From 97bea01ff4ad8ac5c6b6e43908c61c2af7f80620 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 Apr 2020 23:37:45 +0200 Subject: [PATCH 01/24] all.sh: run selftest in the full config and with ASan Almost everything the selftest program does is in the test suites. But just in case run the selftest program itself once in the full configuration, and once in the default configuration with ASan, in addition to running it out of box. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5b70caa225fd..730c80755e4a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -645,7 +645,7 @@ component_test_default_out_of_box () { make test msg "selftest: make, default config (out-of-box)" # ~10s - programs/test/selftest + if_build_succeeded programs/test/selftest export MBEDTLS_TEST_OUTCOME_FILE="$SAVE_MBEDTLS_TEST_OUTCOME_FILE" unset SAVE_MBEDTLS_TEST_OUTCOME_FILE @@ -659,6 +659,9 @@ component_test_default_cmake_gcc_asan () { msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s make test + msg "test: selftest (ASan build)" # ~ 10s + if_build_succeeded programs/test/selftest + msg "test: ssl-opt.sh (ASan build)" # ~ 1 min if_build_succeeded tests/ssl-opt.sh @@ -678,6 +681,9 @@ component_test_full_cmake_gcc_asan () { msg "test: main suites (inc. selftests) (full config, ASan build)" make test + msg "test: selftest (ASan build)" # ~ 10s + if_build_succeeded programs/test/selftest + msg "test: ssl-opt.sh (full config, ASan build)" if_build_succeeded tests/ssl-opt.sh From 60f267bb1ef4cbc39fd56dafd0ce8296b6fedcb2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 22:21:30 +0200 Subject: [PATCH 02/24] all.sh: make the arm-gcc cross-compiler prefix configurable Make it possible to use a compiler that isn't in $PATH, or that's installed with a different name, or even a compiler for a different target such as arm-linux-gnueabi. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 730c80755e4a..6f473bdcd82f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -138,6 +138,7 @@ pre_initialize_variables () { : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} : ${ARMC5_BIN_DIR:=/usr/bin} : ${ARMC6_BIN_DIR:=/usr/bin} + : ${ARM_GCC_PREFIX:=arm-none-eabi-} # if MAKEFLAGS is not set add the -j option to speed up invocations of make if [ -z "${MAKEFLAGS+set}" ]; then @@ -203,6 +204,8 @@ General options: -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. --append-outcome Append to the outcome file (if used). + --arm-gcc-prefix= Prefix for gcc as a cross-compiler for arm + (default: "${ARM_GCC_PREFIX}") --armcc Run ARM Compiler builds (on by default). --except Exclude the COMPONENTs listed on the command line, instead of running only those. @@ -335,6 +338,7 @@ pre_parse_command_line () { while [ $# -gt 0 ]; do case "$1" in --append-outcome) append_outcome=1;; + --arm-gcc-prefix) shift; ARM_GCC_PREFIX="$1";; --armcc) no_armcc=;; --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; @@ -547,7 +551,7 @@ pre_check_tools () { esac case " $RUN_COMPONENTS " in - *_arm_none_eabi_gcc[_\ ]*) check_tools "arm-none-eabi-gcc";; + *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_GCC_PREFIX}gcc";; esac case " $RUN_COMPONENTS " in @@ -1572,36 +1576,36 @@ component_test_no_64bit_multiplication () { } component_build_arm_none_eabi_gcc () { - msg "build: arm-none-eabi-gcc, make" # ~ 10s + msg "build: ${ARM_GCC_PREFIX}gcc, make" # ~ 10s scripts/config.py baremetal - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" LD="${ARM_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib } component_build_arm_none_eabi_gcc_arm5vte () { - msg "build: arm-none-eabi-gcc -march=arm5vte, make" # ~ 10s + msg "build: ${ARM_GCC_PREFIX}gcc -march=arm5vte, make" # ~ 10s scripts/config.py baremetal # Build for a target platform that's close to what Debian uses # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments. # It would be better to build with arm-linux-gnueabi-gcc but # we don't have that on our CI at this time. - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib + make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib } component_build_arm_none_eabi_gcc_no_udbl_division () { - msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s + msg "build: ${ARM_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s scripts/config.py baremetal scripts/config.py set MBEDTLS_NO_UDBL_DIVISION - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" LD="${ARM_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib echo "Checking that software 64-bit division is not required" if_build_succeeded