From 6c371a4067cc03737f647ee2c7d8f9d3bc1ef617 Mon Sep 17 00:00:00 2001 From: Vikas Katariya Date: Tue, 10 Sep 2019 17:22:52 +0100 Subject: [PATCH 01/26] Update Coverity secure token Signed-off-by: Gilles Peskine --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index b4f21a30f..13d302fe2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -25,7 +25,7 @@ after_failure: env: global: - SEED=1 - - secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k=" + - secure: "FrI5d2s+ckckC17T66c8jm2jV6i2DkBPU5nyWzwbedjmEBeocREfQLd/x8yKpPzLDz7ghOvr+/GQvsPPn0dVkGlNzm3Q+hGHc/ujnASuUtGrcuMM+0ALnJ3k4rFr9xEvjJeWb4SmhJO5UCAZYvTItW4k7+bj9L+R6lt3TzQbXzg=" addons: apt: From 53a77012e7690d80e31bd891562f5c9df0644081 Mon Sep 17 00:00:00 2001 From: Vikas Katariya Date: Tue, 10 Sep 2019 17:36:23 +0100 Subject: [PATCH 02/26] Update notification e-mail address Signed-off-by: Gilles Peskine --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 13d302fe2..6d7b7bf86 100644 --- a/.travis.yml +++ b/.travis.yml @@ -35,7 +35,7 @@ addons: coverity_scan: project: name: "ARMmbed/mbedtls" - notification_email: p.j.bakker@polarssl.org + notification_email: support-mbedtls@arm.com build_command_prepend: build_command: make branch_pattern: coverity_scan From bfda033f3d887f66d0f48fd888d939308eae475b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 Apr 2020 23:37:45 +0200 Subject: [PATCH 03/26] all.sh: run selftest in the full config and with ASan Almost everything the selftest program does is in the test suites. But just in case run the selftest program itself once in the full configuration, and once in the default configuration with ASan, in addition to running it out of box. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2fc0c83f3..39fff1bee 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -619,7 +619,7 @@ component_test_default_out_of_box () { make test msg "selftest: make, default config (out-of-box)" # ~10s - programs/test/selftest + if_build_succeeded programs/test/selftest } component_build_yotta () { @@ -640,6 +640,9 @@ component_test_default_cmake_gcc_asan () { msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s make test + msg "test: selftest (ASan build)" # ~ 10s + if_build_succeeded programs/test/selftest + msg "test: ssl-opt.sh (ASan build)" # ~ 1 min if_build_succeeded tests/ssl-opt.sh @@ -656,6 +659,9 @@ component_test_full_cmake_gcc_asan () { msg "test: main suites (inc. selftests) (full config, ASan build)" make test + msg "test: selftest (ASan build)" # ~ 10s + if_build_succeeded programs/test/selftest + msg "test: ssl-opt.sh (full config, ASan build)" if_build_succeeded tests/ssl-opt.sh From cd7b0422ef1c6ffc921cb340841dda73bf48978a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 22:21:30 +0200 Subject: [PATCH 04/26] all.sh: make the arm-gcc cross-compiler prefix configurable Make it possible to use a compiler that isn't in $PATH, or that's installed with a different name, or even a compiler for a different target such as arm-linux-gnueabi. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 39fff1bee..57a538b0c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -131,6 +131,7 @@ pre_initialize_variables () { : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} : ${ARMC5_BIN_DIR:=/usr/bin} : ${ARMC6_BIN_DIR:=/usr/bin} + : ${ARM_GCC_PREFIX:=arm-none-eabi-} # if MAKEFLAGS is not set add the -j option to speed up invocations of make if [ -z "${MAKEFLAGS+set}" ]; then @@ -192,6 +193,8 @@ General options: -f|--force Force the tests to overwrite any modified files. -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. + --arm-gcc-prefix= Prefix for gcc as a cross-compiler for arm + (default: "${ARM_GCC_PREFIX}") --armcc Run ARM Compiler builds (on by default). --except Exclude the COMPONENTs listed on the command line, instead of running only those. @@ -305,6 +308,7 @@ pre_parse_command_line () { while [ $# -gt 0 ]; do case "$1" in + --arm-gcc-prefix) shift; ARM_GCC_PREFIX="$1";; --armcc) no_armcc=;; --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; @@ -517,7 +521,7 @@ pre_check_tools () { esac case " $RUN_COMPONENTS " in - *_arm_none_eabi_gcc[_\ ]*) check_tools "arm-none-eabi-gcc";; + *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_GCC_PREFIX}gcc";; esac case " $RUN_COMPONENTS " in @@ -1083,16 +1087,16 @@ component_test_have_int64 () { } component_build_arm_none_eabi_gcc () { - msg "build: arm-none-eabi-gcc, make" # ~ 10s + msg "build: ${ARM_GCC_PREFIX}, make" # ~ 10s scripts/config.pl baremetal - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" LD="${ARM_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib } component_build_arm_none_eabi_gcc_no_udbl_division () { - msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s + msg "build: ${ARM_GCC_PREFIX} -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s scripts/config.pl baremetal scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" LD="${ARM_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib echo "Checking that software 64-bit division is not required" if_build_succeeded not grep __aeabi_uldiv library/*.o } From e021233cbc952ff69fdfe3070245095ba31cf86c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Apr 2020 22:13:43 +0200 Subject: [PATCH 05/26] Travis: don't test with both gcc and clang In practice, we hardly ever get different outcomes, so there is no gain in running tests with different compilers. Experimentally, with the builds and tests we currently do and with the compiler versions on a Travis Ubuntu 16.04, gcc jobs are significantly faster than clang jobs (13 min vs 24 min). So use gcc. Signed-off-by: Gilles Peskine --- .travis.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 6d7b7bf86..b3cc09473 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,5 @@ language: c -compiler: -- clang -- gcc +compiler: gcc sudo: false cache: ccache script: From b9d0fd60e4e1be230a13b7ae7b9945d93ad90bd9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Apr 2020 22:18:58 +0200 Subject: [PATCH 06/26] Travis: split the build into three parallel jobs Split the build between: * Basic checks * A build in the default configuration with extensive tests * Builds in other configurations with less testing The intent is to have one shorter job with basic tests, and two longer jobs that take roughly the same amount of time (split as evenly as possible while keeping an easy-to-understand separation). Signed-off-by: Gilles Peskine --- .travis.yml | 44 ++++++++++++++++++++++++++++---------------- 1 file changed, 28 insertions(+), 16 deletions(-) diff --git a/.travis.yml b/.travis.yml index b3cc09473..39d42636e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,24 +2,36 @@ language: c compiler: gcc sudo: false cache: ccache -script: -- tests/scripts/recursion.pl library/*.c -- tests/scripts/check-generated-files.sh -- tests/scripts/check-doxy-blocks.pl -- tests/scripts/check-names.sh -- tests/scripts/check-files.py -- tests/scripts/doxygen.sh -- cmake -D CMAKE_BUILD_TYPE:String="Check" . -- make -- make test -- programs/test/selftest -- OSSL_NO_DTLS=1 tests/compat.sh -- tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl' -- tests/scripts/test-ref-configs.pl -- tests/scripts/curves.pl -- tests/scripts/key-exchanges.pl + +jobs: + include: + - name: basic checks + script: + - tests/scripts/recursion.pl library/*.c + - tests/scripts/check-generated-files.sh + - tests/scripts/check-doxy-blocks.pl + - tests/scripts/check-names.sh + - tests/scripts/check-files.py + - tests/scripts/doxygen.sh + + - name: default configuration + script: + - cmake -D CMAKE_BUILD_TYPE:String="Check" . + - make + - make test + - programs/test/selftest + - OSSL_NO_DTLS=1 tests/compat.sh + - tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl' + + - name: enumerated configurations + script: + - tests/scripts/test-ref-configs.pl + - tests/scripts/curves.pl + - tests/scripts/key-exchanges.pl + after_failure: - tests/scripts/travis-log-failure.sh + env: global: - SEED=1 From a7ef8a1d7f0f58eb230bfc8adc3d9cb3e0248f35 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 Apr 2020 23:45:55 +0200 Subject: [PATCH 07/26] Travis: move doxygen dependencies into the "sanity" job Only this job uses doxygen and graphviz. Signed-off-by: Gilles Peskine --- .travis.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 39d42636e..2463a7ef8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,6 +6,11 @@ cache: ccache jobs: include: - name: basic checks + addons: + apt: + packages: + - doxygen + - graphviz script: - tests/scripts/recursion.pl library/*.c - tests/scripts/check-generated-files.sh @@ -38,10 +43,6 @@ env: - secure: "FrI5d2s+ckckC17T66c8jm2jV6i2DkBPU5nyWzwbedjmEBeocREfQLd/x8yKpPzLDz7ghOvr+/GQvsPPn0dVkGlNzm3Q+hGHc/ujnASuUtGrcuMM+0ALnJ3k4rFr9xEvjJeWb4SmhJO5UCAZYvTItW4k7+bj9L+R6lt3TzQbXzg=" addons: - apt: - packages: - - doxygen - - graphviz coverity_scan: project: name: "ARMmbed/mbedtls" From 7b5f0d3cfcb93dd335c061880649674fab8a46e8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 21:15:07 +0200 Subject: [PATCH 08/26] Travis: run Pylint Declare an explicit Python version. Pick 3.5 which is the default version on Ubuntu 16.04. This is necessary on Travis to have a working pip for Python 3. Install Pylint 2.4.4. There's nothing special about this version, it's just the latest version. Signed-off-by: Gilles Peskine --- .travis.