Commit Graph

15971 Commits

Author SHA1 Message Date
Gilles Peskine
0a7984f1dd component_test_cmake_out_of_source: simplify and fix error handling
Remove ssl-opt.err even if it's empty.

Call cat unconditionally: it'll have no visible effect if the file is
empty.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:55:21 +01:00
Gilles Peskine
8ab2994eb5 Detect errors on the left-hand side of a pipeline
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:55:21 +01:00
Gilles Peskine
7105a33906 Run each component in a subshell and handle errors more robustly
This commit completely rewrites keep-going mode. Instead of relying
solely on "set -e", which has some subtle limitations (such as being
off anywhere inside a conditional), use an ERR trap to record errors.

Run each component in a subshell. This way a component can set
environment variables, change the current directory, etc., without
affecting other components.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:55:21 +01:00
Gilles Peskine
a5eb22d434 Add --error-test option to test error detection and reporting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:55:21 +01:00
Gilles Peskine
3de7be8b88 Switch all.sh to bash
This will let us use bash features that are not found in some other sh
implementations, such as DEBUG and ERR traps, "set -o pipefail", etc.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:55:21 +01:00
Gilles Peskine
27bb62bc81
Merge pull request #4985 from gilles-peskine-arm/check-names-rewrite-2.2x
Backport 2.x: Rewrite check-names.sh in python
2021-09-29 12:43:09 +02:00
Gilles Peskine
1c39975a27 Fix typo
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-28 10:13:45 +02:00
Gilles Peskine
ee20f3698a Remove check-names.sh and now-unused helper scripts
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 20:14:12 +02:00
Gilles Peskine
31da67beb7 Switch to the new Python implementation of check-names
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 20:13:00 +02:00
Gilles Peskine
d47f636a19 Adapt source file names from Mbed TLS 3.0 to 2.27
* There's no compat-2.x.h in Mbed TLS 2.x, but there's a compat-1.3.h which
  similarly needs to be excluded.
* mbedtls_config.h is called config.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 20:12:00 +02:00
Yuto Takano
5b4caf21de Fix typos pointed out by check_names
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-09-27 20:08:01 +02:00
Gilles Peskine
7bf5205581 More robust handling of excluded files
Don't try to enumerate excluded files. List included files, and remove names
from the list if they match an excluded-file pattern.

This resolves the problem that the script could get into an infinite loop
due to the use of recursive globbing. Unfortunately, Python's recursive
globs follows symbolic links to directories, which leads to an infinite loop
if a symbolic link points to an ancestor of the directory that contains it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 20:01:24 +02:00
Gilles Peskine
8266b5b0b4 Copy check_names.py and friends from development
Copy the following files:
    tests/scripts/check_names.py
    tests/scripts/list_internal_identifiers.py
    tests/scripts/list-identifiers.sh

Copy the version from b19be6b5f3c9a92b5b17fa27e16901f132f1a310, which is the
result of merging https://github.com/ARMmbed/mbedtls/pull/1638 into the
development branch.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 20:01:08 +02:00
Gilles Peskine
186c0216b0
Merge pull request #4978 from davidhorstmann-arm/2.x-fix-aarch64-asm-constraints
Backport 2.x: Fix aarch64 assembly for bignum multiplication
2021-09-27 09:01:12 +02:00
Gilles Peskine
97cd76988d
Merge pull request #4979 from gilles-peskine-arm/doc-use-psa-crypto-2.x
Backport 2.x: Document effects of MBEDTLS_USE_PSA_CRYPTO
2021-09-25 09:25:36 +02:00
Manuel Pégourié-Gonnard
fec7ef8270 Mention areas that are not (well) tested.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-24 20:44:03 +02:00
Manuel Pégourié-Gonnard
ee20baf6e1 Clarify that 1.3 is excluded
Don't mention "TLS 1.2 only" for PSK, as that could give the impression
that the other things about TLS are supported beyond 1.2, which isn't
the case currently.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-24 20:44:03 +02:00
Manuel Pégourié-Gonnard
12ab49aaf7 Improve wording and fix some typos.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-24 20:44:03 +02:00
Manuel Pégourié-Gonnard
b4113bac9a Clarify wording of "not covered" section
The section is about things that are not covered, but some lists are
about things that are covered, which was very confusing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-24 20:44:03 +02:00
Manuel Pégourié-Gonnard
1fa923a5bc Fix inaccuracy in key exchange summary
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-24 20:44:03 +02:00
Manuel Pégourié-Gonnard
6cf7d94ab4 Document parts not covered by USE_PSA_CRYPTO
Also, remove the section about design considerations for now. It's
probably more suitable for a developer-oriented document that would also
include considerations about possible paths for the future, which would
better be separated from user documentation (separating the certain that
is now, from the uncertain that might or might not be later).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-24 20:44:03 +02:00
Manuel Pégourié-Gonnard
b52b91d949 Remove warning about PSA Crypto being beta
The API reached 1.0.0 some time ago, and we've caught up with the
incompatible changes already.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-24 20:44:03 +02:00
Manuel Pégourié-Gonnard
04bc6875a0 Document current effects of USE_PSA_CRYPTO
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-24 20:44:03 +02:00
Manuel Pégourié-Gonnard
00b72fc35f Add docs/use-psa-crypto.md
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-24 20:44:03 +02:00
David Horstmann
27d8b5c680 Combine changelog entries for muladdc assembly fix
Combine the changelog entries for the memory constraints fix on
aarch64 and amd64, since these are essentially fixing the same
issue.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-09-24 16:11:15 +01:00
Gilles Peskine
7358065203
Merge pull request #4970 from jclab-joseph/pr/fix/build-alpine_2.x
Backport 2.x: Fix test code to can be built on alpine #4969
2021-09-24 15:04:09 +02:00
David Horstmann
a23be22308 Fix aarch64 assembly for bignum multiplication
Add memory constraints to the aarch64 inline assembly in MULADDC_STOP.
This fixes an issue where Clang 12 and 13 were generating
non-functional code on aarch64 platforms. See #4962, #4943
for further details.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-09-24 09:47:01 +01:00
joseph
00f4eae025 Fix test code to can be built on alpine
Signed-off-by: joseph <joseph@jc-lab.net>
2021-09-23 20:58:45 +09:00
Gilles Peskine
02e17c0aa5
Merge pull request #4941 from gilles-peskine-arm/muladdc-amd64-memory-2.x
Backport 2.x: Fix x86_64 assembly for bignum multiplication
2021-09-20 22:23:53 +02:00
Gilles Peskine
3c0f304848
Merge pull request #4954 from SiliconLabs/backport_4878
Backport 2.x: Remove dependency of built-in keys on storage
2021-09-20 22:20:19 +02:00
Gilles Peskine
184a688d51 Update the list of issues fixed
This had actually been reported multiple times.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-15 17:07:09 +02:00
Gilles Peskine
c6d977eae5 x86_64 MULADDC assembly: add missing constraints about memory
MULADDC_CORE reads from (%%rsi) and writes to (%%rdi). This fragment is
repeated up to 16 times, and %%rsi and %%rdi are s and d on entry
respectively. Hence the complete asm statement reads 16 64-bit words
from memory starting at s, and writes 16 64-bit words starting at d.

