Commit Graph

6711 Commits

Author SHA1 Message Date
ILUXONCHIK
be3d1ee4ac refactor CA and SRV certificates into separate blocks 2019-02-12 15:38:22 +02:00
ILUXONCHIK
231385568e refactor SHA-1 certificate defintions and assignment
As per refactoring suggestion that I made in #1520.
2019-02-12 15:38:12 +02:00
ILUXONCHIK
62f9aec184 refactor server SHA-1 certificate definition into a new block 2019-02-12 15:38:03 +02:00
ILUXONCHIK
e3be6723b0 define TEST_SRV_CRT_RSA_SOME in similar logic to TEST_CA_CRT_RSA_SOME 2019-02-12 15:37:48 +02:00
ILUXONCHIK
4d8325eceb server SHA-256 certificate now follows the same logic as CA SHA-256 certificate 2019-02-12 15:37:39 +02:00
ILUXONCHIK
5d45f8c54e add entry to ChangeLog 2019-02-12 15:35:04 +02:00
Jaeden Amero
bdc807dbe8 Merge remote-tracking branch 'origin/pr/2343' into mbedtls-2.7 2019-01-30 15:45:15 +00:00
Jaeden Amero
9033e541a6 Merge remote-tracking branch 'origin/pr/2234' into mbedtls-2.7 2019-01-30 15:29:00 +00:00
Jaeden Amero
d3841737e9 Merge remote-tracking branch 'origin/pr/2356' into mbedtls-2.7 2019-01-30 14:55:35 +00:00
Jaeden Amero
18fe25614a Merge remote-tracking branch 'origin/pr/2359' into mbedtls-2.7 2019-01-30 14:47:22 +00:00
Simon Butcher
d09324ac58 Merge remote-tracking branch 'public/pr/2264' into mbedtls-2.7 2019-01-23 10:58:08 +01:00
Simon Butcher
32331305dd Merge remote-tracking branch 'public/pr/1797' into mbedtls-2.7 2019-01-23 10:56:40 +01:00
Simon Butcher
12b60bc702 Merge remote-tracking branch 'public/pr/2341' into mbedtls-2.7 2019-01-23 09:53:29 +01:00
Simon Butcher
c5b6c2f877 Merge remote-tracking branch 'public/pr/2296' into mbedtls-2.7 2019-01-23 09:51:48 +01:00
Jeffrey Martin
f7fe144082
update ChangLog credit
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-16 09:26:15 -06:00
Jeffrey Martin
55ab90d40e
update ChangLog per comments
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-15 09:02:14 -06:00
Jeffrey Martin
44fbf91f01
Backport #1949 into mbedtls-2.7
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-14 18:13:06 -06:00
Hanno Becker
6950ebb31f Document psk_list parameter of ssl_server2 example program 2019-01-14 09:27:04 +00:00
Gilles Peskine
9f55364ec7 Rename test_memcheck to test_valgrind
Valgrind is what it does. `memcheck` is how it's implemented.
2019-01-10 18:29:37 +01:00
Gilles Peskine
ff7238f4ad Support wildcard patterns with a positive list of components to run
Wildcard patterns now work with command line COMPONENT arguments
without --except as well as with. You can now run e.g.
`all.sh "check_*` to run all the sanity checks.
2019-01-10 18:29:37 +01:00
Gilles Peskine
30bc385124 Add missing protection on __aeabi_uldiv check under --keep-going
Partial backport of 2adb375c50
"Add option to avoid 64-bit multiplication"
2019-01-10 18:29:37 +01:00
Gilles Peskine
c780095901 Delete $OUT_OF_SOURCE_DIR under --force even without Yotta
The deletion of "$OUT_OF_SOURCE_DIR" had mistakenly been lumped
together with Yotta.
2019-01-10 18:29:37 +01:00
Gilles Peskine
c9663b1685 Fix sometimes-spurious warning about changed config.h
After backing up and restoring config.h, `git diff-files` may report
it as potentially-changed because it isn't sure whether the index is
up to date. To avoid this, make sure that the git index is up-to-date.

This fixes the warning about changed config.h that you might get when
you run all.sh twice in succession, yet if you run `git status` or
`git diff` everything seems up to date and you no longer get the
warning because these git commands update the index.

https://stackoverflow.com/questions/36367190/git-diff-files-output-changes-after-git-status
2019-01-10 18:29:37 +01:00
Gilles Peskine
2906a0ae8a all.sh: Update the maintainer documentation 2019-01-10 18:29:33 +01:00
Gilles Peskine
541fb1e33b all.sh: only check tools that are going to be used
Don't require openssl, mingw, etc. if we aren't going to run a
component that uses them.
2019-01-10 18:28:17 +01:00
Gilles Peskine
53084872ab all.sh: only look for armcc if it is used
Only look for armcc if component_build_armcc or component_build_yotta
is to be executed, instead of requiring the option --no-armcc.

You can still pass --no-armcc, but it's no longer required when
listing components to run. With no list of components or an exclude
list on the command line, --no-armcc is equivalent to having
build_armcc in the exclude list.

Omit the yotta pre-checks if the build_yotta component is not going to
be executed. This makes --no-yotta equivalent to specifying a list of
components to run that doesn't include build_yotta.
2019-01-10 18:28:17 +01:00
Gilles Peskine
b3241cbea7 Add command line options to list available components 2019-01-10 18:28:17 +01:00
Gilles Peskine
eb39b9b729 Minor cleanups to component name gathering
Bring the code in line with the version in Mbed TLS 2.16+.
2019-01-10 18:28:17 +01:00
Gilles Peskine
3fbdd21ca5 Add conditional component inclusion facility
Add a conditional execution facility: if a function support_xxx exists
and returns false then component_xxx is not executed (except when the
command line lists an explicit set of components to execute).