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.travis.yml b/.travis.yml index 2463a7ef8..113ef19e0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,6 +11,10 @@ jobs: packages: - doxygen - graphviz + language: python # Needed to get pip for Python 3 + python: 3.5 # version from Ubuntu 16.04 + install: + - pip install pylint==2.4.4 script: - tests/scripts/recursion.pl library/*.c - tests/scripts/check-generated-files.sh @@ -18,6 +22,7 @@ jobs: - tests/scripts/check-names.sh - tests/scripts/check-files.py - tests/scripts/doxygen.sh + - tests/scripts/check-python-files.sh - name: default configuration script: From dadd3bd70329f0fab0e0e08ec43baf6e6a9816f7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Apr 2020 22:23:35 +0200 Subject: [PATCH 09/26] Travis: call all.sh for sanity checks Different releases have different sets of sanity checks. Keep the list in one place, namely all.sh. Signed-off-by: Gilles Peskine --- .travis.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index 113ef19e0..9f439ad90 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,13 +16,7 @@ jobs: install: - pip install pylint==2.4.4 script: - - tests/scripts/recursion.pl library/*.c - - tests/scripts/check-generated-files.sh - - tests/scripts/check-doxy-blocks.pl - - tests/scripts/check-names.sh - - tests/scripts/check-files.py - - tests/scripts/doxygen.sh - - tests/scripts/check-python-files.sh + - tests/scripts/all.sh -k 'check_*' - name: default configuration script: From fb5c8b4e94dd926953633a63c3c5fb37e33a6332 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 Apr 2020 23:32:52 +0200 Subject: [PATCH 10/26] Travis: call all.sh for the default-configuration build This way anything we change in all.sh, such as adding tests for programs/*/*, will be reflected here. The build now uses GCC instead of Clang, which doesn't make much difference in practice. The build now enables ASan and UBSan. The tests now run compat.sh and ssl-opt.sh fully. Signed-off-by: Gilles Peskine --- .travis.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9f439ad90..f9cedf0e3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,13 +19,12 @@ jobs: - tests/scripts/all.sh -k 'check_*' - name: default configuration + addons: + apt: + packages: + - gnutls-bin script: - - cmake -D CMAKE_BUILD_TYPE:String="Check" . - - make - - make test - - programs/test/selftest - - OSSL_NO_DTLS=1 tests/compat.sh - - tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl' + - tests/scripts/all.sh -k test_default_cmake_gcc_asan - name: enumerated configurations script: From 12141d0facaae25314b6135a62108b2eaeff690d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 21:31:04 +0200 Subject: [PATCH 11/26] Travis: replace "default configuration by "full configuration" For the one long job with ASan, use the full configuration. We get more coverage this way, at the cost of a slightly longer runtime which we can afford since the "enumerated configurations" job is slower. Add a default-configuration build to the "basic checks" job. This job is fairly quick (no ASan, no SSL testing). Signed-off-by: Gilles Peskine --- .travis.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index f9cedf0e3..c3580b8f9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,14 +17,15 @@ jobs: - pip install pylint==2.4.4 script: - tests/scripts/all.sh -k 'check_*' + - tests/scripts/all.sh -k test_default_out_of_box - - name: default configuration + - name: full configuration addons: apt: packages: - gnutls-bin script: - - tests/scripts/all.sh -k test_default_cmake_gcc_asan + - tests/scripts/all.sh -k test_full_cmake_gcc_asan - name: enumerated configurations script: From 2bebfc9476bf165478d6fae43d638bf67adb7314 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 23:36:00 +0200 Subject: [PATCH 12/26] Travis: install gnutls-bin for all jobs Some jobs don't actually test against GnuTLS, but all.sh checks its presence in all test jobs, so it needs to be installed regardless. Signed-off-by: Gilles Peskine --- .travis.