Merge pull request #9690 from valeriosetti/fix-pk-write-buffer-overrun
pkwrite: fix buffer overrun
diff --git a/ChangeLog.d/fix-driver-schema-check.txt b/ChangeLog.d/fix-driver-schema-check.txt
new file mode 100644
index 0000000..9b6d8ac
--- /dev/null
+++ b/ChangeLog.d/fix-driver-schema-check.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix invalid JSON schemas for driver descriptions used by
+ generate_driver_wrappers.py.
diff --git a/docs/architecture/testing/test-framework.md b/docs/architecture/testing/test-framework.md
index 80667df..a9e3dac 100644
--- a/docs/architecture/testing/test-framework.md
+++ b/docs/architecture/testing/test-framework.md
@@ -22,7 +22,7 @@
* Make the description descriptive. “foo: x=2, y=4” is more descriptive than “foo #2”. “foo: 0<x<y, both even” is even better if these inequalities and parities are why this particular test data was chosen.
* Avoid changing the description of an existing test case without a good reason. This breaks the tracking of failures across CI runs, since this tracking is based on the descriptions.
-`tests/scripts/check_test_cases.py` enforces some rules and warns if some guidelines are violated.
+`framework/scripts/check_test_cases.py` enforces some rules and warns if some guidelines are violated.
## TLS tests
diff --git a/framework b/framework
index 33ac133..1de0641 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 33ac13321737c333f52659ee848ca25746588227
+Subproject commit 1de0641e789d3c38b3ce99d7922002992cbe816c
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/version.h b/include/mbedtls/version.h
similarity index 100%
rename from tf-psa-crypto/drivers/builtin/include/mbedtls/version.h
rename to include/mbedtls/version.h
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 007aa35..ca48a75 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -36,11 +36,28 @@
ssl_tls13_server.c
ssl_tls13_client.c
ssl_tls13_generic.c
+ version.c
+ version_features.c
)
if(GEN_FILES)
add_custom_command(
OUTPUT
+ ${CMAKE_CURRENT_BINARY_DIR}/version_features.c
+ COMMAND
+ ${PERL_EXECUTABLE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl
+ ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
+ ${CMAKE_CURRENT_BINARY_DIR}/version_features.c
+ DEPENDS
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl
+ ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/version_features.fmt
+ )
+
+ add_custom_command(
+ OUTPUT
${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
@@ -52,6 +69,7 @@
${tls_error_headers}
)
else()
+ link_to_source(version_features.c)
link_to_source(ssl_debug_helpers_generated.c)
endif()
diff --git a/library/Makefile b/library/Makefile
index 96f454e..9490aa7 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -7,7 +7,7 @@
GENERATED_FILES := \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/error.c \
- $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.c \
+ version_features.c \
ssl_debug_helpers_generated.c \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c
@@ -188,8 +188,6 @@
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha3.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/threading.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/timing.o \
- $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version.o \
- $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.o \
# This line is intentionally left blank
THIRDPARTY_DIR := $(MBEDTLS_PATH)/tf-psa-crypto/drivers
@@ -229,6 +227,8 @@
ssl_tls13_client.o \
ssl_tls13_server.o \
ssl_tls13_generic.o \
+ version.o \
+ version_features.o \
# This line is intentionally left blank
.SILENT:
@@ -370,15 +370,15 @@
echo " Gen $@"
$(PYTHON) ../scripts/generate_ssl_debug_helpers.py --mbedtls-root .. .
-$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.c: $(gen_file_dep) ../scripts/generate_features.pl
-$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.c: $(gen_file_dep) ../scripts/data_files/version_features.fmt
+version_features.c: $(gen_file_dep) ../scripts/generate_features.pl
+version_features.c: $(gen_file_dep) ../scripts/data_files/version_features.fmt
## The generated file only depends on the options that are present in mbedtls_config.h,
## not on which options are set. To avoid regenerating this file all the time
## when switching between configurations, don't declare mbedtls_config.h as a
## dependency. Remove this file from your working tree if you've just added or
## removed an option in mbedtls_config.h.
#version_features.c: ../include/mbedtls/mbedtls_config.h
-$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.c:
+version_features.c:
echo " Gen $@"
$(PERL) ../scripts/generate_features.pl
diff --git a/library/common.h b/library/common.h
deleted file mode 100644
index 7bb2674..0000000
--- a/library/common.h
+++ /dev/null
@@ -1,437 +0,0 @@
-/**
- * \file common.h
- *
- * \brief Utility macros for internal use in the library
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef MBEDTLS_LIBRARY_COMMON_H
-#define MBEDTLS_LIBRARY_COMMON_H
-
-#include "mbedtls/build_info.h"
-#include "alignment.h"
-
-#include <assert.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stddef.h>
-
-#if defined(__ARM_NEON)
-#include <arm_neon.h>
-#define MBEDTLS_HAVE_NEON_INTRINSICS
-#elif defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64)
-#include <arm64_neon.h>
-#define MBEDTLS_HAVE_NEON_INTRINSICS
-#endif
-
-/** Helper to define a function as static except when building invasive tests.
- *
- * If a function is only used inside its own source file and should be
- * declared `static` to allow the compiler to optimize for code size,
- * but that function has unit tests, define it with
- * ```
- * MBEDTLS_STATIC_TESTABLE int mbedtls_foo(...) { ... }
- * ```
- * and declare it in a header in the `library/` directory with
- * ```
- * #if defined(MBEDTLS_TEST_HOOKS)
- * int mbedtls_foo(...);
- * #endif
- * ```
- */
-#if defined(MBEDTLS_TEST_HOOKS)
-#define MBEDTLS_STATIC_TESTABLE
-#else
-#define MBEDTLS_STATIC_TESTABLE static
-#endif
-
-#if defined(MBEDTLS_TEST_HOOKS)
-extern void (*mbedtls_test_hook_test_fail)(const char *test, int line, const char *file);
-#define MBEDTLS_TEST_HOOK_TEST_ASSERT(TEST) \
- do { \
- if ((!(TEST)) && ((*mbedtls_test_hook_test_fail) != NULL)) \
- { \
- (*mbedtls_test_hook_test_fail)( #TEST, __LINE__, __FILE__); \
- } \
- } while (0)
-#else
-#define MBEDTLS_TEST_HOOK_TEST_ASSERT(TEST)
-#endif /* defined(MBEDTLS_TEST_HOOKS) */
-
-/** \def ARRAY_LENGTH
- * Return the number of elements of a static or stack array.
- *
- * \param array A value of array (not pointer) type.
- *
- * \return The number of elements of the array.
- */
-/* A correct implementation of ARRAY_LENGTH, but which silently gives
- * a nonsensical result if called with a pointer rather than an array. */
-#define ARRAY_LENGTH_UNSAFE(array) \
- (sizeof(array) / sizeof(*(array)))
-
-#if defined(__GNUC__)
-/* Test if arg and &(arg)[0] have the same type. This is true if arg is
- * an array but not if it's a pointer. */
-#define IS_ARRAY_NOT_POINTER(arg) \
- (!__builtin_types_compatible_p(__typeof__(arg), \
- __typeof__(&(arg)[0])))
-/* A compile-time constant with the value 0. If `const_expr` is not a
- * compile-time constant with a nonzero value, cause a compile-time error. */
-#define STATIC_ASSERT_EXPR(const_expr) \
- (0 && sizeof(struct { unsigned int STATIC_ASSERT : 1 - 2 * !(const_expr); }))
-
-/* Return the scalar value `value` (possibly promoted). This is a compile-time
- * constant if `value` is. `condition` must be a compile-time constant.
- * If `condition` is false, arrange to cause a compile-time error. */
-#define STATIC_ASSERT_THEN_RETURN(condition, value) \
- (STATIC_ASSERT_EXPR(condition) ? 0 : (value))
-
-#define ARRAY_LENGTH(array) \
- (STATIC_ASSERT_THEN_RETURN(IS_ARRAY_NOT_POINTER(array), \
- ARRAY_LENGTH_UNSAFE(array)))
-
-#else
-/* If we aren't sure the compiler supports our non-standard tricks,
- * fall back to the unsafe implementation. */
-#define ARRAY_LENGTH(array) ARRAY_LENGTH_UNSAFE(array)
-#endif
-/** Allow library to access its structs' private members.
- *
- * Although structs defined in header files are publicly available,
- * their members are private and should not be accessed by the user.
- */
-#define MBEDTLS_ALLOW_PRIVATE_ACCESS
-
-/**
- * \brief Securely zeroize a buffer then free it.
- *
- * Similar to making consecutive calls to
- * \c mbedtls_platform_zeroize() and \c mbedtls_free(), but has
- * code size savings, and potential for optimisation in the future.
- *
- * Guaranteed to be a no-op if \p buf is \c NULL and \p len is 0.
- *
- * \param buf Buffer to be zeroized then freed.
- * \param len Length of the buffer in bytes
- */
-void mbedtls_zeroize_and_free(void *buf, size_t len);
-
-/** Return an offset into a buffer.
- *
- * This is just the addition of an offset to a pointer, except that this
- * function also accepts an offset of 0 into a buffer whose pointer is null.
- * (`p + n` has undefined behavior when `p` is null, even when `n == 0`.
- * A null pointer is a valid buffer pointer when the size is 0, for example
- * as the result of `malloc(0)` on some platforms.)
