1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-24 13:32:59 +03:00
Commit Graph

1612 Commits

Author SHA1 Message Date
Bence Szépkúti
222090abf6 Restrict CI-specific python requirements to Linux
The dependencies declared in ci.requirements.txt are only used in
scripts that we run on the Linux CI.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2025-07-16 15:13:14 +02:00
Bence Szépkúti
9ecab503c2 Don't install cryptography on the FreeBSD CI
Recent versions of cryptography require a Rust toolchain to install on
FreeBSD, which we do not have set up yet.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2025-07-16 15:13:13 +02:00
Bence Szépkúti
22dd79367c Freeze cryptography version on the CI at 35.0.0
The version was unspecified because of our use of Python 3.5 on the CI,
whichi has since been eliminated.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2025-07-16 15:13:13 +02:00
Ronald Cron
f810d44956 cmake: Generate test_keys.h and test_certs.h in the build tree
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-03-25 09:49:22 +01:00
Minos Galanakis
dfc8e43614 Merge remote-tracking branch 'upstream/mbedtls-3.6' into pre-3.6.3-upstream-merge 2025-03-14 14:23:23 +00:00
Gilles Peskine
28f953c5ec New generated file: tests/opt-testcases/handshake-generated.sh
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-03 20:58:32 +01:00
Harry Ramsey
03f49578d2 Update paths for moved programs in generate_visualc_files.pl
This commit updates the paths for moved programs in
generate_visualc_files.pl.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2025-02-20 14:51:26 +00:00
Gilles Peskine
7656ad7b9f Create configuration option to bypass the mbedtls_ssl_set_hostname check
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-02-13 21:47:26 +01:00
Ronald Cron
d975184ef5 Merge pull request #9902 from ronald-cron-arm/crypto-config-default-path-3.6
Simplify crypto config default path setting
2025-01-14 11:27:14 +00:00
Ronald Cron
b248b50c2d config.py: Simplify crypto config default path setting
In 3.6, it can be only include/psa/crypto_config.h

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-01-14 10:24:53 +01:00
Valerio Setti
3d82c25047 scripts: add new min_requirements.py script
This call into the "old" script that has been moved to the framework
repository. The *.requirements.txt files are kept on this repo though.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-01-13 13:18:36 +01:00
Valerio Setti
daee50c522 Move files out of Mbed TLS
The following files are moved to the framework repo (deleted here):

scripts/min_requirements.py

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-01-13 13:18:36 +01:00
Gilles Peskine
905899839d Merge pull request #9796 from gilles-peskine-arm/psa-storage-test-cases-never-supported-positive-3.6
Backport 3.6: Switch generate_psa_test.py to automatic dependencies for positive test cases
2025-01-09 13:53:11 +00:00
Valerio Setti
81e0abc440 Move files out of Mbed TLS
The following files are moved to the framework repo (deleted here):

scripts/assemble_changelog.py
tests/scripts/check-doxy-blocks.pl
tests/scripts/check-python-files.sh
tests/scripts/doxygen.sh
scripts/apidoc_full.sh
tests/scripts/recursion.pl

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-01-08 10:02:35 +01:00
Gilles Peskine
bc3f917fb3 crypto_config.h: Don't list mechanisms that are not implemented
Don't list mechanisms that are not implemented in
`include/psa/crypto_config.h`, even commented out. Uncommenting them
wouldn't help anyway: they don't work. Having them listed, even commented
out, causes `find_dependencies_not_implemented()` in `psa_test_case.py` to
consider those mechanisms to be implemented, and thus causes
`generate_psa_tests.py` to generate test cases that cannot be executed.

The affected mechanisms are:

* `PSA_ALG_CBC_MAC` (`PSA_WANT_ALG_CBC_MAC`)
* `PSA_ALG_XTS` (`PSA_WANT_ALG_XTS`)
* `PSA_ECC_FAMILY_SECP_K1` 224-bit (`PSA_WANT_ECC_SECP_K1_224`)

Also remove the affected mechanisms from configuration adjustment files,
since that is code that can never be triggered.

There were already no generated test cases for SECP224K1 because
`PSA_WANT_ECC_SECP_K1_224` was already detected as a dependency that cannot
be implemented, because that is not a valid size: PSA defines SECP224K1 as
225-bit, and `crypto_knowledge.py` follows suite, so `generate_psa_tests.py`
saw `PSA_WANT_ECC_SECP_K1_225` in its enumeration but skipped it because it
was never mentioned in `crypto_config.h`.

This causes generated PSA tests to no longer include positive test cases for
`PSA_ALG_CBC_MAC` and `PSA_ALG_XTS`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-24 20:03:29 +01:00
Elena Uziunaite
711abe340b Move files out of Mbed TLS
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-12-18 12:19:20 +02:00
Ronald Cron
4497d5f39a Merge pull request #9832 from ronald-cron-arm/finalize-split-preparation-2_3.6
Move test_keys.h to include/test
2024-12-11 13:39:26 +00:00
Janos Follath
a770f30ee9 Merge pull request #9782 from gilles-peskine-arm/psa-storage-test-cases-never-supported-preliminaries-3.6
Backport 3.6: Make some edge cases of not-supported or invalid mechanisms more uniform
2024-12-10 18:16:05 +00:00
Ronald Cron
4eaf54e646 Move test_keys.h to include/test
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:32:07 +01:00
Elena Uziunaite
9837ad316a Move files out of Mbed TLS
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-12-09 15:37:48 +00:00
Harry Ramsey
b5cfc05e89 Remove obsolete Travis CI scripts
This commit removes obsolete Travis CI scripts that are no longer
required due to the transition to a publically available CI image.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-12-05 10:53:47 +00:00
Elena Uziunaite
91f424a72d Fix paths
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-11-27 13:21:53 +00:00
Elena Uziunaite
f1099cb77e Use new functions
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-11-27 13:21:53 +00:00
Gilles Peskine
ad04f962f8 p256-m: allow deterministic ECDSA verification
For ECDSA verification, there is no difference between the deterministic and
randomized algorithm. The PSA core consider the two variants as identical as
far as key policies are concerned, and the built-in implementation accepts
either variant even if only the other variant is supported for signature.

In p256-m, accept to perform an ECDSA verification when the algorithm is
specified as deterministic ECDSA. This makes the behavior identical to the
built-in implementation, which is less surprising for users and saves us
from having to cope with a difference in our testing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-11-21 09:48:35 +01:00
Harry Ramsey
5b80448105 Move mbedtls_test_hook_error_add from error.c to helpers.c
This commit moves mbedtls_test_hook_error_add from error.c to helpers.c.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-11-14 14:19:49 +00:00
David Horstmann
0f33bfa48a Add missing include path to visual C script
We need to include from both tests/include and framework/tests/include.
Update scripts/generate_visualc_files.pl to re-add tests/include, which
had previously been replaced with framework/tests/include.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-11-14 14:19:42 +00:00
David Horstmann
26e1862742 Update test_keys.h path on Windows
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-11-14 14:19:42 +00:00
David Horstmann
2ab59f0450 Add extra paths to generate_visualc_files.pl
Both the main repository and framework test helper paths are needed, so
generate these in the script.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-11-14 14:19:42 +00:00
David Horstmann
fbedae40f1 Update common.mk with test helper object paths
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-11-14 14:19:42 +00:00
David Horstmann
c2d7f5fc2e Add framework test include path to common.mk
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-11-14 14:19:42 +00:00
David Horstmann
dcf42a0b53 Update references to test helpers
Replace:
* tests/src -> framework/tests/src
* tests/include -> framework/tests/include

Except for occurrences of:
* tests/src/test_helpers (since this only contains ssl_helpers.c)
* tests/src/test_certs.h
* tests/include/alt_dummy

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-11-14 14:19:40 +00:00
Manuel Pégourié-Gonnard
95395738b4 Drop building with armcc5 in all.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-10-29 11:39:41 +01:00
Valerio Setti
8d4f15013f psa: allow to use static key buffers instead of dynamic ones
This helps reducing heap memory usage and, if heap memory is
not used anywhere else in an embedded device, it also reduces
code footprint since there is no need for heap management code
in this case.

