Merge pull request #10093 from mpg/2.28-eol-dev
The LTS branch 2.28 is now EOL
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9f23c3b..a099356 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -420,20 +420,22 @@
if(GEN_FILES)
add_custom_command(
OUTPUT
- ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h
+ ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h
+ COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test
COMMAND
"${MBEDTLS_PYTHON_EXECUTABLE}"
"${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py"
"--output"
- "${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h"
+ "${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h"
DEPENDS
${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py
)
add_custom_target(mbedtls_test_keys_header
- DEPENDS ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h)
+ DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h)
add_dependencies(mbedtls_test mbedtls_test_keys_header)
endif()
target_include_directories(mbedtls_test
+ PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include
PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include
PRIVATE tests/include
PRIVATE include
@@ -454,20 +456,22 @@
if(GEN_FILES)
add_custom_command(
OUTPUT
- ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h
+ ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h
+ COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test
COMMAND
"${MBEDTLS_PYTHON_EXECUTABLE}"
"${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py"
"--output"
- "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h"
+ "${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h"
DEPENDS
${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py
)
add_custom_target(mbedtls_test_certs_header
- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h)
+ DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h)
add_dependencies(mbedtls_test_helpers mbedtls_test_certs_header)
endif()
target_include_directories(mbedtls_test_helpers
+ PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include
PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include
PRIVATE tests/include
PRIVATE include
diff --git a/framework b/framework
index 72b5acd..28dc4ca 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 72b5acd590097ee9d108b024bf727d752d18f97d
+Subproject commit 28dc4cae3f71f5425dd42953c6f2f38d49123bee
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 5943cfc..9817d35 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -1140,17 +1140,11 @@
* \param ctx certificate to write away
* \param buf buffer to write to
* \param size size of the buffer
- * \param f_rng RNG function. This must not be \c NULL.
- * \param p_rng RNG parameter
*
* \return length of data written if successful, or a specific
* error code
- *
- * \note \p f_rng is used for the signature operation.
*/
-int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
+int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size);
#if defined(MBEDTLS_PEM_WRITE_C)
/**
@@ -1159,16 +1153,11 @@
* \param ctx certificate to write away
* \param buf buffer to write to
* \param size size of the buffer
- * \param f_rng RNG function. This must not be \c NULL.
- * \param p_rng RNG parameter
*
* \return 0 if successful, or a specific error code
*
- * \note \p f_rng is used for the signature operation.
*/
-int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
+int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size);
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_X509_CRT_WRITE_C */
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 08e585f..f9eb04d 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -337,17 +337,12 @@
* \param ctx CSR to write away
* \param buf buffer to write to
* \param size size of the buffer
- * \param f_rng RNG function. This must not be \c NULL.
- * \param p_rng RNG parameter
*
* \return length of data written if successful, or a specific
* error code
*
- * \note \p f_rng is used for the signature operation.
*/
-int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
+int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size);
#if defined(MBEDTLS_PEM_WRITE_C)
/**
@@ -357,16 +352,11 @@
* \param ctx CSR to write away
* \param buf buffer to write to
* \param size size of the buffer
- * \param f_rng RNG function. This must not be \c NULL.
- * \param p_rng RNG parameter
*
* \return 0 if successful, or a specific error code
*
- * \note \p f_rng is used for the signature operation.
*/
-int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
+int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size);
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_X509_CSR_WRITE_C */
diff --git a/library/Makefile b/library/Makefile
index 61b2623..1c0e4d9 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -113,7 +113,6 @@
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_client.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o \
- $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_se.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_slot_management.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_storage.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_its_file.o \
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index c06844d..e0743e1 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2827,7 +2827,7 @@
ssl->out_msg + 6 + offset,
out_buf_len - 6 - offset,
&n,
- ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx)) != 0) {
+ rs_ctx)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index fb88cf2..84d5994 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -3035,9 +3035,7 @@
md_alg, hash, hashlen,
ssl->out_msg + ssl->out_msglen + 2,
out_buf_len - ssl->out_msglen - 2,
- signature_len,
- ssl->conf->f_rng,
- ssl->conf->p_rng)) != 0) {
+ signature_len)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
