From 745af9f47bc3252708dd425b0f572f59ca122f1b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 29 Sep 2023 15:47:07 +0100 Subject: [PATCH 01/27] Extend testing of aes.o options Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9e1d84f5de..20b7fda8c2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3934,13 +3934,25 @@ component_build_tfm() { make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../tests/include/spe" } -component_build_aes_variations() { # ~45s +component_build_aes_variations() { # 3m20s # aes.o has many #if defined(...) guards that intersect in complex ways. # Test that all the combinations build cleanly. The most common issue is # unused variables/functions, so ensure -Wunused is set. msg "build: aes.o for all combinations of relevant config options" + # check to see if we can enable MBEDTLS_AES_USE_HARDWARE_ONLY - require + # Linux (so we can check for CPU flags) + if [[ "$OSTYPE" == "linux-gnu" ]]; then + # Runtime detection is supported on Linux, so it's safe to set these here + AESNI_OPTIONS="set unset" + AESCE_OPTIONS="set unset" + else + # otherwise leave them unset + AESNI_OPTIONS="unset" + AESCE_OPTIONS="unset" + fi + for a in set unset; do for b in set unset; do for c in set unset; do @@ -3948,6 +3960,20 @@ component_build_aes_variations() { # ~45s for e in set unset; do for f in set unset; do for g in set unset; do + for h in set unset; do + for i in ${AESNI_OPTIONS}; do + for j in ${AESCE_OPTIONS}; do + if [[ "$h" == "set" ]]; then + if [[ !(("$HOSTTYPE" == "aarch64" && "$j" == "set") || ("$HOSTTYPE" == "x86_64" && "$i" == "set")) ]]; then + # MBEDTLS_AES_USE_HARDWARE_ONLY requires hw acceleration for the target platform + continue + fi + if [[ "$g" == "set" ]]; then + # MBEDTLS_AES_USE_HARDWARE_ONLY and MBEDTLS_PADLOCK_C is not supported + continue + fi + fi + echo ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT echo ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT echo ./scripts/config.py $c MBEDTLS_AES_ROM_TABLES @@ -3955,6 +3981,9 @@ component_build_aes_variations() { # ~45s echo ./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT echo ./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES echo ./scripts/config.py $g MBEDTLS_PADLOCK_C + echo ./scripts/config.py $h MBEDTLS_AES_USE_HARDWARE_ONLY + echo ./scripts/config.py $i MBEDTLS_AESNI_C + echo ./scripts/config.py $j MBEDTLS_AESCE_C ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT @@ -3963,6 +3992,9 @@ component_build_aes_variations() { # ~45s ./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT ./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES ./scripts/config.py $g MBEDTLS_PADLOCK_C + ./scripts/config.py $h MBEDTLS_AES_USE_HARDWARE_ONLY + ./scripts/config.py $i MBEDTLS_AESNI_C + ./scripts/config.py $j MBEDTLS_AESCE_C rm -f library/aes.o make -C library aes.o CC="clang" CFLAGS="-O0 -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" @@ -3973,6 +4005,9 @@ component_build_aes_variations() { # ~45s done done done + done + done + done } component_test_no_platform () { From 450c1ff353e8e7431d916178a8a6f19f3568e4c3 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 29 Sep 2023 15:52:33 +0100 Subject: [PATCH 02/27] Fix some more incorrect guards in aes.c Signed-off-by: Dave Rodgman --- library/aes.c | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/library/aes.c b/library/aes.c index 0a7b26ce90..3e27cd39be 100644 --- a/library/aes.c +++ b/library/aes.c @@ -84,8 +84,10 @@ static int aes_padlock_ace = -1; /* * Forward S-box */ -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || \ + (!defined(MBEDTLS_AES_SETKEY_ENC_ALT) && (!defined(MBEDTLS_AES_USE_HARDWARE_ONLY) || \ + !defined(MBEDTLS_AES_ROM_TABLES))) || \ + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) static const unsigned char FSb[256] = { 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, @@ -330,7 +332,8 @@ static const unsigned char RSb[256] = V(71, 01, A8, 39), V(DE, B3, 0C, 08), V(9C, E4, B4, D8), V(90, C1, 56, 64), \ V(61, 84, CB, 7B), V(70, B6, 32, D5), V(74, 5C, 6C, 48), V(42, 57, B8, D0) -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if !defined(MBEDTLS_AES_DECRYPT_ALT) || \ + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) #define V(a, b, c, d) 0x##a##b##c##d static const uint32_t RT0[256] = { RT }; @@ -352,11 +355,12 @@ static const uint32_t RT3[256] = { RT }; #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +#endif \ + /* !defined(MBEDTLS_AES_DECRYPT_ALT) || (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) */ #undef RT -#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) +#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) /* * Round constants */ @@ -373,11 +377,12 @@ static const uint32_t RCON[10] = /* * Forward S-box & tables */ -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || \ + (!defined(MBEDTLS_AES_SETKEY_ENC_ALT) && (!defined(MBEDTLS_AES_USE_HARDWARE_ONLY) || \ + !defined(MBEDTLS_AES_ROM_TABLES))) || \ + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) static unsigned char FSb[256]; -#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +#endif #if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) static uint32_t FT0[256]; #if !defined(MBEDTLS_AES_FEWER_TABLES) @@ -394,7 +399,8 @@ static uint32_t FT3[256]; static unsigned char RSb[256]; #endif /* !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT)) */ -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if !defined(MBEDTLS_AES_DECRYPT_ALT) || (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && \ + !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) static uint32_t RT0[256]; #if !defined(MBEDTLS_AES_FEWER_TABLES) static uint32_t RT1[256]; @@ -482,7 +488,8 @@ static void aes_gen_tables(void) x = RSb[i]; -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if !defined(MBEDTLS_AES_DECRYPT_ALT) || \ + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) RT0[i] = ((uint32_t) MUL(0x0E, x)) ^ ((uint32_t) MUL(0x09, x) << 8) ^ ((uint32_t) MUL(0x0D, x) << 16) ^ @@ -493,7 +500,8 @@ static void aes_gen_tables(void) RT2[i] = ROTL8(RT1[i]); RT3[i] = ROTL8(RT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +#endif \ + /* !defined(MBEDTLS_AES_DECRYPT_ALT) || (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) */ } } From 573dfc167ae1a3953e5613eeff67e3766fa73c34 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 29 Sep 2023 16:27:29 +0100 Subject: [PATCH 03/27] Add testing for MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 20b7fda8c2..238d4ccce2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3934,7 +3934,7 @@ component_build_tfm() { make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../tests/include/spe" } -component_build_aes_variations() { # 3m20s +component_build_aes_variations() { # ~7m # aes.o has many #if defined(...) guards that intersect in complex ways. # Test that all the combinations build cleanly. The most common issue is # unused variables/functions, so ensure -Wunused is set. @@ -3963,6 +3963,7 @@ component_build_aes_variations() { # 3m20s for h in set unset; do for i in ${AESNI_OPTIONS}; do for j in ${AESCE_OPTIONS}; do + for k in set unset; do if [[ "$h" == "set" ]]; then if [[ !