Without any declaration of modified memory, Clang 12 and Clang 13 generated
non-working code for mbedtls_mpi_mod_exp. The constraints make the unit
tests pass with Clang 12.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-15 15:47:37 +02:00
Gilles Peskine
394b9f2d2c
Merge pull request #4898 from mstarzyk-mobica/disable_defaults_sha1
Remove MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES in 2.28
2021-09-14 11:10:30 +02:00
Janos Follath
2079aa7838
Merge pull request #4939 from gilles-peskine-arm/psa_cipher_update_ecp-unused_parameter-2.x
Backport 2.x: Fix parameter set but unused on psa_cipher_update_ecb
2021-09-13 13:55:16 +01:00
Gilles Peskine
0390016096 Fix the size in bytes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-13 12:54:46 +02:00
Gilles Peskine
a63ba6cd93 psa_cipher_update_ecb: remove parameter output_size
This parameter was set but not used, which was pointless. Clang 14 detects
this and legitimately complains.

Remove the parameter. This is an internal function, only called once. The
caller already has a sufficient check on the output buffer size which
applies in more cases, so there is no real gain in robustness in adding the
same check inside the internal function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-13 12:54:46 +02:00
Gilles Peskine
7b1c916fe8 Document the internal function psa_cipher_update_ecb
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-13 12:54:45 +02:00
Archana
6d342f3e1d
Remove dependency of builtin keys on storage
The psa_open_key API depends on MBEDTLS_PSA_CRYPTO_STORAGE_C.
This is unnecessary for builtin keys and so is fixed.
Updated an open_fail test vector keeping with the same.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-11 22:31:06 +05:30
Mateusz Starzyk
7d13539d1b Disable MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE in default config.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-06 12:19:25 +02:00
Mateusz Starzyk
b3d344c225 Remove MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES option.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-06 12:18:53 +02:00
Gilles Peskine
9be53ffd10
Merge pull request #4903 from kennethsoerensen/pkparse-warning_2.x
Backport 2.x: Remove compiler warning if only MBEDTLS_PK_PARSE_C is d…
2021-09-01 16:53:50 +02:00
Kenneth Soerensen
c4e950ea53 Backport 2.x: Remove compiler warning if only MBEDTLS_PK_PARSE_C is defined
Warning reported with IAR compiler:
"mbedtls\library\pkparse.c",1167  Warning[Pe550]: variable "ret" was set but never used

Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
2021-09-01 11:18:30 +02:00
Ronald Cron
b4c0668fa5
Merge pull request #4841 from JoeSubbiani/ByteReadingMacros2_2.x
Backport 2.x: Byte reading macros
2021-08-24 09:02:01 +02:00
Joe Subbiani
11b7131c2e Fix macro use in ssl_msg.c
After implementing MBEDTLS_PUT_UINT16_BE, I did not remove the
assignment to a variable

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-23 12:49:14 +01:00
Joe Subbiani
b1f6eef88b Remove commented out code
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-23 11:45:36 +01:00
Joe Subbiani
a651e6f762 Tidy up grouped MBEDTLS_BYTE_x macros
exchange groups of the byte reading macros with MBEDTLS_PUT_UINTxyz
and then shift the pointer afterwards. Easier to read as you can
see how big the data is that you are putting in, and in the case of
UINT32 AND UINT64 it saves some vertical space.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-23 11:35:25 +01:00
Joe Subbiani
24647c5cd2 Minor coding style improvement
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-20 15:56:22 +01:00
Joe Subbiani
efb8fae492 Compress byte reading macros in if statements
exchange MBEDTLS_BYTE_x in if statements with MBEDTLS_GET_UINT16_BE

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-20 12:57:09 +01:00
Joe Subbiani
2f98d791c3 Tidy up ssl_*.c grouped MBEDTLS_BYTE_x macros
exchange groups of the byte reading macros with MBEDTLS_PUT_UINTxyz
and then shift the pointer afterwards. Easier to read as you can
see how big the data is that you are putting in, and in the case of
UINT32 AND UINT64 it saves some vertical space.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-20 11:44:44 +01:00
Joe Subbiani
23fec2538e Replace remaining byte shift with macro
Replace another instance of >> 8 with MBEDTLS_BYTE_1

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-18 16:23:47 +01:00