This will be used for comparison in unit tests.
Add a possibility to write certificates with SAN
in cert_write.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
We don't commit *.o files anywhere, not even as test data. So ignore them
everywhere.
This resolves *.o files not being ignored under 3rdparty/p256-m.
Also remove a redundant ignore of *.exe in a subdirectory.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The fuzz programs were returning a nonzero status if they failed to load the
reproducer, but that's discreet and not informative. Make them also print an
error message.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Allow demo scripts to be run from the build directory for out-of-tree
builds.
If the executable is not found in the source tree then search in the
current directory in case the script is being run from a build
directory.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
When mbedtls_entropy_free() is called without mbedtls_entropy_init() entropy is uninitialized and contains garbage which may lead to segmentation fault.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Changes in test_suite_psa_crypto are to enforce the dependency
on ECP_C which is mandatory for some key's derivation.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates
Signed-off-by: toth92g <toth92g@gmail.com>
Unless I missed something, all remaining instance of all macros are in
files where it makes sense to use these. I went over the output of:
git grep -c -E 'MBEDTLS_(MD5|RIPEMD160|SHA[0-9]*)_C'
and I think all the files listed fall into one of the following
acceptable categories:
- documentation and historical documents: Changelog, docs/**/*.md
- config files and related: mbedtls_config.h, configs/*.h,
check_config.h, config_psa.h, etc.
- scripts that build/modify configs: all.sh, depends.py,
set_psa_test_dependencies.py, etc.
- implementation of MD or PSA or related: md.h, psa_util.h, etc. and
corresponding test suites
- implementation of hashes: md5.c, sha256.h, etc. and corresponding test
suites
- two example programs using a low-level hash API: hash/hello.c,
pkey/ecdsa.c
- test/benchmark.c, test/selftest.c: actually want our built-in
implementations
- a function in test_suite_psa_crypto_storage_format that is
specifically for checking if the hash is built in.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data
Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
1. Change USE_PSA_CRYPTO_INIT/DONE to MD_OR_USE.
2. Add missing occurrences - some of these were already necessary in
principle (in one form or another) but where missing and this was not
detected so far as `psa_hash` doesn't complain in case of a missing
init, but now MD makes it visible.
3. Add missing include in ssl_test_lib.h.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
When ';' is used as a separator san names must be provided in quotation marks:
./cert_req filename=../../tests/data_files/server8.key subject_name=dannybackx.hopto.org san="URI:http://pki.example.com/;IP:127.1.1.0;DNS:example.com"
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and
MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes
after the standard directory in the include file search path.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now it can accept serial both as decimal and hex number (only one format
at a time, of course, not simultaneously).
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.
From test result of #6712, this can improve the fail rate from 4%
to 92%.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
The following code:
#ifndef asm
#define asm __asm
#endif
causes Uncrustify to stop correcting the rest of the file. This may be
due to parsing the "asm" keyword in the definition.
Work around this by wrapping the idiom in an *INDENT-OFF* comment
wherever it appears.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This is meant to adapt to the new library design in which
SHA224 and SHA256 can be built independently from each other.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This is meant to adapt to the new library design in which
SHA384 and SHA512 can be built independently from each other.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
`conf_max_early_data_size` does not reuse as en/disable. When
call it, we should call `conf_early_data()` also.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
