1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-05 19:01:12 +03:00
Commit Graph

1642 Commits

Author SHA1 Message Date
89c68e206b Merge pull request #9736 from mpg/drop-armcc5-2.28
[2.28] Drop armcc5 support in all.sh
2024-10-30 12:29:32 +00:00
a674e988c9 Drop building with armcc5 in all.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-10-29 11:52:49 +01:00
61da0ddb07 Add override arguments for new gcc targets
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-10-28 13:33:48 +01:00
b14dd763c3 Clarify GCC version requirement
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-10-28 13:33:09 +01:00
478730eed2 Split up the Thumb-1 test component
The Thumb-1 tests are by far the slowest, so split the -O0 and -Os tests
into their own components.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-10-28 13:32:41 +01:00
73d8640bd3 Remove superfluous invocations of make clean
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-10-28 13:31:55 +01:00
f92112d7be Update component speed estimates
The estimates are based on the most recent CI run.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-10-28 13:30:20 +01:00
a56b61c6ee Initialize result caching variables
This prevents interference from identically named environment variables.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-10-28 13:29:49 +01:00
63a10d0726 Use true/false in place of integers
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-10-28 13:29:20 +01:00
08c14d1412 Ignore missing temporary files during cleanup
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-10-28 13:29:06 +01:00
26822ab1b6 Fix copypasta in gcc_version
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-10-28 13:28:50 +01:00
915fa3e6c7 Add AArch64 default config test
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-10-28 13:28:18 +01:00
86aa780e5a Add Arm eabi default config tests
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-10-28 13:27:39 +01:00
bfe4fc6749 Use -O2 for build+test with earliest compilers
The compilation is slower but we get more potential warnings and running the
tests is faster.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-09-20 15:09:58 +02:00
8214340bb0 Fix spurious * in regex
`grep mbedtls_des*` would pick up e.g. mbedtls_derive_xxx.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-09-20 15:09:48 +02:00
c61187f508 Don't set LD to a path with a typo for mingw
Our makefiles don't use $(LD) so the typo was harmless.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-09-20 15:09:02 +02:00
a76a6ff8df Adjust TLS protocol cases for 2.28
TLS 1.3 is still experimental and partial, and SSL3 is obsolete, so we don't
expect much coverage about them, in particular we don't expect them to be
the sole supported version. TLS 1.0 and 1.1 exist and we expect good
coverage for them.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-07-01 11:32:33 +02:00
93708fe126 Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-06-28 19:16:25 +02:00
b19fa4e6c7 Declare the new generated files
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-06-26 20:12:34 +02:00
cfba2477e6 Remove some settings that don't exist in 2.28
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-06-26 20:11:59 +02:00
744741bf2c Adjust generate_config_tests.py for 2.28
* Move to the correct location.
* Adjust the package name for auxiliary modules.
* Adjust the hack to import a module from scripts.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-06-26 20:05:10 +02:00
e3bdbd53ec all.sh: Fix clean-up of Makefiles generated by CMake
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-06-18 09:39:51 +02:00
f514f25f88 Merge pull request #9025 from gilles-peskine-arm/psa-storage-test-cases-never-supported-2.28
Backport 2.28: Fix the detection of not-supported mechanisms in systematically generated PSA tests
2024-06-14 18:23:38 +00:00
5a63e2f25f Select more RSA cipher suites
Filtering on cipher suites that have RSA in their name excludes a few old
RSA-based cipher suites whose name doesn't contain RSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-05-31 13:36:55 +02:00
8f5722a971 Fix compat.sh not running any tests on config-mini-tls1_1.h
We were only requesting 3DES cipher suites (which is weirdly restrictive
since the configuration also includes AES), but DES is in the default
exclusion list for compat.sh, so we ended up having no acceptable cipher
suites. Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-05-30 15:17:28 +02:00
9ebf9aa448 Merge pull request #9153 from gilles-peskine-arm/oid-limits-2.28
2.28 only: Fix the build without check_config.h (inclusion of limits.h)
2024-05-29 16:14:24 +00:00
a8cd2e6421 Fix the build without check_config.h (inclusion of limits.h)
Including `mbedtls/check_config.h` from `mbedtls/config.h` is optional. If
done, `limits.h` gets included. If not done, we were missing the inclusion
of `limits.h` in several source files. Fix this and add a test build that
doesn't include `mbedtls/check_config.h`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-05-17 19:00:46 +02:00
9ffffab4d6 Fix edge case with half-supported ECDSA
ECDSA has two variants: deterministic (PSA_ALG_DETERMINISTIC_ECDSA) and
randomized (PSA_ALG_ECDSA). The two variants are different for signature but
identical for verification. Mbed TLS accepts either variant as the algorithm
parameter for verification even when only the other variant is supported,
so we need to handle this as a special case when generating not-supported
test cases.

In this commit:

* Automatically generated not-supported test cases for ECDSA now require
  both variants to be disabled.
* Add manually written not-supported test cases for the signature
  operation when exactly one variant is supported.
* Add manually written positive test cases for the verification
  operation when exactly one variant is supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-04-19 19:33:29 +02:00
de887bad7c Fix silly typo
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-04-18 10:06:19 +02:00
b76606cc14 Run full compat.sh in ASan component only
It makes little sense to run full compat.sh in the non-ASan component
but only partial compat.sh in the ASan component.

Actually, the non-ASan component doesn't need compat.sh at all, it's
more than covered with ssl-opt.sh and test_suite_ssl already.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-04-17 12:15:51 +02:00
aefbb66bfb Simplify full invocation of compat.sh
Now run everything we can with the default version in one go, then
everything that needs legacy, then next.

Don't rely on the default value of -e (EXCLUDE), use explicit values
everywhere - this makes it obvious that we are running everything.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-04-17 12:09:45 +02:00
764c2d3013 PSA test case generation: dependency inference class: operation fail
Use psa_information.TestCase for operation failure test cases.

This changes the generated output in two ways:

* Not-implemented mechanisms now have a `DEPENDENCY_NOT_IMPLEMENTED_YET_xxx`
  dependency in addition to the never-fulfilled `PSA_WANT_xxx` dependency.
  This does not affect when test cases run.
* ECC test cases now have correct dependency symbols, e.g.
  `PSA_WANT_ECC_SECP_R1_192` instead of `PSA_WANT_ECC_FAMILY_SECP_R1`. This
  is a bug fix: ECC test cases were formerly never executed because of
  incorrect dependency symbols.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-04-11 22:00:54 +02:00
1ae57ec203 PSA test case generation: dependency inference class: key not supported
Use psa_information.TestCase for not-supported test cases for key import and
generation.

No change to the generated output.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-04-11 22:00:54 +02:00
6281cf432f PSA test case generation: dependency inference class: key generation
Use psa_information.TestCase for positive test cases for key generation.

The caller remains responsible for tweaking dependencies for some key
types (public keys for which the test is a negative case, RSA which requires
an additional dependency).

No change to the generated output.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-04-11 22:00:54 +02:00
c7b58d53fc PSA test case generation: dependency inference class: base case
Create a class for test cases with automatically inferred dependencies,
suitable for PSA crypto API test cases. As of this commit, only basic cases
that use a key are supported. Subsequent commits will address negative tests
and key generation tests that require fancier handling of dependencies.

No change to the generated output.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-04-11 22:00:54 +02:00
c3b261a4fc Sort dependencies in automatically generated PSA test cases
The output is less nice, since it no longer mostly matches the order in
which symbols are used in the test case arguments. But this makes the output
more canonical, so it will be easier to notice if semantic changes occur in
subsequent commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-04-11 22:00:54 +02:00
2e1d2fe875 analyze_outcomes.py: ignore OpenSSL+dtls12+DES
No sure if it'd possible to build a version of OpenSSL that supports
both by tuning the config, but pretty sure improving testing for
single-DES ciphersuites is not the best use of our time in 2024.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-04-10 12:31:01 +02:00
2cd43a7a78 Run compat.sh with non-default ciphers with ssl3 too
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-04-10 12:31:01 +02:00
d4b3fe7597 Merge branch 'mbedtls-2.28' into 'mbedtls-2.28-restricted' 2024-03-20 09:27:24 +00:00
43c128db3e Update wrapper generation script and regenerate
Update the guards generated by the wrapper generation script to use
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS and regenerate the PSA test
wrappers.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-14 11:18:22 +00:00
4201533196 Invert and rename config option
Replace MBEDTLS_PSA_COPY_CALLER_BUFFERS with inverse:
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. This ensures that buffer
protection is enabled by default without any change to the Mbed TLS
config file.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-14 11:17:56 +00:00
4698e692e8 Flip logic of PSA memory poisoning generation
Change to excluding mbedtls_psa_inject_entropy() (not a PSA function)
rather than explicitly including every PSA function.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-12 14:15:38 +00:00
98ff287ab4 Simplify locating original tool
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-03-12 13:37:14 +00:00
9554940fb5 Remove unnecessary use of export
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-03-12 13:37:13 +00:00
f06494dc9e Merge branch 'mbedtls-2.28' into buffer-sharing-merge-2.28 2024-03-11 16:28:50 +00:00
b75b47563a Avoid recursion for relative paths
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-03-07 17:26:16 +00:00
ec84093ae6 Follow-up for less verbose logging
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-03-07 17:26:16 +00:00
7c89d1f8de Merge branch 'mbedtls-2.28-restricted' into backport_key_agreement_buffer_protection
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
2024-03-06 17:35:59 +00:00
26bbd8dd4e Merge branch 'mbedtls-2.28-restricted' into bp228_buffer_protection_for_cipher
Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com>
2024-03-04 15:39:35 +00:00
dff18da29a fix zlib test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-03-01 15:53:52 +00:00