not grep __aeabi_uldiv library/*.o } component_build_arm_none_eabi_gcc_no_64bit_multiplication () { - msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s + msg "build: ${ARM_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s scripts/config.py baremetal scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib + make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" LD="${ARM_GCC_PREFIX}ld" CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib echo "Checking that software 64-bit multiplication is not required" if_build_succeeded not grep __aeabi_lmul library/*.o } From c9cdd21a0407c76ffc239c0e232b0bcc922c5449 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Apr 2020 22:13:43 +0200 Subject: [PATCH 03/24] Travis: don't test with both gcc and clang In practice, we hardly ever get different outcomes, so there is no gain in running tests with different compilers. Experimentally, with the builds and tests we currently do and with the compiler versions on a Travis Ubuntu 16.04, gcc jobs are significantly faster than clang jobs (13 min vs 24 min). So use gcc. Signed-off-by: Gilles Peskine --- .travis.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 0685bdbb4a6a..11d679c7c5a7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,5 @@ language: c -compiler: -- clang -- gcc +compiler: gcc sudo: false cache: ccache From d0f543a5dcc6a41c0d3969f3249ba366f2d1b764 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Apr 2020 22:18:58 +0200 Subject: [PATCH 04/24] Travis: split the build into three parallel jobs Split the build between: * Basic checks * A build in the default configuration with extensive tests * Builds in other configurations with less testing The intent is to have one shorter job with basic tests, and two longer jobs that take roughly the same amount of time (split as evenly as possible while keeping an easy-to-understand separation). Signed-off-by: Gilles Peskine --- .travis.yml | 43 +++++++++++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/.travis.yml b/.travis.yml index 11d679c7c5a7..39d42636efba 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,24 +3,35 @@ compiler: gcc sudo: false cache: ccache -script: -- tests/scripts/recursion.pl library/*.c -- tests/scripts/check-generated-files.sh -- tests/scripts/check-doxy-blocks.pl -- tests/scripts/check-names.sh -- tests/scripts/check-files.py -- tests/scripts/doxygen.sh -- cmake -D CMAKE_BUILD_TYPE:String="Check" . -- make -- make test -- programs/test/selftest -- OSSL_NO_DTLS=1 tests/compat.sh -- tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl' -- tests/scripts/test-ref-configs.pl -- tests/scripts/curves.pl -- tests/scripts/key-exchanges.pl +jobs: + include: + - name: basic checks + script: + - tests/scripts/recursion.pl library/*.c + - tests/scripts/check-generated-files.sh + - tests/scripts/check-doxy-blocks.pl + - tests/scripts/check-names.sh + - tests/scripts/check-files.py + - tests/scripts/doxygen.sh + + - name: default configuration + script: + - cmake -D CMAKE_BUILD_TYPE:String="Check" . + - make + - make test + - programs/test/selftest + - OSSL_NO_DTLS=1 tests/compat.sh + - tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl' + + - name: enumerated configurations + script: + - tests/scripts/test-ref-configs.pl + - tests/scripts/curves.pl + - tests/scripts/key-exchanges.pl + after_failure: - tests/scripts/travis-log-failure.sh + env: global: - SEED=1 From b49a4576ae8f92705b7027cdbf3fe607775efc78 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 Apr 2020 23:45:55 +0200 Subject: [PATCH 05/24] Travis: move doxygen dependencies into the "sanity" job Only this job uses doxygen and graphviz. Signed-off-by: Gilles Peskine --- .travis.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 39d42636efba..2463a7ef8b3e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,6 +6,11 @@ cache: ccache jobs: include: - name: basic checks + addons: + apt: + packages: + - doxygen + - graphviz script: - tests/scripts/recursion.pl library/*.c - tests/scripts/check-generated-files.sh @@ -38,10 +43,6 @@ env: - secure: "FrI5d2s+ckckC17T66c8jm2jV6i2DkBPU5nyWzwbedjmEBeocREfQLd/x8yKpPzLDz7ghOvr+/GQvsPPn0dVkGlNzm3Q+hGHc/ujnASuUtGrcuMM+0ALnJ3k4rFr9xEvjJeWb4SmhJO5UCAZYvTItW4k7+bj9L+R6lt3TzQbXzg=" addons: - apt: - packages: - - doxygen - - graphviz coverity_scan: project: name: "ARMmbed/mbedtls" From a38f3685dc09fa765040e00d431b84a67baeb465 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 21:15:07 +0200 Subject: [PATCH 06/24] Travis: run Pylint Declare an explicit Python version. Pick 3.5 which is the default version on Ubuntu 16.04. This is necessary on Travis to have a working pip for Python 3. Install Pylint 2.4.4. There's nothing special about this version, it's just the latest version. Signed-off-by: Gilles Peskine --- .travis.