- *
- * \param p Pointer to a buffer of at least n bytes.
- * This may be \p NULL if \p n is zero.
- * \param n An offset in bytes.
- * \return Pointer to offset \p n in the buffer \p p.
- * Note that this is only a valid pointer if the size of the
- * buffer is at least \p n + 1.
- */
-static inline unsigned char *mbedtls_buffer_offset(
- unsigned char *p, size_t n)
-{
- return p == NULL ? NULL : p + n;
-}
-
-/** Return an offset into a read-only buffer.
- *
- * Similar to mbedtls_buffer_offset(), but for const pointers.
- *
- * \param p Pointer to a buffer of at least n bytes.
- * This may be \p NULL if \p n is zero.
- * \param n An offset in bytes.
- * \return Pointer to offset \p n in the buffer \p p.
- * Note that this is only a valid pointer if the size of the
- * buffer is at least \p n + 1.
- */
-static inline const unsigned char *mbedtls_buffer_offset_const(
- const unsigned char *p, size_t n)
-{
- return p == NULL ? NULL : p + n;
-}
-
-/* Always inline mbedtls_xor() for similar reasons as mbedtls_xor_no_simd(). */
-#if defined(__IAR_SYSTEMS_ICC__)
-#pragma inline = forced
-#elif defined(__GNUC__)
-__attribute__((always_inline))
-#endif
-/**
- * Perform a fast block XOR operation, such that
- * r[i] = a[i] ^ b[i] where 0 <= i < n
- *
- * \param r Pointer to result (buffer of at least \p n bytes). \p r
- * may be equal to either \p a or \p b, but behaviour when
- * it overlaps in other ways is undefined.
- * \param a Pointer to input (buffer of at least \p n bytes)
- * \param b Pointer to input (buffer of at least \p n bytes)
- * \param n Number of bytes to process.
- *
- * \note Depending on the situation, it may be faster to use either mbedtls_xor() or
- * mbedtls_xor_no_simd() (these are functionally equivalent).
- * If the result is used immediately after the xor operation in non-SIMD code (e.g, in
- * AES-CBC), there may be additional latency to transfer the data from SIMD to scalar
- * registers, and in this case, mbedtls_xor_no_simd() may be faster. In other cases where
- * the result is not used immediately (e.g., in AES-CTR), mbedtls_xor() may be faster.
- * For targets without SIMD support, they will behave the same.
- */
-static inline void mbedtls_xor(unsigned char *r,
- const unsigned char *a,
- const unsigned char *b,
- size_t n)
-{
- size_t i = 0;
-#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)
-#if defined(MBEDTLS_HAVE_NEON_INTRINSICS) && \
- (!(defined(MBEDTLS_COMPILER_IS_GCC) && MBEDTLS_GCC_VERSION < 70300))
- /* Old GCC versions generate a warning here, so disable the NEON path for these compilers */
- for (; (i + 16) <= n; i += 16) {
- uint8x16_t v1 = vld1q_u8(a + i);
- uint8x16_t v2 = vld1q_u8(b + i);
- uint8x16_t x = veorq_u8(v1, v2);
- vst1q_u8(r + i, x);
- }
-#if defined(__IAR_SYSTEMS_ICC__)
- /* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case
- * where n is a constant multiple of 16.
- * For other compilers (e.g. recent gcc and clang) it makes no difference if n is a compile-time
- * constant, and is a very small perf regression if n is not a compile-time constant. */
- if (n % 16 == 0) {
- return;
- }
-#endif
-#elif defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64)
- /* This codepath probably only makes sense on architectures with 64-bit registers */
- for (; (i + 8) <= n; i += 8) {
- uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i);
- mbedtls_put_unaligned_uint64(r + i, x);
- }
-#if defined(__IAR_SYSTEMS_ICC__)
- if (n % 8 == 0) {
- return;
- }
-#endif
-#else
- for (; (i + 4) <= n; i += 4) {
- uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i);
- mbedtls_put_unaligned_uint32(r + i, x);
- }
-#if defined(__IAR_SYSTEMS_ICC__)
- if (n % 4 == 0) {
- return;
- }
-#endif
-#endif
-#endif
- for (; i < n; i++) {
- r[i] = a[i] ^ b[i];
- }
-}
-
-/* Always inline mbedtls_xor_no_simd() as we see significant perf regressions when it does not get
- * inlined (e.g., observed about 3x perf difference in gcm_mult_largetable with gcc 7 - 12) */
-#if defined(__IAR_SYSTEMS_ICC__)
-#pragma inline = forced
-#elif defined(__GNUC__)
-__attribute__((always_inline))
-#endif
-/**
- * Perform a fast block XOR operation, such that
- * r[i] = a[i] ^ b[i] where 0 <= i < n
- *
- * In some situations, this can perform better than mbedtls_xor() (e.g., it's about 5%
- * better in AES-CBC).
- *
- * \param r Pointer to result (buffer of at least \p n bytes). \p r
- * may be equal to either \p a or \p b, but behaviour when
- * it overlaps in other ways is undefined.
- * \param a Pointer to input (buffer of at least \p n bytes)
- * \param b Pointer to input (buffer of at least \p n bytes)
- * \param n Number of bytes to process.
- *
- * \note Depending on the situation, it may be faster to use either mbedtls_xor() or
- * mbedtls_xor_no_simd() (these are functionally equivalent).
- * If the result is used immediately after the xor operation in non-SIMD code (e.g, in
- * AES-CBC), there may be additional latency to transfer the data from SIMD to scalar
- * registers, and in this case, mbedtls_xor_no_simd() may be faster. In other cases where
- * the result is not used immediately (e.g., in AES-CTR), mbedtls_xor() may be faster.
- * For targets without SIMD support, they will behave the same.
- */
-static inline void mbedtls_xor_no_simd(unsigned char *r,
- const unsigned char *a,
- const unsigned char *b,
- size_t n)
-{
- size_t i = 0;
-#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)
-#if defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64)
- /* This codepath probably only makes sense on architectures with 64-bit registers */
- for (; (i + 8) <= n; i += 8) {
- uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i);
- mbedtls_put_unaligned_uint64(r + i, x);
- }
-#if defined(__IAR_SYSTEMS_ICC__)
- /* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case
- * where n is a constant multiple of 8.
- * For other compilers (e.g. recent gcc and clang) it makes no difference if n is a compile-time
- * constant, and is a very small perf regression if n is not a compile-time constant. */
- if (n % 8 == 0) {
- return;
- }
-#endif
-#else
- for (; (i + 4) <= n; i += 4) {
- uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i);
- mbedtls_put_unaligned_uint32(r + i, x);
- }
-#if defined(__IAR_SYSTEMS_ICC__)
- if (n % 4 == 0) {
- return;
- }
-#endif
-#endif
-#endif
- for (; i < n; i++) {
- r[i] = a[i] ^ b[i];
- }
-}
-
-/* Fix MSVC C99 compatible issue
- * MSVC support __func__ from visual studio 2015( 1900 )
- * Use MSVC predefine macro to avoid name check fail.
- */
-#if (defined(_MSC_VER) && (_MSC_VER <= 1900))
-#define /*no-check-names*/ __func__ __FUNCTION__
-#endif
-
-/* Define `asm` for compilers which don't define it. */
-/* *INDENT-OFF* */
-#ifndef asm
-#if defined(__IAR_SYSTEMS_ICC__)
-#define asm __asm
-#else
-#define asm __asm__
-#endif
-#endif
-/* *INDENT-ON* */
-
-/*
- * Define the constraint used for read-only pointer operands to aarch64 asm.
- *
- * This is normally the usual "r", but for aarch64_32 (aka ILP32,
- * as found in watchos), "p" is required to avoid warnings from clang.
- *
- * Note that clang does not recognise '+p' or '=p', and armclang
- * does not recognise 'p' at all. Therefore, to update a pointer from
- * aarch64 assembly, it is necessary to use something like:
- *
- * uintptr_t uptr = (uintptr_t) ptr;
- * asm( "ldr x4, [%x0], #8" ... : "+r" (uptr) : : )
- * ptr = (void*) uptr;
- *
- * Note that the "x" in "%x0" is neccessary; writing "%0" will cause warnings.
- */
-#if defined(__aarch64__) && defined(MBEDTLS_HAVE_ASM)
-#if UINTPTR_MAX == 0xfffffffful
-/* ILP32: Specify the pointer operand slightly differently, as per #7787. */
-#define MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT "p"
-#elif UINTPTR_MAX == 0xfffffffffffffffful
-/* Normal case (64-bit pointers): use "r" as the constraint for pointer operands to asm */
-#define MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT "r"
-#else
-#error "Unrecognised pointer size for aarch64"
-#endif
-#endif
-
-/* Always provide a static assert macro, so it can be used unconditionally.
- * It does nothing on systems where we don't know how to define a static assert.
- */
-/* Can't use the C11-style `defined(static_assert)` on FreeBSD, since it
- * defines static_assert even with -std=c99, but then complains about it.
- */
-#if defined(static_assert) && !defined(__FreeBSD__)
-#define MBEDTLS_STATIC_ASSERT(expr, msg) static_assert(expr, msg)
-#else
-/* Make sure `MBEDTLS_STATIC_ASSERT(expr, msg);` is valid both inside and
- * outside a function. We choose a struct declaration, which can be repeated
- * any number of times and does not need a matching definition. */
-#define MBEDTLS_STATIC_ASSERT(expr, msg) \
- struct ISO_C_does_not_allow_extra_semicolon_outside_of_a_function
-#endif
-
-#if defined(__has_builtin)
-#define MBEDTLS_HAS_BUILTIN(x) __has_builtin(x)
-#else
-#define MBEDTLS_HAS_BUILTIN(x) 0
-#endif
-
-/* Define compiler branch hints */
-#if MBEDTLS_HAS_BUILTIN(__builtin_expect)
-#define MBEDTLS_LIKELY(x) __builtin_expect(!!(x), 1)
-#define MBEDTLS_UNLIKELY(x) __builtin_expect(!!(x), 0)
-#else
-#define MBEDTLS_LIKELY(x) x
-#define MBEDTLS_UNLIKELY(x) x
-#endif
-
-/* MBEDTLS_ASSUME may be used to provide additional information to the compiler
- * which can result in smaller code-size. */
-#if MBEDTLS_HAS_BUILTIN(__builtin_assume)
-/* clang provides __builtin_assume */
-#define MBEDTLS_ASSUME(x) __builtin_assume(x)
-#elif MBEDTLS_HAS_BUILTIN(__builtin_unreachable)
-/* gcc and IAR can use __builtin_unreachable */
-#define MBEDTLS_ASSUME(x) do { if (!(x)) __builtin_unreachable(); } while (0)
-#elif defined(_MSC_VER)
-/* Supported by MSVC since VS 2005 */
-#define MBEDTLS_ASSUME(x) __assume(x)
-#else
-#define MBEDTLS_ASSUME(x) do { } while (0)
-#endif
-
-/* For gcc -Os, override with -O2 for a given function.
- *
- * This will not affect behaviour for other optimisation settings, e.g. -O0.
- */
-#if defined(MBEDTLS_COMPILER_IS_GCC) && defined(__OPTIMIZE_SIZE__)
-#define MBEDTLS_OPTIMIZE_FOR_PERFORMANCE __attribute__((optimize("-O2")))
-#else
-#define MBEDTLS_OPTIMIZE_FOR_PERFORMANCE
-#endif
-
-/* Suppress compiler warnings for unused functions and variables. */
-#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__has_attribute)
-# if __has_attribute(unused)
-# define MBEDTLS_MAYBE_UNUSED __attribute__((unused))
-# endif
-#endif
-#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__GNUC__)
-# define MBEDTLS_MAYBE_UNUSED __attribute__((unused))
-#endif
-#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__IAR_SYSTEMS_ICC__) && defined(__VER__)
-/* IAR does support __attribute__((unused)), but only if the -e flag (extended language support)
- * is given; the pragma always works.
- * Unfortunately the pragma affects the rest of the file where it is used, but this is harmless.
- * Check for version 5.2 or later - this pragma may be supported by earlier versions, but I wasn't
- * able to find documentation).
- */
-# if (__VER__ >= 5020000)
-# define MBEDTLS_MAYBE_UNUSED _Pragma("diag_suppress=Pe177")
-# endif
-#endif
-#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(_MSC_VER)
-# define MBEDTLS_MAYBE_UNUSED __pragma(warning(suppress:4189))
-#endif
-#if !defined(MBEDTLS_MAYBE_UNUSED)
-# define MBEDTLS_MAYBE_UNUSED
-#endif
-
-#endif /* MBEDTLS_LIBRARY_COMMON_H */
diff --git a/library/debug.c b/library/debug.c
index c36ed3c..a486353 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -5,7 +5,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_DEBUG_C)
diff --git a/library/mps_reader.c b/library/mps_reader.c
index 27d0c04..0fe7dfe 100644
--- a/library/mps_reader.c
+++ b/library/mps_reader.c
@@ -5,7 +5,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
diff --git a/library/mps_trace.c b/library/mps_trace.c
index 69f6e5a..98449b5 100644
--- a/library/mps_trace.c
+++ b/library/mps_trace.c
@@ -5,7 +5,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
diff --git a/library/mps_trace.h b/library/mps_trace.h
index b456b2f..ac2b75f 100644
--- a/library/mps_trace.h
+++ b/library/mps_trace.h
@@ -12,7 +12,7 @@
#ifndef MBEDTLS_MPS_MBEDTLS_MPS_TRACE_H
#define MBEDTLS_MPS_MBEDTLS_MPS_TRACE_H
-#include "common.h"
+#include "ssl_misc.h"
#include "mps_common.h"
#include "mps_trace.h"
diff --git a/library/net_sockets.c b/library/net_sockets.c
index ef89a88..33616bc 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -15,7 +15,7 @@
#define _XOPEN_SOURCE 600 /* sockaddr_storage */
#endif
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_NET_C)
diff --git a/library/pkcs7.c b/library/pkcs7.c
index 3aac662..ff0567c 100644
--- a/library/pkcs7.c
+++ b/library/pkcs7.c
@@ -2,12 +2,10 @@
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "x509_internal.h"
-#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PKCS7_C)
#include "mbedtls/pkcs7.h"
-#include "x509_internal.h"
#include "mbedtls/asn1.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_crl.h"
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 772cb8f..28d0cfb 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -9,14 +9,13 @@
* to store and retrieve the session information.
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_SSL_CACHE_C)
#include "mbedtls/platform.h"
#include "mbedtls/ssl_cache.h"
-#include "ssl_misc.h"
#include "mbedtls/error.h"
#include <string.h>
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 402c135..1495950 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -7,7 +7,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_SSL_TLS_C)
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 345e608..8237081 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -5,7 +5,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_SSL_CLI_C)
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
@@ -17,7 +17,6 @@
#include "mbedtls/platform.h"
#include "ssl_client.h"
-#include "ssl_misc.h"
#include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h"
diff --git a/library/ssl_client.h b/library/ssl_client.h
index 05ee7e4..56e9bf8 100644
--- a/library/ssl_client.h
+++ b/library/ssl_client.h
@@ -8,11 +8,7 @@
#ifndef MBEDTLS_SSL_CLIENT_H
#define MBEDTLS_SSL_CLIENT_H
-#include "common.h"
-
-#if defined(MBEDTLS_SSL_TLS_C)
#include "ssl_misc.h"
-#endif
#include <stddef.h>
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index cba513d..0e37467 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -9,14 +9,13 @@
* to store and retrieve the session information.
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_SSL_COOKIE_C)
#include "mbedtls/platform.h"
#include "mbedtls/ssl_cookie.h"
-#include "ssl_misc.h"
#include "mbedtls/error.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/constant_time.h"
diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h
index 4889e77..6f84340 100644
--- a/library/ssl_debug_helpers.h
+++ b/library/ssl_debug_helpers.h
@@ -11,13 +11,11 @@
#ifndef MBEDTLS_SSL_DEBUG_HELPERS_H
#define MBEDTLS_SSL_DEBUG_HELPERS_H
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_DEBUG_C)
#include "mbedtls/ssl.h"
-#include "ssl_misc.h"
-
const char *mbedtls_ssl_states_str(mbedtls_ssl_states in);
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 47e56e8..66117dd 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -10,7 +10,7 @@
#ifndef MBEDTLS_SSL_MISC_H
#define MBEDTLS_SSL_MISC_H
-#include "mbedtls/build_info.h"
+#include "common.h"
#include "mbedtls/error.h"
@@ -47,7 +47,6 @@
#include "ssl_ciphersuites_internal.h"
#include "x509_internal.h"
#include "pk_internal.h"
-#include "common.h"
/* Shorthand for restartable ECC */
#if defined(MBEDTLS_ECP_RESTARTABLE) && \
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 0165fd6..7000e93 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -10,14 +10,13 @@
* http://www.ietf.org/rfc/rfc4346.txt
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_SSL_TLS_C)
#include "mbedtls/platform.h"
#include "mbedtls/ssl.h"
-#include "ssl_misc.h"
#include "debug_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/platform_util.h"
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index bfb656c..615b37f 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -5,13 +5,12 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_SSL_TICKET_C)
#include "mbedtls/platform.h"
-#include "ssl_misc.h"
#include "mbedtls/ssl_ticket.h"
#include "mbedtls/error.h"
#include "mbedtls/platform_util.h"
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 6247248..39c7a2e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -9,7 +9,7 @@
* http://www.ietf.org/rfc/rfc4346.txt
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_SSL_TLS_C)
@@ -18,7 +18,6 @@
#include "mbedtls/ssl.h"
#include "ssl_client.h"
#include "ssl_debug_helpers.h"
-#include "ssl_misc.h"
#include "debug_internal.h"
#include "mbedtls/error.h"
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index eac6a3a..0affc91 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -5,7 +5,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
@@ -13,7 +13,6 @@
#include "mbedtls/ssl.h"
#include "ssl_client.h"
-#include "ssl_misc.h"
#include "debug_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/constant_time.h"
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 03722ac..76200be 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -5,14 +5,13 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
#include "mbedtls/platform.h"
#include "mbedtls/ssl.h"
-#include "ssl_misc.h"
#include "debug_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/platform_util.h"
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 162e3a3..53c519c 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -5,7 +5,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -15,7 +15,6 @@
#include "mbedtls/error.h"
#include "mbedtls/platform.h"
-#include "ssl_misc.h"
#include "ssl_client.h"
#include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h"
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 3f1f551..6a7d502 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -5,7 +5,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_SSL_TLS_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -19,7 +19,6 @@
