The Windows CRT treats any invalid format specifiers passed to the CRT
as fatal assertion failures. Disable thie behaviour temporarily while
testing if the format specifiers we use are supported.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Move the suite's global dependency on MBEDTLS_SSL_TLS_C to the
individual test cases.
Add an preprocesor guard around string_debug to prevent warning about unused
functions.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
This allows any implementer of the PSA client interface to easily
include this header and therefore function's prototype.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The previous change that replaced CRYPTO_C with CRYPTO_CLIENT
caused an increase of the mbedtls_md struct in scenarios where
the hash related PSA_WANTs were enabled, but not accelerated.
This caused an ABI-API break which is not allowed for an LTS
branch.
Since the main goal here is to allow PSA dispatch in a "pure
crypto client" scenario, we partially revert the previous change
to config_adjust_legacy_crypto.h and add an extra condition
for "CRYPTO_CLIENT && !CRYPTO_C".
This commit also reverts changes done in analyze_outcomes.py
because they are no more necessary.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Instead of allowing PSA dispatching only when CRYPTO_C is set and
some MBEDTLS_PSA_ACCEL_ALG_xxx is set, we enable dispatching
when CRYPTO_CLIENT and PSA_WANT_ALG_xxx are set. This makes
the feature more useful in cases where the PSA support is
provided externally, like for example TF-M in Zephyr.
This commit also add proper guards for tests trying to use MD+PSA
dispatch.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Move the auto-enabling of CRYPTO_CLIENT when CRYPTO_C at the
beginning of the file so that all that becomes later is aware
of this.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit updates the paths in the documentation for metatest.c as it
has been moved to MbedTLS Framework.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit updates the paths in documentation for test_zeroize since it
has been moved to MbedTLS Framework.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit updates the path for the moved test_zeroize.gdb script which
has been moved to MbedTLS-Framework.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit updates the paths for dlopen_demo.sh in
components-build-system.sh as the file has been moved to the framework.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit updates the file paths necessary for dlopen_demo.sh,
metatest.c query_compile_time_config.c, query_config.h,
query_included_headers.c and zeroize.c.
This commit also adds a CFLAG to find header files now contained in the
framework.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit moves demo_common.sh, dlopen_demo.sh, metatest.c
query_compile_time_config.c, query_config.h, query_included_headers.c,
zeroize.c and test_zeroize.gdb from MbedTLS into the MbedTLS framework.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
The following files are moved to the framework repo (deleted here):
tests/scripts/test_psa_compliance.py
tests/scripts/test_psa_constant_names.py
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
These tests are about EC curves/groups, not DH ones, so the description
should be updated accordingly.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is the backport of commit b8ef2a4455 from the "development" branch
which adapts handshake_fragmentation() to use ECDHE-RSA instead of
DHE-RSA. However, since DHE-RSA is not removed in the mbedtls-3.6 branch,
here tests are added instead of replaced.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
PR #9916 adapt some DHE-RSA tests to use ECDHE-RSA instead. However,
since DHE-RSA is not deprecated in mbedtls-3.6 branch, this commit adds
these new tests alongside DHE-RSA ones intead of replacing them in order
to increase test coverage.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Add a note that we do aim to protect against undefined behaviour and
undefined behaviour in certificate parsing is in scope.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Clarify that strict formatting of X.509 certificates is not checked by
Mbed TLS and that it therefore should not be used to construct a CA.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
We should not manually set the TLS version, the tests are supposed to
pass in 1.3-only builds as well. Instead do the normal thing of setting
defaults. This doesn't interfere with the rest of the testing, so I'm
not sure why we were not doing it.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