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.travis.yml b/.travis.yml index 2463a7ef8b3e..113ef19e0d90 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,6 +11,10 @@ jobs: packages: - doxygen - graphviz + language: python # Needed to get pip for Python 3 + python: 3.5 # version from Ubuntu 16.04 + install: + - pip install pylint==2.4.4 script: - tests/scripts/recursion.pl library/*.c - tests/scripts/check-generated-files.sh @@ -18,6 +22,7 @@ jobs: - tests/scripts/check-names.sh - tests/scripts/check-files.py - tests/scripts/doxygen.sh + - tests/scripts/check-python-files.sh - name: default configuration script: From 3c7ffd7a4091916db501d41c8e9ce6bc7e2f0586 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Apr 2020 22:23:35 +0200 Subject: [PATCH 07/24] Travis: call all.sh for sanity checks Different releases have different sets of sanity checks. Keep the list in one place, namely all.sh. Signed-off-by: Gilles Peskine --- .travis.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index 113ef19e0d90..9f439ad90bd9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,13 +16,7 @@ jobs: install: - pip install pylint==2.4.4 script: - - tests/scripts/recursion.pl library/*.c - - tests/scripts/check-generated-files.sh - - tests/scripts/check-doxy-blocks.pl - - tests/scripts/check-names.sh - - tests/scripts/check-files.py - - tests/scripts/doxygen.sh - - tests/scripts/check-python-files.sh + - tests/scripts/all.sh -k 'check_*' - name: default configuration script: From dc566758a30a7511a8dccbbfcb29f70defa106a7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 Apr 2020 23:32:52 +0200 Subject: [PATCH 08/24] Travis: call all.sh for the default-configuration build This way anything we change in all.sh, such as adding tests for programs/*/*, will be reflected here. The build now uses GCC instead of Clang, which doesn't make much difference in practice. The build now enables ASan and UBSan. The tests now run compat.sh and ssl-opt.sh fully. Signed-off-by: Gilles Peskine --- .travis.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9f439ad90bd9..f9cedf0e31ca 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,13 +19,12 @@ jobs: - tests/scripts/all.sh -k 'check_*' - name: default configuration + addons: + apt: + packages: + - gnutls-bin script: - - cmake -D CMAKE_BUILD_TYPE:String="Check" . - - make - - make test - - programs/test/selftest - - OSSL_NO_DTLS=1 tests/compat.sh - - tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl' + - tests/scripts/all.sh -k test_default_cmake_gcc_asan - name: enumerated configurations script: From a2d3ec22bb3badfdf3f874763329877d08fc94e6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 21:31:04 +0200 Subject: [PATCH 09/24] Travis: replace "default configuration by "full configuration" For the one long job with ASan, use the full configuration. We get more coverage this way, at the cost of a slightly longer runtime which we can afford since the "enumerated configurations" job is slower. Add a default-configuration build to the "basic checks" job. This job is fairly quick (no ASan, no SSL testing). Signed-off-by: Gilles Peskine --- .travis.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index f9cedf0e31ca..c3580b8f9576 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,14 +17,15 @@ jobs: - pip install pylint==2.4.4 script: - tests/scripts/all.sh -k 'check_*' + - tests/scripts/all.sh -k test_default_out_of_box - - name: default configuration + - name: full configuration addons: apt: packages: - gnutls-bin script: - - tests/scripts/all.sh -k test_default_cmake_gcc_asan + - tests/scripts/all.sh -k test_full_cmake_gcc_asan - name: enumerated configurations script: From a5ced5b103181b8666731fc2b0d29d0755d66945 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 23:36:00 +0200 Subject: [PATCH 10/24] Travis: install gnutls-bin for all jobs Some jobs don't actually test against GnuTLS, but all.sh checks its presence in all test jobs, so it needs to be installed regardless. Signed-off-by: Gilles Peskine --- .travis.