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
-#include "ssl_misc.h"
#include "ssl_tls13_invasive.h"
#include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h"
diff --git a/library/ssl_tls13_invasive.h b/library/ssl_tls13_invasive.h
index b4506f7..73e0e30 100644
--- a/library/ssl_tls13_invasive.h
+++ b/library/ssl_tls13_invasive.h
@@ -6,7 +6,7 @@
#ifndef MBEDTLS_SSL_TLS13_INVASIVE_H
#define MBEDTLS_SSL_TLS13_INVASIVE_H
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 739414e..96aad1c 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -5,7 +5,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -17,7 +17,6 @@
#include "mbedtls/error.h"
#include "mbedtls/platform.h"
-#include "ssl_misc.h"
#include "ssl_tls13_keys.h"
#include "ssl_tls13_invasive.h"
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 9c949bd..ab27c94 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -5,7 +5,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -16,7 +16,6 @@
#include "mbedtls/oid.h"
#include "mbedtls/psa_util.h"
-#include "ssl_misc.h"
#include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h"
diff --git a/tf-psa-crypto/drivers/builtin/src/version.c b/library/version.c
similarity index 96%
rename from tf-psa-crypto/drivers/builtin/src/version.c
rename to library/version.c
index 0439733..2cd947d 100644
--- a/tf-psa-crypto/drivers/builtin/src/version.c
+++ b/library/version.c
@@ -5,7 +5,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_VERSION_C)
diff --git a/library/x509.c b/library/x509.c
index be7b277..0571687 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -15,11 +15,10 @@
* http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
*/
-#include "common.h"
+#include "x509_internal.h"
#if defined(MBEDTLS_X509_USE_C)
-#include "x509_internal.h"
#include "mbedtls/asn1.h"
#include "mbedtls/error.h"
#include "mbedtls/oid.h"
diff --git a/library/x509_create.c b/library/x509_create.c
index 1309831..48ac080 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -5,11 +5,10 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "x509_internal.h"
#if defined(MBEDTLS_X509_CREATE_C)
-#include "x509_internal.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/error.h"
#include "mbedtls/oid.h"
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 7901992..e67fde7 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -15,12 +15,11 @@
* http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
*/
-#include "common.h"
+#include "x509_internal.h"
#if defined(MBEDTLS_X509_CRL_PARSE_C)
#include "mbedtls/x509_crl.h"
-#include "x509_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 1de1ee6..00f3107 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -17,12 +17,11 @@
* [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf
*/
-#include "common.h"
+#include "x509_internal.h"
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#include "mbedtls/x509_crt.h"
-#include "x509_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 813d644..3a78268 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -15,12 +15,11 @@
* http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
*/
-#include "common.h"
+#include "x509_internal.h"
#if defined(MBEDTLS_X509_CSR_PARSE_C)
#include "mbedtls/x509_csr.h"
-#include "x509_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
diff --git a/library/x509_internal.h b/library/x509_internal.h
index 8a2d2ed..ec1ac50 100644
--- a/library/x509_internal.h
+++ b/library/x509_internal.h
@@ -9,9 +9,9 @@
*/
#ifndef MBEDTLS_X509_INTERNAL_H
#define MBEDTLS_X509_INTERNAL_H
-#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "common.h"
+#include "mbedtls/private_access.h"
#include "mbedtls/x509.h"
#include "mbedtls/asn1.h"
diff --git a/library/x509write.c b/library/x509write.c
index 4704900..8288c89 100644
--- a/library/x509write.c
+++ b/library/x509write.c
@@ -4,11 +4,11 @@
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "x509_internal.h"
+
#if defined(MBEDTLS_X509_CSR_WRITE_C) || defined(MBEDTLS_X509_CRT_WRITE_C)
#include "mbedtls/x509_crt.h"
-#include "x509_internal.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/error.h"
#include "mbedtls/oid.h"
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index ce9e4a6..8bce1cc 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -11,12 +11,11 @@
* - attributes: PKCS#9 v2.0 aka RFC 2985
*/
-#include "common.h"
+#include "x509_internal.h"
#if defined(MBEDTLS_X509_CRT_WRITE_C)
#include "mbedtls/x509_crt.h"
-#include "x509_internal.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/error.h"
#include "mbedtls/oid.h"
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 0d6f6bb..604c94c 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -10,11 +10,10 @@
* - attributes: PKCS#9 v2.0 aka RFC 2985
*/
-#include "common.h"
+#include "x509_internal.h"
#if defined(MBEDTLS_X509_CSR_WRITE_C)
-#include "x509_internal.h"
#include "mbedtls/x509_csr.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/error.h"
diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt
index d21aa27..fc10c63 100644
--- a/scripts/ci.requirements.txt
+++ b/scripts/ci.requirements.txt
@@ -7,9 +7,13 @@
# 2.4.4 is the version in Ubuntu 20.04. It supports Python >=3.5.
pylint == 2.4.4
-# Use the earliest version of mypy that works with our code base.
-# See https://github.com/Mbed-TLS/mbedtls/pull/3953 .
-mypy >= 0.780
+# Use a version of mypy that is compatible with our code base.
+# mypy <0.940 is known not to work: see commit
+# :/Upgrade mypy to the last version supporting Python 3.6
+# mypy >=0.960 is known not to work:
+# https://github.com/Mbed-TLS/mbedtls-framework/issues/50
+# mypy 0.942 is the version in Ubuntu 22.04.
+mypy == 0.942
# At the time of writing, only needed for tests/scripts/audit-validity-dates.py.
# It needs >=35.0.0 for correct operation, and that requires Python >=3.6,
diff --git a/scripts/code_style.py b/scripts/code_style.py
index ed9f7bc..26b691c 100755
--- a/scripts/code_style.py
+++ b/scripts/code_style.py
@@ -103,8 +103,10 @@
"--name-only", "--pretty=", "--"] + src_files
output = subprocess.check_output(cmd, universal_newlines=True)
committed_changed_files = output.split()
+
# ... the framework submodule
- cmd = ["git", "-C", "framework", "log", since + "..HEAD",
+ framework_since = get_submodule_hash(since, "framework")
+ cmd = ["git", "-C", "framework", "log", framework_since + "..HEAD",
"--name-only", "--pretty=", "--"] + framework_src_files
output = subprocess.check_output(cmd, universal_newlines=True,
env=framework_env)
@@ -137,6 +139,12 @@
is_file_autogenerated(filename))]
return src_files
+def get_submodule_hash(commit: str, submodule: str) -> str:
+ """Get the commit hash of a submodule at a given commit in the Git repository."""
+ cmd = ["git", "ls-tree", commit, submodule]
+ output = subprocess.check_output(cmd, universal_newlines=True)
+ return output.split()[2]
+
def get_uncrustify_version() -> str:
"""
Get the version string from Uncrustify
diff --git a/scripts/config.py b/scripts/config.py
index 580a4bb..beeb5e2 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -210,6 +210,7 @@
def include_in_crypto(name):
"""Rules for symbols in a crypto configuration."""
if name.startswith('MBEDTLS_X509_') or \
+ name.startswith('MBEDTLS_VERSION_') or \
name.startswith('MBEDTLS_SSL_') or \
name.startswith('MBEDTLS_KEY_EXCHANGE_'):
return False
diff --git a/scripts/data_files/driver_jsons/driver_opaque_schema.json b/scripts/data_files/driver_jsons/driver_opaque_schema.json
index 933eb07..b05da00 100644
--- a/scripts/data_files/driver_jsons/driver_opaque_schema.json
+++ b/scripts/data_files/driver_jsons/driver_opaque_schema.json
@@ -11,7 +11,7 @@
},
"type": {
"type": "string",
- "const": ["opaque"]
+ "const": "opaque"
},
"location": {
"type": ["integer","string"],
diff --git a/scripts/data_files/driver_jsons/driver_transparent_schema.json b/scripts/data_files/driver_jsons/driver_transparent_schema.json
index f5d91eb..1791163 100644
--- a/scripts/data_files/driver_jsons/driver_transparent_schema.json
+++ b/scripts/data_files/driver_jsons/driver_transparent_schema.json
@@ -11,7 +11,7 @@
},
"type": {
"type": "string",
- "const": ["transparent"]
+ "const": "transparent"
},
"mbedtls/h_condition": {
"type": "string"
diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt
index d820d4d..fc71f5d 100644
--- a/scripts/data_files/version_features.fmt
+++ b/scripts/data_files/version_features.fmt
@@ -5,7 +5,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_VERSION_C)
diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl
index 6972682..cea8c11 100755
--- a/scripts/generate_features.pl
+++ b/scripts/generate_features.pl
@@ -16,7 +16,7 @@
} else {
$include_dir = 'include/mbedtls';
$data_dir = 'scripts/data_files';
- $feature_file = 'tf-psa-crypto/drivers/builtin/src/version_features.c';
+ $feature_file = 'library/version_features.c';
unless( -d $include_dir && -d $data_dir ) {
chdir '..' or die;
diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py
index 600d160..df3d9b9 100755
--- a/scripts/generate_ssl_debug_helpers.py
+++ b/scripts/generate_ssl_debug_helpers.py
@@ -350,7 +350,7 @@
*
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_DEBUG_C)
diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h
index f40f838..e543297 100644
--- a/tests/configs/user-config-for-test.h
+++ b/tests/configs/user-config-for-test.h
@@ -10,108 +10,6 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#if defined(PSA_CRYPTO_DRIVER_TEST_ALL)
-/* PSA_CRYPTO_DRIVER_TEST_ALL activates test drivers while keeping the
- * built-in implementations active. Normally setting MBEDTLS_PSA_ACCEL_xxx
- * would disable MBEDTLS_PSA_BUILTIN_xxx unless fallback is activated, but
- * here we arrange to have both active so that psa_crypto_*.c includes
- * the built-in implementations and the driver code can call the built-in
- * implementations.
