From 29080e8e6abdf83414197641d15c7b6aefbb611c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Jan 2022 22:30:25 +0100 Subject: [PATCH 1/7] CMake: generate the list of test suites automatically We keep forgetting to register new test suites in tests/CMakeLists.txt. To fix this problem once and for all, remove the need for manual registration. The following test suites were missing: test_suite_cipher.aria test_suite_psa_crypto_driver_wrappers test_suite_psa_crypto_generate_key.generated Signed-off-by: Gilles Peskine --- tests/CMakeLists.txt | 102 +++++-------------------------------------- 1 file changed, 12 insertions(+), 90 deletions(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index bd7e3b977..001db80f8 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -154,96 +154,18 @@ if(MSVC) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-") endif(MSVC) -add_test_suite(aes aes.cbc) -add_test_suite(aes aes.cfb) -add_test_suite(aes aes.ecb) -add_test_suite(aes aes.ofb) -add_test_suite(aes aes.rest) -add_test_suite(aes aes.xts) -add_test_suite(aria) -add_test_suite(asn1parse) -add_test_suite(asn1write) -add_test_suite(base64) -add_test_suite(camellia) -add_test_suite(ccm) -add_test_suite(chacha20) -add_test_suite(chachapoly) -add_test_suite(cipher cipher.aes) -add_test_suite(cipher cipher.camellia) -add_test_suite(cipher cipher.ccm) -add_test_suite(cipher cipher.chacha20) -add_test_suite(cipher cipher.chachapoly) -add_test_suite(cipher cipher.des) -add_test_suite(cipher cipher.gcm) -add_test_suite(cipher cipher.misc) -add_test_suite(cipher cipher.nist_kw) -add_test_suite(cipher cipher.null) -add_test_suite(cipher cipher.padding) -add_test_suite(cmac) -add_test_suite(ctr_drbg) -add_test_suite(debug) -add_test_suite(des) -add_test_suite(dhm) -add_test_suite(ecdh) -add_test_suite(ecdsa) -add_test_suite(ecjpake) -add_test_suite(ecp) -add_test_suite(entropy) -add_test_suite(error) -add_test_suite(gcm gcm.aes128_de) -add_test_suite(gcm gcm.aes128_en) -add_test_suite(gcm gcm.aes192_de) -add_test_suite(gcm gcm.aes192_en) -add_test_suite(gcm gcm.aes256_de) -add_test_suite(gcm gcm.aes256_en) -add_test_suite(gcm gcm.camellia) -add_test_suite(gcm gcm.misc) -add_test_suite(hkdf) -add_test_suite(hmac_drbg hmac_drbg.misc) -add_test_suite(hmac_drbg hmac_drbg.no_reseed) -add_test_suite(hmac_drbg hmac_drbg.nopr) -add_test_suite(hmac_drbg hmac_drbg.pr) -add_test_suite(md) -add_test_suite(mdx) -add_test_suite(memory_buffer_alloc) -add_test_suite(mpi) -add_test_suite(mps) -add_test_suite(net) -add_test_suite(nist_kw) -add_test_suite(oid) -add_test_suite(pem) -add_test_suite(pk) -add_test_suite(pkcs1_v15) -add_test_suite(pkcs1_v21) -add_test_suite(pkcs5) -add_test_suite(pkcs12) -add_test_suite(pkparse) -add_test_suite(pkwrite) -add_test_suite(poly1305) -add_test_suite(psa_crypto) -add_test_suite(psa_crypto_attributes) -add_test_suite(psa_crypto_entropy) -add_test_suite(psa_crypto_hash) -add_test_suite(psa_crypto_init) -add_test_suite(psa_crypto_metadata) -add_test_suite(psa_crypto_not_supported psa_crypto_not_supported.generated) -add_test_suite(psa_crypto_not_supported psa_crypto_not_supported.misc) -add_test_suite(psa_crypto_persistent_key) -add_test_suite(psa_crypto_se_driver_hal) -add_test_suite(psa_crypto_se_driver_hal_mocks) -add_test_suite(psa_crypto_slot_management) -add_test_suite(psa_crypto_storage_format psa_crypto_storage_format.misc) -add_test_suite(psa_crypto_storage_format psa_crypto_storage_format.current) -add_test_suite(psa_crypto_storage_format psa_crypto_storage_format.v0) -add_test_suite(psa_its) -add_test_suite(random) -add_test_suite(rsa) -add_test_suite(shax) -add_test_suite(ssl) -add_test_suite(timing) -add_test_suite(version) -add_test_suite(x509parse) -add_test_suite(x509write) +file(GLOB test_suites RELATIVE "${CMAKE_CURRENT_SOURCE_DIR}" suites/*.data) +list(APPEND test_suites ${base_generated_data_files}) +# If the generated .data files are present in the source tree, we just added +# them twice, both through GLOB and through ${base_generated_data_files}. +list(REMOVE_DUPLICATES test_suites) +list(SORT test_suites) +foreach(test_suite ${test_suites}) + get_filename_component(data_name ${test_suite} NAME_WLE) + string(REPLACE "test_suite_" "" data_name ${data_name}) + string(REGEX MATCH "[^.]