return ret;
}
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 1076dea..deba2ae 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -978,8 +978,7 @@
if ((ret = mbedtls_pk_sign_ext(pk_type, own_key,
md_alg, verify_hash, verify_hash_len,
- p + 4, (size_t) (end - (p + 4)), &signature_len,
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+ p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) {
MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s",
mbedtls_ssl_sig_alg_to_str(*sig_alg)));
MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret);
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 8a47697..7d20748 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -379,9 +379,7 @@
}
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
- unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+ unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const char *sig_oid;
@@ -571,8 +569,7 @@
if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg,
- hash, hash_length, sig, sizeof(sig), &sig_len,
- f_rng, p_rng)) != 0) {
+ hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) {
return ret;
}
@@ -614,15 +611,12 @@
#if defined(MBEDTLS_PEM_WRITE_C)
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt,
- unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+ unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen;
- if ((ret = mbedtls_x509write_crt_der(crt, buf, size,
- f_rng, p_rng)) < 0) {
+ if ((ret = mbedtls_x509write_crt_der(crt, buf, size)) < 0) {
return ret;
}
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index dd75d8f..e65ddb0 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -131,9 +131,7 @@
static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
unsigned char *buf,
size_t size,
- unsigned char *sig, size_t sig_size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+ unsigned char *sig, size_t sig_size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const char *sig_oid;
@@ -218,8 +216,7 @@
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
}
if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0,
- sig, sig_size, &sig_len,
- f_rng, p_rng)) != 0) {
+ sig, sig_size, &sig_len)) != 0) {
return ret;
}
@@ -274,9 +271,7 @@
}
int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
- size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+ size_t size)
{
int ret;
unsigned char *sig;
@@ -286,8 +281,7 @@
}
ret = x509write_csr_der_internal(ctx, buf, size,
- sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE,
- f_rng, p_rng);
+ sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE);
mbedtls_free(sig);
@@ -298,15 +292,12 @@
#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n"
#if defined(MBEDTLS_PEM_WRITE_C)
-int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen = 0;
- if ((ret = mbedtls_x509write_csr_der(ctx, buf, size,
- f_rng, p_rng)) < 0) {
+ if ((ret = mbedtls_x509write_csr_der(ctx, buf, size)) < 0) {
return ret;
}
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index 404c4ad..740dea5 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -82,8 +82,7 @@
return 1;
}
if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0,
- dummy_random, &ctr_drbg) != 0) {
+ mbedtls_test_srv_key_len, NULL, 0) != 0) {
return 1;
}
#endif
diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c
index 1a5fbba..8055603 100644
--- a/programs/fuzz/fuzz_privkey.c
+++ b/programs/fuzz/fuzz_privkey.c
@@ -44,8 +44,7 @@
goto exit;
}
- ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0,
- dummy_random, &ctr_drbg);
+ ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0);
if (ret == 0) {
#if defined(MBEDTLS_RSA_C)
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 64fe32d..857b1b6 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -91,8 +91,7 @@
return 1;
}
if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0,
- dummy_random, &ctr_drbg) != 0) {
+ mbedtls_test_srv_key_len, NULL, 0) != 0) {
return 1;
}
#endif
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index b064078..2be5842 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -248,8 +248,7 @@
goto cleanup;
}
- ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index b9b477b..e36130b 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -363,8 +363,7 @@
goto exit;
}
- ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x",
(unsigned int) -ret);
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index a7b9001..d2bfde5 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -89,8 +89,7 @@
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
fflush(stdout);
- if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
@@ -119,8 +118,7 @@
mbedtls_printf("\n . Decrypting the encrypted data");
fflush(stdout);
- if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result),
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_decrypt returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 28a849b..1ab2a3d 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -105,8 +105,7 @@
fflush(stdout);
if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]),
- buf, &olen, sizeof(buf),
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ buf, &olen, sizeof(buf))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_encrypt returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index af52583..92d9660 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -85,8 +85,7 @@
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
fflush(stdout);
- if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]);
goto exit;
}
@@ -106,8 +105,7 @@
}
if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
- buf, sizeof(buf), &olen,
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ buf, sizeof(buf), &olen)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret);
goto exit;
}
