Wherever we have a requirement on foo>=N, install foo==N. This is for
testing, to ensure that we don't accidentally depend on features that are
not present in the minimum version we declare support for.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Driver implementers need to regenerate wrappers. This will use Jinja2 as
discussed in
https://github.com/ARMmbed/mbedtls/pull/5067#discussion_r738794607
On the development branch, driver integration is always needed to generate
the driver wrapper and thus to build the library, so this requirement
applies to everyone, not just driver implementers. In releases, we plan to
include a default driver wrapper with support for basic use cases only,
meaning that the line `-r driver.requirements.txt` should be removed from
`basic.requirements.txt` in releases.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add pip requirements files. We'll have separate requirements files for
different target audiences. Each file can use `-r` lines to include other
files.
This commit adds two requirement files: one with everything that's needed to
pass the CI, and one with additional tools that are suggested for Mbed TLS
maintainers to install locally.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add usage information to the ARGV-incorrect-length error
message in generate_query_config.pl. A plain usage message
looks a bit incongruous when raised as an error, but the
error message alone is unhelpful.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Genertae test_suite_psa_crypto_generate_key.generated.data.
Use test_suite_psa_crypto_generate_key.function as a test function.
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
This is a variant of PSA_ALG_RSA_PSS which currently has exactly the same
behavior, but is intended to have a different behavior when verifying
signatures.
In a subsequent commit, PSA_ALG_RSA_PSS will change to requiring the salt
length to be what it would produce when signing, as is currently documented,
whereas PSA_ALG_RSA_PSS_ANY_SALT will retain the current behavior of
allowing any salt length (including 0).
Changes in this commit:
* New algorithm constructor PSA_ALG_RSA_PSS_ANY_SALT.
* New predicates PSA_ALG_IS_RSA_PSS_STANDARD_SALT (corresponding to
PSA_ALG_RSA_PSS) and PSA_ALG_IS_RSA_PSS_ANY_SALT (corresponding to
PSA_ALG_RSA_PSS_ANY_SALT).
* Support for the new predicates in macro_collector.py (needed for
generate_psa_constant_names).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
They were recognized by a prior commit. In this commit, replace line
breaks (with optional comment continuation marker) by spaces.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Before this commit, definitions of error codes must match a strict pattern,
with a Doxygen comment following the definition on the same line and
starting with "/**<". Change how generate_errors.pl so that the Doxygen
comment can be before the definition instead of after, and doesn't have to
be on the same line.
Also allow spaces between "#" and "define", and allow Doxygen comments to
start with "/*!" rather than "/**". Starting with "///" or "//!" is not
supported.
This commit does not change the output of generate_errors.pl.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add test cases validating that if a stored key only had the hash policy,
then after loading it psa_get_key_attributes reports that it also has the
message policy, and the key can be used with message functions.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
Also remove preprocessor logic for MBEDTLS_CONFIG_FILE, since
build_info.h alreadyy handles it.
This commit was generated using the following script:
# ========================
#!/bin/sh
git ls-files | grep -v '^include/mbedtls/build_info\.h$' | xargs sed -b -E -i '
/^#if !?defined\(MBEDTLS_CONFIG_FILE\)/i#include "mbedtls/build_info.h"
//,/^#endif/d
'
# ========================
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Test keys with various persistence levels, enumerated from the
metadata tests.
For read-only keys, do not attempt to create or destroy the key
through the API, only to read a key that has been injected into
storage directly through filesystem access.
Do not test keys with a non-default location, since they require a
driver and we do not yet have a dependency mechanism to require the
presence of a driver for a specific location value.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It was used to remove the code used when mbedtls_ecp_mul() received a
NULL RNG parameter. This code is no longer relevant (as the RNG may no
longer be NULL) and will be unconditionally removed in the next commit.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The new method `Config.change_matching` and the new command-line
commands `set-all` and `unset-all` change a batch of existing boolean
settings to the desired state (active or inactive).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
