --unset-use-psa + tests/scripts/depends.py cipher_chaining --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_cipher_padding () { msg "test/build: depends.py cipher_padding (gcc)" - tests/scripts/depends.py cipher_padding --unset-use-psa + tests/scripts/depends.py cipher_padding --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_curves () { msg "test/build: depends.py curves (gcc)" - tests/scripts/depends.py curves --unset-use-psa + tests/scripts/depends.py curves --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_hashes () { msg "test/build: depends.py hashes (gcc)" - tests/scripts/depends.py hashes --unset-use-psa + tests/scripts/depends.py hashes --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_kex () { msg "test/build: depends.py kex (gcc)" - tests/scripts/depends.py kex --unset-use-psa + tests/scripts/depends.py kex --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_pkalgs () { msg "test/build: depends.py pkalgs (gcc)" - tests/scripts/depends.py pkalgs --unset-use-psa + tests/scripts/depends.py pkalgs --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" } # PSA equivalents of the depends.py tests component_test_depends_py_cipher_id_psa () { msg "test/build: depends.py cipher_id (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py cipher_id + tests/scripts/depends.py cipher_id --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_cipher_chaining_psa () { msg "test/build: depends.py cipher_chaining (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py cipher_chaining + tests/scripts/depends.py cipher_chaining --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_cipher_padding_psa () { msg "test/build: depends.py cipher_padding (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py cipher_padding + tests/scripts/depends.py cipher_padding --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_curves_psa () { msg "test/build: depends.py curves (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py curves + tests/scripts/depends.py curves --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_hashes_psa () { msg "test/build: depends.py hashes (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py hashes + tests/scripts/depends.py hashes --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_kex_psa () { msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py kex + tests/scripts/depends.py kex --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_pkalgs_psa () { msg "test/build: depends.py pkalgs (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py pkalgs + tests/scripts/depends.py pkalgs --make-vars="$MAKE_THREADING_FLAGS" } component_build_no_pk_rsa_alt_support () { @@ -2386,7 +2389,7 @@ component_build_no_pk_rsa_alt_support () { scripts/config.py set MBEDTLS_X509_CRT_WRITE_C # Only compile - this is primarily to test for compile issues - make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' + make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' $MAKE_THREADING_FLAGS } component_build_module_alt () { @@ -2600,7 +2603,7 @@ component_test_psa_crypto_config_reference_ffdh () { # Disable things that are not supported scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - make + make $MAKE_THREADING_FLAGS msg "test suites: full with non-accelerated FFDH alg" make test @@ -2639,7 +2642,7 @@ component_test_psa_crypto_config_accel_pake() { # ------------- msg "test: full with accelerated PAKE" - make test + make $MAKE_THREADING_FLAGS test } component_test_psa_crypto_config_accel_ecc_some_key_types () { @@ -2699,7 +2702,7 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { # ------------- msg "test suites: full with accelerated EC algs and some key types" - make test + make $MAKE_THREADING_FLAGS test } # Run tests with only (non-)Weierstrass accelerated @@ -2898,7 +2901,7 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () { # ------------- msg "test suites: full with accelerated EC algs" - make test + make $MAKE_THREADING_FLAGS test msg "ssl-opt: full with accelerated EC algs" tests/ssl-opt.sh @@ -2910,7 +2913,7 @@ component_test_psa_crypto_config_reference_ecc_ecp_light_only () { config_psa_crypto_config_ecp_light_only 0 - make + make $MAKE_THREADING_FLAGS msg "test suites: full with non-accelerated EC algs" make test @@ -3003,7 +3006,7 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { # ------------- msg "test: full + accelerated EC algs - ECP" - make test + make $MAKE_THREADING_FLAGS test msg "ssl-opt: full + accelerated EC algs - ECP" tests/ssl-opt.sh @@ -3017,7 +3020,7 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { config_psa_crypto_no_ecp_at_all 0 - make + make $MAKE_THREADING_FLAGS msg "test: full + non accelerated EC algs" make test @@ -3180,7 +3183,7 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - DHM - BIGNUM" - make test + make $MAKE_THREADING_FLAGS test msg "ssl-opt: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" tests/ssl-opt.sh @@ -3211,7 +3214,7 @@ common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$test_target" - make + make $MAKE_THREADING_FLAGS msg "test suites: full + non accelerated EC algs + USE_PSA" make test @@ -3330,7 +3333,7 @@ build_full_minus_something_and_test_tls () { scripts/config.py unset $sym done - make + make $MAKE_THREADING_FLAGS