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index e4f27f3..a5e06fb 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -86,8 +86,7 @@
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
fflush(stdout);
- if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]);
mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
goto exit;
@@ -120,8 +119,7 @@
}
if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
- buf, sizeof(buf), &olen,
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ buf, sizeof(buf), &olen)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret);
goto exit;
}
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index d1c2a8c..a10a6e6 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -165,9 +165,7 @@
(const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len,
NULL,
- 0,
- mbedtls_ctr_drbg_random,
- &ctr_drbg);
+ 0);
if (ret != 0) {
printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 6ed073e..e4efadc 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1736,12 +1736,12 @@
} else
#if defined(MBEDTLS_FS_IO)
if (strlen(opt.key_file)) {
- ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd, rng_get, &rng);
+ ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd);
} else
#endif
{ ret = mbedtls_pk_parse_key(&pkey,
(const unsigned char *) mbedtls_test_cli_key,
- mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng); }
+ mbedtls_test_cli_key_len, NULL, 0); }
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
(unsigned int) -ret);
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index b959858..f1eb21f 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -138,8 +138,7 @@
}
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_test_srv_key_len, NULL, 0);
if (ret != 0) {
mbedtls_printf(" failed! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index d3354ca..69aefef 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -514,8 +514,7 @@
#if defined(MBEDTLS_FS_IO)
if (strlen(opt.key_file)) {
- ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "",
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "");
} else
#endif
#if defined(MBEDTLS_PEM_PARSE_C)
@@ -524,9 +523,7 @@
(const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len,
NULL,
- 0,
- mbedtls_ctr_drbg_random,
- &ctr_drbg);
+ 0);
}
#else
{
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index a1c583a..1214eb8 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -379,8 +379,7 @@
mbedtls_pk_init(&pkey);
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_test_srv_key_len, NULL, 0);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 4b101d3..0f27b82 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -144,8 +144,7 @@
}
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_test_srv_key_len, NULL, 0);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 8a0e18a..556e906 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -824,7 +824,7 @@
mbedtls_pk_init(new->key);
if (mbedtls_x509_crt_parse_file(new->cert, crt_file) != 0 ||
- mbedtls_pk_parse_keyfile(new->key, key_file, "", rng_get, &rng) != 0) {
+ mbedtls_pk_parse_keyfile(new->key, key_file, "") != 0) {
goto error;
}
@@ -1175,8 +1175,7 @@
* public key. */
for (slot = 0; slot < config_data->slots_used; slot++) {
if (mbedtls_pk_check_pair(&cert->pk,
- config_data->slots[slot].pk,
- rng_get, &rng) == 0) {
+ config_data->slots[slot].pk) == 0) {
break;
}
}
@@ -1247,12 +1246,16 @@
}
switch (ctx->operation_type) {
+ case ASYNC_OP_DECRYPT:
+ ret = mbedtls_pk_decrypt(key_slot->pk,
+ ctx->input, ctx->input_len,
+ output, output_len, output_size);
+ break;
case ASYNC_OP_SIGN:
ret = mbedtls_pk_sign(key_slot->pk,
ctx->md_alg,
ctx->input, ctx->input_len,
- output, output_size, output_len,
- config_data->f_rng, config_data->p_rng);
+ output, output_size, output_len);
break;
default:
mbedtls_printf(
@@ -2637,7 +2640,7 @@
if (strlen(opt.key_file) && strcmp(opt.key_file, "none") != 0) {
key_cert_init++;
if ((ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file,
- opt.key_pwd, rng_get, &rng)) != 0) {
+ opt.key_pwd)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
@@ -2659,7 +2662,7 @@
if (strlen(opt.key_file2) && strcmp(opt.key_file2, "none") != 0) {
key_cert_init2++;
if ((ret = mbedtls_pk_parse_keyfile(&pkey2, opt.key_file2,
- opt.key_pwd2, rng_get, &rng)) != 0) {
+ opt.key_pwd2)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
@@ -2686,8 +2689,7 @@
}
if ((ret = mbedtls_pk_parse_key(&pkey,
(const unsigned char *) mbedtls_test_srv_key_rsa,
- mbedtls_test_srv_key_rsa_len, NULL, 0,
- rng_get, &rng)) != 0) {
+ mbedtls_test_srv_key_rsa_len, NULL, 0)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
@@ -2704,8 +2706,7 @@
}
if ((ret = mbedtls_pk_parse_key(&pkey2,
(const unsigned char *) mbedtls_test_srv_key_ec,
- mbedtls_test_srv_key_ec_len, NULL, 0,
- rng_get, &rng)) != 0) {
+ mbedtls_test_srv_key_ec_len, NULL, 0)) != 0) {
mbedtls_printf(" failed\n ! pk_parse_key2 returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 1be335c..f09e938 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -109,9 +109,7 @@
mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
} opt;
-static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file)
{
int ret;
FILE *f;
@@ -119,7 +117,7 @@
size_t len = 0;
memset(output_buf, 0, 4096);
- if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096, f_rng, p_rng)) < 0) {
+ if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096)) < 0) {
return ret;
}
@@ -454,8 +452,7 @@
mbedtls_printf(" . Loading the private key ...");
fflush(stdout);
- ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned %d", ret);
@@ -472,8 +469,7 @@
mbedtls_printf(" . Writing the certificate request ...");
fflush(stdout);
- if ((ret = write_certificate_request(&req, opt.output_file,
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = write_certificate_request(&req, opt.output_file)) != 0) {
