This change was first introduced in 8af3923 - see this commit for more background.
After the removal of crypto directory, there are no targets that require a
crypto library with the directory prefix, so there's also no need for the priority
dependency to be declared. This commit removes it.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Changelog entry files were listed in reverse alphabetical order of the
file name, by happenstance. Now, changelog entry files are listed in
the order in which the changes were merged. More precisely: look for
the git commit where the entry file was created, and look where this
commit was merged into the current branch. List older merges first.
List never-merged commits in date order after all the merged ones.
List never-committed files in file timestamp order after all the
committed ones.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
All the content that is currently in ChangeLog.md is the result of
merging Mbed Crypto, and that content is already present in
ChangeLog. Since we aren't using ChangeLog.md yet, remove it for now.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Conflicts:
* .github/issue_template.md, .github/pull_request_template.md:
The changes in Mbed Crypto are not relevant to Mbed TLS. Keep the
mbedtls versions.
Define MBEDTLS_STATIC_TESTABLE to mark code that is only exported for
test purposes. Since this is for internal library
use only, define it in a header in library/. Since there is no
suitable header, create one.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When this option is enabled, the product includes additional
interfaces that enable additional tests. This option should not be
enabled in production, but is included in the "full" build to enable
the extra tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Clarify that using a header in library/ rather than include/ for
internal functions is a rule, not just a possibility.
As suggested by Manuel, state a rule for functions that need to be
static for best optimization but that we want to unit-test.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Evaluate possible approaches for invasive testing.
State some rules.
This commit was originally written for Mbed Crypto only.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Pylint warns about things like ``log.info('...'.format(...))``.
It insists on ``log.info('...', ...)``.
This is of minor utility (mainly a performance gain when there are
many messages that use formatting and are below the log level).
Some versions of Pylint (including 1.8, which is the version on
Ubuntu 18.04) only recognize old-style format strings using '%',
and complain about something like ``log.info('{}', foo)`` with
logging-too-many-args (Pylint supports new-style formatting if
declared globally with logging_format_style under [LOGGING] but
this requires Pylint >=2.2).
Disable this warning to remain compatible with Pylint 1.8 and not have
to change abi_check.py to use %-formats instead of {}-formats when
logging.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Rather than sometimes returning an integer, sometimes a boolean and
sometimes implicitly returning None, always return 0 for success and 1
for failure.
No behavior change for the program as a whole, since the None/True/False
values were implicitly converted to the desired numerical value.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Don't use a function argument as a for loop variable. It worked (mostly) but
Pylint frowns on it (redefined-argument-from-local) and I think Pylint has a
point.
If the configuration file is not found, raise an exception mentioning the
search path rather than just its last element.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
check_python_files was optional in all.sh because we used to have CI
machines where pylint wasn't available. But this had the downside that
check_python_files kept breaking because it wasn't checked in the CI.
Now our CI has pylint and check_python_files should not be optional.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
On some systems, such as Ubuntu up to 19.04, `pylint` is for Python 2
and `pylint3` is for Python 3, so we should not use `pylint` even if
it's available.
Use the Python module instead of the trivial shell wrapper. This way
we can make sure to use the correct Python version.
Fix#3111
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
- "Default" should only be used for tests that actually use the defaults (ie,
not passing options on the command line, except maybe debug/dtls)
- All tests in the "Encrypt then MAC" group should start with that string as a
common prefix
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Merge the latest state of the target branch (mbedtls/development) into the
pull request to merge mbed-crypto into mbedtls.
Conflicts:
* ChangeLog: add/add conflict. Resolve by using the usual section order.
In Windows cmd, `del foo` succeeds if `foo` doesn't exist, but
`del *.ext` fails if `*.ext` doesn't match any files. Therefore we use
the idiom `if exist *.ext del *.ext` to delete files matching
wildcards.
We've accidentally used `if exist $(some_list) del $(some_list)`, and
that's wrong, because it's only syntactically correct if
`$(some_list)` contains exactly one element. As long as `$(some_list)`
contains actual file names and not wildcards, just use `del $(some_list)`.
Add dependencies on !MBEDTLS_SHA512_NO_SHA384 to X.509 and SSL unit
tests that use SHA-384 (identified based on having a description that
contains "SHA384" or "SHA-384").
Rename identifiers containing double-underscore (`__`) to avoid `__`.
The reason to avoid double-underscore is that all identifiers
containing double-underscore are reserved in C++. Rename all such
identifiers that appear in any public header, including ssl_internal.h
which is in principle private but in practice is installed with the
public headers.
This commit makes check-names.sh pass.
```
perl -i -pe 's/\bMBEDTLS_SSL__ECP_RESTARTABLE\b/MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED/g; s/\bMBEDTLS_KEY_EXCHANGE_(_\w+)_(_\w+)\b/MBEDTLS_KEY_EXCHANGE${1}${2}/g' include/mbedtls/*.h library/*.c programs/*/*.c scripts/data_files/rename-1.3-2.0.txt tests/suites/*.function
```
Add a changelog entry for an already-released version to indicate when
the crypto submodule became mandatory.
Add a changelog entry for the removal of the crypto submodule.
Remove code guarded by `USE_CRYPTO_SUBMODULE`. It's dead now that
crypto can no longer be a submodule.
In `library/Makefile`:
* Replace `$(CRYPTO_INCLUDE)` with the single include directory
`-I../include`.
* Remove references to `$(OBJS_CRYPTO)` when it's in addition to the
local objects (`*.o`) since `$(OBJS_CRYPTO)` is now a subset of the
local objects.
* Merge modules that were duplicated between the mbedtls and the
mbed-crypto repositories back into the single list for `OBJS_CRYPTO`.