- *
- * The point of this test mode is to verify that the
- * driver entry points are called when they should be in a lightweight
- * way, without requiring an actual driver. This is different from builds
- * with libtestdriver1, where we make a copy of the library source code
- * and use that as an external driver.
- */
-
-/* Enable the use of the test driver in the library, and build the generic
- * part of the test driver. */
-#define PSA_CRYPTO_DRIVER_TEST
-
-/* With MBEDTLS_PSA_CRYPTO_CONFIG, if we set up the acceleration, the
- * built-in implementations won't be enabled. */
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#error \
- "PSA_CRYPTO_DRIVER_TEST_ALL sets up a nonstandard configuration that is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG"
-#endif
-
-/* Use the accelerator driver for all cryptographic mechanisms for which
- * the test driver is implemented. This is copied from psa/crypto_config.h
- * with the parts not implemented by the test driver commented out. */
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD_HASH
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE
-//#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY
-
-#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING
-#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7
-#define MBEDTLS_PSA_ACCEL_ALG_CCM
-#define MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG
-#define MBEDTLS_PSA_ACCEL_ALG_CMAC
-#define MBEDTLS_PSA_ACCEL_ALG_CFB
-#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305
-#define MBEDTLS_PSA_ACCEL_ALG_CTR
-#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA
-#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING
-#define MBEDTLS_PSA_ACCEL_ALG_ECDH
-#define MBEDTLS_PSA_ACCEL_ALG_FFDH
-#define MBEDTLS_PSA_ACCEL_ALG_ECDSA
-#define MBEDTLS_PSA_ACCEL_ALG_JPAKE
-#define MBEDTLS_PSA_ACCEL_ALG_GCM
-//#define MBEDTLS_PSA_ACCEL_ALG_HKDF
-//#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT
-//#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND
-#define MBEDTLS_PSA_ACCEL_ALG_HMAC
-#define MBEDTLS_PSA_ACCEL_ALG_MD5
-#define MBEDTLS_PSA_ACCEL_ALG_OFB
-//#define MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC
-//#define MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128
-#define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160
-#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP
-#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT
-#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN
-#define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_1
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_224
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_256
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_384
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_512
-#define MBEDTLS_PSA_ACCEL_ALG_SHA3_224
-#define MBEDTLS_PSA_ACCEL_ALG_SHA3_256
-#define MBEDTLS_PSA_ACCEL_ALG_SHA3_384
-#define MBEDTLS_PSA_ACCEL_ALG_SHA3_512
-#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER
-//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF
-//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS
-//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS
-
-#endif /* PSA_CRYPTO_DRIVER_TEST_ALL */
-
-
-
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform
* functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
diff --git a/tests/psa-client-server/psasim/src/server.c b/tests/psa-client-server/psasim/src/server.c
index 10ab5a2..44939f1 100644
--- a/tests/psa-client-server/psasim/src/server.c
+++ b/tests/psa-client-server/psasim/src/server.c
@@ -52,12 +52,14 @@
psa_msg_t msg = { -1 };
const int magic_num = 66;
int client_disconnected = 0;
- char mbedtls_version[18];
extern psa_status_t psa_crypto_call(psa_msg_t msg);
extern psa_status_t psa_crypto_close(void);
+#if defined(MBEDTLS_VERSION_C)
+ char mbedtls_version[18];
mbedtls_version_get_string_full(mbedtls_version);
SERVER_PRINT("%s", mbedtls_version);
+#endif
parse_input_args(argc, argv);
SERVER_PRINT("Starting");
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 188b68d..72dba99 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -6,286 +6,16 @@
less likely to be useful.
"""
-import argparse
-import sys
-import traceback
import re
-import subprocess
-import os
-import typing
-import check_test_cases
+import scripts_path # pylint: disable=unused-import
+from mbedtls_framework import outcome_analysis
-# `ComponentOutcomes` is a named tuple which is defined as:
-# ComponentOutcomes(
-# successes = {
-# "<suite_case>",
-# ...
-# },
-# failures = {
-# "<suite_case>",
-# ...
-# }
-# )
-# suite_case = "<suite>;<case>"
-ComponentOutcomes = typing.NamedTuple('ComponentOutcomes',
- [('successes', typing.Set[str]),
- ('failures', typing.Set[str])])
-
-# `Outcomes` is a representation of the outcomes file,
-# which defined as:
-# Outcomes = {
-# "<component>": ComponentOutcomes,
-# ...
-# }
-Outcomes = typing.Dict[str, ComponentOutcomes]
-
-
-class Results:
- """Process analysis results."""
-
- def __init__(self):
- self.error_count = 0
- self.warning_count = 0
-
- def new_section(self, fmt, *args, **kwargs):
- self._print_line('\n*** ' + fmt + ' ***\n', *args, **kwargs)
-
- def info(self, fmt, *args, **kwargs):
- self._print_line('Info: ' + fmt, *args, **kwargs)
-
- def error(self, fmt, *args, **kwargs):
- self.error_count += 1
- self._print_line('Error: ' + fmt, *args, **kwargs)
-
- def warning(self, fmt, *args, **kwargs):
- self.warning_count += 1
- self._print_line('Warning: ' + fmt, *args, **kwargs)
-
- @staticmethod
- def _print_line(fmt, *args, **kwargs):
- sys.stderr.write((fmt + '\n').format(*args, **kwargs))
-
-def execute_reference_driver_tests(results: Results, ref_component: str, driver_component: str, \
- outcome_file: str) -> None:
- """Run the tests specified in ref_component and driver_component. Results
- are stored in the output_file and they will be used for the following
- coverage analysis"""
- results.new_section("Test {} and {}", ref_component, driver_component)
-
- shell_command = "tests/scripts/all.sh --outcome-file " + outcome_file + \
- " " + ref_component + " " + driver_component
- results.info("Running: {}", shell_command)
- ret_val = subprocess.run(shell_command.split(), check=False).returncode
-
- if ret_val != 0:
- results.error("failed to run reference/driver components")
-
-IgnoreEntry = typing.Union[str, typing.Pattern]
-
-def name_matches_pattern(name: str, str_or_re: IgnoreEntry) -> bool:
- """Check if name matches a pattern, that may be a string or regex.
- - If the pattern is a string, name must be equal to match.
- - If the pattern is a regex, name must fully match.
- """
- # The CI's python is too old for re.Pattern
- #if isinstance(str_or_re, re.Pattern):
- if not isinstance(str_or_re, str):
- return str_or_re.fullmatch(name) is not None
- else:
- return str_or_re == name
-
-def read_outcome_file(outcome_file: str) -> Outcomes:
- """Parse an outcome file and return an outcome collection.
- """
- outcomes = {}
- with open(outcome_file, 'r', encoding='utf-8') as input_file:
- for line in input_file:
- (_platform, component, suite, case, result, _cause) = line.split(';')
- # Note that `component` is not unique. If a test case passes on Linux
- # and fails on FreeBSD, it'll end up in both the successes set and
- # the failures set.
- suite_case = ';'.join([suite, case])
- if component not in outcomes:
- outcomes[component] = ComponentOutcomes(set(), set())
- if result == 'PASS':
- outcomes[component].successes.add(suite_case)
- elif result == 'FAIL':
- outcomes[component].failures.add(suite_case)
-
- return outcomes
-
-
-class Task:
- """Base class for outcome analysis tasks."""
-
- # Override the following in child classes.
- # Map test suite names (with the test_suite_prefix) to a list of ignored
- # test cases. Each element in the list can be either a string or a regex;
- # see the `name_matches_pattern` function.
- IGNORED_TESTS = {} #type: typing.Dict[str, typing.List[IgnoreEntry]]
-
- def __init__(self, options) -> None:
- """Pass command line options to the tasks.
-
- Each task decides which command line options it cares about.
- """
- pass
-
- def section_name(self) -> str:
- """The section name to use in results."""
-
- def ignored_tests(self, test_suite: str) -> typing.Iterator[IgnoreEntry]:
- """Generate the ignore list for the specified test suite."""
- if test_suite in self.IGNORED_TESTS:
- yield from self.IGNORED_TESTS[test_suite]
- pos = test_suite.find('.')
- if pos != -1:
- base_test_suite = test_suite[:pos]
- if base_test_suite in self.IGNORED_TESTS:
- yield from self.IGNORED_TESTS[base_test_suite]
-
- def is_test_case_ignored(self, test_suite: str, test_string: str) -> bool:
- """Check if the specified test case is ignored."""
- for str_or_re in self.ignored_tests(test_suite):
- if name_matches_pattern(test_string, str_or_re):
- return True
- return False
-
- def run(self, results: Results, outcomes: Outcomes):
- """Run the analysis on the specified outcomes.