mbedtls_printf(" failed\n ! write_certificate_request %d", ret);
goto exit;
}
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 5993f24..9776dc1 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -206,9 +206,7 @@
int format; /* format */
} opt;
-static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file)
{
int ret;
FILE *f;
@@ -218,8 +216,7 @@
memset(output_buf, 0, 4096);
if (opt.format == FORMAT_DER) {
- ret = mbedtls_x509write_crt_der(crt, output_buf, 4096,
- f_rng, p_rng);
+ ret = mbedtls_x509write_crt_der(crt, output_buf, 4096);
if (ret < 0) {
return ret;
}
@@ -227,8 +224,7 @@
len = ret;
output_start = output_buf + 4096 - len;
} else {
- ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096,
- f_rng, p_rng);
+ ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096);
if (ret < 0) {
return ret;
}
@@ -780,7 +776,7 @@
fflush(stdout);
ret = mbedtls_pk_parse_keyfile(&loaded_subject_key, opt.subject_key,
- opt.subject_pwd, mbedtls_ctr_drbg_random, &ctr_drbg);
+ opt.subject_pwd);
if (ret != 0) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile "
@@ -795,7 +791,7 @@
fflush(stdout);
ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, opt.issuer_key,
- opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg);
+ opt.issuer_pwd);
if (ret != 0) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile "
@@ -806,8 +802,7 @@
// Check if key and issuer certificate match
//
if (strlen(opt.issuer_crt)) {
- if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key,
- mbedtls_ctr_drbg_random, &ctr_drbg) != 0) {
+ if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key) != 0) {
mbedtls_printf(" failed\n ! issuer_key does not match "
"issuer certificate\n\n");
goto exit;
@@ -984,8 +979,7 @@
mbedtls_printf(" . Writing the certificate...");
fflush(stdout);
- if ((ret = write_certificate(&crt, opt.output_file,
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = write_certificate(&crt, opt.output_file)) != 0) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" failed\n ! write_certificate -0x%04x - %s\n\n",
(unsigned int) -ret, buf);
diff --git a/scripts/config.py b/scripts/config.py
index 3508ce4..417f6e2 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -162,7 +162,6 @@
'MBEDTLS_PLATFORM_FPRINTF_ALT', # requires FILE* from stdio.h
'MBEDTLS_PLATFORM_NV_SEED_ALT', # requires a filesystem and ENTROPY_NV_SEED
'MBEDTLS_PLATFORM_TIME_ALT', # requires a clock and HAVE_TIME
- 'MBEDTLS_PSA_CRYPTO_SE_C', # requires a filesystem and PSA_CRYPTO_STORAGE_C
'MBEDTLS_PSA_CRYPTO_STORAGE_C', # requires a filesystem
'MBEDTLS_PSA_ITS_FILE_C', # requires a filesystem
'MBEDTLS_THREADING_C', # requires a threading interface
@@ -238,7 +237,6 @@
return continuation
DEPRECATED = frozenset([
- 'MBEDTLS_PSA_CRYPTO_SE_C',
*PSA_DEPRECATED_FEATURE
])
def no_deprecated_adapter(adapter):
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index 053040a..8152189 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -11,9 +11,18 @@
use warnings;
use strict;
+use Getopt::Long;
use Digest::MD5 'md5_hex';
+# Declare variables for options
my $vsx_dir = "visualc/VS2017";
+my $list = 0; # Default off
+
+GetOptions(
+ "directory=s" => \$vsx_dir, # Target directory
+ "list" => \$list # Only list generated files
+) or die "Invalid options\n";
+
my $vsx_ext = "vcxproj";
my $vsx_app_tpl_file = "scripts/data_files/vs2017-app-template.$vsx_ext";
my $vsx_main_tpl_file = "scripts/data_files/vs2017-main-template.$vsx_ext";
@@ -33,6 +42,8 @@
my $crypto_source_dir = 'tf-psa-crypto/drivers/builtin/src';
my $tls_test_source_dir = 'tests/src';
my $tls_test_header_dir = 'tests/include/test';
+my $crypto_test_source_dir = 'tf-psa-crypto/tests/src';
+my $crypto_test_header_dir = 'tf-psa-crypto/tests/include/test';
my $test_source_dir = 'framework/tests/src';
my $test_header_dir = 'framework/tests/include/test';
my $test_drivers_header_dir = 'framework/tests/include/test/drivers';
@@ -59,6 +70,7 @@
tf-psa-crypto/drivers/everest/include/everest/vs2013
tf-psa-crypto/drivers/everest/include/everest/kremlib
tests/include
+ tf-psa-crypto/tests/include
framework/tests/include
framework/tests/programs
);
@@ -122,9 +134,11 @@
&& -d $crypto_source_dir
&& -d $test_source_dir
&& -d $tls_test_source_dir
+ && -d $crypto_test_source_dir
&& -d $test_drivers_source_dir
&& -d $test_header_dir
&& -d $tls_test_header_dir
+ && -d $crypto_test_header_dir
&& -d $test_drivers_header_dir
&& -d $mbedtls_programs_dir
&& -d $framework_programs_dir
@@ -280,7 +294,9 @@
# Remove old files to ensure that, for example, project files from deleted
# apps are not kept
- del_vsx_files();
+ if (not $list) {
+ del_vsx_files();
+ }
my @app_list = get_app_list();
my @header_dirs = (
@@ -289,6 +305,7 @@
$psa_header_dir,
$test_header_dir,
$tls_test_header_dir,
+ $crypto_test_header_dir,
$test_drivers_header_dir,
$tls_source_dir,
$crypto_core_source_dir,
@@ -303,6 +320,7 @@
$crypto_source_dir,
$test_source_dir,
$tls_test_source_dir,
+ $crypto_test_source_dir,
$test_drivers_source_dir,
@thirdparty_source_dirs,
);
@@ -313,13 +331,22 @@
map { s!/!\\!g } @headers;
map { s!/!\\!g } @sources;
- gen_app_files( @app_list );
+ if ($list) {
+ foreach my $app (@app_list) {
+ $app =~ s/.*\///;
+ print "$vsx_dir/$app.$vsx_ext\n";
+ }
+ print "$vsx_main_file\n";
+ print "$vsx_sln_file\n";
+ } else {
+ gen_app_files( @app_list );
- gen_main_file( \@headers, \@sources,
- $vsx_hdr_tpl, $vsx_src_tpl,
- $vsx_main_tpl_file, $vsx_main_file );
+ gen_main_file( \@headers, \@sources,
+ $vsx_hdr_tpl, $vsx_src_tpl,
+ $vsx_main_tpl_file, $vsx_main_file );
- gen_vsx_solution( @app_list );
+ gen_vsx_solution( @app_list );
+ }
return 0;
}
diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index bef198f..418b668 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -7,30 +7,30 @@
@rem the "CC" environment variable must point to a C compiler.
@rem @@@@ library\** @@@@
-@rem psa_crypto_driver_wrappers.h needs to be generated prior to
-@rem generate_visualc_files.pl being invoked.
python tf-psa-crypto\scripts\generate_driver_wrappers.py || exit /b 1
perl scripts\generate_errors.pl || exit /b 1
perl scripts\generate_query_config.pl || exit /b 1
perl scripts\generate_features.pl || exit /b 1
python framework\scripts\generate_ssl_debug_helpers.py || exit /b 1
-@rem @@@@ Build @@@@
-perl scripts\generate_visualc_files.pl || exit /b 1
-
@rem @@@@ programs\** @@@@
cd tf-psa-crypto
python scripts\generate_psa_constants.py || exit /b 1
+python framework\scripts\generate_config_tests.py || exit /b 1
cd ..
@rem @@@@ tests\** @@@@
python framework\scripts\generate_bignum_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1
-python framework\scripts\generate_config_tests.py tests\suites\test_suite_config.mbedtls_boolean.data || exit /b 1
-python framework\scripts\generate_config_tests.py --directory tf-psa-crypto\tests\suites tests\suites\test_suite_config.psa_boolean.data || exit /b 1
+python framework\scripts\generate_config_tests.py || exit /b 1
python framework\scripts\generate_ecp_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1
python framework\scripts\generate_psa_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1
-python framework\scripts\generate_test_keys.py --output framework\tests\include\test\test_keys.h || exit /b 1
-python tf-psa-crypto\framework\scripts\generate_test_keys.py --output tf-psa-crypto\framework\tests\include\test\test_keys.h || exit /b 1
-python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1
+python framework\scripts\generate_test_keys.py --output tests\include\test\test_keys.h || exit /b 1
+python tf-psa-crypto\framework\scripts\generate_test_keys.py --output tf-psa-crypto\tests\include\test\test_keys.h || exit /b 1
+python framework\scripts\generate_test_cert_macros.py --output tests\include\test\test_certs.h || exit /b 1
python framework\scripts\generate_tls_handshake_tests.py || exit /b 1
python framework\scripts\generate_tls13_compat_tests.py || exit /b 1
+
+@rem @@@@ Build @@@@
+@rem Call generate_visualc_files.pl last to be sure everything else has been
+@rem generated before.
+perl scripts\generate_visualc_files.pl || exit /b 1
diff --git a/tests/.gitignore b/tests/.gitignore
index a4a0309..e58c8f0 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -22,6 +22,6 @@
/opt-testcases/tls13-compat.sh
/suites/*.generated.data
/suites/test_suite_config.mbedtls_boolean.data
-/src/test_keys.h
-/src/test_certs.h
+/include/test/test_keys.h
+/include/test/test_certs.h
###END_GENERATED_FILES###
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index a56a707..d12133d 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -19,15 +19,9 @@
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
OUTPUT_VARIABLE
- base_config_generated_data_files_raw)
+ base_config_generated_data_files)
string(REGEX REPLACE "[^;]*/" ""
- base_config_generated_data_files_raw "${base_config_generated_data_files_raw}")
-# Can be replace by list(FILTER ...) when CI CMake version is >=3.6
-foreach(file ${base_config_generated_data_files_raw})
- if(${file} MATCHES "mbedtls")
- list(APPEND base_config_generated_data_files ${file})
- endif()
-endforeach()
+ base_config_generated_data_files "${base_config_generated_data_files}")
