Commit graph

10822 commits

Author SHA1 Message Date
Jaeden Amero fe7106755e Merge remote-tracking branch 'origin/pr/2539' into development
Resolve conflicts by performing the following:
  - Ensure calls to mbedtls_x509_crt_verify_* are made with callbacks

* origin/pr/2539:
  Make CRT callback tests more robust
  Rename constant in client2.c
  Fix typo
  Add test for configuration specific CRT callback
  Fix doxygen documentation of mbedtls_ssl_set_verify()
  Add test exercising context-specific CRT callback to ssl-opt.sh
  Add cmd to use context-specific CRT callback in ssl_client2
  Implement context-specific verification callbacks
  Add context-specific CRT verification callbacks
  Improve documentation of mbedtls_ssl_conf_verify()
2019-04-16 15:05:18 +01:00
Jaeden Amero ff34d43720 Merge remote-tracking branch 'origin/pr/2532' into development
* origin/pr/2532: (29 commits)
  Document and test flags in x509_verify
  Fix style issues and a typo
  Fix name to function call
  Address comments for x509 tests
  Address review comments regarding ssl_client2 and ssl tests
  Remove mbedtls_ from the static function name
  Change docs according to review comments
  Change the verify function naming
  Fix ssl_client2 and ssl_server2 if !PLATFORM_C
  Correct placement of usage macro in ssl_client2
  Update version_features.c
  Remove trailing whitespace in test_suite_x509parse.function
  Update query_config.c
  Add ssl-opt.sh tests for trusted CA callbacks
  Only run X.509 CRT verification tests with CA callback tests if !CRL
  Minor fixes to CA callback tests
  Declare CA callback type even if feature is disabled
  Implement X.509 CRT verification using CA callback
  Add prototype for CRT verification with static and dynamic CA list
  Make use of CA callback if present when verifying peer CRT chain
  ...
2019-04-16 14:42:11 +01:00
Jaeden Amero 24c71d3a5c Merge remote-tracking branch 'origin/pr/2502' into development
* origin/pr/2502:
  all.sh: remove component_test_new_ecdh_context
  Remove crypto-only related components from all.sh
2019-04-16 14:41:20 +01:00
Jaeden Amero 137c5b7297 Merge remote-tracking branch 'origin/pr/2477' into development
* origin/pr/2477:
  Fix typo in data_file generator code
2019-04-16 14:38:58 +01:00
Jaeden Amero bc195a99c7 Merge remote-tracking branch 'origin/pr/2474' into development
* origin/pr/2474:
  Fix the proxy seed in Travis runs
2019-04-16 14:37:15 +01:00
Gilles Peskine 139ec3b913 Don't call mbedtls_cipher_setkey twice
The documentation doesn't explicitly say whether it's allowed or not.
This currently works with the default software implementation, but
only by accident. It isn't guaranteed to work with new ciphers or with
alternative implementations of individual ciphers, and it doesn't work
with the PSA wrappers. So don't do it.
2019-04-16 15:25:20 +02:00
Ron Eldor 3b4f9eac44 Update crypto submodule
Update crypto submodule to latest commit
2019-04-16 13:31:27 +03:00
Ron Eldor 685a398a6b Minor fixes in get certificate policies oid test
1. Remove irrelevant  dependency on `MBEDTLS_ASN1_WRITE_C`.
2. Remove whitespace between `*` and parameter.
2019-04-16 13:26:54 +03:00
Ron Eldor e82341646a Add certificate policy oid x509 extension
Add the `MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES` to the list
of supported x509 extensions, in `mbedtls_oid_get_x509_ext_type()`.
2019-04-16 13:26:54 +03:00
Jaeden Amero e6d5a501ba Merge remote-tracking branch 'origin/pr/2558' into development
* origin/pr/2558:
  Skip uncritical unsupported extensions
2019-04-15 13:13:26 +01:00
Jaeden Amero 125a1e980e
Merge pull request #90 from dgreen-arm/fix-its-file-on-windows
Use Windows-specific renaming function
2019-04-15 10:23:19 +01:00
Peter Kolbus 2ae29ba444 cpp_dummy_build: Add missing header psa_util.h
Add missing header to fix #2579.

Change-Id: I038166b826534bac853be34a0281384e26675187
2019-04-14 15:55:20 -05:00
Andrzej Kurek 021dc3f226 generate_visualc_files.pl: add mbedtls source shadowing by crypto
Running the generation script with "include_crypto" input parameter set to 1
makes the mbedtls sources being overshadowed by crypto sources. 
In case of any duplicate sources, crypto ones take precedence.
2019-04-12 10:51:27 -04:00
Andrzej Kurek 463f049ef0 generate_errors.pl: refactor and simplify the code 2019-04-12 10:35:01 -04:00
Darryl Green f025d5395e Start unused variable with underscore 2019-04-12 15:18:02 +01:00
Darryl Green f67e349863 Correct documentation 2019-04-12 15:17:02 +01:00
Andrzej Kurek e90205f9e6 generate_errors.pl: typo fix 2019-04-12 09:49:30 -04:00
Andrzej Kurek 9b11af42e2 revert changes to generate_features.pl and generate_query_config.pl
These script should depend solely on the external, mbedtls config
2019-04-12 09:43:04 -04:00
Gilles Peskine f9ee633d33 Fix confusion between HMAC algorithm and the corresponding hash 2019-04-11 21:22:52 +02:00
Darryl Green 492bc402a3 Check that the report directory is a directory 2019-04-11 15:50:41 +01:00
Darryl Green 86095bcaa8 Document rename_replace_existing macro 2019-04-11 14:21:14 +01:00
Darryl Green fdda7de048 Use function-like macro for Windows renaming 2019-04-11 12:54:02 +01:00
Gilles Peskine f1349e4bfe Clarify comment mangled by an earlier refactoring 2019-04-10 18:41:53 +02:00
Gilles Peskine 7832c9fc3d Add an "out-of-box" component
Just run `make` and `make test`. And `selftest` for good measure.
2019-04-10 18:41:53 +02:00
Gilles Peskine 4b317616eb Run ssl-opt.sh on 32-bit runtime
Run ssl-opt.sh on x86_32 with ASan. This may detect bugs that only
show up on 32-bit platforms, for example due to size_t overflow.