(("$HOSTTYPE" == "aarch64" && "$j" == "set") || ("$HOSTTYPE" == "x86_64" && "$i" == "set")) ]]; then # MBEDTLS_AES_USE_HARDWARE_ONLY requires hw acceleration for the target platform @@ -3984,6 +3985,7 @@ component_build_aes_variations() { # 3m20s echo ./scripts/config.py $h MBEDTLS_AES_USE_HARDWARE_ONLY echo ./scripts/config.py $i MBEDTLS_AESNI_C echo ./scripts/config.py $j MBEDTLS_AESCE_C + echo ./scripts/config.py $k MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT @@ -3995,6 +3997,7 @@ component_build_aes_variations() { # 3m20s ./scripts/config.py $h MBEDTLS_AES_USE_HARDWARE_ONLY ./scripts/config.py $i MBEDTLS_AESNI_C ./scripts/config.py $j MBEDTLS_AESCE_C + ./scripts/config.py $k MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH rm -f library/aes.o make -C library aes.o CC="clang" CFLAGS="-O0 -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" @@ -4008,6 +4011,7 @@ component_build_aes_variations() { # 3m20s done done done + done } component_test_no_platform () { From 972856219202c4bc134493f6dfc420497959d7ed Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 29 Sep 2023 17:32:06 +0100 Subject: [PATCH 04/27] Improve test speed Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 122 ++++++++++++++++++++++++------------------- 1 file changed, 68 insertions(+), 54 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 238d4ccce2..22b471445b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3934,84 +3934,98 @@ component_build_tfm() { make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../tests/include/spe" } -component_build_aes_variations() { # ~7m +component_build_aes_variations() { + # 1m40 - around 90ms per clang invocation on M1 Pro + # # aes.o has many #if defined(...) guards that intersect in complex ways. # Test that all the combinations build cleanly. The most common issue is # unused variables/functions, so ensure -Wunused is set. msg "build: aes.o for all combinations of relevant config options" + WARNING_FLAGS="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" + # check to see if we can enable MBEDTLS_AES_USE_HARDWARE_ONLY - require # Linux (so we can check for CPU flags) if [[ "$OSTYPE" == "linux-gnu" ]]; then # Runtime detection is supported on Linux, so it's safe to set these here - AESNI_OPTIONS="set unset" - AESCE_OPTIONS="set unset" + AESNI_OPTIONS="0 1" + AESCE_OPTIONS="0 1" else # otherwise leave them unset - AESNI_OPTIONS="unset" - AESCE_OPTIONS="unset" + AESNI_OPTIONS="0" + AESCE_OPTIONS="0" fi - for a in set unset; do - for b in set unset; do - for c in set unset; do - for d in set unset; do - for e in set unset; do - for f in set unset; do - for g in set unset; do - for h in set unset; do - for i in ${AESNI_OPTIONS}; do - for j in ${AESCE_OPTIONS}; do - for k in set unset; do - if [[ "$h" == "set" ]]; then - if [[ !(("$HOSTTYPE" == "aarch64" && "$j" == "set") || ("$HOSTTYPE" == "x86_64" && "$i" == "set")) ]]; then + # clear all the variables, so that we can individually set them via clang + for x in "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" "MBEDTLS_AES_ROM_TABLES" \ + "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" "MBEDTLS_AES_FEWER_TABLES" \ + "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" \ + "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"; do + echo ./scripts/config.py unset ${x} + ./scripts/config.py unset ${x} + done + + FAILED=0 + + for a in 0 1; do [[ $a == 0 ]] && A="" || A="-DMBEDTLS_AES_SETKEY_ENC_ALT" + for b in 0 1; do [[ $b == 0 ]] && B="" || B="-DMBEDTLS_AES_DECRYPT_ALT" + for c in 0 1; do [[ $c == 0 ]] && C="" || C="-DMBEDTLS_AES_ROM_TABLES" + for d in 0 1; do [[ $d == 0 ]] && D="" || D="-DMBEDTLS_AES_ENCRYPT_ALT" + for e in 0 1; do [[ $e == 0 ]] && E="" || E="-DMBEDTLS_AES_SETKEY_DEC_ALT" + for f in 0 1; do [[ $f == 0 ]] && F="" || F="-DMBEDTLS_AES_FEWER_TABLES" + for g in 0 1; do [[ $g == 0 ]] && G="" || G="-DMBEDTLS_PADLOCK_C" + for h in 0 1; do [[ $h == 0 ]] && H="" || H="-DMBEDTLS_AES_USE_HARDWARE_ONLY" + for i in $AESNI_OPTIONS; do [[ $i == 0 ]] && I="" || I="-DMBEDTLS_AESNI_C" + for j in $AESCE_OPTIONS; do [[ $j == 0 ]] && J="" || J="-DMBEDTLS_AESCE_C" + for k in 0 1; do [[ $k == 0 ]] && K="" || K="-DMBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" + + # skip invalid combinations + if [[ $h -eq 1 ]]; then + if [[ !(("$HOSTTYPE" == "aarch64" && $j -eq 1) || ("$HOSTTYPE" == "x86_64" && $i -eq 1)) ]]; then # MBEDTLS_AES_USE_HARDWARE_ONLY requires hw acceleration for the target platform continue fi - if [[ "$g" == "set" ]]; then + if [[ $g -eq 1 ]]; then # MBEDTLS_AES_USE_HARDWARE_ONLY and MBEDTLS_PADLOCK_C is not supported continue fi fi - echo ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT - echo ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT - echo ./scripts/config.py $c MBEDTLS_AES_ROM_TABLES - echo ./scripts/config.py $d MBEDTLS_AES_ENCRYPT_ALT - echo ./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT - echo ./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES - echo ./scripts/config.py $g MBEDTLS_PADLOCK_C - echo ./scripts/config.py $h MBEDTLS_AES_USE_HARDWARE_ONLY - echo ./scripts/config.py $i MBEDTLS_AESNI_C - echo ./scripts/config.py $j MBEDTLS_AESCE_C - echo ./scripts/config.py $k MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH + # Check syntax only, for speed + # Capture failures and continue, but hide successes to avoid spamming the log with 2^11 combinations + CMD_FAILED=0 + cmd="clang $A $B $C $D $E $F $G $H $I $J $K -fsyntax-only library/aes.c -Iinclude -std=c99 $WARNING_FLAGS" + $cmd || CMD_FAILED=1 - ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT - ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT - ./scripts/config.py $c MBEDTLS_AES_ROM_TABLES - ./scripts/config.py $d MBEDTLS_AES_ENCRYPT_ALT - ./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT - ./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES - ./scripts/config.py $g MBEDTLS_PADLOCK_C - ./scripts/config.py $h MBEDTLS_AES_USE_HARDWARE_ONLY - ./scripts/config.py $i MBEDTLS_AESNI_C - ./scripts/config.py $j MBEDTLS_AESCE_C - ./scripts/config.py $k MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH + if [[ $CMD_FAILED -eq 1 ]]; then + FAILED=1 + echo "Failed: $cmd" + echo $a MBEDTLS_AES_SETKEY_ENC_ALT + echo $b MBEDTLS_AES_DECRYPT_ALT + echo $c MBEDTLS_AES_ROM_TABLES + echo $d MBEDTLS_AES_ENCRYPT_ALT + echo $e MBEDTLS_AES_SETKEY_DEC_ALT + echo $f MBEDTLS_AES_FEWER_TABLES + echo $g MBEDTLS_PADLOCK_C + echo $h MBEDTLS_AES_USE_HARDWARE_ONLY + echo $i MBEDTLS_AESNI_C + echo $j MBEDTLS_AESCE_C + echo $k MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH + fi + done + done + done + done + done + done + done + done + done + done + done - rm -f library/aes.o - make -C library aes.o CC="clang" CFLAGS="-O0 -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" - done - done - done - done - done - done - done - done - done - done - done + [[ $FAILED -eq 1 ]] && false # fail if any combination failed } component_test_no_platform () { From aea01c9455117da6bee185377a100f46e801f466 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 29 Sep 2023 18:54:49 +0100 Subject: [PATCH 05/27] Use make to parellise tests Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 34 ++++++++++++++-------------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 22b471445b..ba43d133d6 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3935,7 +3935,7 @@ component_build_tfm() { } component_build_aes_variations() { - # 