Skip to content

Break non-crypto dependencies #74

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 19 commits into from
Mar 13, 2019
Merged

Break non-crypto dependencies #74

merged 19 commits into from
Mar 13, 2019

Conversation

Patater
Copy link
Contributor

@Patater Patater commented Mar 1, 2019

This is a portion of #71

The goal is only to break dependencies on TLS and X.509 and NET, without removing those modules yet.

@Patater Patater added enhancement New feature or request needs: review The pull request is ready for review. This generally means that it has no known issues. labels Mar 1, 2019
gilles-peskine-arm
gilles-peskine-arm requested changes Mar 1, 2019
View reviewed changes
Copy link
Collaborator

@gilles-peskine-arm gilles-peskine-arm left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two major issues (#74 (comment) and #74 (comment)) and a couple of suggestions.

@Patater Patater added needs: work The pull request needs rework before it can be merged. and removed needs: review The pull request is ready for review. This generally means that it has no known issues. labels Mar 1, 2019
@Patater Patater mentioned this pull request Mar 1, 2019
Merged
@Patater Patater force-pushed the break-non-crypto-dependencies branch from 503e1d6 to 7c36f6a Compare March 4, 2019 17:01
@Patater
Copy link
Contributor Author

Patater commented Mar 4, 2019
edited
Loading

Rebased to address review feedback in original commits. More rebasing expected before this is ready to review again.

Previous branch at https://github.com/Patater/mbed-crypto/tree/break-non-crypto-dependencies-1

@Patater Patater force-pushed the break-non-crypto-dependencies branch from 7c36f6a to bf5082b Compare March 5, 2019 11:43
@Patater
Copy link
Contributor Author

Patater commented Mar 5, 2019

Rebased to ignore --memory type options. Still work outstanding on removing TLS dependency from X.509.

@Patater
Copy link
Contributor Author

Patater commented Mar 5, 2019

I'm removing the oid and X.509 detangling commits as well, since we can get those from Mbed TLS development once merged there.

@Patater Patater force-pushed the break-non-crypto-dependencies branch from bf5082b to e92caf9 Compare March 7, 2019 11:37
@Patater Patater added needs: review The pull request is ready for review. This generally means that it has no known issues. and removed needs: work The pull request needs rework before it can be merged. labels Mar 7, 2019
gilles-peskine-arm
gilles-peskine-arm requested changes Mar 7, 2019
View reviewed changes
Copy link
Collaborator

@gilles-peskine-arm gilles-peskine-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks ok except for inconsistencies about which calls to SSL test scripts are removed and which aren't.

k-stachowiak
k-stachowiak previously approved these changes Mar 7, 2019
View reviewed changes
Copy link
Contributor

@k-stachowiak k-stachowiak left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I only have a single, minor remark, otherwise, provided that Gilles' remarks will be addressed, I approve the changes.

include/mbedtls/ecp.h
* function equivalent to the function with the same name
* This only applies to functions whose documentation mentions
* they may return #MBEDTLS_ERR_ECP_IN_PROGRESS (or
* `MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS` for functions in the
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor: MBEDLTS_ERR_SL_CRYPTO_IN_PROGRESS is back quoted here, but not elsewhere, e.g. in config.h

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The commit is only to remove the dependency in the ecp module. A later commit that removes SSL options from config.h will take care to update other references.

@Patater
Copy link
Contributor Author

Patater commented Mar 7, 2019

Windows CI has failed in the "shipped build". I'm investigating and working on a fix.

@Patater Patater added needs: work The pull request needs rework before it can be merged. and removed needs: review The pull request is ready for review. This generally means that it has no known issues. labels Mar 7, 2019
@Patater Patater force-pushed the break-non-crypto-dependencies branch from e92caf9 to bb60169 Compare March 8, 2019 11:24
@Patater
Copy link
Contributor Author

Patater commented Mar 8, 2019

Rebased to address feedback and hopefully fix the Windows build.

@Patater Patater force-pushed the break-non-crypto-dependencies branch from bb60169 to 27e5907 Compare March 8, 2019 15:34
@Patater
Copy link
Contributor Author

Patater commented Mar 8, 2019

Force push to update visualc files...

@Patater Patater mentioned this pull request Mar 11, 2019
Merged
2 tasks
gilles-peskine-arm
gilles-peskine-arm previously approved these changes Mar 11, 2019
View reviewed changes
Copy link
Collaborator

@gilles-peskine-arm gilles-peskine-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving 27e5907

@Patater
Copy link
Contributor Author

Patater commented Mar 11, 2019

This needs a rebase to resolve conflicts, plus CI and re-review.

Patater added 2 commits March 11, 2019 16:46
@Patater
programs/Makefile: List all programs one by one
30fae8e 
This makes it easier to add or remove programs as well as see which
programs were added or removed in diffs.
@Patater
configs: Update example PSA config
bce557d 
Our default configuration file, include/mbedtls/config.h, should always
match configs/config-psa-crypto.h. It had gotten out of sync, so put it
back into sync.
Patater added 15 commits March 11, 2019 16:46
@Patater
pkey: Remove dependency on X.509
bf564c7
@Patater
md: Remove dependency on X.509
ebbc5f7
@Patater
ecp: Remove dependency on TLS and X.509
de0a41b
@Patater
dhm: Remove dependency on TLS
ed16ca7
@Patater
all.sh: Remove dependency on TLS, NET, and X.509
9b90f2e
@Patater
asn1: Remove dependency on X.509
d808771 
Doxygen will fail to build if we have references to files that don't
exist. Since we are planning on removing X.509 soon, we even need to
remove explicit Doxygen references to X.509 things as those will no
longer resolve once the X.509 files are deleted.

fixup! asn1: Remove dependency on X.509
@Patater
query_config: Move to programs/test
03c60de 
As the SSL programs, like ssl_client2 and ssl_server2, are dependent on
SSL and therefore about to be removed, the only consumer of query_config
is the query_compile_time_config test. As such, it makes sense to move
query_config to be next to what uses it.
@Patater
cpp_dummy_build: Remove X.509 dependency
4c1fdb5
@Patater
recursion.pl: Don't depend on X.509
e23737c
@Patater
programs: psa: Remove dependency on platform.h
fa30c33 
platform.h should only be used internally by the library implementation
itself, not the examples. Remove the dependency on platform.h from all
PSA programs.
@Patater
cpp_dummy_build: Remove dependency on compat-1.3.h
2b725ef
@Patater
Remove tests that depend on TLS or X.509
9afb2e9
@Patater
tests: Use parent module includes when used as a submodule
120d571 
For Makefiles, enable overriding where includes can come from in order
to enable the parent module to set the include path. This allows the
parent module to specify that its config.h should be used, even when the
submodule when built standalone would use a different config.h.

For CMake, always look in the parent's include folder and our own. List
the parent's include folder first, so that preference is given to parent
include files.
@Patater
tests: Exclude version suite when used as a submodule
1264c2a 
The version test suite is duplicated between Mbed TLS and Mbed Crypto.
Use TLS's copy and not Crypto's copy when Crypto is used as a submodule
of TLS.

The version test is the only test that is tested from both TLS and
Crypto, despite being entirely in libmbedcrypto. This is because the
test data is code-gen'd from the version updating script and the version
between Mbed TLS and Mbed Crypto don't necessarily always agree. The
test data must come from the top level module, as only the top level
module will have test data that matches the expected version.
@Patater
tests: Add a crypto prefix to submodule tests
b478bb6 
Prepend ".crypto" to tests that came from the crypto submodule. This
allows, when this project is used as a submodule, for tests with names
the same between the parent and this project when used as a submodule to
both be built and run.
@Patater Patater force-pushed the break-non-crypto-dependencies branch from 27e5907 to b478bb6 Compare March 11, 2019 18:13
@Patater
Copy link
Contributor Author

Patater commented Mar 11, 2019

Rebased to latest crypto/development to resolve conflicts. Previous branch at https://github.com/Patater/mbed-crypto/tree/break-non-crypto-dependencies-12.5. No changes other than conflict resolution.

@Patater Patater added needs: review The pull request is ready for review. This generally means that it has no known issues. and removed needs: work The pull request needs rework before it can be merged. labels Mar 11, 2019
gilles-peskine-arm
gilles-peskine-arm approved these changes Mar 12, 2019
View reviewed changes
Copy link
Collaborator

@gilles-peskine-arm gilles-peskine-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I merged the version of this PR that I last approved (27e5907) with development (6d9cb25) and obtained identical results.

@gilles-peskine-arm
Copy link
Collaborator

The CI failures are due to a test script that calls compat.sh and ssl-opt.sh and needs to be updated (I believe that'll be fixed when Mbed-TLS/mbedtls-test#56 is merged) and one failure of the FreeBSD timing test which is a known issue. So this PR is good to merge once the offending test script is updated.

@Patater Patater removed the needs: review The pull request is ready for review. This generally means that it has no known issues. label Mar 13, 2019
@Patater
Copy link
Contributor Author

Patater commented Mar 13, 2019

Retested after merging Mbed-TLS/mbedtls-test#56 and all is good.

@Patater Patater merged commit a52c059 into ARMmbed:development Mar 13, 2019
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Feb 11, 2020
Merged
This was referenced Mar 4, 2020
Closed
Closed
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Jan 18, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@k-stachowiak k-stachowiak k-stachowiak approved these changes

@gilles-peskine-arm gilles-peskine-arm gilles-peskine-arm approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Patater @gilles-peskine-arm @k-stachowiak