# Derive generated file paths in the build directory. The generated data
# files go into the suites/ subdirectory.
@@ -50,7 +44,6 @@
${MBEDTLS_PYTHON_EXECUTABLE}
${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
- ${config_generated_data_files}
DEPENDS
${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py
# Do not declare the configuration files as dependencies: they
@@ -183,6 +176,7 @@
# files are automatically included because the library targets declare
# them as PUBLIC.
target_include_directories(test_suite_${data_name}
+ PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../framework/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library
diff --git a/tests/Makefile b/tests/Makefile
index b6f2f8c..87a6ca1 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -25,16 +25,23 @@
endif
GENERATED_CRYPTO_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES)
-GENERATED_CONFIG_DATA_FILES_RAW := $(patsubst tests/%,%,$(shell \
+GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(patsubst tests/%,%,$(shell \
$(PYTHON) ../framework/scripts/generate_config_tests.py --list || \
echo FAILED \
))
-ifeq ($(GENERATED_CONFIG_DATA_FILES),FAILED)
+ifeq ($(GENERATED_MBEDTLS_CONFIG_DATA_FILES),FAILED)
$(error "$(PYTHON) ../framework/scripts/generate_config_tests.py --list" failed)
endif
-GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(foreach file,$(GENERATED_CONFIG_DATA_FILES_RAW),$(if $(findstring mbedtls,$(file)),$(file),))
-GENERATED_PSA_CONFIG_DATA_FILES := $(foreach file,$(GENERATED_CONFIG_DATA_FILES_RAW),$(if $(findstring psa,$(file)),$(addprefix ../tf-psa-crypto/tests/,$(file)),))
-GENERATED_CONFIG_DATA_FILES := $(GENERATED_MBEDTLS_CONFIG_DATA_FILES)$(GENERATED_PSA_CONFIG_DATA_FILES)
+
+GENERATED_PSA_CONFIG_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \
+ $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list || \
+ echo FAILED \
+))
+ifeq ($(GENERATED_PSA_CONFIG_DATA_FILES),FAILED)
+$(error "$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list" failed)
+endif
+
+GENERATED_CONFIG_DATA_FILES := $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) $(GENERATED_PSA_CONFIG_DATA_FILES)
GENERATED_DATA_FILES += $(GENERATED_MBEDTLS_CONFIG_DATA_FILES)
GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_CONFIG_DATA_FILES)
@@ -57,9 +64,9 @@
GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_DATA_FILES)
GENERATED_FILES = $(GENERATED_DATA_FILES) $(GENERATED_CRYPTO_DATA_FILES)
-GENERATED_FILES += ../framework/tests/include/test/test_keys.h \
- ../tf-psa-crypto/framework/tests/include/test/test_keys.h \
- src/test_certs.h
+GENERATED_FILES += include/test/test_keys.h \
+ ../tf-psa-crypto/tests/include/test/test_keys.h \
+ include/test/test_certs.h
# Generated files needed to (fully) run ssl-opt.sh
.PHONY: ssl-opt
@@ -112,8 +119,8 @@
generated_config_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py
generated_config_test_data:
echo " Gen $(GENERATED_CONFIG_DATA_FILES)"
- $(PYTHON) ../framework/scripts/generate_config_tests.py $(GENERATED_MBEDTLS_CONFIG_DATA_FILES)
- $(PYTHON) ../framework/scripts/generate_config_tests.py --directory ../tf-psa-crypto/tests/suites $(GENERATED_PSA_CONFIG_DATA_FILES)
+ $(PYTHON) ../framework/scripts/generate_config_tests.py
+ cd ../tf-psa-crypto && $(PYTHON) ./framework/scripts/generate_config_tests.py
.SECONDARY: generated_config_test_data
$(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data
@@ -177,16 +184,16 @@
mbedtls_test: $(MBEDTLS_TEST_OBJS)
-src/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \
+include/test/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \
$($(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies)
echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@
-../framework/tests/include/test/test_keys.h: ../framework/scripts/generate_test_keys.py
+include/test/test_keys.h: ../framework/scripts/generate_test_keys.py
echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_test_keys.py --output $@
-../tf-psa-crypto/framework/tests/include/test/test_keys.h: ../tf-psa-crypto/framework/scripts/generate_test_keys.py
+../tf-psa-crypto/tests/include/test/test_keys.h: ../tf-psa-crypto/framework/scripts/generate_test_keys.py
echo " Gen $@"
$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_test_keys.py --output $@
@@ -197,8 +204,8 @@
# therefore the wildcard enumeration above doesn't include it.
TEST_OBJS_DEPS += ../framework/tests/include/test/instrument_record_status.h
endif
-TEST_OBJS_DEPS += src/test_certs.h ../framework/tests/include/test/test_keys.h \
- ../tf-psa-crypto/framework/tests/include/test/test_keys.h
+TEST_OBJS_DEPS += include/test/test_certs.h include/test/test_keys.h \
+ ../tf-psa-crypto/tests/include/test/test_keys.h
# Rule to compile common test C files in framework
../framework/tests/src/%.o : ../framework/tests/src/%.c $(TEST_OBJS_DEPS)
diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl
index 5490337..5770dea 100755
--- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl
+++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl
@@ -29,7 +29,6 @@
'mbedtls_psa_get_stats', # uses unsupported type
'mbedtls_psa_inject_entropy', # not in the default config, generally not for client use anyway
'mbedtls_psa_platform_get_builtin_key', # not in the default config, uses unsupported type
- 'mbedtls_psa_register_se_key', # not in the default config, generally not for client use anyway
'psa_get_key_slot_number', # not in the default config, uses unsupported type
'psa_key_derivation_verify_bytes', # not implemented yet
'psa_key_derivation_verify_key', # not implemented yet
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index ba10024..e3c8e08 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -141,10 +141,10 @@
if [ -d tf-psa-crypto ]; then
cd tf-psa-crypto
check scripts/generate_psa_constants.py ./programs/psa/psa_constant_names_generated.c
- check ../framework/scripts/generate_bignum_tests.py $(../framework/scripts/generate_bignum_tests.py --list)
- check ../framework/scripts/generate_config_tests.py tests/suites/test_suite_config.psa_boolean.data
- check ../framework/scripts/generate_ecp_tests.py $(../framework/scripts/generate_ecp_tests.py --list)
- check ../framework/scripts/generate_psa_tests.py $(../framework/scripts/generate_psa_tests.py --list)
+ check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bignum_tests.py --list)
+ check framework/scripts/generate_config_tests.py $(framework/scripts/generate_config_tests.py --list)
+ check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list)
+ check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list)
cd ..
