Commit Graph

123 Commits

Author SHA1 Message Date
Christoph M. Wintersteiger
62dddd08fd Add new 3rdparty build scripts 2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger
d5fd766c49 ECDH: Include Everest Curve25519 in build scripts 2019-08-19 13:36:44 +01:00
Jaeden Amero
8dd1690993 Merge remote-tracking branch 'tls/development' into development
Resolve conflicts by performing the following operations:
- Reject changes related to building a crypto submodule, since Mbed
  Crypto is the crypto submodule.
- Reject X.509, NET, and SSL changes.
- Reject changes to README, as Mbed Crypto is a different project from
  Mbed TLS, with a different README.
- Avoid adding mention of ssl-opt.sh in a comment near some modified
  code in include/CMakeLists.txt (around where ENABLE_TESTING as added).
- Align config.pl in Mbed TLS with config.pl in Mbed Crypto where PSA
  options are concerned, to make future merging easier. There is no
  reason for the two to be different in this regard, now that Mbed TLS
  always depends on Mbed Crypto. Remaining differences are only the
  PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER option and the absence of X.509,
  NET, and SSL related options in Mbed Crypto's config.pl.
- Align config.h in Mbed Crypto with Mbed TLS's copy, with a few notable
  exceptions:
  - Leave CMAC on by default.
  - Leave storage on by default (including ITS emulation).
  - Avoid documenting the PSA Crypto API as is in beta stage in
    documentation for MBEDTLS_PSA_CRYPTO_C.
  The only remaining differences are a lack of X.509, NET, and SSL
  options in Mbed Crypto's config.h, as well as an additional
  Mbed-Crypto-specific PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER option.
  Documentation for the check params feature and related macros is also
  updated to match Mbed TLS's description.
- Reject tests/data_files/Makefile changes to generate DER versions of
  CRTs and keys, as none of those are used by Mbed Crypto tests.
- Add the "no PEM and no filesystem" test to all.sh, without ssl-opt.sh
  run, as Mbed Crypto doesn't have ssl-opt.sh. Also remove use of PSA
  Crypto storage and ITS emulation, since those depend on filesystem
  support.
- Reject addition of test when no ciphersuites have MAC to all.sh, as
  the option being tested, MBEDTLS_SSL_SOME_MODES_USE_MAC, is not
  present in Mbed Crypto.
- Use baremetal config in all.sh, as Mbed Crypto's baremetal
  configuration does exclude the net module (as it doesn't exist in Mbed
  Crypto)
- Reject cmake_subproject_build changes, continuing to link only
  libmbedcrypto.
- Reject changes to visualc and associated templates. Mbed Crypto
  doesn't need additional logic to handle submodule-sourced headers.
- Avoid adding fuzzers from Mbed TLS. The only relevant fuzzers are the
  privkey and pubkey fuzzers, but non-trivial work would be required to
  integrate those into Mbed Crypto (more than is comfortable in a merge
  commit).
- Reject addition of Docker wrappers for compat.sh and ssl-opt.sh, as
  those are not present in Mbed Crypto.
- Remove calls to SSL-related scripts from basic-in-docker.sh

Fix test errors by performing the following:
- Avoid using a link that Doxygen can't seem to resolve in Mbed Crypto,
  but can resolve in Mbed TLS. In documentation for
  MBEDTLS_CHECK_PARAMS, don't attempt to link to MBEDTLS_PARAM_FAILED.

