mirror of
https://github.com/yuzu-mirror/mbedtls.git
synced 2026-04-04 22:19:05 +00:00
Merge branch 'baremetal' into baremetal-2.16-20190909
* baremetal: (78 commits) Review corrections 6 Review corrections 5 Minor changes to tinycrypt README Typos in the tinycrypt README Addition of copyright statements to tinycrypt files Add LICENSE and README for tinycrypt Add SPDX lines to each imported TinyCrypt file Review corrections 4 Review corrections 3 Review corrections 2 Review corrections Update signature of BE conversion functions Use function for 16/24/32-bit BE conversion x509.c: Minor readability improvement x509_crt.c: Indicate guarding condition in #else branch X.509: Don't remove verify callback by default Fix Doxygen warnings regarding removed verify cb+ctx parameters ECC restart: Use optional verification mode in bad signature test Re-implement verify chain if vrfy cbs are disabled Add zero-cost abstraction layer for CRT verification chain ...
This commit is contained in:
Manuel Pégourié-Gonnard
commit
e5a0b366f8
86 changed files with 3353 additions and 1786 deletions
|
|
@ -921,6 +921,34 @@ component_test_hardcoded_elliptic_curve_cmake_clang() {
|
|||
if_build_succeeded tests/ssl-opt.sh -f '^Default$\|^Default, DTLS$'
|
||||
}
|
||||
|
||||
component_test_hardcoded_hash_cmake_clang() {
|
||||
msg "build: cmake, full config + MBEDTLS_MD_SINGLE_HASH, clang" # ~ 50s
|
||||
scripts/config.pl full
|
||||
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
|
||||
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||
scripts/config.pl unset MBEDTLS_SHA1_C
|
||||
scripts/config.pl unset MBEDTLS_SHA512_C
|
||||
scripts/config.pl set MBEDTLS_SHA256_NO_SHA224
|
||||
scripts/config.pl unset MBEDTLS_MD2_C
|
||||
scripts/config.pl unset MBEDTLS_MD4_C
|
||||
scripts/config.pl unset MBEDTLS_MD5_C
|
||||
scripts/config.pl unset MBEDTLS_RIPEMD160_C
|
||||
scripts/config.pl unset MBEDTLS_SSL_PROTO_SSL3
|
||||
scripts/config.pl unset MBEDTLS_SSL_PROTO_TLS1
|
||||
scripts/config.pl unset MBEDTLS_SSL_PROTO_TLS1_1
|
||||
scripts/config.pl unset MBEDTLS_SSL_CBC_RECORD_SPLITTING
|
||||
scripts/config.pl set MBEDTLS_MD_SINGLE_HASH MBEDTLS_MD_INFO_SHA256
|
||||
|
||||
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On .
|
||||
make
|
||||
|
||||
msg "test: main suites (full config + MBEDTLS_MD_SINGLE_HASH)" # ~ 5s
|
||||
make test
|
||||
|
||||
msg "test: ssl-opt.sh default (full config + MBEDTLS_MD_SINGLE_HASH)" # ~ 5s
|
||||
if_build_succeeded tests/ssl-opt.sh -f '^Default$\|^Default, DTLS$'
|
||||
}
|
||||
|
||||
component_build_deprecated () {
|
||||
msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
|
||||
scripts/config.pl full
|
||||
|
|
@ -1365,6 +1393,21 @@ component_test_no_hostname_verification () {
|
|||
if_build_succeeded tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
component_test_no_x509_verify_callback () {
|
||||
msg "build: full + MBEDTLS_X509_REMOVE_VERIFY_CALLBACK" # ~ 10s
|
||||
scripts/config.pl full
|
||||
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
|
||||
scripts/config.pl set MBEDTLS_X509_REMOVE_VERIFY_CALLBACK
|
||||
make CFLAGS='-Werror -O1'
|
||||
|
||||
msg "test: full + MBEDTLS_X509_REMOVE_VERIFY_CALLBACK" # ~ 10s
|
||||
make test
|
||||
|
||||
msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_VERIFY_CALLBACK" # ~ 1 min
|
||||
if_build_succeeded tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
component_build_arm_none_eabi_gcc () {
|
||||
msg "build: arm-none-eabi-gcc, make" # ~ 10s
|
||||
scripts/config.pl baremetal
|
||||
|
|
|
|||
|
|
@ -40,8 +40,18 @@ my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` );
|
|||
# for md we want to catch MD5_C but not MD_C, hence the extra dot
|
||||
my $mdx_sed_cmd = 's/^#define \(MBEDTLS_MD..*_C\)/\1/p';
|
||||
my $sha_sed_cmd = 's/^#define \(MBEDTLS_SHA.*_C\)/\1/p';
|
||||
my @hashes = split( /\s+/,
|
||||
my @hash_modules = split( /\s+/,
|
||||
`sed -n -e '$mdx_sed_cmd' -e '$sha_sed_cmd' $config_h` );
|
||||
|
||||
# there are also negative options for truncated variants, disabled by default
|
||||
my $sha_trunc_sed_cmd = 's/^\/\/#define \(MBEDTLS_SHA..._NO_.*\)/\1/p';
|
||||
my @hash_negatives = split( /\s+/,
|
||||
`sed -n -e '$sha_trunc_sed_cmd' $config_h` );
|
||||
|
||||
# list hash options with corresponding actions
|
||||
my @hashes = ((map { "unset $_" } @hash_modules),
|
||||
(map { "set $_" } @hash_negatives));
|
||||
|
||||
system( "cp $config_h $config_h.bak" ) and die;
|
||||
sub abort {
|
||||
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
|
||||
|
|
@ -55,11 +65,11 @@ for my $hash (@hashes) {
|
|||
system( "make clean" ) and die;
|
||||
|
||||
print "\n******************************************\n";
|
||||
print "* Testing without hash: $hash\n";
|
||||
print "* Testing hash option: $hash\n";
|
||||
print "******************************************\n";
|
||||
|
||||
system( "scripts/config.pl unset $hash" )
|
||||
and abort "Failed to disable $hash\n";
|
||||
system( "scripts/config.pl $hash" )
|
||||
and abort "Failed to $hash\n";
|
||||
|
||||
for my $opt (@ssl) {
|
||||
system( "scripts/config.pl unset $opt" )
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue