Call `set disable-randomization off` only if it seems to be supported.
The goal is to neither get an error about disable-randomization not
being supported (e.g. on FreeBSD), nor get an error if it is supported
but fails (e.g. on Ubuntu).
Only fiddle with disable-randomization from all.sh, which cares
because it reports the failure of ASLR disabling as an error. If a
developer invokes the Gdb script manually, a warning about ASLR
doesn't matter.
Use `cmake -D CMAKE_BUILD_TYPE=Asan` rather than manually setting
`-fsanitize=address`. This lets cmake determine the necessary compiler
and linker flags.
With UNSAFE_BUILD on, force -Wno-error. This is necessary to build
with MBEDTLS_TEST_NULL_ENTROPY.
fixed processing of PSA macros in check names script.
This required changes in:
*list-macros.sh to scan the PSA headers
*check-names to scan PSA files and allow PSA_* macro names
We've added documentation for how context objects for multi-part
operations must be initialized consistently for key policy, hash,
cipher, and MAC. Update the generator documentation to be consistent
with how we've documented the other operations.
Add new initializers for cipher operation objects and use them in our
tests and library code. Prefer using the macro initializers due to their
straightforwardness.
The struct psa_cipher_operation_s is built with a
mbedtls_cipher_context_t. The shape of mbedtls_cipher_context_t and an
initializer that works with Clang 5.0 and its
-Wmissing-field-initializers varies based on the configuration of the
library. Instead of making multiple initializers based on a maze of
ifdefs for all combinations of MBEDTLS_CIPHER_MODE_WITH_PADDING,
MBEDTLS_CMAC_C, and MBEDTLS_USE_PSA_CRYPTO, add a dummy variable to
psa_cipher_operation_s's union that encloses mbedtls_cipher_context_t.
This allows us to initialize the dummy with a Clang-approved initializer
and have it properly initialize the entire object.
Add new initializers for MAC operation objects and use them in our tests
and library code. Prefer using the macro initializers due to their
straightforwardness.
Add new initializers for hash operation objects and use them in our
tests and library code. Prefer using the macro initializers due to their
straightforwardness.
Add new initializers for key policies and use them in our docs, example
programs, tests, and library code. Prefer using the macro initializers
due to their straightforwardness.
Merge the work on all.sh that was done on mbedtls-2.14.0 with the
changes from mbedtls-2.14.0 to the current tip of mbed-crypto/development.
There is a merge conflict in test/scripts/all.sh, which is the only
file that was modified in the all.sh work branch. I resolved it by
taking the copy from the all.sh branch and applying the changes
between mbedtls-2.14.0 and mbedtls-2.16.0. As evidenced by
`git diff mbedtls-2.14.0 d668baebc5e1709f4118aba3802d9af0ee4e4d83`,
many of the commits in
`git log mbedtls-2.14.0 d668baebc5e1709f4118aba3802d9af0ee4e4d83`
cancelled each other or were redundant with parallel commits that had
also occured via another branch included in mbedtls-2.14.0, leaving
the following differences:
* Removal of one unimportant blank line.
* The changes from db2b8db715
"psa: Add storage implementation for files", to turn off
PSA storage when MBEDTLS_FS_IO is turned off, which I manually
replayed.
In all.sh, always save config.h before running a component, instead of
doing it manually in each component that requires it (except when we
forget, which has happened). This would break a script that requires
config.h.bak not to exist, but we don't have any of those.
Call cleanup from run_component instead of calling it from each
individual component function.
Clean up after each component rather than before. With the new
structure it makes more sense for each component to leave the place
clean. Run cleanup once at the beginning to start from a clean slate.
Move almost all the code of this script into functions. There is no
intended behavior change. The goal of this commit is to make
subsequent improvements easier to follow.
A very large number of lines have been reintended. To see what's going
on, ignore whitespace differences (e.g. diff -w).
I followed the following rules:
* Minimize the amount of code that gets moved.
* Don't change anything to what gets executed or displayed.
* Almost all the code must end up in a function.
* One function does one thing. For most of the code, that's from one
"cleanup" to the next.
* The test sequence functions (run_XXX) are independent.
The change mostly amounts to putting chunks of code into a function
and calling the functions in order. A few test runs are conditional;
in those cases the conditional is around the function call.
Split crypto_driver.h into 4:
* crypto_driver_common.h for common definitions, not meant to be
included directly by driver code.
* crypto_accel_driver.h for drivers that work with transparent
key material.
* crypto_se_driver.h for drivers that work with opaque key
material.
* crypto_entropy_driver.h for drivers of entropy sources.
There is no code change in this commit, I only moved some code around.
Now that the type definitions that are useful for driver are in a
separate header file from the application interface function
declarations, include that header file in crypto_driver.h.
Some parts of the library, and crypto drivers, need to see key types,
algorithms, policies, etc. but not API functions. Move portable
integral types and macros to build and analyze values of these types
to a separate headers crypto_types.h and crypto_values.h.
No functional changes, code was only moved from crypto.h to the new headers.
GCC 4.8 warns that some variables may be used without having been
initialized. They aren't, but determining that takes nontrivial
analysis, so initialize them at the point of definition.
Define psa_status_t to int32_t unconditionally. There's no reason to
refer to psa_error_t here: psa_error_t is int32_t if it's present. We
would only need a conditional definition if psa_defs.h and
psa_crypto.h used the same type name.
Keep the conditional definition of PSA_SUCCESS. Although the C
preprocessor allows a duplicate definition for a macro, it has to be
the exact same token sequence, not merely an equivalent way to build
the same value.
Change the way some lines are wrapped to cut at a more logical place.
This commit mainly rewrites multi-line calls to TEST_EQUAL, and also a
few calls to PSA_ASSERT.
This commit is the result of the following command, followed by
reindenting (but not wrapping lines):
perl -00 -i -pe 's/^( *)TEST_ASSERT\(([^;=]*)(?: |\n *)==([^;=]*)\);$/${1}TEST_EQUAL($2,$3);/gm' tests/suites/test_suite_psa_*.function
This commit is the result of the following command, followed by
reindenting (but not wrapping lines):
perl -00 -i -pe 's/^( *)TEST_ASSERT\(([^;=]*)(?: |\n *)==\s*PSA_SUCCESS\s*\);$/${1}PSA_ASSERT($2 );/gm' tests/suites/test_suite_psa_*.function
Cause a compilation error on ARRAY_LENGTH(p) where p is a pointer as
opposed to an array. This only works under GCC and compatible
compilers such as Clang. On other compilers, ARRAY_LENGTH works but
doesn't check the type of its argument.