1m40 - around 90ms per clang invocation on M1 Pro + # 18s - around 90ms per clang invocation on M1 Pro # # aes.o has many #if defined(...) guards that intersect in complex ways. # Test that all the combinations build cleanly. The most common issue is @@ -3962,11 +3962,11 @@ component_build_aes_variations() { "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" "MBEDTLS_AES_FEWER_TABLES" \ "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" \ "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"; do - echo ./scripts/config.py unset ${x} ./scripts/config.py unset ${x} done - FAILED=0 + MAKEFILE=$(mktemp) + DEPS="" for a in 0 1; do [[ $a == 0 ]] && A="" || A="-DMBEDTLS_AES_SETKEY_ENC_ALT" for b in 0 1; do [[ $b == 0 ]] && B="" || B="-DMBEDTLS_AES_DECRYPT_ALT" @@ -3996,23 +3996,12 @@ component_build_aes_variations() { # Capture failures and continue, but hide successes to avoid spamming the log with 2^11 combinations CMD_FAILED=0 cmd="clang $A $B $C $D $E $F $G $H $I $J $K -fsyntax-only library/aes.c -Iinclude -std=c99 $WARNING_FLAGS" - $cmd || CMD_FAILED=1 - if [[ $CMD_FAILED -eq 1 ]]; then - FAILED=1 - echo "Failed: $cmd" - echo $a MBEDTLS_AES_SETKEY_ENC_ALT - echo $b MBEDTLS_AES_DECRYPT_ALT - echo $c MBEDTLS_AES_ROM_TABLES - echo $d MBEDTLS_AES_ENCRYPT_ALT - echo $e MBEDTLS_AES_SETKEY_DEC_ALT - echo $f MBEDTLS_AES_FEWER_TABLES - echo $g MBEDTLS_PADLOCK_C - echo $h MBEDTLS_AES_USE_HARDWARE_ONLY - echo $i MBEDTLS_AESNI_C - echo $j MBEDTLS_AESCE_C - echo $k MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH - fi + TARGET="t$a$b$c$d$e$f$g$h$i$j$k" + echo "${TARGET}:" >> $MAKEFILE + echo -e "\t$cmd" >> $MAKEFILE + echo >> $MAKEFILE + DEPS="${DEPS} ${TARGET}" done done done @@ -4025,7 +4014,12 @@ component_build_aes_variations() { done done - [[ $FAILED -eq 1 ]] && false # fail if any combination failed + echo "all: ${DEPS}" >> $MAKEFILE + + MAKEFILE_CONTENT=`cat $MAKEFILE` + rm ${MAKEFILE} + NCPUS=$(lscpu -p|tail -n1|sed 's/,.*//') + echo $MAKEFILE_CONTENT | make --quiet -j$((NCPUS * 2)) -f ${MAKEFILE} all } component_test_no_platform () { From 86cc70871ceecfa5d26ce1b736a48b59658ea628 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 29 Sep 2023 22:32:04 +0100 Subject: [PATCH 06/27] fix make issue Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ba43d133d6..14d32c158c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4016,10 +4016,9 @@ component_build_aes_variations() { echo "all: ${DEPS}" >> $MAKEFILE - MAKEFILE_CONTENT=`cat $MAKEFILE` - rm ${MAKEFILE} NCPUS=$(lscpu -p|tail -n1|sed 's/,.*//') - echo $MAKEFILE_CONTENT | make --quiet -j$((NCPUS * 2)) -f ${MAKEFILE} all + make --quiet -j$((NCPUS * 2)) -f ${MAKEFILE} all + rm ${MAKEFILE} } component_test_no_platform () { From 8a64fb82a8279e26bf4309716fc1ba40b62b11ca Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 1 Oct 2023 13:31:31 +0100 Subject: [PATCH 07/27] Simplify makefile generation; don't use -j Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 41 ++++++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 14d32c158c..0e3e6d4e5b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3949,12 +3949,12 @@ component_build_aes_variations() { # Linux (so we can check for CPU flags) if [[ "$OSTYPE" == "linux-gnu" ]]; then # Runtime detection is supported on Linux, so it's safe to set these here - AESNI_OPTIONS="0 1" - AESCE_OPTIONS="0 1" + AESNI_OPTIONS=("" "-DMBEDTLS_AESNI_C") + AESCE_OPTIONS=("" "-DMBEDTLS_AESCE_C") else # otherwise leave them unset - AESNI_OPTIONS="0" - AESCE_OPTIONS="0" + AESNI_OPTIONS=("") + AESCE_OPTIONS=("") fi # clear all the variables, so that we can individually set them via clang @@ -3968,25 +3968,25 @@ component_build_aes_variations() { MAKEFILE=$(mktemp) DEPS="" - for a in 0 1; do [[ $a == 0 ]] && A="" || A="-DMBEDTLS_AES_SETKEY_ENC_ALT" - for b in 0 1; do [[ $b == 0 ]] && B="" || B="-DMBEDTLS_AES_DECRYPT_ALT" - for c in 0 1; do [[ $c == 0 ]] && C="" || C="-DMBEDTLS_AES_ROM_TABLES" - for d in 0 1; do [[ $d == 0 ]] && D="" || D="-DMBEDTLS_AES_ENCRYPT_ALT" - for e in 0 1; do [[ $e == 0 ]] && E="" || E="-DMBEDTLS_AES_SETKEY_DEC_ALT" - for f in 0 1; do [[ $f == 0 ]] && F="" || F="-DMBEDTLS_AES_FEWER_TABLES" - for g in 0 1; do [[ $g == 0 ]] && G="" || G="-DMBEDTLS_PADLOCK_C" - for h in 0 1; do [[ $h == 0 ]] && H="" || H="-DMBEDTLS_AES_USE_HARDWARE_ONLY" - for i in $AESNI_OPTIONS; do [[ $i == 0 ]] && I="" || I="-DMBEDTLS_AESNI_C" - for j in $AESCE_OPTIONS; do [[ $j == 0 ]] && J="" || J="-DMBEDTLS_AESCE_C" - for k in 0 1; do [[ $k == 0 ]] && K="" || K="-DMBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" + for a in "" "-DMBEDTLS_AES_SETKEY_ENC_ALT"; do + for b in "" "-DMBEDTLS_AES_DECRYPT_ALT"; do + for c in "" "-DMBEDTLS_AES_ROM_TABLES"; do + for d in "" "-DMBEDTLS_AES_ENCRYPT_ALT"; do + for e in "" "-DMBEDTLS_AES_SETKEY_DEC_ALT"; do + for f in "" "-DMBEDTLS_AES_FEWER_TABLES"; do + for g in "" "-DMBEDTLS_PADLOCK_C"; do + for h in "" "-DMBEDTLS_AES_USE_HARDWARE_ONLY"; do + for i in "${AESNI_OPTIONS[@]}"; do + for j in "${AESCE_OPTIONS[@]}"; do + for k in "" "-DMBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"; do # skip invalid combinations - if [[ $h -eq 1 ]]; then - if [[ !(("$HOSTTYPE" == "aarch64" && $j -eq 1) || ("$HOSTTYPE" == "x86_64" && $i -eq 1)) ]]; then + if [[ "$h" != "" ]]; then + if [[ !(("$HOSTTYPE" == "aarch64" && "$j" != "") || ("$HOSTTYPE" == "x86_64" && "$i" != "")) ]]; then # MBEDTLS_AES_USE_HARDWARE_ONLY requires hw acceleration for the target platform continue fi - if [[ $g -eq 1 ]]; then + if [[ "$g" != "" ]]; then # MBEDTLS_AES_USE_HARDWARE_ONLY and MBEDTLS_PADLOCK_C is not supported continue fi @@ -3995,7 +3995,7 @@ component_build_aes_variations() { # Check syntax only, for speed # Capture failures and continue, but hide successes to avoid spamming the log with 2^11 combinations CMD_FAILED=0 - cmd="clang $A $B $C $D $E $F $G $H $I $J $K -fsyntax-only library/aes.c -Iinclude -std=c99 $WARNING_FLAGS" + cmd="clang $a $b $c $d $e $f $g $h $i $j $k -fsyntax-only library/aes.c -Iinclude -std=c99 $WARNING_FLAGS" TARGET="t$a$b$c$d$e$f$g$h$i$j$k" echo "${TARGET}:" >> $MAKEFILE @@ -4016,8 +4016,7 @@ component_build_aes_variations() { echo "all: ${DEPS}" >> $MAKEFILE - NCPUS=$(lscpu -p|tail -n1|sed 's/,.