# Generated files that are present in the repository even in the development
# branch. (This is intended to be temporary, until the generator scripts are
@@ -171,7 +171,7 @@
check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c
fi
-check framework/scripts/generate_test_keys.py framework/tests/include/test/test_keys.h
+check framework/scripts/generate_test_keys.py tests/include/test/test_keys.h
# Additional checks for Mbed TLS only
if in_mbedtls_repo; then
@@ -181,7 +181,7 @@
check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
check framework/scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh
check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh
- check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h
+ check framework/scripts/generate_test_cert_macros.py tests/include/test/test_certs.h
# generate_visualc_files enumerates source files (library/*.c). It doesn't
# care about their content, but the files must exist. So it must run after
# the step that creates or updates these files.
diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh
index 3ee88a3..85731a1 100644
--- a/tests/scripts/components-basic-checks.sh
+++ b/tests/scripts/components-basic-checks.sh
@@ -17,20 +17,38 @@
}
component_check_generated_files () {
- msg "Check: check-generated-files, files generated with make" # 2s
+ msg "Check make_generated_files.py consistency"
+ make neat
+ $FRAMEWORK/scripts/make_generated_files.py
+ $FRAMEWORK/scripts/make_generated_files.py --check
+ make neat
+
+ msg "Check files generated with make"
+ MBEDTLS_ROOT_DIR="$PWD"
make generated_files
- tests/scripts/check-generated-files.sh
+ $FRAMEWORK/scripts/make_generated_files.py --check
- msg "Check: check-generated-files -u, files present" # 2s
- tests/scripts/check-generated-files.sh -u
- # Check that the generated files are considered up to date.
- tests/scripts/check-generated-files.sh
+ cd $TF_PSA_CRYPTO_ROOT_DIR
+ ./framework/scripts/make_generated_files.py --check
- msg "Check: check-generated-files -u, files absent" # 2s
- command make neat
- tests/scripts/check-generated-files.sh -u
- # Check that the generated files are considered up to date.
- tests/scripts/check-generated-files.sh
+ msg "Check files generated with cmake"
+ cd "$MBEDTLS_ROOT_DIR"
+ mkdir "$OUT_OF_SOURCE_DIR"
+ cd "$OUT_OF_SOURCE_DIR"
+ cmake -D GEN_FILES=ON "$MBEDTLS_ROOT_DIR"
+ make
+ cd "$MBEDTLS_ROOT_DIR"
+
+ # Files for MS Visual Studio are not generated with cmake thus copy the
+ # ones generated with make to pacify make_generated_files.py check.
+ # Files for MS Visual Studio are rather on their way out thus not adding
+ # support for them with cmake.
+ cp -Rf visualc "$OUT_OF_SOURCE_DIR"
+
+ $FRAMEWORK/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR" --check
+
+ cd $TF_PSA_CRYPTO_ROOT_DIR
+ ./framework/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR/tf-psa-crypto" --check
# This component ends with the generated files present in the source tree.
# This is necessary for subsequent components!
diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh
index cee4d63..2dfa6d2 100644
--- a/tests/scripts/components-configuration.sh
+++ b/tests/scripts/components-configuration.sh
@@ -277,7 +277,6 @@
scripts/config.py unset MBEDTLS_PLATFORM_C
scripts/config.py unset MBEDTLS_NET_C
scripts/config.py unset MBEDTLS_FS_IO
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh
index 454d140..45d0960 100644
--- a/tests/scripts/components-sanitizers.sh
+++ b/tests/scripts/components-sanitizers.sh
@@ -114,9 +114,6 @@
# Interruptible ECC tests are not thread safe
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
- # The deprecated MBEDTLS_PSA_CRYPTO_SE_C interface is not thread safe.
