Commit Graph

10946 Commits

Author SHA1 Message Date
Hanno Becker
2e0f71f977 Add instructions for MD[245] test CRTs to tests/data_files/Makefile 2019-06-03 14:22:53 +01:00
Hanno Becker
9dbc56152f Add suppport for MD2 to CSR and CRT writing example programs
The example programs programs/x509/cert_req and programs/x509/cert_write
(demonstrating the use of X.509 CSR and CRT writing functionality)
previously didn't support MD2 signatures.

For testing purposes, this commit adds support for MD2 to cert_req,
and support for MD2 and MD4 to cert_write.
2019-06-03 14:10:44 +01:00
Jaeden Amero
d5072d1f13
Merge pull request #133 from hanno-arm/dhm_selftest_der
Allow DHM selftest to run if MBEDTLS_PEM_PARSE_C is unset
2019-06-03 11:29:53 +01:00
Jaeden Amero
7be9b4e932 Merge remote-tracking branch 'origin/pr/2664' into development
* origin/pr/2664:
  test: Always use `make clean` by itself
2019-06-03 09:56:07 +01:00
Hanno Becker
ba698da57a Remove use of MD2 in further x509parse tests 2019-06-03 09:54:07 +01:00
Hanno Becker
32b48ea364 Convert further x509parse tests to use lower-case hex data 2019-06-03 09:48:39 +01:00
Hanno Becker
8b0f9e6388 Allow DHM selftest to run if MBEDTLS_PEM_PARSE_C is unset
If MBEDTLS_PEM_PARSE_C is unset, the DHM selftest fails because
it uses PEM encoded test data.

This commit fixes this by providing the DER encoded form of the
test data instead in case MBEDTLS_PEM_PARSE_C is unset.
2019-05-31 17:28:59 +01:00
Jaeden Amero
3b025ac52b test: Always use make clean by itself
When running make with parallelization, running both "clean" and "lib"
with a single make invocation can lead to each target building in
parallel. It's bad if lib is partially done building something, and then
clean deletes what was built. This can lead to errors later on in the
lib target.

    $ make -j9 clean lib
      CC    aes.c
      CC    aesni.c
      CC    arc4.c
      CC    aria.c
      CC    asn1parse.c
      CC    ./library/error.c
      CC    ./library/version.c
      CC    ./library/version_features.c
      AR    libmbedcrypto.a
    ar: aes.o: No such file or directory
    Makefile:120: recipe for target 'libmbedcrypto.a' failed
    make[2]: *** [libmbedcrypto.a] Error 1
    Makefile:152: recipe for target 'libmbedcrypto.a' failed
    make[1]: *** [libmbedcrypto.a] Error 2
    Makefile:19: recipe for target 'lib' failed
    make: *** [lib] Error 2
    make: *** Waiting for unfinished jobs....

To avoid this sort of trouble, always invoke clean by itself without
other targets throughout the library. Don't run clean in parallel with
other rules. The only place where clean was run in parallel with other
targets was in list-symbols.sh.
2019-05-31 12:47:07 +01:00
Hanno Becker
136512b810 Correct placement of ChangeLog entry 2019-05-30 11:16:49 +01:00
Hanno Becker
41a740d492 Adapt ChangeLog 2019-05-30 11:16:39 +01:00
Hanno Becker
01346c645b Use SHA-256 instead of MD2 in X.509 CRT parsing tests
- Replace 'RSA with MD2' OID '2a864886f70d010102' by
  'RSA with SHA-256' OID '2a864886f70d01010b':
  Only the last byte determines the hash, and
  `MBEDTLS_OID_PKCS1_MD2 == MBEDTLS_OID_PKCS1 "\x02"`
  `MBEDTLS_OID_PKCS1_SHA256 == MBEDTLS_OID_PKCS1 "\x0b"`
  See oid.h.
- Replace MD2 dependency by SHA256 dependency.
- Adapt expected CRT info output.
2019-05-30 11:16:39 +01:00
Hanno Becker
d0d78d7c4a Consistently use lower case hex data in X.509 parsing tests 2019-05-30 11:16:39 +01:00
confusedsushi
670ed7232d
Merge branch 'development' into development 2019-05-29 14:44:16 +02:00
Darryl Green
f2688e2fe2 Remove all abi dumps, not just ones shared between versions
While the abi-checking script handled comparing only the modules
that were shared between the old and new versions correctly, the
cleanup of the abi dumps only removed what was shared. Change the
cleanup logic to remove all abi dumps instead.
2019-05-29 11:29:08 +01:00
Jaeden Amero
f479aaef9b
Merge pull request #125 from gilles-peskine-arm/readme-fix-api-links
Fix PSA Crypto API links in README
2019-05-24 11:15:40 +01:00
Gilles Peskine
f81f87f4cc API spec HTML: Use Github Pages rather than htmlpreview
htmlpreview.github.io breaks some links: in index.html viewed through
this service, the links that should go to from_doxygen.html are shown
as internal links, so the meat of the document is invisible.

Link to Github pages instead. This relies on the documentation being
available on the `master` branch of the mbed-crypto repository.