*//') - make --quiet -j$((NCPUS * 2)) -f ${MAKEFILE} all + make --quiet -f ${MAKEFILE} all rm ${MAKEFILE} } From 184c0af06e1800b6c20c56c4e771d9fb45211d29 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 1 Oct 2023 13:43:02 +0100 Subject: [PATCH 08/27] Remove not-needed edge-case Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0e3e6d4e5b..93739f40b1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3945,18 +3945,6 @@ component_build_aes_variations() { WARNING_FLAGS="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" - # check to see if we can enable MBEDTLS_AES_USE_HARDWARE_ONLY - require - # Linux (so we can check for CPU flags) - if [[ "$OSTYPE" == "linux-gnu" ]]; then - # Runtime detection is supported on Linux, so it's safe to set these here - AESNI_OPTIONS=("" "-DMBEDTLS_AESNI_C") - AESCE_OPTIONS=("" "-DMBEDTLS_AESCE_C") - else - # otherwise leave them unset - AESNI_OPTIONS=("") - AESCE_OPTIONS=("") - fi - # clear all the variables, so that we can individually set them via clang for x in "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" "MBEDTLS_AES_ROM_TABLES" \ "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" "MBEDTLS_AES_FEWER_TABLES" \ @@ -3976,8 +3964,8 @@ component_build_aes_variations() { for f in "" "-DMBEDTLS_AES_FEWER_TABLES"; do for g in "" "-DMBEDTLS_PADLOCK_C"; do for h in "" "-DMBEDTLS_AES_USE_HARDWARE_ONLY"; do - for i in "${AESNI_OPTIONS[@]}"; do - for j in "${AESCE_OPTIONS[@]}"; do + for i in "" "-DMBEDTLS_AESNI_C"; do + for j in "" "-DMBEDTLS_AESCE_C"; do for k in "" "-DMBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"; do # skip invalid combinations From 920343aaf74f1bd2267c8645223bfa9313dfbad1 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 1 Oct 2023 18:41:09 +0100 Subject: [PATCH 09/27] Separate out a resuable option cross-product test function Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 132 ++++++++++++++++++++++++------------------- 1 file changed, 73 insertions(+), 59 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 93739f40b1..fdbde160a6 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3934,80 +3934,94 @@ component_build_tfm() { make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../tests/include/spe" } -component_build_aes_variations() { - # 18s - around 90ms per clang invocation on M1 Pro - # - # aes.o has many #if defined(...) guards that intersect in complex ways. - # Test that all the combinations build cleanly. The most common issue is - # unused variables/functions, so ensure -Wunused is set. +build_test_config_combos() { + # test that the given file builds with all (valid) combinations of the given options. + # syntax: build_test_config_combos FILE VALIDATOR_FUNCTION OPT1 OPT2 ... + # The validator function may be "" if all combinations are valid - msg "build: aes.o for all combinations of relevant config options" + FILE=$1 + shift + # this function must echo something iff the clang "-DA -DB ..." string is invalid + VALIDATE_OPTIONS=$1 + shift + OPTIONS=("$@") + # The most common issue is unused variables/functions, so ensure -Wunused is set. WARNING_FLAGS="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" - # clear all the variables, so that we can individually set them via clang - for x in "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" "MBEDTLS_AES_ROM_TABLES" \ - "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" "MBEDTLS_AES_FEWER_TABLES" \ - "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" \ - "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"; do - ./scripts/config.py unset ${x} - done - MAKEFILE=$(mktemp) DEPS="" - for a in "" "-DMBEDTLS_AES_SETKEY_ENC_ALT"; do - for b in "" "-DMBEDTLS_AES_DECRYPT_ALT"; do - for c in "" "-DMBEDTLS_AES_ROM_TABLES"; do - for d in "" "-DMBEDTLS_AES_ENCRYPT_ALT"; do - for e in "" "-DMBEDTLS_AES_SETKEY_DEC_ALT"; do - for f in "" "-DMBEDTLS_AES_FEWER_TABLES"; do - for g in "" "-DMBEDTLS_PADLOCK_C"; do - for h in "" "-DMBEDTLS_AES_USE_HARDWARE_ONLY"; do - for i in "" "-DMBEDTLS_AESNI_C"; do - for j in "" "-DMBEDTLS_AESCE_C"; do - for k in "" "-DMBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"; do + LEN=${#OPTIONS[@]} - # skip invalid combinations - if [[ "$h" != "" ]]; then - if [[ !(("$HOSTTYPE" == "aarch64" && "$j" != "") || ("$HOSTTYPE" == "x86_64" && "$i" != "")) ]]; then - # MBEDTLS_AES_USE_HARDWARE_ONLY requires hw acceleration for the target platform - continue - fi - if [[ "$g" != "" ]]; then - # MBEDTLS_AES_USE_HARDWARE_ONLY and MBEDTLS_PADLOCK_C is not supported - continue - fi + for ((i = 0; i < $((2**${LEN})); i++)); do + # generate each of 2^n combinations of options + # each bit of $i is used to determine if OPTIONS[i] will be set or not + TARGET="t" + CLANG_ARGS="" + for ((j = 0; j < ${LEN}; j++)); do + OPT=${OPTIONS[j]} + X=$(((i >> j) & 1)) + [[ $X == 0 ]] && OPT="" || OPT="-D${OPT}" + CLANG_ARGS="${CLANG_ARGS} ${OPT}" + TARGET="${TARGET}${OPT}" + done + + # check that combination is not known to be invalid + INVALID="" + [[ "$VALIDATE_OPTIONS" != "" ]] && INVALID=$(${VALIDATE_OPTIONS} "${CLANG_ARGS}") + + # if valid, add it to the makefile + if [[ "$INVALID" == "" ]]; then + cmd="clang ${CLANG_ARGS} -fsyntax-only ${FILE} -Iinclude -std=c99 $WARNING_FLAGS" + echo "${TARGET}:" >> ${MAKEFILE} + echo -e "\t$cmd" >> ${MAKEFILE} + + DEPS="${DEPS} ${TARGET}" fi - - # Check syntax only, for speed - # Capture failures and continue, but hide successes to avoid spamming the log with 2^11 combinations - CMD_FAILED=0 - cmd="clang $a $b $c $d $e $f $g $h $i $j $k -fsyntax-only library/aes.c -Iinclude -std=c99 $WARNING_FLAGS" - - TARGET="t$a$b$c$d$e$f$g$h$i$j$k" - echo "${TARGET}:" >> $MAKEFILE - echo -e "\t$cmd" >> $MAKEFILE - echo >> $MAKEFILE - DEPS="${DEPS} ${TARGET}" - done - done - done - done - done - done - done - done - done - done done - echo "all: ${DEPS}" >> $MAKEFILE + echo "all: ${DEPS}" >> ${MAKEFILE} - make --quiet -f ${MAKEFILE} all + # clear all of the options so that they can be overridden on the clang commandline + for OPT in "${OPTIONS[@]}"; do + ./scripts/config.py unset ${OPT} + done + + # execute all of the commands via Make (probably in parallel) + make -s -f ${MAKEFILE} all + + # clean up the temporary makefile rm ${MAKEFILE} } +build_aes_variations_validate_combo() { + if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then + if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then + echo 1 + fi + if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \ + ("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then + echo 1 + fi + fi +} + +component_build_aes_variations() { + # 18s - around 90ms per clang invocation on M1 Pro + # + # aes.o has many #if defined(...) guards that intersect in complex ways. + # Test that all the combinations build cleanly. + + msg "build: aes.o for all combinations of relevant config options" + + build_test_config_combos library/aes.c build_aes_variations_validate_combo \ + "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \ + "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ + "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ + "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" +} + component_test_no_platform () { # Full configuration build, without platform support, file IO and net sockets. # This should catch missing mbedtls_printf definitions, and by disabling file From 43a5ce8c7f1375c4a4e043277e6bd9c5321b79f7 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 2 Oct 2023 17:09:37 +0100 Subject: [PATCH 10/27] rename function Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fdbde160a6..943ea885ca 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3995,7 +3995,7 @@ build_test_config_combos() { rm ${MAKEFILE} } -build_aes_variations_validate_combo() { +validate_aes_config_variations() { if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then echo 1 @@ -4015,7 +4015,7 @@ component_build_aes_variations() { msg "build: aes.o for all combinations of relevant config options" - build_test_config_combos library/aes.c build_aes_variations_validate_combo \ + build_test_config_combos library/aes.c validate_aes_config_variations \ "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \ "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ From 4243610c15ebd92676d50808cec12314b9eb7020 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 3 Oct 2023 