msg "test: full minus something, test TLS" ( cd tests; ./test_suite_ssl ) @@ -3369,7 +3372,7 @@ build_and_test_psa_want_key_pair_partial() { # crypto_config.h so we just disable the one we don't want. scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want" - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}" make test @@ -3435,7 +3438,7 @@ component_test_psa_crypto_config_accel_rsa_crypto () { # ------------- msg "test: crypto_full with accelerated RSA" - make test + make $MAKE_THREADING_FLAGS test } component_test_psa_crypto_config_reference_rsa_crypto () { @@ -3447,7 +3450,7 @@ component_test_psa_crypto_config_reference_rsa_crypto () { # Build # ----- - make + make $MAKE_THREADING_FLAGS # Run the tests # ------------- @@ -3649,7 +3652,7 @@ component_test_psa_crypto_config_reference_hash_use_psa() { config_psa_crypto_hash_use_psa 0 - make + make $MAKE_THREADING_FLAGS msg "test: full without accelerated hashes" make test @@ -3814,7 +3817,7 @@ component_test_psa_crypto_config_accel_cipher_aead () { # ------------- msg "test: full config with accelerated cipher and AEAD" - make test + make $MAKE_THREADING_FLAGS test msg "ssl-opt: full config with accelerated cipher and AEAD" tests/ssl-opt.sh @@ -3827,7 +3830,7 @@ component_test_psa_crypto_config_reference_cipher_aead () { msg "build: full config with non-accelerated cipher and AEAD" common_psa_crypto_config_accel_cipher_aead - make + make $MAKE_THREADING_FLAGS msg "test: full config with non-accelerated cipher and AEAD" make test @@ -3844,7 +3847,7 @@ component_test_aead_chachapoly_disabled() { scripts/config.py full scripts/config.py unset MBEDTLS_CHACHAPOLY_C scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: full minus CHACHAPOLY" make test @@ -3857,7 +3860,7 @@ component_test_aead_only_ccm() { scripts/config.py unset MBEDTLS_GCM_C scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: full minus CHACHAPOLY and GCM" make test @@ -3888,7 +3891,7 @@ component_build_psa_accel_alg_ecdh() { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. @@ -3898,7 +3901,7 @@ component_build_psa_accel_alg_hmac() { scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. @@ -3911,7 +3914,7 @@ component_build_psa_accel_alg_hkdf() { # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it. scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test. @@ -3930,7 +3933,7 @@ component_build_psa_accel_alg_md5() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test. @@ -3949,7 +3952,7 @@ component_build_psa_accel_alg_ripemd160() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test. @@ -3968,7 +3971,7 @@ component_build_psa_accel_alg_sha1() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test. @@ -3984,7 +3987,7 @@ component_build_psa_accel_alg_sha224() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test. @@ -4000,7 +4003,7 @@ component_build_psa_accel_alg_sha256() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test. @@ -4018,7 +4021,7 @@ component_build_psa_accel_alg_sha384() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test. @@ -4037,7 +4040,7 @@ component_build_psa_accel_alg_sha512() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4051,7 +4054,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4065,7 +4068,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_sign() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4079,7 +4082,7 @@ component_build_psa_accel_alg_rsa_oaep() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4093,7 +4096,7 @@ component_build_psa_accel_alg_rsa_pss() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4108,7 +4111,7 @@ component_build_psa_accel_key_type_rsa_key_pair() { scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4120,7 +4123,7 @@ component_build_psa_accel_key_type_rsa_public_key() { scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } @@ -4289,7 +4292,7 @@ component_test_no_platform () { # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, # to re-enable platform integration features otherwise disabled in C99 builds make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs - make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test + make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' $MAKE_THREADING_FLAGS test } component_build_no_std_function () { @@ -4307,14 +4310,14 @@ component_build_no_ssl_srv () { msg "build: full config except SSL server, make, gcc" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_SSL_SRV_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' $MAKE_THREADING_FLAGS } component_build_no_ssl_cli () { msg "build: full config except SSL client, make, gcc" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_SSL_CLI_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' $MAKE_THREADING_FLAGS } component_build_no_sockets () { @@ -4489,7 +4492,7 @@ component_test_platform_calloc_macro () { component_test_malloc_0_null () { msg "build: malloc(0) returns NULL (ASan+UBSan build)" scripts/config.py full - make CC=$ASAN_CC CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: malloc(0) returns NULL (ASan+UBSan build)" make test @@ -5101,7 +5104,7 @@ component_test_psa_crypto_drivers () { loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" loc_cflags="${loc_cflags} -I../tests/include -O2" - make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: full + test drivers dispatching to builtins" make test @@ -5128,7 +5131,7 @@ test_build_opt () { $cc --version for opt in "$@"; do msg "build/test: $cc $opt, $info" # ~ 30s - make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" + make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" $MAKE_THREADING_FLAGS # We're confident enough in compilers to not run _all_ the tests, # but at least run the unit tests. In particular, runs with # optimizations use inline assembly whereas runs with -O0 @@ -5183,7 +5186,7 @@ component_build_mbedtls_config_file () { msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s scripts/config.py -w full_config.h full echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H" - make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" + make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" $MAKE_THREADING_FLAGS # Make sure this feature is enabled. We'll disable it in the next phase. programs/test/query_compile_time_config MBEDTLS_NIST_KW_C make clean @@ -5192,7 +5195,7 @@ component_build_mbedtls_config_file () { # In the user config, disable one feature (for simplicity, pick a feature # that nothing else depends on). echo '#undef MBEDTLS_NIST_KW_C' >user_config.h - make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'" + make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'" $MAKE_THREADING_FLAGS not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C rm -f user_config.h full_config.h @@ -5251,7 +5254,7 @@ component_test_m32_no_asm () { scripts/config.py unset MBEDTLS_HAVE_ASM scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: i386, make, gcc, no asm (ASan build)" make test @@ -5269,7 +5272,7 @@ component_test_m32_o2 () { msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: i386, make, gcc -O2 (ASan build)" make test @@ -5304,7 +5307,7 @@ support_test_m32_everest () { component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s scripts/config.py full - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' + make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' $MAKE_THREADING_FLAGS msg "test: 64-bit ILP32, make, gcc" make test @@ -5368,7 +5371,7 @@ component_test_no_udbl_division () { msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s scripts/config.py full scripts/config.py set MBEDTLS_NO_UDBL_DIVISION - make CFLAGS='-Werror -O1' + make CFLAGS='-Werror -O1' $MAKE_THREADING_FLAGS msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s make test @@ -5378,7 +5381,7 @@ component_test_no_64bit_multiplication () { msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s scripts/config.py full scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION - make CFLAGS='-Werror -O1' + make CFLAGS='-Werror -O1' $MAKE_THREADING_FLAGS msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s make test @@ -5392,7 +5395,7 @@ component_test_no_strings () { scripts/config.py unset MBEDTLS_ERROR_C scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY scripts/config.py unset MBEDTLS_VERSION_FEATURES - make CFLAGS='-Werror -Os' + make CFLAGS='-Werror -Os' $MAKE_THREADING_FLAGS msg "test: no strings" # ~ 10s make test @@ -5403,7 +5406,7 @@ component_test_no_x509_info () { scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests scripts/config.pl set MBEDTLS_X509_REMOVE_INFO - make CFLAGS='-Werror -O2' + make CFLAGS='-Werror -O2' $MAKE_THREADING_FLAGS msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s make test @@ -6006,7 +6009,7 @@ component_build_zeroize_checks () { scripts/config.py full # Only compile - we're looking for sizeof-pointer-memaccess warnings - make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" + make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" $MAKE_THREADING_FLAGS } From 40f0ec246ea68195e74ffe20c3d8f4c700f732d2 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 11 Dec 2023 17:40:54 +0000 Subject: [PATCH 19/23] Remove requirement for SHA512 from ctr_drbg test Set the entropy len prior to doing the test to ensure the outcome is the same regardless of whether SHA512 or SHA256 is used. Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.data | 4 ++-- tests/suites/test_suite_ctr_drbg.function | 13 ++++++++++--- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index b519da8951..f314ac603b 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1097,11 +1097,11 @@ CTR_DRBG Special Behaviours ctr_drbg_special_behaviours: CTR_DRBG Threads: no reseed -depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_ENTROPY_FORCE_SHA256:MBEDTLS_SHA512_C +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ctr_drbg_threads:"1fafa98bc83d95e10f2d5ed339a553e1":0:5 CTR_DRBG Threads: reseed -depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_ENTROPY_FORCE_SHA256:MBEDTLS_SHA512_C +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ctr_drbg_threads:"B10A961F2EA39927B4C48AEDDD299026":1:5 CTR_DRBG self test diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index a5a85a0eba..504f28a6ef 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -353,6 +353,9 @@ void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) const size_t n_random_calls = thread_count * thread_random_reps + 1; + /* Based on the size of MBEDTLS_CTR_DRBG_ENTROPY_LEN for