This has the added benefit of not depending on a third-party service.
2019-05-23 19:34:06 +02:00
Gilles Peskine
58501e5ecc API spec PDF: link to the actual PDF
Link to the PDF file, not to a page with an embedded PDF reader
2019-05-23 19:33:45 +02:00
Renz Christian Bagaporo
d8a40b5725 Create link to include/mbedtls only when testing is enabled 2019-05-23 18:48:13 +08:00
Jaeden Amero
2ab5cf658f Merge remote-tracking branch 'origin/pr/2403' into development
* origin/pr/2403: (24 commits)
  crypto: Update to Mbed Crypto 8907b019e7
  Create seedfile before running tests
  crypto: Update to Mbed Crypto 81f9539037
  ssl_cli.c : add explicit casting to unsigned char
  Generating visualc files - let Mbed TLS take precedence over crypto
  Add a link to the seedfile for out-of-tree cmake builds
  Adjust visual studio file generation to always use the crypto submodule
  all.sh: unparallelize mingw tests
  all.sh - disable parallelization for shared target tests
  config.pl: disable PSA_ITS_FILE and PSA_CRYPTO_STORAGE for baremetal
  all.sh: unset crypto storage define in a psa full config cmake asan test
  all.sh: unset FS_IO-dependent defines for tests that do not have it
  curves.pl - change test script to not depend on the implementation
  Export the submodule flag to sub-cmakes
  Disable MBEDTLS_ECP_RESTARTABLE in full config
  Export the submodule flag to sub-makes
  Force the usage of crypto submodule
  Fix crypto submodule usage in Makefile
  Documentation rewording
  Typo fixes in documentation
  ...
2019-05-23 09:08:55 +01:00
Jaeden Amero
a542bb6de6 Merge remote-tracking branch 'origin/pr/2647' into development
* origin/pr/2647:
  list-symbols.sh: if the build fails, print the build transcript
  Document "check-names.sh -v"
  all.sh: invoke check-names.sh in print-trace-on-exit mode
  Print a command trace if the check-names.sh exits unexpectedly
2019-05-23 09:08:41 +01:00
Jaeden Amero
bb7a582865 Merge remote-tracking branch 'origin/pr/2655' into development
* origin/pr/2655:
  Add negative test for malformed SAN
  Set next sequence of subject_alt_names to NULL
2019-05-23 09:08:01 +01:00
Jaeden Amero
7525aa06c1 Merge remote-tracking branch 'origin/pr/2410' into development
* origin/pr/2410:
  Update change log
  Document the default value for the maximum fragment length
  Improve clarity of mbedtls_ssl_conf_max_frag_len documentation
  Reword ssl_conf_max_frag_len documentation
  Fix typos and miswording in the mbedtls_ssl_conf_max_frag_len documentation comment
  Reword ssl_conf_max_frag_len documentation to clarify its necessity
2019-05-23 09:08:01 +01:00
Andrzej Kurek
a76773fd2d crypto: Update to Mbed Crypto 8907b019e7 2019-05-23 03:01:35 -04:00
Gilles Peskine
3c8ccc068f Create seedfile before running tests
With MBEDTLS_USE_PSA_CRYPTO and MBEDTLS_ENTROPY_NV_SEED enabled, the
tests need a seedfile. Since test_suite_entropy is no longer there to
create it, and MBEDTLS_USE_PSA_CRYPTO is now enabled in the full
config, create tests/seedfile explicitly in basic-build-test.sh.
2019-05-23 03:01:35 -04:00
Andrzej Kurek
50a93510fd crypto: Update to Mbed Crypto 81f9539037 2019-05-23 03:01:35 -04:00
Andrzej Kurek
ade9e28d9f ssl_cli.c : add explicit casting to unsigned char
Signal casting from size_t to unsigned char explicitly, so that the compiler
does not raise a warning about possible loss of data on MSVC, targeting
64-bit Windows.
2019-05-23 03:01:35 -04:00
Andrzej Kurek
9f3d39d733 Generating visualc files - let Mbed TLS take precedence over crypto
Change the order of include directories so that Mbed TLS is first.
2019-05-23 03:01:35 -04:00
Andrzej Kurek
4a71cfa39f Add a link to the seedfile for out-of-tree cmake builds 2019-05-23 03:01:35 -04:00
Andrzej Kurek
b78cf2b261 Adjust visual studio file generation to always use the crypto submodule
Add crypto include to include paths
2019-05-23 03:01:35 -04:00
Andrzej Kurek
62faadd6a3 all.sh: unparallelize mingw tests
Sometimes, when building the shared target with crypto submodule, one could
get an "No rule to make target '../crypto/library/libmbedcrypto.so'" error.
This is due to two reasons - building in parallel and (probably) an
incomplete/incorrect list of dependencies for certain targets. The proposed
solution is to disable parallel builds with crypto submodule for now.
An issue has been raised here: https://github.com/ARMmbed/mbedtls/issues/2634
2019-05-23 03:01:35 -04:00
Andrzej Kurek
87615770c7 all.sh - disable parallelization for shared target tests
Sometimes, when building the shared target with crypto submodule, one could
get an "No rule to make target '../crypto/library/libmbedcrypto.so'" error.
This is due to two reasons - building in parallel and (probably) an
incomplete/incorrect list of dependencies for certain targets. The proposed
solution is to disable parallel builds with crypto submodule for now.
An issue has been raised here: https://github.com/ARMmbed/mbedtls/issues/2634
2019-05-23 03:01:35 -04:00
Andrzej Kurek
9c754a9892 config.pl: disable PSA_ITS_FILE and PSA_CRYPTO_STORAGE for baremetal 2019-05-23 03:01:35 -04:00
Andrzej Kurek
324b2f76ca all.sh: unset crypto storage define in a psa full config cmake asan test 2019-05-23 03:01:35 -04:00
Andrzej Kurek
73757080c1 all.sh: unset FS_IO-dependent defines for tests that do not have it 2019-05-23 03:01:35 -04:00
Andrzej Kurek
098b16ca83 curves.pl - change test script to not depend on the implementation
Currently the top-level makefile deploys commands to both Mbed TLS and
the submodule. Running make in the "tests" directory builds only the TLS tests.
The top level CMake on the other hand does not have the "tests" target defined,
so it also cannot be used, hence the raw "make".
2019-05-23 03:01:35 -04:00
Andrzej Kurek
f425ff1457 Export the submodule flag to sub-cmakes 2019-05-23 03:01:35 -04:00
Andrzej Kurek
03c35a5744 Disable MBEDTLS_ECP_RESTARTABLE in full config
MBEDTLS_ECP_RESTARTABLE is not compatible with MBEDTLS_USE_PSA_CRYPTO.
2019-05-23 03:01:35 -04:00
Andrzej Kurek
d015619a56 Export the submodule flag to sub-makes
Export the flag so that the crypto submodule knows how it is being built
2019-05-23 03:01:35 -04:00
Andrzej Kurek
346747cd24 Force the usage of crypto submodule
Remove all.sh tests exercising the optional usage of submodule
2019-05-23 03:01:35 -04:00
Andrzej Kurek
67df9e498f Fix crypto submodule usage in Makefile 2019-05-23 03:01:35 -04:00
Andrzej Kurek
d65b11d868 Documentation rewording 2019-05-23 03:01:35 -04:00
Andrzej Kurek
d3deb1d738 Typo fixes in documentation 2019-05-23 03:01:35 -04:00
Manuel Pégourié-Gonnard
45be3d8136 Fix compile guard for static function in ssl
The guard for the definition of the function was different from the guard on
its only use - make it the same.