15:47:05 +0100 Subject: [PATCH 11/27] Use make to generate the test command Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 943ea885ca..9ebb120a78 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3946,9 +3946,24 @@ build_test_config_combos() { shift OPTIONS=("$@") + # clear all of the options so that they can be overridden on the clang commandline + for OPT in "${OPTIONS[@]}"; do + ./scripts/config.py unset ${OPT} + done + + # enter the directory containing the target file & strip the dir from the filename + cd $(dirname ${FILE}) + FILE=$(basename ${FILE}) + # The most common issue is unused variables/functions, so ensure -Wunused is set. WARNING_FLAGS="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" + # Extract the command generated by the Makefile to build the target file. + # This ensures that we have any include paths, macro definitions, etc + # that may be applied by make. + # Add -fsyntax-only as we only want a syntax check and don't need to generate a file. + MAKE_CMD=$(make -B -n ${FILE} CC=clang CFLAGS="${WARNING_FLAGS} -fsyntax-only" | egrep "^clang") + MAKEFILE=$(mktemp) DEPS="" @@ -3973,7 +3988,7 @@ build_test_config_combos() { # if valid, add it to the makefile if [[ "$INVALID" == "" ]]; then - cmd="clang ${CLANG_ARGS} -fsyntax-only ${FILE} -Iinclude -std=c99 $WARNING_FLAGS" + cmd="${MAKE_CMD} ${CLANG_ARGS}" echo "${TARGET}:" >> ${MAKEFILE} echo -e "\t$cmd" >> ${MAKEFILE} @@ -3983,11 +3998,6 @@ build_test_config_combos() { echo "all: ${DEPS}" >> ${MAKEFILE} - # clear all of the options so that they can be overridden on the clang commandline - for OPT in "${OPTIONS[@]}"; do - ./scripts/config.py unset ${OPT} - done - # execute all of the commands via Make (probably in parallel) make -s -f ${MAKEFILE} all @@ -4015,7 +4025,7 @@ component_build_aes_variations() { msg "build: aes.o for all combinations of relevant config options" - build_test_config_combos library/aes.c validate_aes_config_variations \ + build_test_config_combos library/aes.o validate_aes_config_variations \ "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \ "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ From 3cde6a2be26ae7c00b319edcd0973700f0dbeba1 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 3 Oct 2023 16:02:56 +0100 Subject: [PATCH 12/27] Improve naming Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9ebb120a78..56727ce7ad 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3962,7 +3962,7 @@ build_test_config_combos() { # This ensures that we have any include paths, macro definitions, etc # that may be applied by make. # Add -fsyntax-only as we only want a syntax check and don't need to generate a file. - MAKE_CMD=$(make -B -n ${FILE} CC=clang CFLAGS="${WARNING_FLAGS} -fsyntax-only" | egrep "^clang") + COMPILE_CMD=$(make -B -n ${FILE} CC=clang CFLAGS="${WARNING_FLAGS} -fsyntax-only" | egrep "^clang") MAKEFILE=$(mktemp) DEPS="" @@ -3988,7 +3988,7 @@ build_test_config_combos() { # if valid, add it to the makefile if [[ "$INVALID" == "" ]]; then - cmd="${MAKE_CMD} ${CLANG_ARGS}" + cmd="${COMPILE_CMD} ${CLANG_ARGS}" echo "${TARGET}:" >> ${MAKEFILE} echo -e "\t$cmd" >> ${MAKEFILE} From 28e38d8e12a9a4c5562f1cc0ea4a5a0fbbb9d003 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 11:50:30 +0100 Subject: [PATCH 13/27] Use lower-case for local variables Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 62 ++++++++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 56727ce7ad..33a2c9f491 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3939,70 +3939,70 @@ build_test_config_combos() { # syntax: build_test_config_combos FILE VALIDATOR_FUNCTION OPT1 OPT2 ... # The validator function may be "" if all combinations are valid - FILE=$1 + file=$1 shift # this function must echo something iff the clang "-DA -DB ..." string is invalid - VALIDATE_OPTIONS=$1 + validate_options=$1 shift - OPTIONS=("$@") + options=("$@") # clear all of the options so that they can be overridden on the clang commandline - for OPT in "${OPTIONS[@]}"; do - ./scripts/config.py unset ${OPT} + for opt in "${options[@]}"; do + ./scripts/config.py unset ${opt} done # enter the directory containing the target file & strip the dir from the filename - cd $(dirname ${FILE}) - FILE=$(basename ${FILE}) + cd $(dirname ${file}) + file=$(basename ${file}) # The most common issue is unused variables/functions, so ensure -Wunused is set. - WARNING_FLAGS="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" + warning_flags="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" # Extract the command generated by the Makefile to build the target file. # This ensures that we have any include paths, macro definitions, etc # that may be applied by make. # Add -fsyntax-only as we only want a syntax check and don't need to generate a file. - COMPILE_CMD=$(make -B -n ${FILE} CC=clang CFLAGS="${WARNING_FLAGS} -fsyntax-only" | egrep "^clang") + compile_cmd=$(make -B -n ${file} CC=clang CFLAGS="${warning_flags} -fsyntax-only" | egrep "^clang") - MAKEFILE=$(mktemp) - DEPS="" + makefile=$(mktemp) + deps="" - LEN=${#OPTIONS[@]} + len=${#options[@]} - for ((i = 0; i < $((2**${LEN})); i++)); do + for ((i = 0; i < $((2**${len})); i++)); do # generate each of 2^n combinations of options - # each bit of $i is used to determine if OPTIONS[i] will be set or not - TARGET="t" - CLANG_ARGS="" - for ((j = 0; j < ${LEN}; j++)); do - OPT=${OPTIONS[j]} + # each bit of $i is used to determine if options[i] will be set or not + target="t" + clang_args="" + for ((j = 0; j < ${len}; j++)); do + opt=${options[j]} X=$(((i >> j) & 1)) - [[ $X == 0 ]] && OPT="" || OPT="-D${OPT}" - CLANG_ARGS="${CLANG_ARGS} ${OPT}" - TARGET="${TARGET}${OPT}" + [[ $X == 0 ]] && opt="" || opt="-D${opt}" + clang_args="${clang_args} ${opt}" + target="${target}${opt}" done # check that combination is not known to be invalid - INVALID="" - [[ "$VALIDATE_OPTIONS" != "" ]] && INVALID=$(${VALIDATE_OPTIONS} "${CLANG_ARGS}") + invalid="" + [[ "$validate_options" != "" ]] && invalid=$(${validate_options} "${clang_args}") # if valid, add it to the makefile - if [[ "$INVALID" == "" ]]; then - cmd="${COMPILE_CMD} ${CLANG_ARGS}" - echo "${TARGET}:" >> ${MAKEFILE} - echo -e "\t$cmd" >> ${MAKEFILE} + if [[ "$invalid" == "" ]]; then + cmd="${compile_cmd} ${clang_args}" + echo "${target}:" >> ${makefile} + echo -e "\t$cmd" >> ${makefile} - DEPS="${DEPS} ${TARGET}" + deps="${deps} ${target}" fi done - echo "all: ${DEPS}" >> ${MAKEFILE} + echo "all: ${deps}" >> ${makefile} # execute all of the commands via Make (probably in parallel) - make -s -f ${MAKEFILE} all + make -s -f ${makefile} all # clean up the temporary makefile - rm ${MAKEFILE} + rm ${makefile} } validate_aes_config_variations() { From 54ada8bae8ade96010d1005964d782bdb0e3084f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 11:55:25 +0100 Subject: [PATCH 14/27] Improve docs Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 33a2c9f491..34089a4029 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3934,14 +3934,17 @@ component_build_tfm() { make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../tests/include/spe" } +# Test that the given .o file builds with all (valid) combinations of the given options. +# +# Syntax: build_test_config_combos FILE VALIDATOR_FUNCTION OPT1 OPT2 ... +# +# The validator function is