Commit graph

9206 commits

Author SHA1 Message Date
Jaeden Amero ceb1370662 Merge remote-tracking branch 'origin/pr/2580' into development
* origin/pr/2580:
  cpp_dummy_build: Add missing header psa_util.h
2019-04-16 15:11:32 +01:00
Jaeden Amero c41a3285de Merge remote-tracking branch 'origin/pr/2559' into development
* origin/pr/2559:
  Clarify comment mangled by an earlier refactoring
  Add an "out-of-box" component
  Run ssl-opt.sh on 32-bit runtime
2019-04-16 15:09:42 +01:00
Jaeden Amero 7a1c4eb826 Merge remote-tracking branch 'origin/pr/2567' into development
* origin/pr/2567:
  Don't use debug level 1 for informational messages
2019-04-16 15:08:39 +01:00
Jaeden Amero d4d20adea9 Merge remote-tracking branch 'origin/pr/2555' into development
* origin/pr/2555:
  Give credit to OSS-Fuzz for #2404
2019-04-16 15:07:44 +01:00
Jaeden Amero ef42847dee Merge remote-tracking branch 'origin/pr/2552' into development
* origin/pr/2552:
  Remove ssl_cert_test sample app
2019-04-16 15:06:45 +01:00
Gilles Peskine 424840e033 Call mbedtls_cipher_free() to reset a cipher context
mbedtls_cipher_reset() only restarts the operation, it doesn't
dissociate the key from the context.
2019-04-16 16:06:34 +02:00
Jaeden Amero fe7106755e Merge remote-tracking branch 'origin/pr/2539' into development
Resolve conflicts by performing the following:
  - Ensure calls to mbedtls_x509_crt_verify_* are made with callbacks

* origin/pr/2539:
  Make CRT callback tests more robust
  Rename constant in client2.c
  Fix typo
  Add test for configuration specific CRT callback
  Fix doxygen documentation of mbedtls_ssl_set_verify()
  Add test exercising context-specific CRT callback to ssl-opt.sh
  Add cmd to use context-specific CRT callback in ssl_client2
  Implement context-specific verification callbacks
  Add context-specific CRT verification callbacks
  Improve documentation of mbedtls_ssl_conf_verify()
2019-04-16 15:05:18 +01:00
Jaeden Amero ff34d43720 Merge remote-tracking branch 'origin/pr/2532' into development
* origin/pr/2532: (29 commits)
  Document and test flags in x509_verify
  Fix style issues and a typo
  Fix name to function call
  Address comments for x509 tests
  Address review comments regarding ssl_client2 and ssl tests
  Remove mbedtls_ from the static function name
  Change docs according to review comments
  Change the verify function naming
  Fix ssl_client2 and ssl_server2 if !PLATFORM_C
  Correct placement of usage macro in ssl_client2
  Update version_features.c
  Remove trailing whitespace in test_suite_x509parse.function
  Update query_config.c
  Add ssl-opt.sh tests for trusted CA callbacks
  Only run X.509 CRT verification tests with CA callback tests if !CRL
  Minor fixes to CA callback tests
  Declare CA callback type even if feature is disabled
  Implement X.509 CRT verification using CA callback
  Add prototype for CRT verification with static and dynamic CA list
  Make use of CA callback if present when verifying peer CRT chain
  ...
2019-04-16 14:42:11 +01:00
Jaeden Amero 24c71d3a5c Merge remote-tracking branch 'origin/pr/2502' into development
* origin/pr/2502:
  all.sh: remove component_test_new_ecdh_context
  Remove crypto-only related components from all.sh
2019-04-16 14:41:20 +01:00
Jaeden Amero 137c5b7297 Merge remote-tracking branch 'origin/pr/2477' into development
* origin/pr/2477:
  Fix typo in data_file generator code
2019-04-16 14:38:58 +01:00
Jaeden Amero bc195a99c7 Merge remote-tracking branch 'origin/pr/2474' into development
* origin/pr/2474:
  Fix the proxy seed in Travis runs
2019-04-16 14:37:15 +01:00
Gilles Peskine 139ec3b913 Don't call mbedtls_cipher_setkey twice
The documentation doesn't explicitly say whether it's allowed or not.
This currently works with the default software implementation, but
only by accident. It isn't guaranteed to work with new ciphers or with
alternative implementations of individual ciphers, and it doesn't work
with the PSA wrappers. So don't do it.
2019-04-16 15:25:20 +02:00
Ron Eldor 3b4f9eac44 Update crypto submodule
Update crypto submodule to latest commit
2019-04-16 13:31:27 +03:00
Ron Eldor 685a398a6b Minor fixes in get certificate policies oid test
1. Remove irrelevant  dependency on `MBEDTLS_ASN1_WRITE_C`.
2. Remove whitespace between `*` and parameter.
2019-04-16 13:26:54 +03:00
Ron Eldor e82341646a Add certificate policy oid x509 extension
Add the `MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES` to the list
of supported x509 extensions, in `mbedtls_oid_get_x509_ext_type()`.
2019-04-16 13:26:54 +03:00
Jaeden Amero e6d5a501ba Merge remote-tracking branch 'origin/pr/2558' into development
* origin/pr/2558:
  Skip uncritical unsupported extensions
2019-04-15 13:13:26 +01:00
Peter Kolbus 2ae29ba444 cpp_dummy_build: Add missing header psa_util.h
Add missing header to fix #2579.