* origin/development: (339 commits)
  Do not build fuzz on windows
  No booleans and import config
  Removing space before opening parenthesis
  Style corrections
  Syntax fix
  Fixes warnings from MSVC
  Add a linker flag to enable gcov in basic-build-test.sh
  Update crypto submodule to a revision with the HAVEGE header changes
  Test with MBEDTLS_ECP_RESTARTABLE
  Allow TODO in code
  Use the docstring in the command line help
  Split _abi_compliance_command into smaller functions
  Record the commits that were compared
  Document how to build the typical argument for -s
  Allow running /somewhere/else/path/to/abi_check.py
  tests: Limit each log to 10 GiB
  Warn if VLAs are used
  Remove redundant compiler flag
  Consistently spell -Wextra
  Fix parsing issue when int parameter is in base 16
  ...
2019-07-31 10:37:53 +01:00
Jaeden Amero
01604a334a Merge remote-tracking branch 'origin/pr/2726' into development
* origin/pr/2726:
  Warn if VLAs are used
  Remove redundant compiler flag
  Consistently spell -Wextra
  Allow declarations after statements
2019-07-10 07:55:25 +01:00
Gilles Peskine
be517164d2 Warn if VLAs are used
We don't intend to use C99 variable-length arrays, so make the
compiler complain about them.
2019-07-02 20:22:11 +02:00
Gilles Peskine
85aba47715 Consistently spell -Wextra
-W is a deprecated alias of -Wextra. Consistently use the new name.
2019-07-02 20:05:16 +02:00
Ashley Duncan
d85a7e9b09 Remove use of CMAKE_SOURCE_DIR
Remove use of CMAKE_SOURCE_DIR in case mbedtls is built from within
another CMake project. Define MBEDTLS_DIR to ${CMAKE_CURRENT_SOURCE_DIR}
in the main CMakeLists.txt file and refer to that when defining target
include paths to enable mbedtls to be built as a sub project.

Fixes https://github.com/ARMmbed/mbedtls/issues/2609

Signed-off-by: Ashley Duncan <ashes.man@gmail.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2019-06-26 12:46:53 +01:00
Gilles Peskine
c2d56a4446 Allow declarations after statements
We officially allow C99, so don't forbid this C99 feature.
2019-06-25 18:52:06 +02:00
Ashley Duncan
3278081428 Remove use of CMAKE_SOURCE_DIR
Remove use of CMAKE_SOURCE_DIR in case mbedtls is built from within
another CMake project. Define MBEDTLS_DIR to ${CMAKE_CURRENT_SOURCE_DIR}
in the main CMakeLists.txt file and refer to that when defining target
include paths to enable mbedtls to be built as a sub project.

Fixes #2609

Signed-off-by: Ashley Duncan <ashes.man@gmail.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2019-06-25 13:33:51 +01:00
Jaeden Amero
bb16d0c956 Merge remote-tracking branch 'origin/pr/2654' into development
* origin/pr/2654:
  Create link to include/mbedtls only when testing is enabled
2019-06-06 14:18:23 +01:00
Renz Christian Bagaporo
d8a40b5725 Create link to include/mbedtls only when testing is enabled 2019-05-23 18:48:13 +08:00
Andrzej Kurek
f425ff1457 Export the submodule flag to sub-cmakes 2019-05-23 03:01:35 -04:00
Andrzej Kurek
346747cd24 Force the usage of crypto submodule
Remove all.sh tests exercising the optional usage of submodule
2019-05-23 03:01:35 -04:00
Manuel Pégourié-Gonnard
d8167e85d6 Build from submodule by default (make, cmake)
Adapt tests in all.sh:
- tests with submodule enabled (default) no longer need to enable it
  explicitly, and no longer need runtime tests, as those are now handled by
all other test cases in this script
- tests with submodule disabled (old default) now need to disable it
  explicitly, and execute some runtime tests, as those are no longer tested
anywhere else in this script

Adapt documentation in Readme: remove the section "building with submodule"
and replace it with a new section before the other building sections.
Purposefully don't document how to build not from the submodule, as that
option is going away soon.
2019-05-23 03:01:35 -04:00
Jaeden Amero
3d07ffade2 Merge remote-tracking branch 'tls/development' into development
Resolve conflicts by performing the following operations:
    - Reject changes to files removed during the creation of Mbed Crypto
      from Mbed TLS.
    - Reject the addition of certificates that would not be used by any
      tests, including rejecting the addition of Makefile rules to
      generate these certificates.
    - Reject changes to error.c referencing modules that are not part of
      Mbed Crypto.

