mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-03-20 19:21:09 +01:00
217 lines
8.5 KiB
Bash
217 lines
8.5 KiB
Bash
# components-compiler.sh
|
|
#
|
|
# Copyright The Mbed TLS Contributors
|
|
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
|
|
|
# This file contains test components that are executed by all.sh
|
|
|
|
################################################################
|
|
#### Compiler Testing
|
|
################################################################
|
|
|
|
support_build_tfm_armcc () {
|
|
support_build_armcc
|
|
}
|
|
|
|
component_build_tfm_armcc () {
|
|
# test the TF-M configuration can build cleanly with various warning flags enabled
|
|
cp configs/config-tfm.h "$CONFIG_H"
|
|
|
|
msg "build: TF-M config, armclang armv7-m thumb2"
|
|
helper_armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe"
|
|
}
|
|
|
|
test_build_opt () {
|
|
info=$1 cc=$2; shift 2
|
|
$cc --version
|
|
for opt in "$@"; do
|
|
msg "build/test: $cc $opt, $info" # ~ 30s
|
|
make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror"
|
|
# We're confident enough in compilers to not run _all_ the tests,
|
|
# but at least run the unit tests. In particular, runs with
|
|
# optimizations use inline assembly whereas runs with -O0
|
|
# skip inline assembly.
|
|
make test # ~30s
|
|
make clean
|
|
done
|
|
}
|
|
|
|
# For FreeBSD we invoke the function by name so this condition is added
|
|
# to disable the existing test_clang_opt function for linux.
|
|
if [[ $(uname) != "Linux" ]]; then
|
|
component_test_clang_opt () {
|
|
scripts/config.py full
|
|
test_build_opt 'full config' clang -O0 -Os -O2
|
|
}
|
|
fi
|
|
|
|
component_test_clang_latest_opt () {
|
|
scripts/config.py full
|
|
test_build_opt 'full config' "$CLANG_LATEST" -O0 -Os -O2
|
|
}
|
|
|
|
support_test_clang_latest_opt () {
|
|
type "$CLANG_LATEST" >/dev/null 2>/dev/null
|
|
}
|
|
|
|
component_test_clang_earliest_opt () {
|
|
scripts/config.py full
|
|
test_build_opt 'full config' "$CLANG_EARLIEST" -O2
|
|
}
|
|
|
|
support_test_clang_earliest_opt () {
|
|
type "$CLANG_EARLIEST" >/dev/null 2>/dev/null
|
|
}
|
|
|
|
component_test_gcc_latest_opt () {
|
|
scripts/config.py full
|
|
test_build_opt 'full config' "$GCC_LATEST" -O0 -Os -O2
|
|
}
|
|
|
|
support_test_gcc_latest_opt () {
|
|
type "$GCC_LATEST" >/dev/null 2>/dev/null
|
|
}
|
|
|
|
# Prepare for a non-regression for https://github.com/Mbed-TLS/mbedtls/issues/9814 :
|
|
# test with GCC 15.
|
|
# Eventually, $GCC_LATEST will be GCC 15 or above, and we can remove this
|
|
# separate component.
|
|
# For the time being, we don't make $GCC_LATEST be GCC 15 on the CI
|
|
# platform, because that would break branches where #9814 isn't fixed yet.
|
|
support_test_gcc15_drivers_opt () {
|
|
if type gcc-15 >/dev/null 2>/dev/null; then
|
|
GCC_15=gcc-15
|
|
elif [ -x /usr/local/gcc-15/bin/gcc-15 ]; then
|
|
GCC_15=/usr/local/gcc-15/bin/gcc-15
|
|
else
|
|
return 1
|
|
fi
|
|
}
|
|
component_test_gcc15_drivers_opt () {
|
|
msg "build: GCC 15: full + test drivers dispatching to builtins"
|
|
scripts/config.py full
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
|
|
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
|
|
loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
|
|
loc_cflags="${loc_cflags} -I../framework/tests/include -O2"
|
|
|
|
make CC=$GCC_15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
msg "test: GCC 15: full + test drivers dispatching to builtins"
|
|
make test
|
|
}
|
|
|
|
component_test_gcc_earliest_opt () {
|
|
scripts/config.py full
|
|
test_build_opt 'full config' "$GCC_EARLIEST" -O2
|
|
}
|
|
|
|
support_test_gcc_earliest_opt () {
|
|
type "$GCC_EARLIEST" >/dev/null 2>/dev/null
|
|
}
|
|
|
|
component_build_mingw () {
|
|
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
|
|
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 lib programs
|
|
|
|
# note Make tests only builds the tests, but doesn't run them
|
|
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -maes -msse2 -mpclmul' WINDOWS_BUILD=1 tests
|
|
make WINDOWS_BUILD=1 clean
|
|
|
|
msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
|
|
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 lib programs
|
|
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 tests
|
|
make WINDOWS_BUILD=1 clean
|
|
|
|
msg "build: Windows cross build - mingw64, make (Library only, default config without MBEDTLS_AESNI_C)" # ~ 30s
|
|
./scripts/config.py unset MBEDTLS_AESNI_C #
|
|
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib
|
|
make WINDOWS_BUILD=1 clean
|
|
}
|
|
|
|
support_build_mingw () {
|
|
case $(i686-w64-mingw32-gcc -dumpversion 2>/dev/null) in
|
|
[0-5]*|"") false;;
|
|
*) true;;
|
|
esac
|
|
}
|
|
|
|
component_build_zeroize_checks () {
|
|
msg "build: check for obviously wrong calls to mbedtls_platform_zeroize()"
|
|
|
|
scripts/config.py full
|
|
|
|
# Only compile - we're looking for sizeof-pointer-memaccess warnings
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess"
|
|
}
|
|
|
|
component_test_zeroize () {
|
|
# Test that the function mbedtls_platform_zeroize() is not optimized away by
|
|
# different combinations of compilers and optimization flags by using an
|
|
# auxiliary GDB script. Unfortunately, GDB does not return error values to the
|
|
# system in all cases that the script fails, so we must manually search the
|
|
# output to check whether the pass string is present and no failure strings
|
|
# were printed.
|
|
|
|
# Don't try to disable ASLR. We don't care about ASLR here. We do care
|
|
# about a spurious message if Gdb tries and fails, so suppress that.
|
|
gdb_disable_aslr=
|
|
if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then
|
|
gdb_disable_aslr='set disable-randomization off'
|
|
fi
|
|
|
|
for optimization_flag in -O2 -O3 -Ofast -Os; do
|
|
for compiler in clang gcc; do
|
|
msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
|
|
make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag"
|
|
gdb -ex "$gdb_disable_aslr" -x $FRAMEWORK/tests/programs/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
|
|
grep "The buffer was correctly zeroized" test_zeroize.log
|
|
not grep -i "error" test_zeroize.log
|
|
rm -f test_zeroize.log
|
|
make clean
|
|
done
|
|
done
|
|
}
|
|
|
|
# This originated from an issue (https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/665) found
|
|
# in GCM when the library is built with GCC "10.0 <= version <= 14.2" on platforms other than
|
|
# x86 and ARM64.
|
|
component_test_tf_psa_crypto_optimized_alignment() {
|
|
msg "build: verify alignment with O3 optimizations in GCC"
|
|
|
|
# Disable optimizations for x86 (and ARM64) so that alignment related problems in
|
|
# "alignment.h" can be tested also on standard PC.
|
|
scripts/config.py unset MBEDTLS_AESNI_C
|
|
scripts/config.py unset MBEDTLS_AESCE_C
|
|
|
|
# "-O3" is the optimization level that causes issues: the compiler tries to
|
|
# optimize operations order and if memory dependencies are not respected
|
|
# (as it happens in issue tf-psa-crypto#665) this completely messes up results.
|
|
EXTRA_C_FLAGS="-O3"
|
|
# Forcedly ignore "MBEDTLS_EFFICIENT_UNALIGNED_ACCESS" on x86 so that we
|
|
# can test the problematic case, i.e. the case where uint64 integers are
|
|
# accessed through "mbedtls_uint64_unaligned_t" structs.
|
|
EXTRA_C_FLAGS="$EXTRA_C_FLAGS -DMBEDTLS_ALIGNMENT_DISABLE_EFFICENT_UNALIGNED_ACCESS"
|
|
# Adding '-g3' flag doesn't affect testing, BUT it allows to dump the generated
|
|
# assembly code for "gcm.o" module for inspection. To do this use the
|
|
# following command:
|
|
# > objdump -S --disassemble out_of_source_build/drivers/builtin/CMakeFiles/builtin.dir/src/gcm.c.o > gcm.s
|
|
# A file named "gcm.s" will be generated containing a mix of C and corresponding
|
|
# assembly code.
|
|
EXTRA_C_FLAGS="$EXTRA_C_FLAGS -g3"
|
|
|
|
make CC=gcc CFLAGS="$EXTRA_C_FLAGS"
|
|
|
|
msg "test: verify alignment with O3 optimizations in GCC"
|
|
make test
|
|
}
|
|
|
|
support_test_tf_psa_crypto_optimized_alignment() {
|
|
case $(gcc -dumpfullversion 2>/dev/null) in
|
|
""|?.*) false;; # too old
|
|
10.*|11.*|12.*|13.*) true;;
|
|
14.[012].*) true;;
|
|
*) false;; # too recent
|
|
esac
|
|
}
|