For this component, turn off some memory management features that are
not useful, potentially slow, and may reduce ASan's effectiveness at
catching buffer overflows.
2019-04-10 18:41:53 +02:00
Darryl Green b467934fb7 Use Windows-specific renaming function
On Windows, rename() fails if the new filename already exists.
Use the Windows specific function MoveFileExA with the
MOVEFILE_REPLACE_EXISTING flag set instead to do renames.
2019-04-10 15:37:06 +01:00
Qixiang Xu 7346b312e1 Fix CMake build error on Cygwin and minGW platforms
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
2019-04-10 14:59:29 +01:00
Hanno Becker 4c8c7aa95e Don't use debug level 1 for informational messages 2019-04-10 09:26:53 +01:00
Ron Eldor df48efa77a Skip uncritical unsupported extensions
Skip extensions that have support in the `oid` layer`, but
no parser found in the x509 layer, in case these are not critical.
2019-04-10 11:06:53 +03:00
Darryl Green 0d1ca51107 Use namespaces instead of full classes 2019-04-09 11:46:12 +01:00
Darryl Green 8184df5de9 Fix pylint issues 2019-04-09 11:46:12 +01:00
Darryl Green fe9a67510e Don't put abi dumps in subfolders 2019-04-09 11:46:12 +01:00
Darryl Green 3c3da790d2 Add verbose switch to silence all output except the final report 2019-04-09 11:46:12 +01:00
Darryl Green 1d95c539e9 Fetch the remote crypto branch, rather than cloning it 2019-04-09 11:46:12 +01:00
Darryl Green 3a5f6c83bc Prefix internal functions with underscore 2019-04-09 11:46:11 +01:00
Darryl Green 7c1a73370b Add RepoVersion class to make handling of many arguments easier
There are a number of arguments being passed around, nearly all of
which are duplicated between the old and new versions. Moving these
into a separate class should hopefully make it simpler to follow
what is being done.
2019-04-09 11:46:11 +01:00
Darryl Green e29ce70ca5 Reduce indentation levels 2019-04-09 11:46:11 +01:00
Darryl Green 4cde8a0513 Improve documentation 2019-04-09 11:46:11 +01:00
Darryl Green c5132ffc41 Use optional arguments for setting repositories 2019-04-09 11:46:11 +01:00
Darryl Green ddf25a6095 Only build the library
We only need the .so files, so only build the library
2019-04-09 11:46:11 +01:00
Darryl Green 4831145cdd Add ability to compare submodules from different repositories
As before with wanting to compare revisions across different
repositories, the ability to select the crypto submodule from a
different repository is useful.
2019-04-09 11:46:11 +01:00
Darryl Green 3e7a980d62 Add handling for cases when not all .so files are present
We may wish to compare ABI/API between Mbed TLS and Mbed Crypto,
which will cause issues as not all .so files are shared. Only
compare .so files which both libraries have.
2019-04-09 11:46:11 +01:00
Darryl Green 9f357d65d4 Extend functionality to allow setting crypto submodule version
As going forward we will have Crypto in a submodule, we will need to
be able to check ABI compatibility between versions using different
submodule versions. For TLS versions that support the submodule, we
will always build using the submodule.

If the Crypto submodule is used, libmbedcrypto.so is not in the main
library folder, but in crypto/library instead. Given this, the script
searches for *.so files and notes their path, in order to create the
dumps correctly.
2019-04-09 11:46:11 +01:00
Darryl Green 3d3d552579 Simplify logic for checking if report folder can be removed 2019-04-09 11:46:11 +01:00
Darryl Green e62f9bbbf1 Add option for a brief report of problems only 2019-04-09 11:46:11 +01:00
Darryl Green c2883a29bc Add option to skip identifiers in ABI checks
By default abi-compliance-checker will check the entire ABI/API.
There are internal identifiers that we do not promise compatibility
for, so we want the ability to skip them when checking the ABI/API.
2019-04-09 11:46:11 +01:00
Darryl Green da84e3215e Extend abi-checking to different repos 2019-04-09 11:46:11 +01:00
Gilles Peskine 1e2730b9b1 Update usage of PSA_ALG_ECDH so that test_suite_psa_crypto compiles 2019-04-09 12:25:23 +02:00
Gilles Peskine 3135184cfc Merge remote-tracking branch 'upstream-crypto/development' into psa-api-beta2-merge-development
Merge the Mbed Crypto development branch a little after
mbedcrypto-1.0.0 into the PSA Crypto API 1.0 beta branch a little
after beta 2.

Summary of merge conflicts:

* Some features (psa_copy_key, public key format without
  SubjectPublicKeyInfo wrapping) went into both sides, but with a few
  improvements on the implementation side. For those, take the
  implementation side.
* The key derivation API changed considerably on the API side. This
  merge commit generally goes with the updated API except in the tests
  where it keeps some aspects of the implementation.

Due to the divergence between the two branches on key derivation and
key agreement, test_suite_psa_crypto does not compile. This will be
resolved in subsequent commits.
2019-04-09 12:00:00 +02:00
Andrzej Kurek 91c6030584 generate_errors.pl: add mbedtls header shadowing by crypto headers
Abort script upon encountering a duplicated error
2019-04-09 03:32:31 -04:00