-
- Signal errors via the results objects
- """
- raise NotImplementedError
-
-
-class CoverageTask(Task):
- """Analyze test coverage."""
-
- # Test cases whose suite and description are matched by an entry in
- # IGNORED_TESTS are expected to be never executed.
- # All other test cases are expected to be executed at least once.
- IGNORED_TESTS = {
- 'test_suite_psa_crypto_metadata': [
- # Algorithm not supported yet
- 'Asymmetric signature: pure EdDSA',
- # Algorithm not supported yet
- 'Cipher: XTS',
- ],
- }
-
- def __init__(self, options) -> None:
- super().__init__(options)
- self.full_coverage = options.full_coverage #type: bool
-
- @staticmethod
- def section_name() -> str:
- return "Analyze coverage"
-
- def run(self, results: Results, outcomes: Outcomes) -> None:
- """Check that all available test cases are executed at least once."""
- # Make sure that the generated data files are present (and up-to-date).
- # This allows analyze_outcomes.py to run correctly on a fresh Git
- # checkout.
- cp = subprocess.run(['make', 'generated_files'],
- cwd='tests',
- stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
- check=False)
- if cp.returncode != 0:
- sys.stderr.write(cp.stdout.decode('utf-8'))
- results.error("Failed \"make generated_files\" in tests. "
- "Coverage analysis may be incorrect.")
- available = check_test_cases.collect_available_test_cases()
- for suite_case in available:
- hit = any(suite_case in comp_outcomes.successes or
- suite_case in comp_outcomes.failures
- for comp_outcomes in outcomes.values())
- (test_suite, test_description) = suite_case.split(';')
- ignored = self.is_test_case_ignored(test_suite, test_description)
-
- if not hit and not ignored:
- if self.full_coverage:
- results.error('Test case not executed: {}', suite_case)
- else:
- results.warning('Test case not executed: {}', suite_case)
- elif hit and ignored:
- # If a test case is no longer always skipped, we should remove
- # it from the ignore list.
- if self.full_coverage:
- results.error('Test case was executed but marked as ignored for coverage: {}',
- suite_case)
- else:
- results.warning('Test case was executed but marked as ignored for coverage: {}',
- suite_case)
-
-
-class DriverVSReference(Task):
- """Compare outcomes from testing with and without a driver.
-
- There are 2 options to use analyze_driver_vs_reference_xxx locally:
- 1. Run tests and then analysis:
- - tests/scripts/all.sh --outcome-file "$PWD/out.csv" <component_ref> <component_driver>
- - tests/scripts/analyze_outcomes.py out.csv analyze_driver_vs_reference_xxx
- 2. Let this script run both automatically:
- - tests/scripts/analyze_outcomes.py out.csv analyze_driver_vs_reference_xxx
- """
-
- # Override the following in child classes.
- # Configuration name (all.sh component) used as the reference.
- REFERENCE = ''
- # Configuration name (all.sh component) used as the driver.
- DRIVER = ''
- # Ignored test suites (without the test_suite_ prefix).
- IGNORED_SUITES = [] #type: typing.List[str]
-
- def __init__(self, options) -> None:
- super().__init__(options)
- self.ignored_suites = frozenset('test_suite_' + x
- for x in self.IGNORED_SUITES)
-
- def section_name(self) -> str:
- return f"Analyze driver {self.DRIVER} vs reference {self.REFERENCE}"
-
- def run(self, results: Results, outcomes: Outcomes) -> None:
- """Check that all tests passing in the driver component are also
- passing in the corresponding reference component.
- Skip:
- - full test suites provided in ignored_suites list
- - only some specific test inside a test suite, for which the corresponding
- output string is provided
- """
- ref_outcomes = outcomes.get("component_" + self.REFERENCE)
- driver_outcomes = outcomes.get("component_" + self.DRIVER)
-
- if ref_outcomes is None or driver_outcomes is None:
- results.error("required components are missing: bad outcome file?")
- return
-
- if not ref_outcomes.successes:
- results.error("no passing test in reference component: bad outcome file?")
- return
-
- for suite_case in ref_outcomes.successes:
- # suite_case is like "test_suite_foo.bar;Description of test case"
- (full_test_suite, test_string) = suite_case.split(';')
- test_suite = full_test_suite.split('.')[0] # retrieve main part of test suite name
-
- # Immediately skip fully-ignored test suites
- if test_suite in self.ignored_suites or \
- full_test_suite in self.ignored_suites:
- continue
-
- # For ignored test cases inside test suites, just remember and:
- # don't issue an error if they're skipped with drivers,
- # but issue an error if they're not (means we have a bad entry).
- ignored = self.is_test_case_ignored(full_test_suite, test_string)
-
- if not ignored and not suite_case in driver_outcomes.successes:
- results.error("SKIP/FAIL -> PASS: {}", suite_case)
- if ignored and suite_case in driver_outcomes.successes:
- results.error("uselessly ignored: {}", suite_case)
+class CoverageTask(outcome_analysis.CoverageTask):
+ # We'll populate IGNORED_TESTS soon. In the meantime, lack of coverage
+ # is just a warning.
+ outcome_analysis.FULL_COVERAGE_BY_DEFAULT = False
# The names that we give to classes derived from DriverVSReference do not
@@ -295,7 +25,7 @@
# documentation.
#pylint: disable=invalid-name,missing-class-docstring
-class DriverVSReference_hash(DriverVSReference):
+class DriverVSReference_hash(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_hash_use_psa'
DRIVER = 'test_psa_crypto_config_accel_hash_use_psa'
IGNORED_SUITES = [
@@ -315,7 +45,7 @@
],
}
-class DriverVSReference_hmac(DriverVSReference):
+class DriverVSReference_hmac(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_hmac'
DRIVER = 'test_psa_crypto_config_accel_hmac'
IGNORED_SUITES = [
@@ -354,7 +84,7 @@
],
}
-class DriverVSReference_cipher_aead_cmac(DriverVSReference):
+class DriverVSReference_cipher_aead_cmac(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_cipher_aead_cmac'
DRIVER = 'test_psa_crypto_config_accel_cipher_aead_cmac'
# Modules replaced by drivers.
@@ -421,7 +151,7 @@
],
}
-class DriverVSReference_ecp_light_only(DriverVSReference):
+class DriverVSReference_ecp_light_only(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_ecc_ecp_light_only'
DRIVER = 'test_psa_crypto_config_accel_ecc_ecp_light_only'
IGNORED_SUITES = [
@@ -461,7 +191,7 @@
],
}
-class DriverVSReference_no_ecp_at_all(DriverVSReference):
+class DriverVSReference_no_ecp_at_all(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_ecc_no_ecp_at_all'
DRIVER = 'test_psa_crypto_config_accel_ecc_no_ecp_at_all'
IGNORED_SUITES = [
@@ -499,7 +229,7 @@
],
}
-class DriverVSReference_ecc_no_bignum(DriverVSReference):
+class DriverVSReference_ecc_no_bignum(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_ecc_no_bignum'
DRIVER = 'test_psa_crypto_config_accel_ecc_no_bignum'
IGNORED_SUITES = [
@@ -544,7 +274,7 @@
],
}
-class DriverVSReference_ecc_ffdh_no_bignum(DriverVSReference):
+class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_ecc_ffdh_no_bignum'
DRIVER = 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum'
IGNORED_SUITES = [
@@ -597,7 +327,7 @@
],
}
-class DriverVSReference_ffdh_alg(DriverVSReference):
+class DriverVSReference_ffdh_alg(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_ffdh'
DRIVER = 'test_psa_crypto_config_accel_ffdh'
IGNORED_SUITES = ['dhm']
@@ -613,7 +343,7 @@
],
}
-class DriverVSReference_tfm_config(DriverVSReference):
+class DriverVSReference_tfm_config(outcome_analysis.DriverVSReference):
REFERENCE = 'test_tfm_config_no_p256m'
DRIVER = 'test_tfm_config_p256m_driver_accel_ec'
IGNORED_SUITES = [
@@ -645,7 +375,7 @@
],
}
-class DriverVSReference_rsa(DriverVSReference):
+class DriverVSReference_rsa(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_rsa_crypto'
DRIVER = 'test_psa_crypto_config_accel_rsa_crypto'
IGNORED_SUITES = [
@@ -684,7 +414,7 @@
],
}
-class DriverVSReference_block_cipher_dispatch(DriverVSReference):
+class DriverVSReference_block_cipher_dispatch(outcome_analysis.DriverVSReference):
REFERENCE = 'test_full_block_cipher_legacy_dispatch'
DRIVER = 'test_full_block_cipher_psa_dispatch'
IGNORED_SUITES = [
@@ -751,7 +481,6 @@
#pylint: enable=invalid-name,missing-class-docstring
-
# List of tasks with a function that can handle this task and additional arguments if required
KNOWN_TASKS = {
'analyze_coverage': CoverageTask,
@@ -768,77 +497,5 @@
'analyze_block_cipher_dispatch': DriverVSReference_block_cipher_dispatch,
}
-
-def main():
- main_results = Results()
-
- try:
- parser = argparse.ArgumentParser(description=__doc__)
- parser.add_argument('outcomes', metavar='OUTCOMES.CSV',
- help='Outcome file to analyze')
- parser.add_argument('specified_tasks', default='all', nargs='?',
- help='Analysis to be done. By default, run all tasks. '
- 'With one or more TASK, run only those. '
- 'TASK can be the name of a single task or '
- 'comma/space-separated list of tasks. ')
- parser.add_argument('--list', action='store_true',
- help='List all available tasks and exit.')