* origin/development: (80 commits)
  Style fix
  Fix test data
  Update test data
  Add some negative test cases
  Fix minor issues
  Add ChangeLog entry about listing all SAN
  Remove unneeded whitespaces
  Fix mingw CI failures
  Initialize psa_crypto in ssl test
  Check that SAN is not malformed when parsing
  Documentation fixes
  Fix ChangeLog entry
  Fix missing tls version test failures
  Fix typo
  Fix ChangeLog entry location
  Add changeLog entry
  Add test for export keys functionality
  Add function to retrieve the tls_prf type
  Add tests for the public tls_prf API
  Add public API for tls_prf
  ...
2019-05-21 08:57:44 +01:00
Jaeden Amero
e3435053f5 Merge remote-tracking branch 'origin/pr/2473' into development
* origin/pr/2473:
  Fix CMake build error on Cygwin and minGW platforms
2019-05-01 09:56:42 +01:00
Jaeden Amero
d874a1fd14 Remove zlib
The library no longer uses zlib, so we can remove the option to build
with zlib.
2019-04-18 10:32:56 +01:00
Jaeden Amero
d832f187f7 Remove pkcs11-helper option
In preparation for removing X.509 and PKCS11 from Mbed Crypto, remove
pkcs11-helper. It won't be relevant after X.509 and PKCS11 are removed.
2019-04-18 10:32:56 +01:00
Qixiang Xu
7346b312e1 Fix CMake build error on Cygwin and minGW platforms
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
2019-04-10 14:59:29 +01:00
Jaeden Amero
b78b300b2e tests: Test crypto via the crypto submodule
Test the crypto implementation via tests from the Mbed Crypto submodule
instead of at the Mbed TLS top level.

The version test is the only test that is tested from both TLS and
Crypto, despite being entirely in libmbedcrypto. This is because the
test data is code-gen'd from the version updating script and the version
between Mbed TLS and Mbed Crypto don't necessarily always agree. The
test data must come from the top level module, as only the top level
module will have test data that matches the expected version.
2019-03-13 13:39:23 +00:00
Jaeden Amero
9afb2e9921 Remove tests that depend on TLS or X.509 2019-03-11 16:49:26 +00:00
Jaeden Amero
30b340a760 crypto: Add mbedtls-psa as a submodule
mbedtls-psa contains an implementation of libmbedcrypto, including the PSA
Crypto API.
2018-11-21 12:54:57 +00:00
Jaeden Amero
4cb814e3a7 cmake: Use finer grained include directory
Using finer grained control over include directories will allow differnt
targets to use different include files. This will be useful when the
`crypto` subcomponent wants to use its own include files instead of or in
addition to the top level ones.
2018-11-20 18:46:43 +00:00
Darryl Green
d9eee3b417 Add library as valid header file location
The persistent key implementation will be split across multiple
files as it will eventually be implementing multiple storage
backends. As these internal functions will need to be callable by
other files, we will add the headers in the library folder. This
commit adds this include location to the necessary scripts.

For tests, the library is added as an include location as testing
on-target with Mbed OS is not possible with paths including ".."
2018-11-20 15:21:22 +00:00
Nir Sonnenschein
e46c329377 restore missing operation to CMakeLists.txt 2018-08-29 23:39:58 +03:00
Nir Sonnenschein
b7ebbcaa2c compile time warning of 128bit ctr_drbg keys and standardized warnings
a compile time print was added warning in case of 128bit ctr_drbg keys.
This was don't to avoid an actual warning in these cases
(making build with warnings as errors possible).
Additional warnings on the Changelog/headers were set to use the same phrasing
phrasing was approved by Gilles and Janos.
2018-08-29 10:20:12 +03:00
Mohammad Azim Khan
9540261a76 Incorporated code review comments 2018-08-06 11:40:58 +01:00
Andrzej Kurek
037ec4b416 Replace tabs with spaces 2018-06-28 05:07:08 -04:00
Andrzej Kurek
0211c32c9a Change the cpp test to be optional
Remove unnecessary defines from the test.
Test by defining TEST_CPP using makefiles or cmake.
2018-06-28 05:07:08 -04:00
Andrzej Kurek
40741f8ce5 Add a test with a cpp executable including all mbed TLS headers
In case of any problems with the 'extern "C"' directives,
building the executable will fail
2018-06-28 05:05:40 -04:00
Simon Butcher
4ab8acd696 Merge remote-tracking branch 'public/pr/1075' into development 2018-06-14 10:34:44 +01:00
Simon Butcher
ebb6427992 Merge remote-tracking branch 'public/pr/1646' into development 2018-06-12 16:41:04 +01:00
Darryl Green
2a1edacb1b Change symlink to hardlink to avoid permission issues 2018-06-08 10:07:32 +01:00
Darryl Green
d75ee64c1f Fix out-of-tree testing symlinks on Windows 2018-06-07 11:55:50 +01:00
Simon Butcher
b02f7893f6 Merge remote-tracking branch 'public/pr/1470' into development 2018-06-01 19:20:25 +01:00
Azim Khan
45b79cf12b Treat warnings as errors for IAR
Fix IAR compiler warnings

