This commit improves support for submodules within code_style.py. A new
function get_submodule_hash retrieves the submodule hash at the time of
a commit allowing an appropriate diff to be seen.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
mypy >=0.960 rejects macro_collector.py.
https://github.com/Mbed-TLS/mbedtls-framework/issues/50
We currently need mypy >=0.940, <0.960. Pick 0.942, which works, and is the
system version on Ubuntu 22.04.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Upgrade mypy to 0.971, which is the last version that supports Python 3.6
(the oldest Python version that we currently run on the CI).
This fixes the error
```
framework/scripts/mbedtls_framework/outcome_analysis.py:119: error: Incompatible return value type (got "IO[Any]", expected "TextIO")
framework/scripts/mbedtls_framework/outcome_analysis.py:121: error: Incompatible return value type (got "IO[Any]", expected "TextIO")
```
As far as I can tell the fix is https://github.com/python/mypy/pull/9275
which was released in mypy 0.940.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
To get rid on the reliance on sections, change "full" and friends to enable
settings based on whether the setting is boolean, rather than based on the
section it contains.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
`tests/opt-testcases/tls13-compat.sh` is supposed to be automatically
generated by `tests/scripts/generate_tls13_compat_tests.py`. So far, the
output has been updated by running the script manually and committing the
output. Switch to using our framework for generated files.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER has been compatible with
MBEDTLS_USE_PSA_CRYPTO since https://github.com/Mbed-TLS/mbedtls/pull/5380.
We still don't want to enable it in the full config because it's a behavior
change, even an interface change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In public headers, we want to avoid things that are not standard C++,
including features that GCC and Clang support as extensions, such as
flexible array members. So compile with `-pedantic`.
Non-regression for https://github.com/Mbed-TLS/mbedtls/issues/9020.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Implement `psa_generate_key_custom()` and
`psa_key_derivation_output_key_custom()`. These functions replace
`psa_generate_key_ext()` and `psa_key_derivation_output_key_ext()`.
They have the same functionality, but a slightly different interface:
the `ext` functions use a structure with a flexible array member to pass
variable-length data, while the `custom` functions use a separate parameter.
Keep the `ext` functions for backward compatibility with Mbed TLS 3.6.0.
But make them a thin wrapper around the new `custom` functions.
Duplicate the test code and data. The test cases have to be duplicated
anyway, and the test functions are individually more readable this way.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Generate option-on and option-off cases for test_suite_config, for all
boolean options (MBEDTLS_xxx and PSA_WANT_xxx, collected from the mbedtls
and PSA config files).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix PSA_CRYPTO_CONFIG_H being treated as a configuration setting in
include/psa/crypto_config.h.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When running a git hook, git sets certain environment variables (such
as GIT_INDEX_FILE) which force git to look at the main repository,
overriding other options. This trips up code_style.py whenever it
tries to run a git command on the framework submodule.
Fix this by explicitly clearing git-related environment-variables
before running git commands on the framework. This is recommended
by git's documentation[1]:
> Environment variables, such as GIT_DIR, GIT_WORK_TREE, etc., are
> exported so that Git commands run by the hook can correctly locate
> the repository. If your hook needs to invoke Git commands in a
> foreign repository or in a different working tree of the same
> repository, then it should clear these environment variables so
> they do not interfere with Git operations at the foreign location.
[1] https://git-scm.com/docs/githooks
Signed-off-by: David Horstmann <david.horstmann@arm.com>
To deal with situations where we are comparing revisions before and
after the move of generate_psa_tests.py to the framework, look for
it in both the old and new locations.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This name is more descriptive of its purpose, since it actually adds
framework/scripts to the path rather than just framework/
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This allows scripts in the scripts/ directory to get the path to the
mbedtls_framework module in framework/scripts/
Signed-off-by: David Horstmann <david.horstmann@arm.com>
- Embed input arguments inside the script so as to simplify the
calls in Makefiles/CMakeLists.
- add a new "--list-dependencies" command line option to print
out the list of dependencies.
- Modify tests/Makefile accordinlgy.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