the name of a function to validate the combination of options. +# It may be "" if all combinations are valid. +# It receives a string containing a combination of options, as passed to the compiler, +# e.g. "-DOPT1 -DOPT2 ...". It must echo something iff the combination is invalid. build_test_config_combos() { - # test that the given file builds with all (valid) combinations of the given options. - # syntax: build_test_config_combos FILE VALIDATOR_FUNCTION OPT1 OPT2 ... - # The validator function may be "" if all combinations are valid - file=$1 shift - # this function must echo something iff the clang "-DA -DB ..." string is invalid validate_options=$1 shift options=("$@") From b1107aeee1fcb3afced5dea75171e8ec334c0c5d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 12:30:23 +0100 Subject: [PATCH 15/27] Tidy up bash syntax Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 34089a4029..ace70d1a4f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3978,19 +3978,16 @@ build_test_config_combos() { target="t" clang_args="" for ((j = 0; j < ${len}; j++)); do - opt=${options[j]} - X=$(((i >> j) & 1)) - [[ $X == 0 ]] && opt="" || opt="-D${opt}" + opt= + if (((i >> j) & 1)); then + opt=-D${options[j]} + fi clang_args="${clang_args} ${opt}" target="${target}${opt}" done - # check that combination is not known to be invalid - invalid="" - [[ "$validate_options" != "" ]] && invalid=$(${validate_options} "${clang_args}") - - # if valid, add it to the makefile - if [[ "$invalid" == "" ]]; then + # if combination is not known to be invalid, add it to the makefile + if [[ -z $validate_options ]] || [[ $($validate_options "${clang_args}") == "" ]] ; then cmd="${compile_cmd} ${clang_args}" echo "${target}:" >> ${makefile} echo -e "\t$cmd" >> ${makefile} From 7a8a2490e58330907c7b67e53be210782c101ec3 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 13:14:20 +0100 Subject: [PATCH 16/27] Tidy-up Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ace70d1a4f..164c2e99f1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3978,12 +3978,11 @@ build_test_config_combos() { target="t" clang_args="" for ((j = 0; j < ${len}; j++)); do - opt= if (((i >> j) & 1)); then opt=-D${options[j]} + clang_args="${clang_args} ${opt}" + target="${target}${opt}" fi - clang_args="${clang_args} ${opt}" - target="${target}${opt}" done # if combination is not known to be invalid, add it to the makefile From a7127eb67cecc021987cd186a04965c52887c52f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 13:38:41 +0100 Subject: [PATCH 17/27] tidy up Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 164c2e99f1..90e5f1bd74 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3979,7 +3979,7 @@ build_test_config_combos() { clang_args="" for ((j = 0; j < ${len}; j++)); do if (((i >> j) & 1)); then - opt=-D${options[j]} + opt=-D${options[$j]} clang_args="${clang_args} ${opt}" target="${target}${opt}" fi @@ -4007,11 +4007,11 @@ build_test_config_combos() { validate_aes_config_variations() { if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then - echo 1 + echo INVALID fi if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \ ("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then - echo 1 + echo INVALID fi fi } From 1ec1a0f0cc74cfe94c883932103edf0e9f26cdcc Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 13:50:54 +0100 Subject: [PATCH 18/27] Introduce MBEDTLS_MAYBE_UNUSED Signed-off-by: Dave Rodgman --- library/common.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/common.h b/library/common.h index 3c472c685d..1fc04a32e2 100644 --- a/library/common.h +++ b/library/common.h @@ -334,4 +334,11 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #define MBEDTLS_OPTIMIZE_FOR_PERFORMANCE #endif +/* Suppress compiler warnings for unused functions and variables. */ +#if defined(__GNUC__) +#define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) +#else +#define MBEDTLS_MAYBE_UNUSED +#endif + #endif /* MBEDTLS_LIBRARY_COMMON_H */ From 18ddf61a750a2a04ca677bbcb254d84f3ce1a84e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 14:03:12 +0100 Subject: [PATCH 19/27] Use MBEDTLS_MAYBE_UNUSED to simplify aes.c and let compiler remove unused variables Signed-off-by: Dave Rodgman --- library/aes.c | 103 +++++++++++++------------------------------------- 1 file changed, 26 insertions(+), 77 deletions(-) diff --git a/library/aes.c b/library/aes.c index 3e27cd39be..d232229816 100644 --- a/library/aes.c +++ b/library/aes.c @@ -84,11 +84,7 @@ static int aes_padlock_ace = -1; /* * Forward S-box */ -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || \ - (!defined(MBEDTLS_AES_SETKEY_ENC_ALT) && (!defined(MBEDTLS_AES_USE_HARDWARE_ONLY) || \ - !defined(MBEDTLS_AES_ROM_TABLES))) || \ - (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) -static const unsigned char FSb[256] = +MBEDTLS_MAYBE_UNUSED static const unsigned char FSb[256] = { 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, @@ -123,8 +119,6 @@ static const unsigned char FSb[256] = 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 }; -#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ /* * Forward tables @@ -196,36 +190,28 @@ static const unsigned char FSb[256] = V(C3, 41, 41, 82), V(B0, 99, 99, 29), V(77, 2D, 2D, 5A), V(11, 0F, 0F, 1E), \ V(CB, B0, B0, 7B), V(FC, 54, 54, A8), V(D6, BB, BB, 6D), V(3A, 16, 16, 2C) -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) #define V(a, b, c, d) 0x##a##b##c##d -static const uint32_t FT0[256] = { FT }; +MBEDTLS_MAYBE_UNUSED static const uint32_t FT0[256] = { FT }; #undef V -#if !defined(MBEDTLS_AES_FEWER_TABLES) - #define V(a, b, c, d) 0x##b##c##d##a -static const uint32_t FT1[256] = { FT }; +MBEDTLS_MAYBE_UNUSED static const uint32_t FT1[256] = { FT }; #undef V #define V(a, b, c, d) 0x##c##d##a##b -static const uint32_t FT2[256] = { FT }; +MBEDTLS_MAYBE_UNUSED static const uint32_t FT2[256] = { FT }; #undef V #define V(a, b, c, d) 0x##d##a##b##c -static const uint32_t FT3[256] = { FT }; +MBEDTLS_MAYBE_UNUSED static const uint32_t FT3[256] = { FT }; #undef V -#endif /* !MBEDTLS_AES_FEWER_TABLES */ - -#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) */ - #undef FT -#if !defined(MBEDTLS_AES_DECRYPT_ALT) /* * Reverse S-box */ -static const unsigned char RSb[256] = +MBEDTLS_MAYBE_UNUSED static const unsigned char RSb[256] = { 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB, @@ -260,7 +246,6 @@ static const unsigned char RSb[256] = 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D }; -#endif /* defined(MBEDTLS_AES_DECRYPT_ALT)) */ /* * Reverse tables @@ -332,88 +317,60 @@ static const unsigned char RSb[256] = V(71, 01, A8, 39), V(DE, B3, 0C, 08), V(9C, E4, B4, D8), V(90, C1, 56, 64), \ V(61, 84, CB, 7B), V(70, B6, 32, D5), V(74, 5C, 6C, 48), V(42, 57, B8, D0) -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || \ - (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) #define V(a, b, c, d) 0x##a##b##c##d -static const uint32_t RT0[256] = { RT }; +MBEDTLS_MAYBE_UNUSED static const uint32_t RT0[256] = { RT }; #undef V -#if !defined(MBEDTLS_AES_FEWER_TABLES) - #define V(a, b, c, d) 0x##b##c##d##a -static const uint32_t RT1[256] = { RT }; +MBEDTLS_MAYBE_UNUSED static const uint32_t RT1[256] = { RT }; #undef V #define V(a, b, c, d) 0x##c##d##a##b -static const uint32_t RT2[256] = { RT }; +MBEDTLS_MAYBE_UNUSED static const uint32_t RT2[256] = { RT }; #undef V #define V(a, b, c, d) 0x##d##a##b##c -static const uint32_t RT3[256] = { RT }; +MBEDTLS_MAYBE_UNUSED static const uint32_t RT3[256] = { RT }; #undef V -#endif /* !MBEDTLS_AES_FEWER_TABLES */ - -#endif \ - /* !defined(MBEDTLS_AES_DECRYPT_ALT) || (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) */ - #undef RT -#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) /* * Round constants */ -static const uint32_t RCON[10] = +MBEDTLS_MAYBE_UNUSED static const uint32_t RCON[10] = { 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010, 0x00000020, 0x00000040, 0x00000080, 0x0000001B, 0x00000036 }; -#endif /* !