muladd() (restartable or not) is only available when at least one short
weirstrass curve is enabled.
Found by depends.py curves in development.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Refactor the MBEDTLS_DEPRECATED macro to be in front of the function
name rather than on its own line after the function arguments.
If it is placed on its own line, Uncrustify moves it to the start of
the line which causes check_names.py to think it is an identifier.
As a result check_names.py doesn't treat it as a macro name and it
gets detected as a typo.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The code in CMakeLists.txt was an old copy of the code in Makefile. This
brings in branch coverage, which had only been added to Makefile.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Change the wording of the section of CONTRIBUTING.md on function
deprecation to make it easier to understand.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This is not new, it had always been the case, just not documented.
Pointed out by depends.py pkalgs (again, now that restartable is part of
full).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
It might not be obvious that this option goes beyond adding new
functions, but also automagically modifies the behaviour of TLS
in some circumstances. Moreover, the exact modifications and
circumstances were not documented anywhere outside the ChangeLog.
Fix that.
While at it, adjust the test that checks no restartable behaviour with
other key exchanges, to use a key exchange that allows cert-based client
authentication so that we can check that this is not restartable either.
We don't have any automated test checking that the server is never
affected. That would require adding an ec_max_ops command-line option to
ssl_server2 that never has any effect, just to check that it indeed
doesn't. I'm not sure that's worth it. I tested manually and could
confirm that the server never has restartable behaviour, even for the
parts that are shared between client and server such as cert chain
verification.
Note (from re-reading the code): all restartable behaviour is controlled
by the flag ssl->handshake->ecrs_enabled which is only client-side with
the ECDHE-ECDSA key exchange (TLS 1.2).
Note: this commit is backported from development, which has more
dependency declarations in tests/ssl-opt.sh. While at it, add them to
the existing tests.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Instead of
```
#if CONDITION
for(XXX)
for(YYY)
#else
for(XXX)
for(YYY)
#endif
BODY
```
duplicate the BODY code. This isn't ideal, but we can live with it.
The compelling reason to restructure the code is that this entanglement
of C preprocessor syntax with C grammar syntax confuses uncrustify.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Define and report the supported Uncrustify version (and remove extra
newlines from version output).
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Use code with clear behavior in CMake 2.8.12 (which we try to support in
Mbed TLS 2.28, although that's mostly for the sake of RHEL, not Windows).
The code in the previous commit relied on features introduced in CMake 3.x,
although it worked as desired by accident because `LIST_DIRECTORIES false`
was effectively ignored and `configure_file` on a directory had no
harmful effect.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Run the main test suites after running code style correction to check
that code style correction does not break these tests.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Fixes an issue on Windows where when source and build directory are on different drives hard-linking
to files or directory fails as it doesn't work across filesystem boundaries. Note that symlinking is also
not possible because it requires administrator privileges on Windows.
The solution copies the files using the built-in cmake `configure_file(src dest COPYONLY)` command.
As this command only operates on files, if a directory is specified the files will be globbed recursively
and through symlinks.
Signed-off-by: Dominik Gschwind <dominik.gschwind99@gmail.com>
