With the `depend.py` using the crypto config the `PBKDF2_HMAC` can be
enabled so thest cases can be run.
The equivalence (synonym) between `PSA_WANT_ALG_RSA_PSS_ANY_SALT` and
`PSA_WANT_ALG_RSA_PSS` is now done properly, the test can be run.
Dependencies for `MBEDTLS_CIPHER_PADDING_PKCS7' has been updated and
now it can be actually disabled.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
In the test examples and real usage scenarios, 'mbedtls_net_free' is called after 'mbedtls_net_connect' fails, which will cause the problem of double close the same fd. It is possible to close this closed fd which has been applied by other link.
Signed-off-by: makejian <makejian@xiaomi.com>
The PSA and MbedTLS options can switch the same functionality separately
so add a check to ensure the cpnsistency.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
We cannot add the equivalent of
cmake_package_install yet as the build in
tf-psa-crypto still references some headers
in ./include/mbedtls like mbedtls_config.h.
We cannot add the equivalent of
cmake_subproject yet as currently only
the case of the Mbed TLS parent project is
supported.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Use MBEDTLS/TF_PSA_CRYTPO_AS_SUBPROJECT
instead of using the test employed to set
MBEDTLS/TF_PSA_CRYTPO_AS_SUBPROJECT value.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Let the projects using some CMakeLists.txt files
without the top CMakeLists.txt define the variables
that the top CMakeLists.txt set for all.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Without quotes, when the variable is empty, the shell will see three
tokens: [, -n, ]. After skipping ] as usual, it will see a single token,
so it will consider it not as command, but a string to be tested for "is
it empty", and since "-n" is not empty, the command will return true.
With quotes it see 4 tokens: [, -n, <empty string>, ] and interprets -n
as desired.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Replace obvious additions of an `MBEDTLS_ERR_xxx` constant by a call to
`MBEDTLS_ERROR_ADD`.
Skip `case` statements since `MBEDTLS_ERROR_ADD(pp_constant)` is not a
preprocessor constant.
This commit does not replace additions split over lines. Those will be
handled in a subsequent commit.
```
git ls-files '*.h' '*.c' '*.function' '*.data' |
xargs perl -i -pe '
next if /\bcase\b/;
s/\b(MBEDTLS_ERR_\w+)\s*\+\s*(\w+)\b/MBEDTLS_ERROR_ADD($1, $2)/g;
s/\b(\w+)\s*\+\s*(MBEDTLS_ERR_\w+)\b/MBEDTLS_ERROR_ADD($1, $2)/g'
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This aligns development and 3.6 in preparation for moving to the
framework repo.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The pk_write_pubkey_check sometimes take ~3 hours to run with
GCC+Asan on the CI in the full config. Comment out the slowest
ones while we investigate and release 3.6.2.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Old GCC versions hit a performance problem with test_suite_pkwrite
"Private keey write check EC" tests when building with Asan+UBSan
and -O3: those tests take more than 100x time than normal, with
test_suite_pkwrite taking >3h on the CI. Observed with GCC 5.4 on
Ubuntu 16.04 x86_64 and GCC 6.5 on Ubuntu 18.04 x86_64.
GCC 7.5 and above on Ubuntu 18.04 appear fine.
To avoid the performance problem, use -O2 instead of -O3 in then "Asan"
build type with GCC. It doesn't slow down much even with modern compiler
versions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
