Now that it's always on, this is no longer necessary.
Also this is a step towards no longer being able to set it, because it soon
won't be a selectable configuration option anymore.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that MBEDTLS_USE_PSA_CRYPTO is always on, remove code that handles the
case when it's disabled.
Also this is a step towards no longer expecting it to be reported by
query_compile_time_config.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that MBEDTLS_USE_PSA_CRYPTO is always on, we don't need to check for it.
Also this is a step towards no longer expecting it to be reported by
query_compile_time_config.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We no longer have two (only partially distinct) implementations of ECJ-PAKE
cipher suites in TLS, now that the non-MBEDTLS_USE_PSA_CRYPTO implementation
is being removed.
We may want to add this testing back in the future, but we'll have to use an
old Mbed TLS instead of a differently-built one.
https://github.com/Mbed-TLS/mbedtls/issues/9740
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The Thumb-1 tests are by far the slowest, so split the -O0 and -Os tests
into their own components.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
The header structure was initialized only field by
field. This does not initialized the padding bytes
and MemSan was complaining with use of
uninitialized data in test_memsan all.sh component.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
target_compile_options() does not set
link options as setting CMAKE_C_FLAGS
does. Thus set link options with
set_target_properties(). target_link_options()
is not available in CMake 3.5 used in the CI.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The UNSAFE_BUILD option was introduced for
the builds with NULL entropy
(option MBEDTLS_TEST_NULL_ENTROPY) but this
configuration option does not exist
anymore.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Since PSA is always on in 4.x, *_PSA_INIT() and *_PSA_DONE() can be
simply aliased to PSA_INIT() and PSA_DONE() until such a time as we
remove them.
Simplify the login of these PSA_INIT/DONE variants by aliasing them in
4.x and keeping the more complex 3.6 logic entirely separate.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Remove all.sh components that explicitly disable MBEDTLS_USE_PSA_CRYPTO, and
for which there is another component with MBEDTLS_USE_PSA_CRYPTO enabled
that does the same or more testing.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Variables that are in any way destructed on exit should be initialised
prior to any tests that might jump to exit, to save potential
uninitialised memory accesses.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
In order to avoid changing the CI job's definition (which fewer team
members understand, compared to shell scripts), just have a wrapper so
that all.sh does both mbedtls and tf-psa-crypto under the hood for now.
When tf-psa-crypto has its own CI running its own all.sh (with enough
components migrated to get sufficient coverage) we can remove this hack.
Rejected strategy: modify all-core.sh so that when running in mbedtls,
it also sources components-*.sh from tf-psa-crypto, remembers which
components come from Mbed TLS and which come from crypto, and magically
adjust the environment for each component it runs. Rejected because it's
hard to be confident we're adjusting everything that needs adjusting in
the environment. Having separate processes seems much safer.
The downside is we get more complexity around error handling (check for
components requested but not available, --keep-going). When using
--keep-going with failing component(s) in mbedtls and some components in
tf-psa-crypto, the output is not satisfying for humans as we don't have
a nice summary of all errors at the end like we normally would.
IMO this is acceptable since:
- this wrapper is transitional and should be removed in a few months;
- it is mainly for the benefit of the CI; humans can always invoke the
underlying commands directly.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