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index c3580b8f9576..c3bd3527836c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,6 +9,7 @@ jobs: addons: apt: packages: + - gnutls-bin - doxygen - graphviz language: python # Needed to get pip for Python 3 @@ -20,10 +21,6 @@ jobs: - tests/scripts/all.sh -k test_default_out_of_box - name: full configuration - addons: - apt: - packages: - - gnutls-bin script: - tests/scripts/all.sh -k test_full_cmake_gcc_asan @@ -42,6 +39,9 @@ env: - secure: "FrI5d2s+ckckC17T66c8jm2jV6i2DkBPU5nyWzwbedjmEBeocREfQLd/x8yKpPzLDz7ghOvr+/GQvsPPn0dVkGlNzm3Q+hGHc/ujnASuUtGrcuMM+0ALnJ3k4rFr9xEvjJeWb4SmhJO5UCAZYvTItW4k7+bj9L+R6lt3TzQbXzg=" addons: + apt: + packages: + - gnutls-bin coverity_scan: project: name: "ARMmbed/mbedtls" From 5dcfb947d133eda40f06bcde71f275668d5d3bb3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 21:46:42 +0200 Subject: [PATCH 11/24] Travis: call all depends_* tests Call all.sh to run all the available test_depends_* components. This adds a run of depends-hashes.pl and depends-pkgalgs.pl. Keep invoking test-ref-configs.pl rather than via all.sh so that it doesn't run with ASan. This saves some time and ASan there doesn't turn up much more than in the full config. Signed-off-by: Gilles Peskine --- .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index c3bd3527836c..39933b58b225 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,8 +27,7 @@ jobs: - name: enumerated configurations script: - tests/scripts/test-ref-configs.pl - - tests/scripts/curves.pl - - tests/scripts/key-exchanges.pl + - tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges' after_failure: - tests/scripts/travis-log-failure.sh From f2f39ddd89728c996a06b4fd282ec3aa6d3e813e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 22:30:31 +0200 Subject: [PATCH 12/24] Travis: add a baremetal build Add a baremetal build to Travis, to catch inadvertent dependencies on platform functions. The exact choice of target platform doesn't matter for this purpose. Pick one that's present in all.sh, that uses a compiler that's available in the Travis build environment (Ubuntu 16.04), and that happens to be close to the Debian "armel" distribution. Signed-off-by: Gilles Peskine --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index 39933b58b225..0569909255e8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,6 +12,8 @@ jobs: - gnutls-bin - doxygen - graphviz + - gcc-arm-none-eabi + - libnewlib-arm-none-eabi language: python # Needed to get pip for Python 3 python: 3.5 # version from Ubuntu 16.04 install: @@ -19,6 +21,7 @@ jobs: script: - tests/scripts/all.sh -k 'check_*' - tests/scripts/all.sh -k test_default_out_of_box + - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte - name: full configuration script: From 129d04169a1a0070b1eced5e3a2ca48366f6d2e9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 22:42:41 +0200 Subject: [PATCH 13/24] Travis: add a build on macOS Just do the default build with Clang and run the unit tests. The objective is to have one build on a Unix-like platform other than Linux. Signed-off-by: Gilles Peskine --- .travis.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.travis.yml b/.travis.yml index 0569909255e8..eefb2552d880 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,6 +32,12 @@ jobs: - tests/scripts/test-ref-configs.pl - tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges' + - name: macOS + os: osx + compiler: clang + script: + - tests/scripts/all.sh -k test_default_out_of_box + after_failure: - tests/scripts/travis-log-failure.sh From af387e0ce1b347a75a0956d0d77aa3f083b805d3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 00:33:13 +0200 Subject: [PATCH 14/24] check-files: support Windows .bat files Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 7474ac798cb8..e8abd751e736 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -103,7 +103,7 @@ def check_file_for_issue(self, filepath): def is_windows_file(filepath): _root, ext = os.path.splitext(filepath) - return ext in ('.dsp', '.sln', '.vcxproj') + return ext in ('.bat', '.dsp', '.sln', '.vcxproj') class PermissionIssueTracker(FileIssueTracker): @@ -224,6 +224,7 @@ def __init__(self, log_file): self.logger = None self.setup_logger(log_file) self.extensions_to_check = ( + ".bat", ".c", ".data", ".dsp", From a4a8f047181444adeffeb14392710ddb0de5c332 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 00:33:28 +0200 Subject: [PATCH 15/24] Add a simple build script for Windows with Visual Studio Keep it simple and mostly non-parametrizable for now. A path to Visual Studio 2017 is hard-coded. Signed-off-by: Gilles Peskine --- scripts/windows_msbuild.bat | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 scripts/windows_msbuild.bat diff --git a/scripts/windows_msbuild.bat b/scripts/windows_msbuild.bat new file mode 100644 index 000000000000..e41993101d0c --- /dev/null +++ b/scripts/windows_msbuild.bat @@ -0,0 +1,20 @@ +@rem Build and test Mbed TLS with Visual Studio using msbuild. +@rem Usage: windows_msbuild [RETARGET] +@rem RETARGET: version of Visual Studio to emulate +@rem https://docs.microsoft.com/en-us/cpp/build/how-to-modify-the-target-framework-and-platform-toolset + +@rem These parameters are hard-coded for now. +set "arch=x64" & @rem "x86" or "x64" +set "cfg=Release" & @rem "Debug" or "Release" +set "vcvarsall=C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\VC\Auxiliary\Build\vcvarsall.bat" + +if not "%~1"=="" set "retarget=,PlatformToolset=%1" + +@rem If the %USERPROFILE%\Source directory exists, then running +@rem vcvarsall.bat will silently change the directory to that directory. +@rem Setting the VSCMD_START_DIR environment variable causes it to change +@rem to that directory instead. +set "VSCMD_START_DIR=%~dp0\..\visualc\VS2010" + +"%vcvarsall%" x64 && ^ +msbuild /t:Rebuild /p:Configuration=%cfg%%retarget% /m mbedTLS.sln From 040251001b614253267c2a2cdd688d00cfb35ed5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 23:25:10 +0200 Subject: [PATCH 16/24] Travis: add a build with Visual Studio on Windows Travis now offers a Windows environment. Do a build with Visual Studio. This brings diversity into the Travis CI which otherwise only uses GCC and Clang. Signed-off-by: Gilles Peskine --- .travis.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.travis.yml b/.travis.yml index eefb2552d880..057875abc655 100644 --- a/.travis.yml +++ b/.travis.yml @@ -38,6 +38,11 @@ jobs: script: - tests/scripts/all.sh -k test_default_out_of_box + - name: Windows + os: windows + script: + - scripts/windows_msbuild.bat + after_failure: - tests/scripts/travis-log-failure.sh From 23d249a99eb41b27e9dd7cbc84f6a2904a7998e7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 13:12:55 +0200 Subject: [PATCH 17/24] Travis: Windows: target Visual Studio 2017 Only the Visual Studio 2017 toolset is currently preinstalled on Travis. Use this, instead of our solution's default which is VS 2010. Signed-off-by: Gilles Peskine --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 057875abc655..ac997b097a79 100644 --- a/.travis.yml +++ b/.travis.yml @@ -41,7 +41,7 @@ jobs: - name: Windows os: windows script: - - scripts/windows_msbuild.bat + - scripts/windows_msbuild.bat v141 # Visual Studio 2017 after_failure: - tests/scripts/travis-log-failure.sh From b97a04483724452f59deaca8fe8c07172aa9839b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 14:09:09 +0200 Subject: [PATCH 18/24] Travis: Windows: install Python 3 and run generate_psa_constants.py Travis Windows machines currently don't have Python 3 preinstalled. We need it to run scripts/generate_psa_constants.py which is needed to build mbedTLS.sln. Signed-off-by: Gilles Peskine --- .travis.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.travis.yml b/.travis.yml index ac997b097a79..2d59ec9f37ed 100644 --- a/.travis.yml +++ b/.travis.yml @@ -40,7 +40,16 @@ jobs: - name: Windows os: windows + before_install: + - choco install python --version=3.5.4 + env: + # Add the directory where the Choco package goes + - PATH=/c/Python35:/c/Python35/Scripts:$PATH script: + - type python; python --version + - python scripts/generate_psa_constants.py + # Logs appear out of sequence on Windows. Give time to catch up. + - sleep 5 - scripts/windows_msbuild.bat v141 # Visual Studio 2017 after_failure: From 10cb160000c89ec131ca62f4e0f928041cdca362 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 21:26:42 +0200 Subject: [PATCH 19/24] Travis: rebalance the Linux builds Make the running time more even. Signed-off-by: Gilles Peskine --- .travis.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 2d59ec9f37ed..a059ea8f45ed 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,7 @@ cache: ccache jobs: include: - - name: basic checks + - name: basic checks and reference configurations addons: apt: packages: @@ -21,15 +21,15 @@ jobs: script: - tests/scripts/all.sh -k 'check_*' - tests/scripts/all.sh -k test_default_out_of_box - - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte + - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte # baremetal + - tests/scripts/test-ref-configs.pl - name: full configuration script: - tests/scripts/all.sh -k test_full_cmake_gcc_asan - - name: enumerated configurations + - name: check compilation guards script: - - tests/scripts/test-ref-configs.pl - tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges' - name: macOS From 6d06134e9318ae1949faabc0a39e7a526d28198c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Apr 2020 18:19:32 +0200 Subject: [PATCH 20/24] Rename --arm-gcc-prefix to --arm-none-eabi-gcc-prefix This is supposed to be for GCC (or a compiler with a compatible command line interface) targeting arm-none-eabi, so name it accordingly. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 6f473bdcd82f..2a4bf8b7cf98 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -138,7 +138,7 @@ pre_initialize_variables () { : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} : ${ARMC5_BIN_DIR:=/usr/bin} : ${ARMC6_BIN_DIR:=/usr/bin} - : ${ARM_GCC_PREFIX:=arm-none-eabi-} + : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-} # if MAKEFLAGS is not set add the -j option to speed up invocations of make if [ -z "${MAKEFLAGS+set}" ]; then @@ -204,8 +204,9 @@ General options: -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. --append-outcome Append to the outcome file (if used). - --arm-gcc-prefix= Prefix for gcc as a cross-compiler for arm - (default: "${ARM_GCC_PREFIX}") + --arm-none-eabi-gcc-prefix= + Prefix for a cross-compiler for arm-none-eabi + (default: "${ARM_NONE_EABI_GCC_PREFIX}") --armcc Run ARM Compiler builds (on by default). --except Exclude the COMPONENTs listed on the command line, instead of running only those. @@ -338,7 +339,7 @@ pre_parse_command_line () { while [ $# -gt 0 ]; do case "$1" in --append-outcome) append_outcome=1;; - --arm-gcc-prefix) shift; ARM_GCC_PREFIX="$1";; + --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";; --armcc) no_armcc=;; --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; @@ -551,7 +552,7 @@ pre_check_tools () { esac case " $RUN_COMPONENTS " in - *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_GCC_PREFIX}gcc";; + *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";; esac case " $RUN_COMPONENTS " in @@ -1576,36 +1577,36 @@ component_test_no_64bit_multiplication () { } component_build_arm_none_eabi_gcc () { - msg "build: ${ARM_GCC_PREFIX}gcc, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc, make" # ~ 10s scripts/config.py baremetal - make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" LD="${ARM_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib } component_build_arm_none_eabi_gcc_arm5vte () { - msg "build: ${ARM_GCC_PREFIX}gcc -march=arm5vte, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte, make" # ~ 10s scripts/config.py baremetal # Build for a target platform that's close to what Debian uses # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments. # It would be better to build with arm-linux-gnueabi-gcc but # we don't have that on our CI at this time. - make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib } component_build_arm_none_eabi_gcc_no_udbl_division () { - msg "build: ${ARM_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s scripts/config.py baremetal scripts/config.py set MBEDTLS_NO_UDBL_DIVISION - make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" LD="${ARM_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib echo "Checking that software 64-bit division is not required" if_build_succeeded not grep __aeabi_uldiv library/*.o } component_build_arm_none_eabi_gcc_no_64bit_multiplication () { - msg "build: ${ARM_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s scripts/config.py baremetal scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION - make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" LD="${ARM_GCC_PREFIX}ld" CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib echo "Checking that software 64-bit multiplication is not required" if_build_succeeded not grep __aeabi_lmul library/*.o } From 6537588d76c02b0f027ff25dba93e90bf54ce038 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Apr 2020 22:54:00 +0200 Subject: [PATCH 21/24] all.sh: build_arm_none_eabi_gcc: do optimize Otherwise the bignum assembly code is not used. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2a4bf8b7cf98..284ea1f0d0f7 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1579,7 +1579,7 @@ component_test_no_64bit_multiplication () { component_build_arm_none_eabi_gcc () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc, make" # ~ 10s scripts/config.py baremetal - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -O1' lib } component_build_arm_none_eabi_gcc_arm5vte () { From 6e2fb86c1e30746b77fbc2dbae4cf9fda050145a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Apr 2020 23:00:53 +0200 Subject: [PATCH 22/24] all.sh: add a Cortex-M0+ build It's pretty fast and adds a little variety. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 284ea1f0d0f7..df003b43c718 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1593,6 +1593,12 @@ component_build_arm_none_eabi_gcc_arm5vte () { make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib } +component_build_arm_none_eabi_gcc_m0plus () { + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s + scripts/config.py baremetal + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib +} + component_build_arm_none_eabi_gcc_no_udbl_division () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s scripts/config.py baremetal From 18487f62d8c47b1b94f67501bd048041df12ffdf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Apr 2020 23:11:54 +0200 Subject: [PATCH 23/24] all.sh: on arm builds (GCC or Arm Compiler), show the code size Just show the code size in the logs, for human consumption. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index df003b43c718..f5e0a87568c3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -299,9 +299,13 @@ armc6_build_test() { FLAGS="$1" - msg "build: ARM Compiler 6 ($FLAGS), make" + msg "build: ARM Compiler 6 ($FLAGS)" ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ WARNING_CFLAGS='-xc -std=c99' make lib + + msg "size: ARM Compiler 6 ($FLAGS)" + "$ARMC6_FROMELF" -z library/*.o + make clean } @@ -567,9 +571,12 @@ pre_check_tools () { *_armcc*) ARMC5_CC="$ARMC5_BIN_DIR/armcc" ARMC5_AR="$ARMC5_BIN_DIR/armar" + ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf" ARMC6_CC="$ARMC6_BIN_DIR/armclang" ARMC6_AR="$ARMC6_BIN_DIR/armar" - check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR";; + ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf" + check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \ + "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";; esac msg "info: output_env.sh" @@ -1577,13 +1584,16 @@ component_test_no_64bit_multiplication () { } component_build_arm_none_eabi_gcc () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s scripts/config.py baremetal make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -O1' lib + + msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" + ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o } component_build_arm_none_eabi_gcc_arm5vte () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s scripts/config.py baremetal # Build for a target platform that's close to what Debian uses # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). @@ -1591,12 +1601,18 @@ component_build_arm_none_eabi_gcc_arm5vte () { # It would be better to build with arm-linux-gnueabi-gcc but # we don't have that on our CI at this time. make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib + + msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1" + ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o } component_build_arm_none_eabi_gcc_m0plus () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s scripts/config.py baremetal make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib + + msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os" + ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o } component_build_arm_none_eabi_gcc_no_udbl_division () { @@ -1618,10 +1634,13 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () { } component_build_armcc () { - msg "build: ARM Compiler 5, make" + msg "build: ARM Compiler 5" scripts/config.py baremetal - make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib + + msg "size: ARM Compiler 5" + "$ARMC5_FROMELF" -z library/*.o + make clean # ARM Compiler 6 - Target ARMv7-A From 907211da885e8c39027d9c2eedc6732771bd74b2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Apr 2020 23:10:48 +0200 Subject: [PATCH 24/24] Travis: do both a Cortex-A build and a Cortex-M0+ build The Cortex-A build is similar to Debian armel. The Cortex-M0+ is a handy point of comparison for code size. Put that one last so that it's easy to find in the log. Signed-off-by: Gilles Peskine --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index a059ea8f45ed..c67c0cd33ccc 100644 --- a/.travis.yml +++ b/.travis.yml @@ -21,8 +21,8 @@ jobs: script: - tests/scripts/all.sh -k 'check_*' - tests/scripts/all.sh -k test_default_out_of_box - - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte # baremetal - tests/scripts/test-ref-configs.pl + - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus - name: full configuration script: