Merge remote-tracking branch 'mbedtls-3.6' into merge-3.6-restricted-20260304

tests/scripts/check-generated-files.sh

@@ -126,6 +126,7 @@ check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bi
 check framework/scripts/generate_config_tests.py $(framework/scripts/generate_config_tests.py --list)
 check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list)
 check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list)
+check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c
 check framework/scripts/generate_test_keys.py tests/include/test/test_keys.h
 check scripts/generate_driver_wrappers.py $library_dir/psa_crypto_driver_wrappers.h $library_dir/psa_crypto_driver_wrappers_no_static.c
 
@@ -135,7 +136,7 @@ if in_mbedtls_repo; then
     check scripts/generate_query_config.pl programs/test/query_config.c
     check scripts/generate_features.pl library/version_features.c
     check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
-    check framework/scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh
+    check scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh
     check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh
     check framework/scripts/generate_test_cert_macros.py tests/include/test/test_certs.h
     # generate_visualc_files enumerates source files (library/*.c). It doesn't
@@ -143,8 +144,3 @@ if in_mbedtls_repo; then
     # the step that creates or updates these files.
     check scripts/generate_visualc_files.pl visualc/VS2017
 fi
-
-# Generated files that are present in the repository even in the development
-# branch. (This is intended to be temporary, until the generator scripts are
-# fully reviewed and the build scripts support a generated header file.)
-check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c

tests/scripts/components-compiler.sh

@@ -172,3 +172,45 @@ component_test_zeroize () {
         done
     done
 }
+
+# This originated from an issue (https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/665) found
+# in GCM when the library is built with GCC "10.0 <= version <= 14.2" on platforms other than
+# x86 and ARM64.
+component_test_tf_psa_crypto_optimized_alignment() {
+    msg "build: verify alignment with O3 optimizations in GCC"
+
+    # Disable optimizations for x86 (and ARM64) so that alignment related problems in
+    # "alignment.h" can be tested also on standard PC.
+    scripts/config.py unset MBEDTLS_AESNI_C
+    scripts/config.py unset MBEDTLS_AESCE_C
+
+    # "-O3" is the optimization level that causes issues: the compiler tries to
+    # optimize operations order and if memory dependencies are not respected
+    # (as it happens in issue tf-psa-crypto#665) this completely messes up results.
+    EXTRA_C_FLAGS="-O3"
+    # Forcedly ignore "MBEDTLS_EFFICIENT_UNALIGNED_ACCESS" on x86 so that we
+    # can test the problematic case, i.e. the case where uint64 integers are
+    # accessed through "mbedtls_uint64_unaligned_t" structs.
+    EXTRA_C_FLAGS="$EXTRA_C_FLAGS -DMBEDTLS_ALIGNMENT_DISABLE_EFFICENT_UNALIGNED_ACCESS"
+    # Adding '-g3' flag doesn't affect testing, BUT it allows to dump the generated
+    # assembly code for "gcm.o" module for inspection. To do this use the
+    # following command:
+    # > objdump -S --disassemble out_of_source_build/drivers/builtin/CMakeFiles/builtin.dir/src/gcm.c.o > gcm.s
+    # A file named "gcm.s" will be generated containing a mix of C and corresponding
+    # assembly code.
+    EXTRA_C_FLAGS="$EXTRA_C_FLAGS -g3"
+
+    make CC=gcc CFLAGS="$EXTRA_C_FLAGS"
+
+    msg "test: verify alignment with O3 optimizations in GCC"
+    make test
+}
+
+support_test_tf_psa_crypto_optimized_alignment() {
+    case $(gcc -dumpfullversion 2>/dev/null) in
+        ""|?.*) false;; # too old
+        10.*|11.*|12.*|13.*) true;;
+        14.[012].*) true;;
+        *) false;; # too recent
+    esac
+}