*" function_name ${data_name}) + add_test_suite(${function_name} ${data_name}) +endforeach(test_suite) # Make scripts and data files needed for testing available in an # out-of-source build. From cd55fe02ef760e3325f07b0704edcde26716d377 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Jan 2022 23:13:49 +0100 Subject: [PATCH 2/7] Remove accidental use of a feature that doesn't exist in CMake 3.5 Signed-off-by: Gilles Peskine --- tests/CMakeLists.txt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 001db80f8..b3308cbb3 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -161,9 +161,10 @@ list(APPEND test_suites ${base_generated_data_files}) list(REMOVE_DUPLICATES test_suites) list(SORT test_suites) foreach(test_suite ${test_suites}) - get_filename_component(data_name ${test_suite} NAME_WLE) - string(REPLACE "test_suite_" "" data_name ${data_name}) - string(REGEX MATCH "[^.]*" function_name ${data_name}) + get_filename_component(data_name ${test_suite} NAME) + string(REGEX REPLACE "\.data$" "" data_name "${data_name}") + string(REPLACE "test_suite_" "" data_name "${data_name}") + string(REGEX MATCH "[^.]*" function_name "${data_name}") add_test_suite(${function_name} ${data_name}) endforeach(test_suite) From a18fb9d9acf08e5824fe1957eb88411025631834 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Jan 2022 23:24:34 +0100 Subject: [PATCH 3/7] Fix string/regexp backslash escapes Signed-off-by: Gilles Peskine --- tests/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index b3308cbb3..45854f154 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -162,7 +162,7 @@ list(REMOVE_DUPLICATES test_suites) list(SORT test_suites) foreach(test_suite ${test_suites}) get_filename_component(data_name ${test_suite} NAME) - string(REGEX REPLACE "\.data$" "" data_name "${data_name}") + string(REGEX REPLACE "\\.data\$" "" data_name "${data_name}") string(REPLACE "test_suite_" "" data_name "${data_name}") string(REGEX MATCH "[^.]*" function_name "${data_name}") add_test_suite(${function_name} ${data_name}) From a300099246cffc2ccd70045279eb0884473a4147 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 4 Feb 2022 00:21:12 +0100 Subject: [PATCH 4/7] Stop CMake out of source tests running on 16.04 (continued) The race condition mentioned in the previous commit "Stop CMake out of source tests running on 16.04" has also been observed with test_cmake_as_subdirectory and can presumably happen with test_cmake_as_package and test_cmake_as_package_install as well. So skip all of these components on Ubuntu 16.04. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 6e17a91e3..59afac24f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2922,6 +2922,9 @@ component_test_cmake_as_subdirectory () { cd "$MBEDTLS_ROOT_DIR" unset MBEDTLS_ROOT_DIR } +support_test_cmake_as_subdirectory () { + support_test_cmake_out_of_source +} component_test_cmake_as_package () { msg "build: cmake 'as-package' build" @@ -2935,6 +2938,9 @@ component_test_cmake_as_package () { cd "$MBEDTLS_ROOT_DIR" unset MBEDTLS_ROOT_DIR } +support_test_cmake_as_package () { + support_test_cmake_out_of_source +} component_test_cmake_as_package_install () { msg "build: cmake 'as-installed-package' build" @@ -2948,6 +2954,9 @@ component_test_cmake_as_package_install () { cd "$MBEDTLS_ROOT_DIR" unset MBEDTLS_ROOT_DIR } +support_test_cmake_as_package_install () { + support_test_cmake_out_of_source +} component_test_zeroize () { # Test that the function mbedtls_platform_zeroize() is not optimized away by From 3bc3409edf51301fe987396cc24a8ce31d925331 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 4 Feb 2022 00:25:06 +0100 Subject: [PATCH 5/7] Remove obsolete cd at the end of a component This is no longer useful now that components run in a subshell. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 59afac24f..064f9d4c5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2912,15 +2912,10 @@ component_test_cmake_out_of_source () { component_test_cmake_as_subdirectory () { msg "build: cmake 'as-subdirectory' build" - MBEDTLS_ROOT_DIR="$PWD" - cd programs/test/cmake_subproject cmake . make ./cmake_subproject - - cd "$MBEDTLS_ROOT_DIR" - unset MBEDTLS_ROOT_DIR } support_test_cmake_as_subdirectory () { support_test_cmake_out_of_source @@ -2928,15 +2923,10 @@ support_test_cmake_as_subdirectory () { component_test_cmake_as_package () { msg "build: cmake 'as-package' build" - MBEDTLS_ROOT_DIR="$PWD" - cd programs/test/cmake_package cmake . make ./cmake_package - - cd "$MBEDTLS_ROOT_DIR" - unset MBEDTLS_ROOT_DIR } support_test_cmake_as_package () { support_test_cmake_out_of_source @@ -2944,15 +2934,10 @@ support_test_cmake_as_package () { component_test_cmake_as_package_install () { msg "build: cmake 'as-installed-package' build" - MBEDTLS_ROOT_DIR="$PWD" - cd programs/test/cmake_package_install cmake . make ./cmake_package_install - - cd "$MBEDTLS_ROOT_DIR" - unset MBEDTLS_ROOT_DIR } support_test_cmake_as_package_install () { support_test_cmake_out_of_source From c1247c0cbb078c42a17403371b67f8fb35c8f29d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 4 Feb 2022 00:29:18 +0100 Subject: [PATCH 6/7] Remove obsolete variable restoration or unset at the end of a component This is no longer useful now that components run in a subshell. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 064f9d4c5..fc2ab3007 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -883,7 +883,6 @@ component_test_default_out_of_box () { msg "build: make, default config (out-of-box)" # ~1min make # Disable fancy stuff - SAVE_MBEDTLS_TEST_OUTCOME_FILE="$MBEDTLS_TEST_OUTCOME_FILE" unset MBEDTLS_TEST_OUTCOME_FILE msg "test: main suites make, default config (out-of-box)" # ~10s @@ -891,9 +890,6 @@ component_test_default_out_of_box () { msg "selftest: make, default config (out-of-box)" # ~10s programs/test/selftest - - export MBEDTLS_TEST_OUTCOME_FILE="$SAVE_MBEDTLS_TEST_OUTCOME_FILE" - unset SAVE_MBEDTLS_TEST_OUTCOME_FILE } component_test_default_cmake_gcc_asan () { @@ -1584,9 +1580,6 @@ component_test_psa_crypto_config_accel_ecdsa () { loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" - unset loc_accel_flags - unset loc_accel_list - if_build_succeeded not grep mbedtls_ecdsa_ library/ecdsa.o msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA" @@ -1666,9 +1659,6 @@ component_test_psa_crypto_config_accel_rsa_signature () { loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" - unset loc_accel_flags - unset loc_accel_list - if_build_succeeded not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o if_build_succeeded not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o @@ -1705,9 +1695,6 @@ component_test_psa_crypto_config_accel_hash () { loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" - unset loc_accel_flags - unset loc_accel_list - if_build_succeeded not grep mbedtls_sha512_init library/sha512.o if_build_succeeded not grep mbedtls_sha1_init library/sha1.o @@ -1745,9 +1732,6 @@ component_test_psa_crypto_config_accel_cipher () { loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" - unset loc_accel_flags - unset loc_accel_list - if_build_succeeded not grep mbedtls_des* library/des.o msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" @@ -2428,7 +2412,6 @@ component_test_psa_crypto_drivers () { loc_cflags="${loc_cflags} -I../tests/include -O2" make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" - unset loc_cflags msg "test: full + MBEDTLS_PSA_CRYPTO_DRIVERS" make test @@ -2969,8 +2952,6 @@ component_test_zeroize () { make clean done done - - unset gdb_disable_aslr } component_test_psa_compliance () { From 827dbd9d35112569b1fa34085f62e9795f5843bf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 4 Feb 2022 00:30:54 +0100 Subject: [PATCH 7/7] Remove obsolete calls to if_build_succeeded This is now a no-op. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fc2ab3007..2f2179603 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1580,7 +1580,7 @@ component_test_psa_crypto_config_accel_ecdsa () { loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" - if_build_succeeded not grep mbedtls_ecdsa_ library/ecdsa.o + not grep mbedtls_ecdsa_ library/ecdsa.o msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA" make test @@ -1659,8 +1659,8 @@ component_test_psa_crypto_config_accel_rsa_signature () { loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" - if_build_succeeded not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o - if_build_succeeded not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o + not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o + not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" make test @@ -1695,8 +1695,8 @@ component_test_psa_crypto_config_accel_hash () { loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" - if_build_succeeded not grep mbedtls_sha512_init library/sha512.o - if_build_succeeded not grep mbedtls_sha1_init library/sha1.o + not grep mbedtls_sha512_init library/sha512.o + not grep mbedtls_sha1_init library/sha1.o msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" make test @@ -1732,7 +1732,7 @@ component_test_psa_crypto_config_accel_cipher () { loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" - if_build_succeeded not grep mbedtls_des* library/des.o + not grep mbedtls_des* library/des.o msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" make test @@ -2717,7 +2717,7 @@ component_test_tls13 () { msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" make test msg "ssl-opt.sh (TLS 1.3)" - if_build_succeeded tests/ssl-opt.sh + tests/ssl-opt.sh } component_test_tls13_no_compatibility_mode () { @@ -2730,7 +2730,7 @@ component_test_tls13_no_compatibility_mode () { msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" make test msg "ssl-opt.sh (TLS 1.3 no compatibility mode)" - if_build_succeeded tests/ssl-opt.sh + tests/ssl-opt.sh } component_test_tls13_with_padding () { @@ -2743,7 +2743,7 @@ component_test_tls13_with_padding () { msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with padding" make test msg "ssl-opt.sh (TLS 1.3 with padding)" - if_build_succeeded tests/ssl-opt.sh + tests/ssl-opt.sh } component_test_tls13_with_ecp_restartable () { @@ -2756,7 +2756,7 @@ component_test_tls13_with_ecp_restartable () { msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with ecp_restartable" make test msg "ssl-opt.sh (TLS 1.3 with ecp_restartable)" - if_build_succeeded tests/ssl-opt.sh + tests/ssl-opt.sh } component_test_tls13_with_everest () { @@ -2770,7 +2770,7 @@ component_test_tls13_with_everest () { msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with Everest" make test msg "ssl-opt.sh (TLS 1.3 with everest)" - if_build_succeeded tests/ssl-opt.sh + tests/ssl-opt.sh } component_build_mingw () {