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */ #else /* MBEDTLS_AES_ROM_TABLES */ /* * Forward S-box & tables */ -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || \ - (!defined(MBEDTLS_AES_SETKEY_ENC_ALT) && (!defined(MBEDTLS_AES_USE_HARDWARE_ONLY) || \ - !defined(MBEDTLS_AES_ROM_TABLES))) || \ - (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) -static unsigned char FSb[256]; -#endif -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) -static uint32_t FT0[256]; -#if !defined(MBEDTLS_AES_FEWER_TABLES) -static uint32_t FT1[256]; -static uint32_t FT2[256]; -static uint32_t FT3[256]; -#endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */ +MBEDTLS_MAYBE_UNUSED static unsigned char FSb[256]; +MBEDTLS_MAYBE_UNUSED static uint32_t FT0[256]; +MBEDTLS_MAYBE_UNUSED static uint32_t FT1[256]; +MBEDTLS_MAYBE_UNUSED static uint32_t FT2[256]; +MBEDTLS_MAYBE_UNUSED static uint32_t FT3[256]; /* * Reverse S-box & tables */ -#if !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT)) -static unsigned char RSb[256]; -#endif /* !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT)) */ +MBEDTLS_MAYBE_UNUSED static unsigned char RSb[256]; -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && \ - !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) -static uint32_t RT0[256]; -#if !defined(MBEDTLS_AES_FEWER_TABLES) -static uint32_t RT1[256]; -static uint32_t RT2[256]; -static uint32_t RT3[256]; -#endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +MBEDTLS_MAYBE_UNUSED static uint32_t RT0[256]; +MBEDTLS_MAYBE_UNUSED static uint32_t RT1[256]; +MBEDTLS_MAYBE_UNUSED static uint32_t RT2[256]; +MBEDTLS_MAYBE_UNUSED static uint32_t RT3[256]; -#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) /* * Round constants */ -static uint32_t RCON[10]; +MBEDTLS_MAYBE_UNUSED static uint32_t RCON[10]; /* * Tables generation code @@ -422,9 +379,9 @@ static uint32_t RCON[10]; #define XTIME(x) (((x) << 1) ^ (((x) & 0x80) ? 0x1B : 0x00)) #define MUL(x, y) (((x) && (y)) ? pow[(log[(x)]+log[(y)]) % 255] : 0) -static int aes_init_done = 0; +MBEDTLS_MAYBE_UNUSED static int aes_init_done = 0; -static void aes_gen_tables(void) +MBEDTLS_MAYBE_UNUSED static void aes_gen_tables(void) { int i; uint8_t x, y, z; @@ -505,8 +462,6 @@ static void aes_gen_tables(void) } } -#endif /* !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */ - #undef ROTL8 #endif /* MBEDTLS_AES_ROM_TABLES */ @@ -584,9 +539,7 @@ void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx) #define MAY_NEED_TO_ALIGN #endif -#if defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_ENC_ALT) -static unsigned mbedtls_aes_rk_offset(uint32_t *buf) +MBEDTLS_MAYBE_UNUSED static unsigned mbedtls_aes_rk_offset(uint32_t *buf) { #if defined(MAY_NEED_TO_ALIGN) int align_16_bytes = 0; @@ -622,8 +575,6 @@ static unsigned mbedtls_aes_rk_offset(uint32_t *buf) return 0; } -#endif /* defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */ /* * AES key schedule (encryption) @@ -1056,7 +1007,6 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_DECRYPT_ALT */ -#if defined(MAY_NEED_TO_ALIGN) /* VIA Padlock and our intrinsics-based implementation of AESNI require * the round keys to be aligned on a 16-byte boundary. We take care of this * before creating them, but the AES context may have moved (this can happen @@ -1064,7 +1014,7 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, * calls it might have a different alignment with respect to 16-byte memory. * So we may need to realign. */ -static void aes_maybe_realign(mbedtls_aes_context *ctx) +MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx) { unsigned new_offset = mbedtls_aes_rk_offset(ctx->buf); if (new_offset != ctx->rk_offset) { @@ -1074,7 +1024,6 @@ static void aes_maybe_realign(mbedtls_aes_context *ctx) ctx->rk_offset = new_offset; } } -#endif /* * AES-ECB block encryption/decryption From feadcaf4a6cd700c1074cffe19aff9add91d3ba6 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 15:27:33 +0100 Subject: [PATCH 20/27] Support MBEDTLS_MAYBE_UNUSED in MSVC and IAR Signed-off-by: Dave Rodgman --- library/common.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/common.h b/library/common.h index 1fc04a32e2..910106bded 100644 --- a/library/common.h +++ b/library/common.h @@ -337,6 +337,12 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, /* Suppress compiler warnings for unused functions and variables. */ #if defined(__GNUC__) #define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) +#elif defined(__IAR_SYSTEMS_ICC__) && defined(__VER__) +#if (__VER__ >= 8000000) +#define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) +#endif +#elif defined(_MSC_VER) +#define MBEDTLS_MAYBE_UNUSED __pragma(warning(suppress:4189)) #else #define MBEDTLS_MAYBE_UNUSED #endif From 749f2227c67b5b07fe9c6633b0b8767de511a8b2 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 15:38:58 +0100 Subject: [PATCH 21/27] Get MBEDTLS_MAYBE_UNUSED to cover more compilers Signed-off-by: Dave Rodgman --- library/common.h | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/library/common.h b/library/common.h index 910106bded..436e35a91c 100644 --- a/library/common.h +++ b/library/common.h @@ -335,15 +335,23 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #endif /* Suppress compiler warnings for unused functions and variables. */ -#if defined(__GNUC__) -#define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) -#elif defined(__IAR_SYSTEMS_ICC__) && defined(__VER__) -#if (__VER__ >= 8000000) +#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__GNUC__) #define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) #endif -#elif defined(_MSC_VER) +#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__IAR_SYSTEMS_ICC__) && defined(__VER__) +#if (__VER__ >= 8010000) // IAR 8.1 or later +#define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) +#endif +#endif +#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(_MSC_VER) #define MBEDTLS_MAYBE_UNUSED __pragma(warning(suppress:4189)) -#else +#endif +#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__has_attribute) +#if __has_attribute(unused) +#define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) +#endif +#endif +#if !defined(MBEDTLS_MAYBE_UNUSED) #define MBEDTLS_MAYBE_UNUSED #endif From 9bf752c45d3fc2d4df3c42de4a9fa630a53d401f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 5 Oct 2023 08:20:44 +0100 Subject: [PATCH 22/27] Support MSVS with clang Signed-off-by: Dave Rodgman --- library/common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/common.h b/library/common.h index 436e35a91c..de26d451b9 100644 --- a/library/common.h +++ b/library/common.h @@ -335,7 +335,7 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #endif /* Suppress compiler warnings for unused functions and variables. */ -#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__GNUC__) +#if !defined(MBEDTLS_MAYBE_UNUSED) && (defined(__GNUC__) || defined(__clang__)) #define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) #endif #if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__IAR_SYSTEMS_ICC__) && defined(__VER__) From 9a32632577c9ea24f6c8f2e487e6b2ed8511dca4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 4 Oct 2023 20:03:55 +0200 Subject: [PATCH 23/27] Fix 3rdparty/Makefile.inc when included recursively 3rdparty/Makefile.inc could only be used when included from the primary makefile passed to make. It could not be used directly, or included from a makefile that is itself included. This was due to counting from the left of $(MAKEFILE_LIST) instead of using the last element. Since each include directive appends to $(MAKEFILE_LIST), when using it to determine $(THIRDPARTY_DIR), we need to use a simply-expanded variable. Signed-off-by: Gilles Peskine --- 3rdparty/Makefile.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3rdparty/Makefile.inc b/3rdparty/Makefile.inc index 80dc126923..70f316b0c8 100644 --- a/3rdparty/Makefile.inc +++ b/3rdparty/Makefile.inc @@ -1,3 +1,3 @@ -THIRDPARTY_DIR = $(dir $(word 2, $(MAKEFILE_LIST))) +THIRDPARTY_DIR := $(dir $(lastword $(MAKEFILE_LIST))) include $(THIRDPARTY_DIR)/everest/Makefile.inc include $(THIRDPARTY_DIR)/p256-m/Makefile.inc From cc88ccdda1d594fea51218c5b584e166d020c6f7 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 13 Oct 2023 10:33:15 +0100 Subject: [PATCH 24/27] Include existing Makefile Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fec46cc50b..7b801a3ecd 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3950,12 +3950,16 @@ build_test_config_combos() { # This ensures that we have any include paths, macro definitions, etc # that may be applied by make. # Add -fsyntax-only as we only want a syntax check and don't need to generate a file. - compile_cmd=$(make -B -n ${file} CC=clang CFLAGS="${warning_flags} -fsyntax-only" | egrep "^clang") + compile_cmd="clang \$(LOCAL_CFLAGS) ${warning_flags} -fsyntax-only -c" - makefile=$(mktemp) + makefile=$(TMPDIR=. mktemp) deps="" len=${#options[@]} + source_file=${file%.o}.c + + targets=0 + echo 'include Makefile' >${makefile} for ((i = 0; i < $((2**${len})); i++)); do # generate each of 2^n combinations of options @@ -3973,17 +3977,18 @@ build_test_config_combos() { # if combination is not known to be invalid, add it to the makefile if [[ -z $validate_options ]] || [[ $($validate_options "${clang_args}") == "" ]] ; then cmd="${compile_cmd} ${clang_args}" - echo "${target}:" >> ${makefile} - echo -e "\t$cmd" >> ${makefile} + echo "${target}: ${source_file}; $cmd ${source_file}" >> ${makefile} deps="${deps} ${target}" + ((++targets)) fi done - echo "all: ${deps}" >> ${makefile} + echo "build_test_config_combos: ${deps}" >> ${makefile} # execute all of the commands via Make (probably in parallel) - make -s -f ${makefile} all + make -s -f ${makefile} build_test_config_combos + echo "$targets targets checked" # clean up the temporary makefile rm ${makefile} From 2457bcd26c2c8b803dce6318432b2a4f31ffa0bf Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 13 Oct 2023 12:31:45 +0100 Subject: [PATCH 25/27] Tidy up logic for MBEDTLS_MAYBE_UNUSED Signed-off-by: Dave Rodgman --- library/common.h | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/library/common.h b/library/common.h index de26d451b9..570b97eca9 100644 --- a/library/common.h +++ b/library/common.h @@ -335,24 +335,24 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #endif /* Suppress compiler warnings for unused functions and variables. */ -#if !defined(MBEDTLS_MAYBE_UNUSED) && (defined(__GNUC__) || defined(__clang__)) -#define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) +#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__has_attribute) +# if __has_attribute(unused) +# define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) +# endif +#endif +#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__GNUC__) +# define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) #endif #if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__IAR_SYSTEMS_ICC__) && defined(__VER__) -#if (__VER__ >= 8010000) // IAR 8.1 or later -#define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) -#endif +# if (__VER__ >= 8010000) // IAR 8.1 or later +# define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) +# endif #endif #if !defined(MBEDTLS_MAYBE_UNUSED) && defined(_MSC_VER) -#define MBEDTLS_MAYBE_UNUSED __pragma(warning(suppress:4189)) -#endif -#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__has_attribute) -#if __has_attribute(unused) -#define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) -#endif +# define MBEDTLS_MAYBE_UNUSED __pragma(warning(suppress:4189)) #endif #if !defined(MBEDTLS_MAYBE_UNUSED) -#define MBEDTLS_MAYBE_UNUSED +# define MBEDTLS_MAYBE_UNUSED #endif #endif /* MBEDTLS_LIBRARY_COMMON_H */ From f3803a1f715245f36226abdd4b398bdb92fbdc85 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 16 Oct 2023 13:47:15 +0100 Subject: [PATCH 26/27] Cleanup validation interface Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7b801a3ecd..f07de88f16 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3926,7 +3926,7 @@ component_build_tfm() { # The validator function is the name of a function to validate the combination of options. # It may be "" if all combinations are valid. # It receives a string containing a combination of options, as passed to the compiler, -# e.g. "-DOPT1 -DOPT2 ...". It must echo something iff the combination is invalid. +# e.g. "-DOPT1 -DOPT2 ...". It must return 0 iff the combination is valid, non-zero if invalid. build_test_config_combos() { file=$1 shift @@ -3975,7 +3975,7 @@ build_test_config_combos() { done # if combination is not known to be invalid, add it to the makefile - if [[ -z $validate_options ]] || [[ $($validate_options "${clang_args}") == "" ]] ; then + if [[ -z $validate_options ]] || $validate_options "${clang_args}"; then cmd="${compile_cmd} ${clang_args}" echo "${target}: ${source_file}; $cmd ${source_file}" >> ${makefile} @@ -3997,11 +3997,11 @@ build_test_config_combos() { validate_aes_config_variations() { if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then - echo INVALID + false fi if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \ ("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then - echo INVALID + false fi fi } From 41bc798d7cb258871ab13f3122b5971a4ce64be6 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 16 Oct 2023 14:04:21 +0100 Subject: [PATCH 27/27] Tidy-up Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f07de88f16..7493c97343 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3997,13 +3997,14 @@ build_test_config_combos() { validate_aes_config_variations() { if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then - false + return 1 fi if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \ ("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then - false + return 1 fi fi + return 0 } component_build_aes_variations() {