This has been caught by tests/scripts/key-exchanges.pl. It had not been caught
by this script in earlier CI runs, because previously USE_PSA_CRYPTO was
disabled in the builds used by this script; enabling it uncovered the issue.
2019-05-23 03:01:35 -04:00
Manuel Pégourié-Gonnard
971dea3745 Enable USE_PSA_CRYPTO with config.pl full
Previously it was disabled as too experimental, which no longer holds. Also,
this option introduces new APIs, so it's not only about an internal
alternative (as the comment in config.pl used to state) - people who request a
full config should get all of the available APIs.

Adapt all.sh: now all builds with full config will also test this option, and
builds with the default config will test without it. Just to be sure, let's
have a build with full config minus this option.

Update documentation of MBEDTLS_USE_PSA_CRYPTO to reflect the status of the
new APIs it enables in Mbed TLS and why they're still opt-in.
2019-05-23 03:01:35 -04:00
Manuel Pégourié-Gonnard
de7636e2dd Enable MBEDTLS_PSA_CRYPTO_C by default
Also enable it in scripts/config.pl full, as well as two storage options that
were only blacklisted from full config because they depended on
MBEDTLS_PSA_CRYPTO_C.
2019-05-23 03:01:35 -04:00
Manuel Pégourié-Gonnard
d8167e85d6 Build from submodule by default (make, cmake)
Adapt tests in all.sh:
- tests with submodule enabled (default) no longer need to enable it
  explicitly, and no longer need runtime tests, as those are now handled by
all other test cases in this script
- tests with submodule disabled (old default) now need to disable it
  explicitly, and execute some runtime tests, as those are no longer tested
anywhere else in this script

Adapt documentation in Readme: remove the section "building with submodule"
and replace it with a new section before the other building sections.
Purposefully don't document how to build not from the submodule, as that
option is going away soon.
2019-05-23 03:01:35 -04:00
Gilles Peskine
9a52cf3d97 list-symbols.sh: if the build fails, print the build transcript
If "make clean lib" fails in list-symbols.sh, print the transcript
from running make.
2019-05-22 18:22:58 +02:00
Gilles Peskine
0c12e308af Document "check-names.sh -v" 2019-05-22 18:22:45 +02:00
Ron Eldor
56f071fb9e Add negative test for malformed SAN
Add a negative test for a malformed SAN extension.
2019-05-22 17:36:58 +03:00
Jaeden Amero
8907b019e7
Merge pull request #124 from Patater/full-parent-paths
Makefile: Use full paths to refer to parent files
2019-05-22 15:08:52 +01:00