Merge remote-tracking branch 'origin/pr/2531' into development
Ensure tests pass when the submodule is used by updating the list of
crypto tests to include test_suite_oid in both tests/CMakeLists.txt and
tests/Makefile.
* origin/pr/2531:
Add changeLog entry
Add certificate policy of type any policy id
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 19ab4eb..ecfa40e 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -195,6 +195,9 @@
enable_testing()
add_subdirectory(tests)
+ if(USE_CRYPTO_SUBMODULE)
+ add_subdirectory(crypto/tests)
+ endif()
# additional convenience targets for Unix only
if(UNIX)
diff --git a/ChangeLog b/ChangeLog
index 5eebec1..5d9927c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,32 @@
mbed TLS ChangeLog (Sorted per branch, date)
-= mbed TLS 2.x.x branch released xxxx-xx-xx
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Features
+ * Add the Any Policy certificate policy oid, as defined in
+ rfc 5280 section 4.2.1.4.
+
+Bugfix
+ * Fix private key DER output in the key_app_writer example. File contents
+ were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
+ Christian Walther in #2239.
+
+Changes
+ * Server's RSA certificate in certs.c was SHA-1 signed. In the default
+ mbedTLS configuration only SHA-2 signed certificates are accepted.
+ This certificate is used in the demo server programs, which lead the
+ client programs to fail at the peer's certificate verification
+ due to an unacceptable hash signature. The certificate has been
+ updated to one that is SHA-256 signed. Fix contributed by
+ Illya Gerasymchuk.
+ * Return from various debugging routines immediately if the
+ provided SSL context is unset.
+ * Remove dead code from bignum.c in the default configuration.
+ Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
+ * Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh.
+ Contributed by Peter Kolbus (Garmin).
+
+= mbed TLS 2.17.0 branch released 2019-03-19
Features
* Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`
@@ -12,8 +38,6 @@
* Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
from the default list (enabled by default). See
https://sweet32.info/SWEET32_CCS16.pdf.
- * Add the Any Policy certificate policy oid, as defined in
- rfc 5280 section 4.2.1.4.
API Changes
* Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`.
@@ -51,9 +75,6 @@
extensions in CSRs and CRTs that caused these bitstrings to not be encoded
correctly as trailing zeroes were not accounted for as unused bits in the
leading content octet. Fixes #1610.
- * Fix private key DER output in the key_app_writer example. File contents
- were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
- Christian Walther in #2239.
Changes
* Reduce RAM consumption during session renegotiation by not storing
@@ -80,19 +101,6 @@
been disabled for lack of a sufficiently recent version of GnuTLS on the CI.
* Ciphersuites based on 3DES now have the lowest priority by default when
they are enabled.
- * Server's RSA certificate in certs.c was SHA-1 signed. In the default
- mbedTLS configuration only SHA-2 signed certificates are accepted.
- This certificate is used in the demo server programs, which lead the
- client programs to fail at the peer's certificate verification
- due to an unacceptable hash signature. The certificate has been
- updated to one that is SHA-256 signed. Fix contributed by
- Illya Gerasymchuk.
- * Return from various debugging routines immediately if the
- provided SSL context is unset.
- * Remove dead code from bignum.c in the default configuration.
- Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
- * Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh.
- Contributed by Peter Kolbus (Garmin).