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index c3580b8f9..c3bd35278 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,6 +9,7 @@ jobs: addons: apt: packages: + - gnutls-bin - doxygen - graphviz language: python # Needed to get pip for Python 3 @@ -20,10 +21,6 @@ jobs: - tests/scripts/all.sh -k test_default_out_of_box - name: full configuration - addons: - apt: - packages: - - gnutls-bin script: - tests/scripts/all.sh -k test_full_cmake_gcc_asan @@ -42,6 +39,9 @@ env: - secure: "FrI5d2s+ckckC17T66c8jm2jV6i2DkBPU5nyWzwbedjmEBeocREfQLd/x8yKpPzLDz7ghOvr+/GQvsPPn0dVkGlNzm3Q+hGHc/ujnASuUtGrcuMM+0ALnJ3k4rFr9xEvjJeWb4SmhJO5UCAZYvTItW4k7+bj9L+R6lt3TzQbXzg=" addons: + apt: + packages: + - gnutls-bin coverity_scan: project: name: "ARMmbed/mbedtls" From 04c4a7e3f27d6c73becf28414b34884cf2bdfc6f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 21:46:42 +0200 Subject: [PATCH 13/26] Travis: call all depends_* tests Call all.sh to run all the available test_depends_* components. This adds a run of depends-hashes.pl and depends-pkgalgs.pl. Keep invoking test-ref-configs.pl rather than via all.sh so that it doesn't run with ASan. This saves some time and ASan there doesn't turn up much more than in the full config. Signed-off-by: Gilles Peskine --- .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index c3bd35278..39933b58b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,8 +27,7 @@ jobs: - name: enumerated configurations script: - tests/scripts/test-ref-configs.pl - - tests/scripts/curves.pl - - tests/scripts/key-exchanges.pl + - tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges' after_failure: - tests/scripts/travis-log-failure.sh From 59afb731dadedaf07bf6c1c9c636e3514043db36 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 22:30:31 +0200 Subject: [PATCH 14/26] Travis: add a baremetal build Add a baremetal build to Travis, to catch inadvertent dependencies on platform functions. The exact choice of target platform doesn't matter for this purpose. Pick one that's present in all.sh, that uses a compiler that's available in the Travis build environment (Ubuntu 16.04), and that happens to be close to the Debian "armel" distribution. Signed-off-by: Gilles Peskine --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index 39933b58b..4eeb3de7f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,6 +12,8 @@ jobs: - gnutls-bin - doxygen - graphviz + - gcc-arm-none-eabi + - libnewlib-arm-none-eabi language: python # Needed to get pip for Python 3 python: 3.5 # version from Ubuntu 16.04 install: @@ -19,6 +21,7 @@ jobs: script: - tests/scripts/all.sh -k 'check_*' - tests/scripts/all.sh -k test_default_out_of_box + - tests/scripts/all.sh -k build_arm_none_eabi_gcc - name: full configuration script: From e4fdfc499c00dc1490472a6304493a697254a50e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 22:42:41 +0200 Subject: [PATCH 15/26] Travis: add a build on macOS Just do the default build with Clang and run the unit tests. The objective is to have one build on a Unix-like platform other than Linux. Signed-off-by: Gilles Peskine --- .travis.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.travis.yml b/.travis.yml index 4eeb3de7f..f83bddb24 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,6 +32,12 @@ jobs: - tests/scripts/test-ref-configs.pl - tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges' + - name: macOS + os: osx + compiler: clang + script: + - tests/scripts/all.sh -k test_default_out_of_box + after_failure: - tests/scripts/travis-log-failure.sh From 86e5816dda70054c4fc59b5ad807f5d840b240c2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 00:33:13 +0200 Subject: [PATCH 16/26] check-files: support Windows .bat files Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index e16c91667..2cf608100 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -103,7 +103,7 @@ class LineIssueTracker(FileIssueTracker): def is_windows_file(filepath): _root, ext = os.path.splitext(filepath) - return ext in ('.dsp', '.sln', '.vcxproj') + return ext in ('.bat', '.dsp', '.sln', '.vcxproj') class PermissionIssueTracker(FileIssueTracker): @@ -223,6 +223,7 @@ class IntegrityChecker: self.logger = None self.setup_logger(log_file) self.extensions_to_check = ( + ".bat", ".c", ".data", ".dsp", From 35170f119007833ed4adf5351e67f6b13409587d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 00:33:28 +0200 Subject: [PATCH 17/26] Add a simple build script for Windows with Visual Studio Keep it simple and mostly non-parametrizable for now. A path to Visual Studio 2017 is hard-coded. Signed-off-by: Gilles Peskine --- scripts/windows_msbuild.bat | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 scripts/windows_msbuild.bat diff --git a/scripts/windows_msbuild.bat b/scripts/windows_msbuild.bat new file mode 100644 index 000000000..e41993101 --- /dev/null +++ b/scripts/windows_msbuild.bat @@ -0,0 +1,20 @@ +@rem Build and test Mbed TLS with Visual Studio using msbuild. +@rem Usage: windows_msbuild [RETARGET] +@rem RETARGET: version of Visual Studio to emulate +@rem https://docs.microsoft.com/en-us/cpp/build/how-to-modify-the-target-framework-and-platform-toolset + +@rem These parameters are hard-coded for now. +set "arch=x64" & @rem "x86" or "x64" +set "cfg=Release" & @rem "Debug" or "Release" +set "vcvarsall=C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\VC\Auxiliary\Build\vcvarsall.bat" + +if not "%~1"=="" set "retarget=,PlatformToolset=%1" + +@rem If the %USERPROFILE%\Source directory exists, then running +@rem vcvarsall.bat will silently change the directory to that directory. +@rem Setting the VSCMD_START_DIR environment variable causes it to change +@rem to that directory instead. +set "VSCMD_START_DIR=%~dp0\..\visualc\VS2010" + +"%vcvarsall%" x64 && ^ +msbuild /t:Rebuild /p:Configuration=%cfg%%retarget% /m mbedTLS.sln From a1cf6d5bdaec6f373b057f9575eb57579ff756d6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 23:25:10 +0200 Subject: [PATCH 18/26] Travis: add a build with Visual Studio on Windows Travis now offers a Windows environment. Do a build with Visual Studio. This brings diversity into the Travis CI which otherwise only uses GCC and Clang. Signed-off-by: Gilles Peskine --- .travis.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.travis.yml b/.travis.yml index f83bddb24..188306298 100644 --- a/.travis.yml +++ b/.travis.yml @@ -38,6 +38,11 @@ jobs: script: - tests/scripts/all.sh -k test_default_out_of_box + - name: Windows + os: windows + script: + - scripts/windows_msbuild.bat + after_failure: - tests/scripts/travis-log-failure.sh From 00f2436bf3b63caeaf13220963cda6cea2cb3a72 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 13:12:55 +0200 Subject: [PATCH 19/26] Travis: Windows: target Visual Studio 2017 Only the Visual Studio 2017 toolset is currently preinstalled on Travis. Use this, instead of our solution's default which is VS 2010. Signed-off-by: Gilles Peskine --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 188306298..ea3f627c0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -41,7 +41,7 @@ jobs: - name: Windows os: windows script: - - scripts/windows_msbuild.bat + - scripts/windows_msbuild.bat v141 # Visual Studio 2017 after_failure: - tests/scripts/travis-log-failure.sh From c15574b8f5ed17ab9adca8fdcaa777215a4dcc9b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 21:26:42 +0200 Subject: [PATCH 20/26] Travis: rebalance the Linux builds Make the running time more even. Signed-off-by: Gilles Peskine --- .travis.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index ea3f627c0..4e2727846 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,7 @@ cache: ccache jobs: include: - - name: basic checks + - name: basic checks and reference configurations addons: apt: packages: @@ -21,15 +21,15 @@ jobs: script: - tests/scripts/all.sh -k 'check_*' - tests/scripts/all.sh -k test_default_out_of_box - - tests/scripts/all.sh -k build_arm_none_eabi_gcc + - tests/scripts/test-ref-configs.pl + - tests/scripts/all.sh -k build_arm_none_eabi_gcc # baremetal - name: full configuration script: - tests/scripts/all.sh -k test_full_cmake_gcc_asan - - name: enumerated configurations + - name: check compilation guards script: - - tests/scripts/test-ref-configs.pl - tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges' - name: macOS From f1709bb4adf219a182f4d805430dfba18c634b4d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Apr 2020 18:19:32 +0200 Subject: [PATCH 21/26] Rename --arm-gcc-prefix to --arm-none-eabi-gcc-prefix This is supposed to be for GCC (or a compiler with a compatible command line interface) targeting arm-none-eabi, so name it accordingly. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 57a538b0c..a98b08d7b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -131,7 +131,7 @@ pre_initialize_variables () { : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} : ${ARMC5_BIN_DIR:=/usr/bin} : ${ARMC6_BIN_DIR:=/usr/bin} - : ${ARM_GCC_PREFIX:=arm-none-eabi-} + : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-} # if MAKEFLAGS is not set add the -j option to speed up invocations of make if [ -z "${MAKEFLAGS+set}" ]; then @@ -193,8 +193,9 @@ General options: -f|--force Force the tests to overwrite any modified files. -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. - --arm-gcc-prefix= Prefix for gcc as a cross-compiler for arm - (default: "${ARM_GCC_PREFIX}") + --arm-none-eabi-gcc-prefix= + Prefix for a cross-compiler for arm-none-eabi + (default: "${ARM_NONE_EABI_GCC_PREFIX}") --armcc Run ARM Compiler builds (on by default). --except Exclude the COMPONENTs listed on the command line, instead of running only those. @@ -308,7 +309,7 @@ pre_parse_command_line () { while [ $# -gt 0 ]; do case "$1" in - --arm-gcc-prefix) shift; ARM_GCC_PREFIX="$1";; + --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";; --armcc) no_armcc=;; --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; @@ -521,7 +522,7 @@ pre_check_tools () { esac case " $RUN_COMPONENTS " in - *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_GCC_PREFIX}gcc";; + *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";; esac case " $RUN_COMPONENTS " in @@ -1087,16 +1088,16 @@ component_test_have_int64 () { } component_build_arm_none_eabi_gcc () { - msg "build: ${ARM_GCC_PREFIX}, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}, make" # ~ 10s scripts/config.pl baremetal - make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" LD="${ARM_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib } component_build_arm_none_eabi_gcc_no_udbl_division () { - msg "build: ${ARM_GCC_PREFIX} -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX} -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s scripts/config.pl baremetal scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION - make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" LD="${ARM_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib echo "Checking that software 64-bit division is not required" if_build_succeeded not grep __aeabi_uldiv library/*.o } From a27af6f023002c2d47275ddcc69fd1cda292fade Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Apr 2020 23:22:55 +0200 Subject: [PATCH 22/26] all.sh: backport component_build_arm_none_eabi_gcc_arm5vte Backport this component that was added to development after 2.7.0. It's easier to keep the 2.7 branch closer to the other maintained branches. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a98b08d7b..252fa7da3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1093,6 +1093,17 @@ component_build_arm_none_eabi_gcc () { make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib } +component_build_arm_none_eabi_gcc_arm5vte () { + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte, make" # ~ 10s + scripts/config.pl baremetal + # Build for a target platform that's close to what Debian uses + # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). + # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments. + # It would be better to build with arm-linux-gnueabi-gcc but + # we don't have that on our CI at this time. + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib +} + component_build_arm_none_eabi_gcc_no_udbl_division () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX} -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s scripts/config.pl baremetal From 009908b56206c8074c969e6e7a8c1400464824c1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Apr 2020 22:54:00 +0200 Subject: [PATCH 23/26] all.sh: build_arm_none_eabi_gcc: do optimize Otherwise the bignum assembly code is not used. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 252fa7da3..5aa9b906f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1088,9 +1088,9 @@ component_test_have_int64 () { } component_build_arm_none_eabi_gcc () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, make" # ~ 10s scripts/config.pl baremetal - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -O1' lib } component_build_arm_none_eabi_gcc_arm5vte () { From 4fb7a2f23f7446d76ada08dbcc945406ecdba97b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Apr 2020 23:00:53 +0200 Subject: [PATCH 24/26] all.sh: add a Cortex-M0+ build It's pretty fast and adds a little variety. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5aa9b906f..04036df10 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1104,6 +1104,12 @@ component_build_arm_none_eabi_gcc_arm5vte () { make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib } +component_build_arm_none_eabi_gcc_m0plus () { + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s + scripts/config.pl baremetal + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib +} + component_build_arm_none_eabi_gcc_no_udbl_division () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX} -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s scripts/config.pl baremetal From 81b60fb7bd64205f025a7eb26aeb90bf160ea914 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Apr 2020 23:11:54 +0200 Subject: [PATCH 25/26] all.sh: on arm builds (GCC or Arm Compiler), show the code size Just show the code size in the logs, for human consumption. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 04036df10..423f6b7a7 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -281,9 +281,13 @@ armc6_build_test() { FLAGS="$1" - msg "build: ARM Compiler 6 ($FLAGS), make" + msg "build: ARM Compiler 6 ($FLAGS)" ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ WARNING_CFLAGS='-xc -std=c99' make lib + + msg "size: ARM Compiler 6 ($FLAGS)" + "$ARMC6_FROMELF" -z library/*.o + make clean } @@ -533,9 +537,12 @@ pre_check_tools () { *_armcc*|*_yotta*) ARMC5_CC="$ARMC5_BIN_DIR/armcc" ARMC5_AR="$ARMC5_BIN_DIR/armar" + ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf" ARMC6_CC="$ARMC6_BIN_DIR/armclang" ARMC6_AR="$ARMC6_BIN_DIR/armar" - check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR";; + ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf" + check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \ + "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";; esac msg "info: output_env.sh" @@ -1088,13 +1095,16 @@ component_test_have_int64 () { } component_build_arm_none_eabi_gcc () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s scripts/config.pl baremetal make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -O1' lib + + msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" + ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o } component_build_arm_none_eabi_gcc_arm5vte () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s scripts/config.pl baremetal # Build for a target platform that's close to what Debian uses # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). @@ -1102,12 +1112,18 @@ component_build_arm_none_eabi_gcc_arm5vte () { # It would be better to build with arm-linux-gnueabi-gcc but # we don't have that on our CI at this time. make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib + + msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1" + ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o } component_build_arm_none_eabi_gcc_m0plus () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s scripts/config.pl baremetal make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib + + msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os" + ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o } component_build_arm_none_eabi_gcc_no_udbl_division () { @@ -1120,10 +1136,13 @@ component_build_arm_none_eabi_gcc_no_udbl_division () { } component_build_armcc () { - msg "build: ARM Compiler 5, make" + msg "build: ARM Compiler 5" scripts/config.pl baremetal - make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib + + msg "size: ARM Compiler 5" + "$ARMC5_FROMELF" -z library/*.o + make clean # ARM Compiler 6 - Target ARMv7-A From 7ccd0255b8e355475f5f5f18e03fa1a435128bab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Apr 2020 23:10:48 +0200 Subject: [PATCH 26/26] Travis: do both a Cortex-A build and a Cortex-M0+ build The Cortex-A build is similar to Debian armel. The Cortex-M0+ is a handy point of comparison for code size. Put that one last so that it's easy to find in the log. Signed-off-by: Gilles Peskine --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 4e2727846..8789c444b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -22,7 +22,7 @@ jobs: - tests/scripts/all.sh -k 'check_*' - tests/scripts/all.sh -k test_default_out_of_box - tests/scripts/test-ref-configs.pl - - tests/scripts/all.sh -k build_arm_none_eabi_gcc # baremetal + - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus - name: full configuration script: