Wherever we have a requirement on foo>=N, install foo==N. This is for
testing, to ensure that we don't accidentally depend on features that are
not present in the minimum version we declare support for.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Driver implementers need to regenerate wrappers. This will use Jinja2 as
discussed in
https://github.com/ARMmbed/mbedtls/pull/5067#discussion_r738794607
On the development branch, driver integration is always needed to generate
the driver wrapper and thus to build the library, so this requirement
applies to everyone, not just driver implementers. In releases, we plan to
include a default driver wrapper with support for basic use cases only,
meaning that the line `-r driver.requirements.txt` should be removed from
`basic.requirements.txt` in releases.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add pip requirements files. We'll have separate requirements files for
different target audiences. Each file can use `-r` lines to include other
files.
This commit adds two requirement files: one with everything that's needed to
pass the CI, and one with additional tools that are suggested for Mbed TLS
maintainers to install locally.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
psa_key_derivation_output_key: prioritize BAD_STATE over NOT_PERMITTED
If psa_key_derivation_output_key() is called on an operation which hasn't been
set up or which has been aborted, return PSA_ERROR_BAD_STATE. Only return
PSA_ERROR_NOT_PERMITTED if the operation state is ok for
psa_key_derivation_input_bytes() or psa_key_derivation_output_bytes() but not
ok to output a key.
Ideally psa_key_derivation_output_key() would return PSA_ERROR_NOT_PERMITTED
only when psa_key_derivation_output_bytes() is possible, but this is clumsier
to implement.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Previously passing a NULL or zero length password into either
mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate
loop, and it was also possible to pass a NULL password, with a non-zero
length, which would cause memory corruption.
I have fixed these errors, and improved the documentation to reflect the
changes and further explain what is expected of the inputs.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Remove client certificate verify in tests.
Change the layout of structure to fix abi_api check issues.
Add comments of Finished.
Align with the coding styles.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
Non-regression for the fix in https://github.com/ARMmbed/mbedtls/pull/5126:
libmbedtls and libmbedx509 did not declare their dependencies on libmbedx509
and libmbedcrypto when built with make.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