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
-
CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan .
make
@@ -189,4 +186,3 @@
msg "test: main suites, Valgrind (full config)"
make memcheck
}
-
diff --git a/tests/src/certs.c b/tests/src/certs.c
index bacc846..d1af5b2 100644
--- a/tests/src/certs.c
+++ b/tests/src/certs.c
@@ -13,7 +13,7 @@
#include "mbedtls/pk.h"
-#include "test_certs.h"
+#include "test/test_certs.h"
/*
*
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 3c3bb6a..1ebd5a6 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -652,8 +652,7 @@
ret = mbedtls_pk_parse_key(
cert->pkey,
(const unsigned char *) mbedtls_test_srv_key_rsa_der,
- mbedtls_test_srv_key_rsa_der_len, NULL, 0,
- mbedtls_test_rnd_std_rand, NULL);
+ mbedtls_test_srv_key_rsa_der_len, NULL, 0);
TEST_ASSERT(ret == 0);
} else {
ret = mbedtls_x509_crt_parse(
@@ -665,8 +664,7 @@
ret = mbedtls_pk_parse_key(
cert->pkey,
(const unsigned char *) mbedtls_test_srv_key_ec_der,
- mbedtls_test_srv_key_ec_der_len, NULL, 0,
- mbedtls_test_rnd_std_rand, NULL);
+ mbedtls_test_srv_key_ec_der_len, NULL, 0);
TEST_ASSERT(ret == 0);
}
} else {
@@ -680,8 +678,7 @@
ret = mbedtls_pk_parse_key(
cert->pkey,
(const unsigned char *) mbedtls_test_cli_key_rsa_der,
- mbedtls_test_cli_key_rsa_der_len, NULL, 0,
- mbedtls_test_rnd_std_rand, NULL);
+ mbedtls_test_cli_key_rsa_der_len, NULL, 0);
TEST_ASSERT(ret == 0);
} else {
ret = mbedtls_x509_crt_parse(
@@ -693,8 +690,7 @@
ret = mbedtls_pk_parse_key(
cert->pkey,
(const unsigned char *) mbedtls_test_cli_key_ec_der,
- mbedtls_test_cli_key_ec_der_len, NULL, 0,
- mbedtls_test_rnd_std_rand, NULL);
+ mbedtls_test_cli_key_ec_der_len, NULL, 0);
TEST_ASSERT(ret == 0);
}
}
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index d1df9e3..376cd12 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -23,13 +23,18 @@
return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL,
olen, input, output, output_max_len);
}
+
static int mbedtls_rsa_sign_func(void *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig)
{
- return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, f_rng, p_rng,
- md_alg, hashlen, hash, sig);
+ return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ md_alg,
+ hashlen,
+ hash,
+ sig);
}
static size_t mbedtls_rsa_key_len_func(void *ctx)
{
@@ -210,8 +215,7 @@
mbedtls_pk_init(&key);
MD_OR_USE_PSA_INIT();
- TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
- mbedtls_test_rnd_std_rand, NULL) == 0);
+ TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0);
mbedtls_x509write_csr_set_md_alg(&req, md_type);
mbedtls_x509write_csr_set_key(&req, &key);
@@ -229,8 +233,7 @@
TEST_ASSERT(mbedtls_x509write_csr_set_subject_alternative_name(&req, san_list) == 0);
}
- ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf),
- mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf));
TEST_ASSERT(ret == 0);
pem_len = strlen((char *) buf);
@@ -254,9 +257,7 @@
TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf),
- mbedtls_test_rnd_pseudo_rand,
- &rnd_info);
+ der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf));
TEST_ASSERT(der_len >= 0);
if (der_len == 0) {
@@ -271,8 +272,7 @@
#else
der_len -= 1;
#endif
- ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len),
- mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len));
TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
exit:
@@ -306,8 +306,7 @@
memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
- TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
- mbedtls_test_rnd_std_rand, NULL) == 0);
+ TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0);
/* Turn the PK context into an opaque one. */
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0);
@@ -326,8 +325,7 @@
TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0);
}
- ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1,
- mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1);
TEST_ASSERT(ret == 0);
@@ -431,10 +429,10 @@
MD_OR_USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_parse_keyfile(&subject_key, subject_key_file,
- subject_pwd, mbedtls_test_rnd_std_rand, NULL) == 0);
+ subject_pwd) == 0);
TEST_ASSERT(mbedtls_pk_parse_keyfile(&issuer_key, issuer_key_file,
- issuer_pwd, mbedtls_test_rnd_std_rand, NULL) == 0);
+ issuer_pwd) == 0);
issuer_key_type = mbedtls_pk_get_type(&issuer_key);
@@ -522,8 +520,7 @@
if (set_subjectAltNames) {
TEST_ASSERT(mbedtls_x509write_crt_set_subject_alternative_name(&crt, san_list) == 0);
}
- ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf),
- mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf));
TEST_ASSERT(ret == 0);
pem_len = strlen((char *) buf);
@@ -565,9 +562,7 @@
TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
}
- der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf),
- mbedtls_test_rnd_pseudo_rand,
- &rnd_info);
+ der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf));
TEST_ASSERT(der_len >= 0);
if (der_len == 0) {
@@ -625,8 +620,7 @@
#endif
der_len -= 1;
- ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len),
- mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len));
TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
exit:
diff --git a/tf-psa-crypto b/tf-psa-crypto
index 3327985..43ea7fa 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit 332798582bccda6e5f90dbe85dd8898d5dbdf652
+Subproject commit 43ea7fa25cd8a288c5b75dbb0b4eb47df6ffca8b