Change-Id: I038166b826534bac853be34a0281384e26675187
2019-04-14 15:55:20 -05:00
Andrzej Kurek 021dc3f226 generate_visualc_files.pl: add mbedtls source shadowing by crypto
Running the generation script with "include_crypto" input parameter set to 1
makes the mbedtls sources being overshadowed by crypto sources. 
In case of any duplicate sources, crypto ones take precedence.
2019-04-12 10:51:27 -04:00
Andrzej Kurek 463f049ef0 generate_errors.pl: refactor and simplify the code 2019-04-12 10:35:01 -04:00
Darryl Green f025d5395e Start unused variable with underscore 2019-04-12 15:18:02 +01:00
Darryl Green f67e349863 Correct documentation 2019-04-12 15:17:02 +01:00
Andrzej Kurek e90205f9e6 generate_errors.pl: typo fix 2019-04-12 09:49:30 -04:00
Andrzej Kurek 9b11af42e2 revert changes to generate_features.pl and generate_query_config.pl
These script should depend solely on the external, mbedtls config
2019-04-12 09:43:04 -04:00
Darryl Green 492bc402a3 Check that the report directory is a directory 2019-04-11 15:50:41 +01:00
Gilles Peskine f1349e4bfe Clarify comment mangled by an earlier refactoring 2019-04-10 18:41:53 +02:00
Gilles Peskine 7832c9fc3d Add an "out-of-box" component
Just run `make` and `make test`. And `selftest` for good measure.
2019-04-10 18:41:53 +02:00
Gilles Peskine 4b317616eb Run ssl-opt.sh on 32-bit runtime
Run ssl-opt.sh on x86_32 with ASan. This may detect bugs that only
show up on 32-bit platforms, for example due to size_t overflow.

For this component, turn off some memory management features that are
not useful, potentially slow, and may reduce ASan's effectiveness at
catching buffer overflows.
2019-04-10 18:41:53 +02:00
Qixiang Xu 7346b312e1 Fix CMake build error on Cygwin and minGW platforms
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
2019-04-10 14:59:29 +01:00
Hanno Becker 4c8c7aa95e Don't use debug level 1 for informational messages 2019-04-10 09:26:53 +01:00
Ron Eldor df48efa77a Skip uncritical unsupported extensions
Skip extensions that have support in the `oid` layer`, but
no parser found in the x509 layer, in case these are not critical.
2019-04-10 11:06:53 +03:00
Darryl Green 0d1ca51107 Use namespaces instead of full classes 2019-04-09 11:46:12 +01:00
Darryl Green 8184df5de9 Fix pylint issues 2019-04-09 11:46:12 +01:00
Darryl Green fe9a67510e Don't put abi dumps in subfolders 2019-04-09 11:46:12 +01:00
Darryl Green 3c3da790d2 Add verbose switch to silence all output except the final report 2019-04-09 11:46:12 +01:00
Darryl Green 1d95c539e9 Fetch the remote crypto branch, rather than cloning it 2019-04-09 11:46:12 +01:00
Darryl Green 3a5f6c83bc Prefix internal functions with underscore 2019-04-09 11:46:11 +01:00
Darryl Green 7c1a73370b Add RepoVersion class to make handling of many arguments easier
There are a number of arguments being passed around, nearly all of
which are duplicated between the old and new versions. Moving these
into a separate class should hopefully make it simpler to follow
what is being done.
2019-04-09 11:46:11 +01:00
Darryl Green e29ce70ca5 Reduce indentation levels 2019-04-09 11:46:11 +01:00
Darryl Green 4cde8a0513 Improve documentation 2019-04-09 11:46:11 +01:00
Darryl Green c5132ffc41 Use optional arguments for setting repositories 2019-04-09 11:46:11 +01:00
Darryl Green ddf25a6095 Only build the library
We only need the .so files, so only build the library
2019-04-09 11:46:11 +01:00
Darryl Green 4831145cdd Add ability to compare submodules from different repositories
As before with wanting to compare revisions across different
repositories, the ability to select the crypto submodule from a
different repository is useful.
2019-04-09 11:46:11 +01:00
Darryl Green 3e7a980d62 Add handling for cases when not all .so files are present
We may wish to compare ABI/API between Mbed TLS and Mbed Crypto,
which will cause issues as not all .so files are shared. Only
compare .so files which both libraries have.
2019-04-09 11:46:11 +01:00
Darryl Green 9f357d65d4 Extend functionality to allow setting crypto submodule version
As going forward we will have Crypto in a submodule, we will need to
be able to check ABI compatibility between versions using different
submodule versions. For TLS versions that support the submodule, we
will always build using the submodule.

If the Crypto submodule is used, libmbedcrypto.so is not in the main
library folder, but in crypto/library instead. Given this, the script
searches for *.so files and notes their path, in order to create the
dumps correctly.
2019-04-09 11:46:11 +01:00
Darryl Green 3d3d552579 Simplify logic for checking if report folder can be removed 2019-04-09 11:46:11 +01:00
Darryl Green e62f9bbbf1 Add option for a brief report of problems only 2019-04-09 11:46:11 +01:00
Darryl Green c2883a29bc Add option to skip identifiers in ABI checks
By default abi-compliance-checker will check the entire ABI/API.
There are internal identifiers that we do not promise compatibility
for, so we want the ability to skip them when checking the ABI/API.
2019-04-09 11:46:11 +01:00
Darryl Green da84e3215e Extend abi-checking to different repos 2019-04-09 11:46:11 +01:00
Andrzej Kurek 91c6030584 generate_errors.pl: add mbedtls header shadowing by crypto headers
Abort script upon encountering a duplicated error
2019-04-09 03:32:31 -04:00
Jaeden Amero d037ad6471 Give credit to OSS-Fuzz for #2404
Add "Credit to OSS-Fuzz", in addition to Guido Vranken, for identifying
bug #2404.
2019-04-08 11:23:50 +01:00