- parser.add_argument('--require-full-coverage', action='store_true',
- dest='full_coverage', help="Require all available "
- "test cases to be executed and issue an error "
- "otherwise. This flag is ignored if 'task' is "
- "neither 'all' nor 'analyze_coverage'")
- options = parser.parse_args()
-
- if options.list:
- for task in KNOWN_TASKS:
- print(task)
- sys.exit(0)
-
- if options.specified_tasks == 'all':
- tasks_list = KNOWN_TASKS.keys()
- else:
- tasks_list = re.split(r'[, ]+', options.specified_tasks)
- for task in tasks_list:
- if task not in KNOWN_TASKS:
- sys.stderr.write('invalid task: {}\n'.format(task))
- sys.exit(2)
-
- # If the outcome file exists, parse it once and share the result
- # among tasks to improve performance.
- # Otherwise, it will be generated by execute_reference_driver_tests.
- if not os.path.exists(options.outcomes):
- if len(tasks_list) > 1:
- sys.stderr.write("mutiple tasks found, please provide a valid outcomes file.\n")
- sys.exit(2)
-
- task_name = tasks_list[0]
- task = KNOWN_TASKS[task_name]
- if not issubclass(task, DriverVSReference):
- sys.stderr.write("please provide valid outcomes file for {}.\n".format(task_name))
- sys.exit(2)
- execute_reference_driver_tests(main_results,
- task.REFERENCE,
- task.DRIVER,
- options.outcomes)
-
- outcomes = read_outcome_file(options.outcomes)
-
- for task_name in tasks_list:
- task_constructor = KNOWN_TASKS[task_name]
- task = task_constructor(options)
- main_results.new_section(task.section_name())
- task.run(main_results, outcomes)
-
- main_results.info("Overall results: {} warnings and {} errors",
- main_results.warning_count, main_results.error_count)
-
- sys.exit(0 if (main_results.error_count == 0) else 1)
-
- except Exception: # pylint: disable=broad-except
- # Print the backtrace and exit explicitly with our chosen status.
- traceback.print_exc()
- sys.exit(120)
-
if __name__ == '__main__':
- main()
+ outcome_analysis.main(KNOWN_TASKS)
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index c57ff04..2a11207 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -172,7 +172,7 @@
if in_mbedtls_repo; then
check scripts/generate_errors.pl ${builtin_drivers_dir}/error.c
check scripts/generate_query_config.pl programs/test/query_config.c
- check scripts/generate_features.pl ${builtin_drivers_dir}/version_features.c
+ check scripts/generate_features.pl library/version_features.c
check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
check tests/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh
check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h
diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py
deleted file mode 100755
index 6809dd5..0000000
--- a/tests/scripts/check_test_cases.py
+++ /dev/null
@@ -1,242 +0,0 @@
-#!/usr/bin/env python3
-
-"""Sanity checks for test data.
-
-This program contains a class for traversing test cases that can be used
-independently of the checks.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-import argparse
-import glob
-import os
-import re
-import subprocess
-import sys
-
-import scripts_path # pylint: disable=unused-import
-from mbedtls_framework import build_tree
-
-class ScriptOutputError(ValueError):
- """A kind of ValueError that indicates we found
- the script doesn't list test cases in an expected
- pattern.
- """
-
- @property
- def script_name(self):
- return super().args[0]
-
- @property
- def idx(self):
- return super().args[1]
-
- @property
- def line(self):
- return super().args[2]
-
-class Results:
- """Store file and line information about errors or warnings in test suites."""
-
- def __init__(self, options):
- self.errors = 0
- self.warnings = 0
- self.ignore_warnings = options.quiet
-
- def error(self, file_name, line_number, fmt, *args):
- sys.stderr.write(('{}:{}:ERROR:' + fmt + '\n').
- format(file_name, line_number, *args))
- self.errors += 1
-
- def warning(self, file_name, line_number, fmt, *args):
- if not self.ignore_warnings:
- sys.stderr.write(('{}:{}:Warning:' + fmt + '\n')
- .format(file_name, line_number, *args))
- self.warnings += 1
-
-class TestDescriptionExplorer:
- """An iterator over test cases with descriptions.
-
-The test cases that have descriptions are:
-* Individual unit tests (entries in a .data file) in test suites.
-* Individual test cases in ssl-opt.sh.
-
-This is an abstract class. To use it, derive a class that implements
-the process_test_case method, and call walk_all().
-"""
-
- def process_test_case(self, per_file_state,
- file_name, line_number, description):
- """Process a test case.
-
-per_file_state: an object created by new_per_file_state() at the beginning
- of each file.
-file_name: a relative path to the file containing the test case.
-line_number: the line number in the given file.
-description: the test case description as a byte string.
-"""
- raise NotImplementedError
-
- def new_per_file_state(self):
- """Return a new per-file state object.
-
-The default per-file state object is None. Child classes that require per-file
-state may override this method.
-"""
- #pylint: disable=no-self-use
- return None
-
- def walk_test_suite(self, data_file_name):
- """Iterate over the test cases in the given unit test data file."""
- in_paragraph = False
- descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none
- with open(data_file_name, 'rb') as data_file:
- for line_number, line in enumerate(data_file, 1):
- line = line.rstrip(b'\r\n')
- if not line:
- in_paragraph = False
- continue
- if line.startswith(b'#'):
- continue
- if not in_paragraph:
- # This is a test case description line.
- self.process_test_case(descriptions,
- data_file_name, line_number, line)
- in_paragraph = True
-
- def collect_from_script(self, script_name):
- """Collect the test cases in a script by calling its listing test cases
-option"""
- descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none
- listed = subprocess.check_output(['sh', script_name, '--list-test-cases'])
- # Assume test file is responsible for printing identical format of
- # test case description between --list-test-cases and its OUTCOME.CSV
- #
- # idx indicates the number of test case since there is no line number
- # in the script for each test case.
- for idx, line in enumerate(listed.splitlines()):
- # We are expecting the script to list the test cases in
- # `<suite_name>;<description>` pattern.
- script_outputs = line.split(b';', 1)
- if len(script_outputs) == 2:
- suite_name, description = script_outputs
- else:
- raise ScriptOutputError(script_name, idx, line.decode("utf-8"))
-
- self.process_test_case(descriptions,
- suite_name.decode('utf-8'),
- idx,
- description.rstrip())
-
- @staticmethod
- def collect_test_directories():
- """Get the relative path for the TLS and Crypto test directories."""
- mbedtls_root = build_tree.guess_mbedtls_root()
- directories = [os.path.join(mbedtls_root, 'tests'),
- os.path.join(mbedtls_root, 'tf-psa-crypto', 'tests')]
- directories = [os.path.relpath(p) for p in directories]
- return directories
-
- def walk_all(self):
- """Iterate over all named test cases."""
- test_directories = self.collect_test_directories()
- for directory in test_directories:
- for data_file_name in glob.glob(os.path.join(directory, 'suites',
- '*.data')):
- self.walk_test_suite(data_file_name)
-
- for sh_file in ['ssl-opt.sh', 'compat.sh']:
- sh_file = os.path.join(directory, sh_file)
- if os.path.isfile(sh_file):
- self.collect_from_script(sh_file)
-
-class TestDescriptions(TestDescriptionExplorer):
- """Collect the available test cases."""
-
- def __init__(self):
- super().__init__()
- self.descriptions = set()
-
- def process_test_case(self, _per_file_state,
- file_name, _line_number, description):
- """Record an available test case."""
- base_name = re.sub(r'\.[^.]*$', '', re.sub(r'.*/', '', file_name))
- key = ';'.join([base_name, description.decode('utf-8')])
- self.descriptions.add(key)
-
-def collect_available_test_cases():
- """Collect the available test cases."""
- explorer = TestDescriptions()
- explorer.walk_all()
- return sorted(explorer.descriptions)
-
-class DescriptionChecker(TestDescriptionExplorer):
- """Check all test case descriptions.
-
-* Check that each description is valid (length, allowed character set, etc.).
-* Check that there is no duplicated description inside of one test suite.
-"""
-
- def __init__(self, results):
- self.results = results
-
- def new_per_file_state(self):
- """Dictionary mapping descriptions to their line number."""
- return {}
-
- def process_test_case(self, per_file_state,
- file_name, line_number, description):
- """Check test case descriptions for errors."""
- results = self.results
- seen = per_file_state
- if description in seen:
- results.error(file_name, line_number,
- 'Duplicate description (also line {})',
- seen[description])
- return
- if re.search(br'[\t;]', description):
- results.error(file_name, line_number,
- 'Forbidden character \'{}\' in description',
- re.search(br'[\t;]', description).group(0).decode('ascii'))
- if re.search(br'[^ -~]', description):
- results.error(file_name, line_number,
- 'Non-ASCII character in description')
- if len(description) > 66:
- results.warning(file_name, line_number,
- 'Test description too long ({} > 66)',
- len(description))
- seen[description] = line_number
-
-def main():
- parser = argparse.ArgumentParser(description=__doc__)
- parser.add_argument('--list-all',
- action='store_true',
- help='List all test cases, without doing checks')
- parser.add_argument('--quiet', '-q',
- action='store_true',
- help='Hide warnings')
- parser.add_argument('--verbose', '-v',
- action='store_false', dest='quiet',
- help='Show warnings (default: on; undoes --quiet)')
- options = parser.parse_args()
- if options.list_all:
- descriptions = collect_available_test_cases()
- sys.stdout.write('\n'.join(descriptions + ['']))
- return
- results = Results(options)
- checker = DescriptionChecker(results)
- try:
- checker.walk_all()
- except ScriptOutputError as e:
- results.error(e.script_name, e.idx,
- '"{}" should be listed as "<suite_name>;<description>"',
- e.line)
- if (results.warnings or results.errors) and not options.quiet:
- sys.stderr.write('{}: {} errors, {} warnings\n'
- .format(sys.argv[0], results.errors, results.warnings))
- sys.exit(1 if results.errors else 0)
-
-if __name__ == '__main__':
- main()
diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh
index 5e19c93..86951f7 100644
--- a/tests/scripts/components-basic-checks.sh
+++ b/tests/scripts/components-basic-checks.sh
@@ -70,7 +70,7 @@
else
opt=''
fi
- tests/scripts/check_test_cases.py -q $opt
+ framework/scripts/check_test_cases.py -q $opt
unset opt
}
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 74ebb79..de8ab2d 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -2671,12 +2671,19 @@
}
component_test_psa_crypto_drivers () {
+ # Test dispatch to drivers and fallbacks with
+ # test_suite_psa_crypto_driver_wrappers test suite. The test drivers that
+ # are wrappers around the builtin drivers are activated by
+ # PSA_CRYPTO_DRIVER_TEST.
+ #
+ # For the time being, some test cases in test_suite_block_cipher and
+ # test_suite_md.psa rely on this component to be run at least once by the
+ # CI. This should disappear as we progress the 4.x work. See
+ # config_adjust_test_accelerators.h for more information.
msg "build: full + test drivers dispatching to builtins"
scripts/config.py full
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
- loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
- loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
- loc_cflags="${loc_cflags} -I../tests/include -O2"
+ loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS"
+ loc_cflags="${loc_cflags} -I../tests/include"
make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
diff --git a/tf-psa-crypto/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
similarity index 100%
rename from tf-psa-crypto/tests/suites/test_suite_version.data
rename to tests/suites/test_suite_version.data
diff --git a/tf-psa-crypto/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function
similarity index 100%
rename from tf-psa-crypto/tests/suites/test_suite_version.function
rename to tests/suites/test_suite_version.function
diff --git a/tf-psa-crypto/drivers/builtin/CMakeLists.txt b/tf-psa-crypto/drivers/builtin/CMakeLists.txt
index 0043fca..5cbdbbc 100644
--- a/tf-psa-crypto/drivers/builtin/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/builtin/CMakeLists.txt
@@ -4,9 +4,6 @@
if(NOT "src/error.c" IN_LIST "${src_builtin}")
list(APPEND src_builtin src/error.c)
endif()
-if(NOT "src/version_features.c" IN_LIST "${src_builtin}")
- list(APPEND src_builtin src/version_features.c)
-endif()
if(GEN_FILES)
find_package(Perl REQUIRED)
@@ -29,24 +26,8 @@
${tls_error_headers}
${MBEDTLS_DIR}/scripts/data_files/error.fmt
)
-
- add_custom_command(
- OUTPUT
- ${CMAKE_CURRENT_BINARY_DIR}/src/version_features.c
- COMMAND
- ${PERL_EXECUTABLE}
- ${MBEDTLS_DIR}/scripts/generate_features.pl
- ${MBEDTLS_DIR}/include/mbedtls
- ${MBEDTLS_DIR}/scripts/data_files
- ${CMAKE_CURRENT_BINARY_DIR}/src/version_features.c
- DEPENDS
- ${MBEDTLS_DIR}/scripts/generate_features.pl
- ${MBEDTLS_DIR}/include/mbedtls/mbedtls_config.h
- ${MBEDTLS_DIR}/scripts/data_files/version_features.fmt
- )
else()
link_to_source(src/error.c)
- link_to_source(src/version_features.c)
endif()
if(CMAKE_COMPILER_IS_GNUCC)
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h
new file mode 100644
index 0000000..7d93042
--- /dev/null
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h
@@ -0,0 +1,121 @@
+/*
+ * \file mbedtls/config_adjust_test_accelerators.h
+ * \brief Declare the transparent test drivers as accelerators
+ *
+ * This is an internal header for test purposes only. Do not include it directly.
+ *
+ * As part of the transition to MBEDTLS_PSA_CRYPTO_CONFIG always on, the
+ * purpose of this header is to keep executing as long as necessary some
+ * driver-only related unit test cases when running the test_psa_crypto_drivers
+ * all.sh component (namely test cases in test_suite_block_cipher and
+ * test_suite_md.psa). It is expected that as the 4.x work progress these test
+ * cases will not be necessary anymore and:
+ * . test_psa_crypto_drivers scope is restricted to running the
+ * test_suite_psa_crypto_driver_wrappers test suite: test of the dispatch to
+ * drivers and fallbacks.
+ * . this file can be removed.
+ *
+ * This header is used as part of a build containing all the built-in drivers
+ * and all the transparent test drivers as wrappers around the built-in
+ * drivers. All the built-in drivers and the transparent test drivers are
+ * included in the build by starting from a full configuration (config.py full)
+ * and defining PSA_CRYPTO_DRIVER_TEST when building
+ * (make CFLAGS="-DPSA_CRYPTO_DRIVER_TEST ...").
+ *
+ * The purpose of this header is to declare the transparent test drivers as
+ * accelerators just after infering the built-in drivers
+ * (config_adjust_legacy_from_psa.h). Not before the inclusion
+ * of config_adjust_legacy_from_psa.h in the build_info.h sequence of header
+ * inclusions as this would remove the built-in drivers. Just after to set up
+ * properly the internal macros introduced as part of the driver only work
+ * (mainly if not only in config_adjust_legacy_crypto.h).
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H
+#define MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H
+
+#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
+ "up to and including runtime errors such as buffer overflows. " \
+ "If you're trying to fix a complaint from check_config.h, just remove " \
+ "it from your configuration file: since Mbed TLS 3.0, it is included " \
+ "automatically at the right point."
+#endif
+
+/* Declare the accelerator driver for all cryptographic mechanisms for which
+ * the test driver is implemented. This is copied from psa/crypto_config.h
+ * with the parts not implemented by the test driver commented out. */
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE //no-check-names
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD //no-check-names
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD_HASH //no-check-names
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC //no-check-names
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE
+//#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA //no-check-names
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY
+
+#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING
+#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7
+#define MBEDTLS_PSA_ACCEL_ALG_CCM
+#define MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG
+#define MBEDTLS_PSA_ACCEL_ALG_CMAC
+#define MBEDTLS_PSA_ACCEL_ALG_CFB
+#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305
+#define MBEDTLS_PSA_ACCEL_ALG_CTR
+#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA
+#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING
+#define MBEDTLS_PSA_ACCEL_ALG_ECDH
+#define MBEDTLS_PSA_ACCEL_ALG_FFDH
+#define MBEDTLS_PSA_ACCEL_ALG_ECDSA
+#define MBEDTLS_PSA_ACCEL_ALG_JPAKE
+#define MBEDTLS_PSA_ACCEL_ALG_GCM
+//#define MBEDTLS_PSA_ACCEL_ALG_HKDF
+//#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT
+//#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND
+#define MBEDTLS_PSA_ACCEL_ALG_HMAC
+#define MBEDTLS_PSA_ACCEL_ALG_MD5
+#define MBEDTLS_PSA_ACCEL_ALG_OFB
+//#define MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC
+//#define MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128
+#define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160
+#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP
+#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT
+#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN
+#define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_1
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_224
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_256
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_384
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_512
+#define MBEDTLS_PSA_ACCEL_ALG_SHA3_224
+#define MBEDTLS_PSA_ACCEL_ALG_SHA3_256
+#define MBEDTLS_PSA_ACCEL_ALG_SHA3_384
+#define MBEDTLS_PSA_ACCEL_ALG_SHA3_512
+#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER
+//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF
+//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS
+//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS
+
+#endif /* MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H */
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h
index 2520a9a..86bcc80 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h
@@ -38,7 +38,10 @@
/* If we are implementing PSA crypto ourselves, then we want to enable the
* required built-ins. Otherwise, PSA features will be provided by the server. */
#include "mbedtls/config_adjust_legacy_from_psa.h"
+#if defined(MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS) //no-check-names
+#include "mbedtls/config_adjust_test_accelerators.h"
#endif
+#endif /* MBEDTLS_PSA_CRYPTO_C */
#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
diff --git a/tf-psa-crypto/drivers/builtin/src/.gitignore b/tf-psa-crypto/drivers/builtin/src/.gitignore
index f3923b1..9e36d25 100644
--- a/tf-psa-crypto/drivers/builtin/src/.gitignore
+++ b/tf-psa-crypto/drivers/builtin/src/.gitignore
@@ -1,4 +1,3 @@
###START_GENERATED_FILES###
/error.c
-/version_features.c
###END_GENERATED_FILES###