sed -i -f md.sed library/pkcs12.c tests/suites/test_suite_pkcs12.* include/mbedtls/pkcs12.h
with md.sed as before.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This enables access to all available hashes, instead of the previous
situation where you had to choose by including MD_C or not.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Note that ECC key derivation is not using drivers yet, as we don't have driver support for
cooked key derivation acceleration, see
https://github.com/Mbed-TLS/mbedtls/pull/5451 and follow-ups.
So, we still need MBEDTLS_ECP_C enabled at least for this, and probably
in several other places for now.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
But, for now, still guard things with MBEDTLS_MD5_C, as md.c can only
compute MD5 hashes when MBEDTLS_MD5_C is defined. We'll change the
guards once that has changed.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
All tests that call md_setup() or compute a hash of a HMAC may now need
it in some builds.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The test driver library tries to only build what's necessary, but must
use the same PSA_WANT macros as the main library. So, for things that
are not needed, it undefines MBEDTLS_PSA_BUILTIN_xxx and defines
MBEDTLS_PSA_ACCEL_xxx, unless the ACCEL symbol was defined on the
command line, in which case it undefines it and defineds BUILTIN
instead. This negation happens in crypto_config_test_driver_extension.h
and reflects the fact that what we want accelerated in the main library
is what we want built-in in the driver library (and vice versa if we
want to minimize the size of the driver library).
So, the ACCEL symbols in inside the test driver library (while it's
being built, not those on the command line) are a bit of a white lie:
they don't actually mean "there's an accelerator for this" but instead
"I won't include a built-in for this even though the corresponding
PSA_WANT symbol is defined".
This was quite harmless until MD started making dispatch decisions based
on the ACCEL symbols: when it tries to dispatch to an accelerator that
doesn't actually exist, things tend to go badly.
The minimal fix for this is to change how we enable extra hashes in the
test driver library: by defining the ACCEL symbol on the command line,
in the build we'll end up with the BUILTIN symbol (and implementation!)
and no ACCEL symbol, which is exactly what we want.
Long version: https://arm-ce.slack.com/archives/GTM3SM1K5/p1675071671707599
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This will be used in the next commit.
While at it, move driver initialization before RNG init - this will be
handy when the entropy module wants to use drivers for hashes.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
When passed an empty OID, mbedtls_oid_get_numeric_string would read one
byte from the zero-sized buffer and return an error code that depends on
its value. This is demonstrated by the test suite changes, which
check that an OID with length zero and an invalid buffer pointer does
not cause Mbed TLS to segfault.
Also check that second and subsequent subidentifiers are terminated, and
add a test case for that. Furthermore, stop relying on integer division
by 40, use the same loop for both the first and subsequent
subidentifiers, and add additional tests.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
