This is not new, it had always been the case, just not documented.
Pointed out by depends.py pkalgs (again, now that restartable is part of
full).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
It might not be obvious that this option goes beyond adding new
functions, but also automagically modifies the behaviour of TLS
in some circumstances. Moreover, the exact modifications and
circumstances were not documented anywhere outside the ChangeLog.
Fix that.
While at it, adjust the test that checks no restartable behaviour with
other key exchanges, to use a key exchange that allows cert-based client
authentication so that we can check that this is not restartable either.
We don't have any automated test checking that the server is never
affected. That would require adding an ec_max_ops command-line option to
ssl_server2 that never has any effect, just to check that it indeed
doesn't. I'm not sure that's worth it. I tested manually and could
confirm that the server never has restartable behaviour, even for the
parts that are shared between client and server such as cert chain
verification.
Note (from re-reading the code): all restartable behaviour is controlled
by the flag ssl->handshake->ecrs_enabled which is only client-side with
the ECDHE-ECDSA key exchange (TLS 1.2).
Note: this commit is backported from development, which has more
dependency declarations in tests/ssl-opt.sh. While at it, add them to
the existing tests.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Instead of
```
#if CONDITION
for(XXX)
for(YYY)
#else
for(XXX)
for(YYY)
#endif
BODY
```
duplicate the BODY code. This isn't ideal, but we can live with it.
The compelling reason to restructure the code is that this entanglement
of C preprocessor syntax with C grammar syntax confuses uncrustify.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Define and report the supported Uncrustify version (and remove extra
newlines from version output).
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Use code with clear behavior in CMake 2.8.12 (which we try to support in
Mbed TLS 2.28, although that's mostly for the sake of RHEL, not Windows).
The code in the previous commit relied on features introduced in CMake 3.x,
although it worked as desired by accident because `LIST_DIRECTORIES false`
was effectively ignored and `configure_file` on a directory had no
harmful effect.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Run the main test suites after running code style correction to check
that code style correction does not break these tests.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Fixes an issue on Windows where when source and build directory are on different drives hard-linking
to files or directory fails as it doesn't work across filesystem boundaries. Note that symlinking is also
not possible because it requires administrator privileges on Windows.
The solution copies the files using the built-in cmake `configure_file(src dest COPYONLY)` command.
As this command only operates on files, if a directory is specified the files will be globbed recursively
and through symlinks.
Signed-off-by: Dominik Gschwind <dominik.gschwind99@gmail.com>
If the variable SKIP_TEST_SUITES is not defined with -D, but is defined
in an environment variable, tell cmake to get it from there.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
When testing under Valgrind for constant flow, skip test suites that don't
have any constant-flow annotations, since the testing wouldn't do anything
more that testing with ordinary Valgrind (component_test_valgrind).
This is a significant time saving since testing with Valgrind is very slow.
In Mbed TLS 2.28, MBEDTLS_USE_PSA_CRYPTO does not affect constant-time
functions, so testing in the full configuration covers all we need.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