A new build symbol is added for this purpose, named
MBEDTLS_PSA_STATIC_KEY_SLOTS. It's disabled by default so that
normal usage of Mbed TLS library is not affected.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-10-22 13:31:19 +02:00
David Horstmann
e905442f7e Merge pull request #9675 from eleuzi01/backport-9673
[Backport 3.6] Move TLS auxiliary test scripts to the framework
2024-10-17 17:18:57 +00:00
Elena Uziunaite
1d8a2257d8 Adjust file path for generate_tls13_compat_tests.py
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-10-15 12:41:42 +01:00
Elena Uziunaite
7f5ec13a12 Adjust file path for generate_ssl_debug_helpers.py
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-10-15 12:41:42 +01:00
Elena Uziunaite
6f4ec30bd1 Move some files to framework repository
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-10-15 12:41:12 +01:00
Harry Ramsey
5098d0474a Improve support for submodules in code_style.py
This commit improves support for submodules within code_style.py. A new
function get_submodule_hash retrieves the submodule hash at the time of
a commit allowing an appropriate diff to be seen.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-10-14 14:58:36 +01:00
Tom Cosgrove
d7408a69fc Merge pull request #9679 from gergelykarm/mbedtls-3.6
Backport 3.6: Fix driver schema json default type requirements
2024-10-10 13:53:09 +00:00
Gergely Korcsák
36b0521b5f Fix driver schema json default type requirements
Signed-off-by: Gergely Korcsák <gergely.korcsak@arm.com>
2024-10-10 13:15:01 +02:00
Gilles Peskine
e816f1ef49 Downgrade mypy to a version that works with our code base
mypy >=0.960 rejects macro_collector.py.
https://github.com/Mbed-TLS/mbedtls-framework/issues/50

We currently need mypy >=0.940, <0.960. Pick 0.942, which works, and is the
system version on Ubuntu 22.04.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-10-09 14:19:31 +02:00
Gilles Peskine
309051dc25 Upgrade mypy to the last version supporting Python 3.6
Upgrade mypy to 0.971, which is the last version that supports Python 3.6
(the oldest Python version that we currently run on the CI).

This fixes the error
```
framework/scripts/mbedtls_framework/outcome_analysis.py:119: error: Incompatible return value type (got "IO[Any]", expected "TextIO")
framework/scripts/mbedtls_framework/outcome_analysis.py:121: error: Incompatible return value type (got "IO[Any]", expected "TextIO")
```
As far as I can tell the fix is https://github.com/python/mypy/pull/9275
which was released in mypy 0.940.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-10-09 14:19:31 +02:00
Manuel Pégourié-Gonnard
d93161f366 Merge pull request #9637 from gilles-peskine-arm/config-full-booleans-only-3.6
Backport 3.6: config.py: don't rely on section names
2024-09-26 10:04:06 +00:00
Gilles Peskine
f5f90d517f Don't pass the section name to adapters
We have finished removing the reliance of named configuration on section
names.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-09-25 14:00:07 +02:00
Gilles Peskine
e5920a4ae8 Change "realfull" to activate everything
Change "realfull" to activate everything. After investigation, it seems that
having "realfull" not activate everything was a historical oddity due to
proximity with "full", not a goal in itself.

https://github.com/Mbed-TLS/mbedtls/issues/520#issuecomment-727190862
https://github.com/Mbed-TLS/mbedtls/pull/965/files#r523409092

This changes the output of `scripts/config.py realfull`: now all non-boolean
options are uncommented.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-09-25 14:00:07 +02:00
Gilles Peskine
bfdffc33b3 Change "full" to affect boolean settings rather than use sections
To get rid on the reliance on sections, change "full" and friends to enable
settings based on whether the setting is boolean, rather than based on the
section it contains.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-09-25 14:00:07 +02:00
Gilles Peskine
0ff1d984f8 Pass the setting's value to adapters
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-09-25 14:00:07 +02:00
Gilles Peskine
02f0f9f1ff Merge remote-tracking branch 'mbedtls-3.6' into tls13-middlebox-compat-disabled-3.6 2024-09-25 09:52:14 +02:00
Paul Elliott
d8c7eae2cf Merge pull request #9596 from gilles-peskine-arm/make_generated_files-document_CC-3.6
Backport 3.6: make_generated_files.bat: document C compiler requirement
2024-09-24 12:36:28 +00:00
Tom Cosgrove
81163122e4 Merge pull request #9601 from gilles-peskine-arm/use_psa_crypto-key_id_encodes_owner-compatible-config-3.6
Fix obsolete comment about MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
2024-09-24 10:44:44 +00:00