Two warnings have been fixed:
1. code 'if( len <= 0xFFFFFFFF )' gave warning 'pointless integer comparison'.
   This was fixed by wraping the condition in '#if SIZE_MAX > 0xFFFFFFFF'.
2. code 'diff |= A[i] ^ B[i];' gave warning 'the order of volatile accesses is undefined in'.
   This was fixed by read the volatile data in temporary variables before the computation.

Explain IAR warning on volatile access

Consistent use of CMAKE_C_COMPILER_ID
2018-05-25 14:54:14 +01:00
Ron Eldor
e95092d8eb Change the value of fno-sanitize-recover
Change the value of `-fno-sanitize-recover` from `undefined,integer` to `all`
2018-05-24 10:15:13 +03:00
Gilles Peskine
c33c7c8363 Copy DartConfiguration.tcl, needed for make memcheck 2018-04-05 15:59:45 +02:00
Gilles Peskine
be038366ea Fix some comments regarding what files are symlinked 2018-03-23 14:39:52 +01:00
Gilles Peskine
fc458d0b9b Merge remote-tracking branch 'myfork/pr_1073' into development-proposed 2018-03-22 21:53:12 +01:00
Gilles Peskine
8405257035 Support out-of-tree testing with CMake
Create extra symbolic links with CMake so that SSL testing (ssl-opt.sh
and compat.sh) works in out-of-tree builds.
2018-03-21 12:28:59 +01:00
Krzysztof Stachowiak
a0188d6730 Have doxygen run in the doxygen directory
When the Doxywizzard GUI is used and the doxyfile is loaded, the
workind directory for doxygen is set to the location of the doxyfile.
However the Make and CMake build systems expect doxygen to be ran
from the top level directory.
This commit unifies the build system and the Doxywizzard GUI so that
all of them expect doxygen to be executed in the doxygen directory.
2018-01-19 16:21:18 +01:00
Ron Eldor
3f8271e32b Support only new CLang version
Support only new CLang version by enabling only
`-fno-sanitize-recover=undefined,integer`
2017-09-19 15:13:44 +03:00
Ron Eldor
18b3c912f9 Address Azim's coments
Fix typo and use new check for clang>3.5m according to azim's comments
2017-09-04 14:03:33 +03:00
Ron Eldor
22d989c434 Suport clang version 3.8
Check CLANG version, and according to the version,
set the correct paramters. fix for #1072
2017-09-03 17:56:25 +03:00
VOLAT Matthieu 22923
533751f98f
Use current source paths for config file creation command
That way, the project integrate more nicely when used as a cmake sub-project.
2017-09-01 09:55:40 +02:00
Simon B
9b3e3c4942 Fix config of compiler warning flags with MSVC
Compiler warnings were being configured twice and not suppressed on the
test suites with Microsoft Visual Studio.
2016-11-10 15:37:33 +00:00
Andres AG
dc192215f4 Allow cmake 'out-of-source' builds
Allow mbed TLS to be build in a subdirectory. Also add a test in
all.sh
2016-09-06 20:38:40 +01:00
Simon Butcher
45103f3e15 Changes multiline string (for CMake >3.0) to list (for CMake 2.8) 2016-06-21 14:47:11 +01:00
Simon Butcher
1ceab6e43a Adds a check and warning for the null entropy option
If the option MBEDTLS_TEST_NULL_ENTROPY is enabled, the cmake generated
makefile will generate an error unless a UNSAFE_BUILD switch is also enabled.

Equally, a similar warning will always be generated if the Makefile is built,
and another warning is generated on every compilation of entropy.c.

This is to ensure the user is aware of what they're doing when they enable the
null entropy option.
2016-06-21 10:14:00 +01:00