With PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE disabled, test TLS 1.3 and
USE_PSA TLS 1.2.
With PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE disabled, just test crypto,
because the TLS code needs that to generate ephemeral ECDH keys but this is
not tracked properly (the ephemeral ECDH code is only gated on having ECDH).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
With the `depend.py` using the crypto config the `PBKDF2_HMAC` can be
enabled so thest cases can be run.
The equivalence (synonym) between `PSA_WANT_ALG_RSA_PSS_ANY_SALT` and
`PSA_WANT_ALG_RSA_PSS` is now done properly, the test can be run.
Dependencies for `MBEDTLS_CIPHER_PADDING_PKCS7' has been updated and
now it can be actually disabled.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
In the test examples and real usage scenarios, 'mbedtls_net_free' is called after 'mbedtls_net_connect' fails, which will cause the problem of double close the same fd. It is possible to close this closed fd which has been applied by other link.
Signed-off-by: makejian <makejian@xiaomi.com>
The PSA and MbedTLS options can switch the same functionality separately
so add a check to ensure the cpnsistency.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Without quotes, when the variable is empty, the shell will see three
tokens: [, -n, ]. After skipping ] as usual, it will see a single token,
so it will consider it not as command, but a string to be tested for "is
it empty", and since "-n" is not empty, the command will return true.
With quotes it see 4 tokens: [, -n, <empty string>, ] and interprets -n
as desired.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Replace obvious additions of an `MBEDTLS_ERR_xxx` constant by a call to
`MBEDTLS_ERROR_ADD`.
Skip `case` statements since `MBEDTLS_ERROR_ADD(pp_constant)` is not a
preprocessor constant.
This commit does not replace additions split over lines. Those will be
handled in a subsequent commit.
```
git ls-files '*.h' '*.c' '*.function' '*.data' |
xargs perl -i -pe '
next if /\bcase\b/;
s/\b(MBEDTLS_ERR_\w+)\s*\+\s*(\w+)\b/MBEDTLS_ERROR_ADD($1, $2)/g;
s/\b(\w+)\s*\+\s*(MBEDTLS_ERR_\w+)\b/MBEDTLS_ERROR_ADD($1, $2)/g'
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This aligns development and 3.6 in preparation for moving to the
framework repo.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The pk_write_pubkey_check sometimes take ~3 hours to run with
GCC+Asan on the CI in the full config. Comment out the slowest
ones while we investigate and release 3.6.2.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Old GCC versions hit a performance problem with test_suite_pkwrite
"Private keey write check EC" tests when building with Asan+UBSan
and -O3: those tests take more than 100x time than normal, with
test_suite_pkwrite taking >3h on the CI. Observed with GCC 5.4 on
Ubuntu 16.04 x86_64 and GCC 6.5 on Ubuntu 18.04 x86_64.
GCC 7.5 and above on Ubuntu 18.04 appear fine.
To avoid the performance problem, use -O2 instead of -O3 in then "Asan"
build type with GCC. It doesn't slow down much even with modern compiler
versions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use config_adjust_test_accelerators.h
to adjust the configuration needed for
test_psa_crypto_drivers all.sh component
with PSA_CRYPTO_CONFIG enabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
