When using PSA with MBEDTLS_ENTROPY_NV_SEED, some test suites
require the seed file for PSA initialization, which was normally generated
later, when entropy tests were run. This change creates an initial seedfile
in all.sh.
Don't unconditionally enable PSA Crypto for all tests. Only enable it in
tests that require it. This allows crypto tests to check that
psa_crypto_init() fails when it is supposed to fail, since we want to
perform some action in a test, and then call psa_crypto_init() and check
the result without it having been called previously.
The existing test `x509parse_crt()` for X.509 CRT parsing
so far used the generic parsing API `mbedtls_x509_crt_parse()`
capable of parsing both PEM encoded and DER encoded certficates,
but was actually only used with DER encoded input data. Moreover,
as the purpose of the test is the testing of the core DER X.509 parsing
functionality, not the PEM vs. DER dispatch (which is now already tested
in the various `x509_crt_info()` tests), the call can be replaced with a
direct call to `mbedtls_x509_parse_crt_der()`.
This commit does that, and further adds to the test an analogous
call to the new API `mbedtls_x509_parse_crt_der_nocopy()` to test
copyless parsing of X.509 certificates.
When all.sh invokes check_headers_in_cpp, a backup config.h exists. This
causes a stray difference vs cpp_dummy_build.cpp. Fix by only collecting
the *.h files in include/mbedtls.
Change-Id: Ifd415027e856858579a6699538f06fc49c793570
Additional changes to temporarily enable running tests:
ssl_srv.c and test_suite_ecdh use mbedtls_ecp_group_load instead of
mbedtls_ecdh_setup
test_suite_ctr_drbg uses mbedtls_ctr_drbg_update instead of
mbedtls_ctr_drbg_update_ret
Wildcard patterns now work with command line COMPONENT arguments
without --except as well as with. You can now run e.g.
`all.sh "check_*` to run all the sanity checks.
After backing up and restoring config.h, `git diff-files` may report
it as potentially-changed because it isn't sure whether the index is
up to date. Use `git diff` instead: it actually reads the file.
Only look for armcc if component_build_armcc is to be executed,
instead of requiring the option --no-armcc.
You can still pass --no-armcc, but it's no longer required when
listing components to run. With no list of components or an exclude
list on the command line, --no-armcc is equivalent to having
build_armcc in the exclude list.
Build the list of components to run in $RUN_COMPONENTS as part of
command line parsing. After parsing the command line, it no longer
matters how this list was built.
Extract the list of available components by looking for definitions of
functions called component_xxx. The previous code explicitly listed
all components in run_all_components, which opened the risk of
forgetting to list a component there.
Add a conditional execution facility: if a function support_xxx exists
and returns false then component_xxx is not executed (except when the
command line lists an explicit set of components to execute).
MAKEFLAGS was set to -j if it was already set, instead of being set if
not previously set as intended. So now all.sh will do parallel builds
if invoked without MAKEFLAGS in the environment.
Don't bail out of all.sh if the OS isn't Linux. We only expect
everything to pass on a recent Linux x86_64, but it's useful to call
all.sh to run some components on any platform.
In all.sh, always run both MemorySanitizer and Valgrind. Valgrind is
slower than ASan and MSan but finds some things that they don't.
Run MSan unconditionally, not just on Linux/x86_64. MSan is supported
on some other OSes and CPUs these days.
Use `all.sh --except test_memsan` if you want to omit MSan because it
isn't supported on your platform. Use `all.sh --except test_memcheck`
if you want to omit Valgrind because it's too slow.
Make the test scripts more portable (tested on FreeBSD): don't insist
on GNU sed, and recognize amd64 as well as x86_64 for `uname -m`. The
`make` utility must still be GNU make.
Call `set disable-randomization off` only if it seems to be supported.
The goal is to neither get an error about disable-randomization not
being supported (e.g. on FreeBSD), nor get an error if it is supported
but fails (e.g. on Ubuntu).
Only fiddle with disable-randomization from all.sh, which cares
because it reports the failure of ASLR disabling as an error. If a
developer invokes the Gdb script manually, a warning about ASLR
doesn't matter.
Use `cmake -D CMAKE_BUILD_TYPE=Asan` rather than manually setting
`-fsanitize=address`. This lets cmake determine the necessary compiler
and linker flags.
With UNSAFE_BUILD on, force -Wno-error. This is necessary to build
with MBEDTLS_TEST_NULL_ENTROPY.
