Remove legacy components with an equivalent USE_PSA component
Remove all.sh components that explicitly disable MBEDTLS_USE_PSA_CRYPTO, and
for which there is another component with MBEDTLS_USE_PSA_CRYPTO enabled
that does the same or more testing.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 0fa69b0..4d53e5c 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -102,29 +102,6 @@
tests/context-info.sh
}
-component_test_no_ctr_drbg_classic () {
- msg "build: Full minus CTR_DRBG, classic crypto in TLS"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_CTR_DRBG_C
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
-
- CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: Full minus CTR_DRBG, classic crypto - main suites"
- make test
-
- # In this configuration, the TLS test programs use HMAC_DRBG.
- # The SSL tests are slow, so run a small subset, just enough to get
- # confidence that the SSL code copes with HMAC_DRBG.
- msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)"
- tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
-
- msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)"
- tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
-}
-
component_test_no_ctr_drbg_use_psa () {
msg "build: Full minus CTR_DRBG, PSA crypto in TLS"
scripts/config.py full
@@ -147,34 +124,6 @@
tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
}
-component_test_no_hmac_drbg_classic () {
- msg "build: Full minus HMAC_DRBG, classic crypto in TLS"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_HMAC_DRBG_C
- scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
-
- CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: Full minus HMAC_DRBG, classic crypto - main suites"
- make test
-
- # Normally our ECDSA implementation uses deterministic ECDSA. But since
- # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used
- # instead.
- # Test SSL with non-deterministic ECDSA. Only test features that
- # might be affected by how ECDSA signature is performed.
- msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)"
- tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
-
- # To save time, only test one protocol version, since this part of
- # the protocol is identical in (D)TLS up to 1.2.
- msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)"
- tests/compat.sh -m tls12 -t 'ECDSA'
-}
-
component_test_no_hmac_drbg_use_psa () {
msg "build: Full minus HMAC_DRBG, PSA crypto in TLS"
scripts/config.py full
@@ -202,30 +151,6 @@
tests/compat.sh -m tls12 -t 'ECDSA'
}
-component_test_psa_external_rng_no_drbg_classic () {
- msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
- scripts/config.py unset MBEDTLS_ENTROPY_C
- scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
- scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
- scripts/config.py unset MBEDTLS_CTR_DRBG_C
- scripts/config.py unset MBEDTLS_HMAC_DRBG_C
- scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
- # When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG,
- # the SSL test programs don't have an RNG and can't work. Explicitly
- # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG.
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS"
-
- msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites"
- make test
-
- msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)"
- tests/ssl-opt.sh -f 'Default'
-}
-
component_test_psa_external_rng_no_drbg_use_psa () {
msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS"
scripts/config.py full
diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh
index a3c150b..e872af0 100644
--- a/tests/scripts/components-sanitizers.sh
+++ b/tests/scripts/components-sanitizers.sh
@@ -37,26 +37,6 @@
export SKIP_TEST_SUITES
}
-component_test_memsan_constant_flow () {
- # This tests both (1) accesses to undefined memory, and (2) branches or
- # memory access depending on secret values. To distinguish between those:
- # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
- # - or alternatively, change the build type to MemSanDbg, which enables
- # origin tracking and nicer stack traces (which are useful for debugging
- # anyway), and check if the origin was TEST_CF_SECRET() or something else.
- msg "build: cmake MSan (clang), full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
- scripts/config.py full
- scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
- scripts/config.py unset MBEDTLS_HAVE_ASM
- CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
- make
-
- msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, Msan + constant flow)"
- make test
-}
-
component_test_memsan_constant_flow_psa () {
# This tests both (1) accesses to undefined memory, and (2) branches or
# memory access depending on secret values. To distinguish between those:
@@ -76,39 +56,6 @@
make test
}
-component_release_test_valgrind_constant_flow () {
- # This tests both (1) everything that valgrind's memcheck usually checks
- # (heap buffer overflows, use of uninitialized memory, use-after-free,
- # etc.) and (2) branches or memory access depending on secret values,
- # which will be reported as uninitialized memory. To distinguish between
- # secret and actually uninitialized:
- # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
- # - or alternatively, build with debug info and manually run the offending
- # test suite with valgrind --track-origins=yes, then check if the origin
- # was TEST_CF_SECRET() or something else.
- msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
- scripts/config.py full
- scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- skip_suites_without_constant_flow
- cmake -D CMAKE_BUILD_TYPE:String=Release .
- make
-
- # this only shows a summary of the results (how many of each type)
- # details are left in Testing/<date>/DynamicAnalysis.xml
- msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)"
- make memcheck
-
- # Test asm path in constant time module - by default, it will test the plain C
- # path under Valgrind or Memsan. Running only the constant_time tests is fast (<1s)
- msg "test: valgrind asm constant_time"
- skip_all_except_given_suite test_suite_constant_time
- cmake -D CMAKE_BUILD_TYPE:String=Release .
- make clean
- make
- make memcheck
-}
-
component_release_test_valgrind_constant_flow_no_asm () {
# This tests both (1) everything that valgrind's memcheck usually checks
# (heap buffer overflows, use of uninitialized memory, use-after-free,
@@ -122,7 +69,6 @@
msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO, minus MBEDTLS_HAVE_ASM with constant flow testing"
scripts/config.py full
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_HAVE_ASM
skip_suites_without_constant_flow