We actually only need two invocations.
This also moves all the default tests to OPENSSL_NEXT, which is good
because OPENSSL is ancient.
I have no idea why NULL doesn't work with OPENSSL_NEXT (1.1.1a) server,
because according to the manpage [1], "ALL,COMPLEMENTOFALL" (which is
what we are using) should do it, and indeed
$OPENSSL_NEXT ciphers "ALL,COMPLEMENTOFALL" | tr ':' '\n'
lists NULL ciphersuites, and also they work client-side with
OPENSSL_NEXT...
[1] https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
Also, while at it, remove partial invocation (only non-default) from one
component, as we already have a full invocation in the same config (plus
ASan) in another component.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Replace MBEDTLS_PSA_COPY_CALLER_BUFFERS with inverse:
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. This ensures that buffer
protection is enabled by default without any change to the Mbed TLS
config file.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The already existing component_test_psa_crypto_client() is renamed
as component_test_default_psa_crypto_client_without_crypto_provider()
while component_build_full_psa_crypto_client_without_crypto_provider()
was added.
- Both of them check that the missing symbols at link time (if any)
belong to the psa_xxx() family.
- The former builds with default config + CRYPTO_CLIENT - CRYPTO_C and
then runs test suites.
- The latter only perform the builds using the full config and then
it checks that PK-PSA bridge functions are present.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is possible because after #8740 RSA_C no longer depends on
PK to parse and write private/public keys.
This commit also solves related issues that arose after this change
in "pk.c" and "test_suite_pk". In particular now we can use
rsa's module functions for parsing and writing keys without need
to rely on pk_parse and pk_write functions.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Enabling this causes TSan warnings, as some self-tests use unprotected globals
(see X_count variables in ecp.c). This isn't an issue, as these globals are only
read in self tests, which do not use threads.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Since we officially disabled support for importing of PEM formatted keys
into PSA we removed dedicated tests from test_suite_psa_crypto. As a
consequence MBEDTLS_PEM_PARSE_C is no more an exception for
component_check_test_dependencies().
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Do not disable RSA_C and related modules because now it does not
automatically re-enable PK module.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
When building without PSA crypto functions, disable
MBEDTLS_PSA_CRYPTO_CLIENT as well as MBEDTLS_PSA_CRYPTO_C. With
just MBEDTLS_PSA_CRYPTO_CLIENT, PSA crypto API functions are supposed to
exist at link time but be provided by a third party.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