Use this facility for the 64-bit-specific or amd64-specific components.
2019-01-10 18:28:17 +01:00
Gilles Peskine
7120f77889 all.sh: fix MAKEFLAGS setting
MAKEFLAGS was set to -j if it was already set, instead of being set if
not previously set as intended. So now all.sh will do parallel builds
if invoked without MAKEFLAGS in the environment.
2019-01-10 18:28:17 +01:00
Gilles Peskine
770ad7e2c9 all.sh: don't insist on Linux; always run Valgrind
Don't bail out of all.sh if the OS isn't Linux. We only expect
everything to pass on a recent Linux x86_64, but it's useful to call
all.sh to run some components on any platform.

In all.sh, always run both MemorySanitizer and Valgrind. Valgrind is
slower than ASan and MSan but finds some things that they don't.

Run MSan unconditionally, not just on Linux/x86_64. MSan is supported
on some other OSes and CPUs these days.

Use `all.sh --except test_memsan` if you want to omit MSan because it
isn't supported on your platform. Use `all.sh --except test_memcheck`
if you want to omit Valgrind because it's too slow.

Portability: ecognize amd64 (FreeBSD arch string) as well as x86_64
(Linux arch string) for `uname -m`. The `make` utility must still
be GNU make.
2019-01-10 18:28:17 +01:00
Gilles Peskine
4e7b323fd8 Use CMAKE_BUILD_TYPE to do Asan builds
Use `cmake -D CMAKE_BUILD_TYPE=Asan` rather than manually setting
`-fsanitize=address`. This lets cmake determine the necessary compiler
and linker flags.

With UNSAFE_BUILD on, force -Wno-error. This is necessary to build
with MBEDTLS_TEST_NULL_ENTROPY.
2019-01-10 18:28:17 +01:00
Gilles Peskine
72adb432bc Back up and restore config.h systematically
In all.sh, always save config.h before running a component, instead of
doing it manually in each component that requires it (except when we
forget, which has happened). This would break a script that requires
config.h.bak not to exist, but we don't have any of those.
2019-01-10 18:28:17 +01:00
Gilles Peskine
11ddca6b74 Add the current component name to msg output and the final report 2019-01-10 18:28:17 +01:00
Gilles Peskine
6e9842315a Add --except mode: run all components except a list
Allow the list to use wildcards, e.g. you can run the sanity checks with
all.sh --except "test_*" "build_*"
2019-01-10 18:28:17 +01:00
Gilles Peskine
91bd8b78ed all.sh: with non-option arguments, run only these components 2019-01-10 18:28:17 +01:00
Gilles Peskine
3484ed8797 Move test-ref-configs into its own component 2019-01-10 18:28:16 +01:00
Gilles Peskine
2f300dbb2f Remove duplicate component for RSA_NO_CRT 2019-01-10 18:28:16 +01:00
Gilles Peskine
1a2ca72ddc Break up the tests into components
Split the long list of tests into individual functions. Each time the
test code called the `cleanup` function, I start a new function called
`component_xxx`.

Run all the components by enumerating the `component_xxx` functions.
After running each component, call `cleanup`.

A few sanity checks didn't have calls to `cleanup` because they didn't
need them. I put them into separate components anyway, so there are
now a few extra harmless calls to `cleanup`.
2019-01-10 18:28:16 +01:00
Masashi Honma
4a47112834 Remove duplicate #include
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-09 15:38:37 +00:00
Gilles Peskine
57db6ff938 Move the code into functions. No behavior change.
Move almost all the code of this script into functions. There is no
intended behavior change. The goal of this commit is to make
subsequent improvements easier to follow.

A very large number of lines have been reintended. To see what's going
on, ignore whitespace differences (e.g. diff -w).

I followed the following rules:

* Minimize the amount of code that gets moved.
* Don't change anything to what gets executed or displayed.
* Almost all the code must end up in a function.

This commit is in preparation for breaking up the sequence of tests
into individual components that can run independently.
2019-01-08 22:04:31 +01:00
Simon Butcher
78f040cf33 Merge remote-tracking branch 'public/pr/2233' into HEAD 2019-01-08 15:33:48 +00:00
Simon Butcher
7f899b406c Merge remote-tracking branch 'public/pr/2304' into HEAD 2019-01-08 15:31:37 +00:00
Simon Butcher
3187e7ca98
Merge pull request #545 from ARMmbed/version-2.7.9
Update the version of the library to 2.7.9
2018-12-21 12:21:10 +00:00
Simon Butcher
b22a808cc6 Update the version of the library to 2.7.9 2018-12-21 10:52:37 +00:00
Simon Butcher
3112d10abd Merge remote-tracking branch 'public/pr/2144' into mbedtls-2.7 2018-12-20 01:17:45 +00:00
Ron Eldor
314bd71894 Update ChangeLog
Add an entry in ChangeLog describing the fix.
2018-12-19 14:16:36 +02:00
Ron Eldor
44f6d0b3b1 Test AD too long only when CCM_ALT not defined
Since the AD too long is a limitation on Mbed TLS,
HW accelerators may support this. Run the test for AD too long,
only if `MBEDTLS_CCM_ALT` is not defined.
Addresses comment in #1996.
2018-12-19 14:14:58 +02:00
Ron Eldor
bdcb54ff20 Add entry describing the bug fix
Add entry describing the bug fix in `mbedtls_ecdsa_genkey()`.
2018-12-17 10:26:52 +02:00
Ron Eldor
c7aac417f2 Return error code of underlying function.
Return the error code if failed, instead of returning value `1`.
If not failed, return the call of the underlying function,
in `mbedtls_ecdsa_genkey()`.
2018-12-17 10:22:19 +02:00