SHA512. */ + const size_t entropy_len = 48; + TEST_CALLOC(threads, sizeof(pthread_t) * thread_count); memset(out, 0, sizeof(out)); @@ -361,14 +364,18 @@ void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) test_offset_idx = 0; + /* Need to do this, otherwise if we are forced into using SHA256 for + * whaever reason, output will differ. */ + mbedtls_ctr_drbg_set_entropy_len(&ctx, entropy_len); + if (reseed == 0) { mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_OFF); mbedtls_ctr_drbg_set_reseed_interval(&ctx, n_random_calls + 1); - TEST_CALLOC(entropy, MBEDTLS_CTR_DRBG_ENTROPY_LEN + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN); - test_max_idx = MBEDTLS_CTR_DRBG_ENTROPY_LEN + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN; + TEST_CALLOC(entropy, entropy_len + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN); + test_max_idx = entropy_len + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN; } else { - const size_t entropy_size = ((n_random_calls + 1) * MBEDTLS_CTR_DRBG_ENTROPY_LEN) + const size_t entropy_size = ((n_random_calls + 1) * entropy_len) + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN; mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_ON); From 79dc6dad81a897caca0fe24cfce5be81925e48dc Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 11 Dec 2023 17:52:03 +0000 Subject: [PATCH 20/23] Improve make pthread linking mechanism Signed-off-by: Paul Elliott --- programs/Makefile | 2 +- tests/Makefile | 2 +- tests/scripts/all.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index a3fa81679f..ebdadc0567 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -139,7 +139,7 @@ APPS = \ x509/req_app \ # End of APPS -ifdef PTHREAD +ifeq ($(THREADING),pthread) APPS += ssl/ssl_pthread_server endif diff --git a/tests/Makefile b/tests/Makefile index 72429a6429..29197b7c71 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -58,7 +58,7 @@ DLEXT ?= so EXEXT= SHARED_SUFFIX= -ifdef PTHREAD +ifeq ($(THREADING),pthread) LOCAL_LDFLAGS += -lpthread endif endif diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 65203e8771..933c563d30 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -218,7 +218,7 @@ pre_initialize_variables () { done # Option to enable linking with pthreads under make - MAKE_THREADING_FLAGS="PTHREAD=1" + MAKE_THREADING_FLAGS="THREADING=pthread" } # Test whether the component $1 is included in the command line patterns. From e4b3f75298321d14fc20817ad2817d040788bb3f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 11 Dec 2023 17:57:16 +0000 Subject: [PATCH 21/23] Remove unnecessary check Signed-off-by: Paul Elliott --- programs/aes/crypt_and_hash.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index f15b85e2c0..b2cd704710 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -103,14 +103,11 @@ int main(int argc, char *argv[]) list = mbedtls_cipher_list(); while (*list) { cipher_info = mbedtls_cipher_info_from_type(*list); - if (cipher_info) { - const char *name = mbedtls_cipher_info_get_name(cipher_info); + const char *name = mbedtls_cipher_info_get_name(cipher_info); - if (name) { - mbedtls_printf(" %s\n", mbedtls_cipher_info_get_name(cipher_info)); - } + if (name) { + mbedtls_printf(" %s\n", mbedtls_cipher_info_get_name(cipher_info)); } - list++; } From 445af3c25ad86c3ea6dc1a68a1eb5663a7e17a8a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 11 Dec 2023 18:05:32 +0000 Subject: [PATCH 22/23] Move test dependancies to function file Dependancies are determined by code in this case. Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.data | 1 - tests/suites/test_suite_ctr_drbg.function | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index f314ac603b..028a07f80d 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1097,7 +1097,6 @@ CTR_DRBG Special Behaviours ctr_drbg_special_behaviours: CTR_DRBG Threads: no reseed -depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ctr_drbg_threads:"1fafa98bc83d95e10f2d5ed339a553e1":0:5 CTR_DRBG Threads: reseed diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 504f28a6ef..c60f8cd650 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -342,7 +342,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_THREADING_PTHREAD */ +/* BEGIN_CASE depends_on:MBEDTLS_THREADING_PTHREAD:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) { size_t thread_count = (size_t) arg_thread_count; From 22dbaf05b6ce1189d1af58bbd144406d827fc813 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 18 Dec 2023 18:18:04 +0000 Subject: [PATCH 23/23] Add AES_PSA_INIT() to thread test case Tests were failing when PSA was being used in ctr_drbg_seed() as PSA was not initialised. Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.function | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index c60f8cd650..1f0a072c7c 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -356,6 +356,8 @@ void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) /* Based on the size of MBEDTLS_CTR_DRBG_ENTROPY_LEN for SHA512. */ const size_t entropy_len = 48; + AES_PSA_INIT(); + TEST_CALLOC(threads, sizeof(pthread_t) * thread_count); memset(out, 0, sizeof(out)); @@ -408,6 +410,8 @@ exit: mbedtls_ctr_drbg_free(&ctx); mbedtls_free(entropy); mbedtls_free(threads); + + AES_PSA_DONE(); } /* END_CASE */