= mbed TLS 2.16.0 branch released 2018-12-21
diff --git a/Makefile b/Makefile
index 87b5a0c..a5b8b61 100644
--- a/Makefile
+++ b/Makefile
@@ -19,6 +19,9 @@
tests: lib
$(MAKE) -C tests
+ifdef USE_CRYPTO_SUBMODULE
+ $(MAKE) CRYPTO_INCLUDES:="-I../../include -I../include" -C crypto/tests
+endif
ifndef WINDOWS
install: no_test
@@ -103,6 +106,9 @@
check: lib tests
$(MAKE) -C tests check
+ifdef USE_CRYPTO_SUBMODULE
+ $(MAKE) CRYPTO_INCLUDES:="-I../../include -I../include" -C crypto/tests check
+endif
test: check
diff --git a/crypto b/crypto
index a78c958..82b3b83 160000
--- a/crypto
+++ b/crypto
@@ -1 +1 @@
-Subproject commit a78c958b17d75ddf63d8dd17255b6379dcbf259f
+Subproject commit 82b3b83d540ec9611277ca3e9b645b335f80846a
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index d9177fb..4eff836 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -24,7 +24,7 @@
*/
/**
- * @mainpage mbed TLS v0.0.0 source code documentation
+ * @mainpage mbed TLS v2.17.0 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index b0190e4..ce58d6b 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v0.0.0"
+PROJECT_NAME = "mbed TLS v2.17.0"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 962d3db..c1450db 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -525,26 +525,25 @@
#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) && defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
-#error "Only one of MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C or MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C can be defined"
-#endif
-
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
- !( defined(MBEDTLS_PSA_CRYPTO_C) && \
- ( defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) || \
- defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) ) )
+ ! defined(MBEDTLS_PSA_CRYPTO_C)
#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) && \
- !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
- defined(MBEDTLS_FS_IO) )
-#error "MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
+ !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
+ defined(MBEDTLS_ENTROPY_NV_SEED) )
+#error "MBEDTLS_PSA_INJECT_ENTROPY defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) && \
- ! defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-#error "MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C defined, but not all prerequisites"
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
+ !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
+#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources"
+#endif
+
+#if defined(MBEDTLS_PSA_ITS_FILE_C) && \
+ !defined(MBEDTLS_FS_IO)
+#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 3a2fed5..31a3059 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1237,14 +1237,17 @@
//#define MBEDTLS_PSA_CRYPTO_SPM
/**
- * \def MBEDTLS_PSA_HAS_ITS_IO
+ * \def MBEDTLS_PSA_INJECT_ENTROPY
*
- * Enable the non-volatile secure storage usage.
+ * Enable support for entropy injection at first boot. This feature is
+ * required on systems that do not have a built-in entropy source (TRNG).
+ * This feature is currently not supported on systems that have a built-in
+ * entropy source.
*
- * This is crucial on systems that do not have a HW TRNG support.
+ * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED
*
*/
-//#define MBEDTLS_PSA_HAS_ITS_IO
+//#define MBEDTLS_PSA_INJECT_ENTROPY
/**
* \def MBEDTLS_RSA_NO_CRT
@@ -2741,40 +2744,26 @@
*
* Enable the Platform Security Architecture persistent key storage.
*
- * Module: library/psa_crypto_storage.c
+ * Module: crypto/library/psa_crypto_storage.c
*
- * Requires: MBEDTLS_PSA_CRYPTO_C and one of either
- * MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C or MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
- * (but not both)
- *
+ * Requires: MBEDTLS_PSA_CRYPTO_C,
+ * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
+ * the PSA ITS interface
*/
//#define MBEDTLS_PSA_CRYPTO_STORAGE_C
/**
- * \def MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+ * \def MBEDTLS_PSA_ITS_FILE_C
*
- * Enable persistent key storage over files for the
- * Platform Security Architecture cryptography API.
+ * Enable the emulation of the Platform Security Architecture
+ * Internal Trusted Storage (PSA ITS) over files.
*
- * Module: library/psa_crypto_storage_file.c
+ * Module: crypto/library/psa_its_file.c
*
- * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_FS_IO
+ * Requires: MBEDTLS_FS_IO
*
*/
-//#define MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
- *
- * Enable persistent key storage over PSA ITS for the
- * Platform Security Architecture cryptography API.
- *
- * Module: library/psa_crypto_storage_its.c
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_HAS_ITS_IO
- *
- */
-//#define MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+//#define MBEDTLS_PSA_ITS_FILE_C
/**
* \def MBEDTLS_RIPEMD160_C
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 3f2e12c..79b42b2 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -38,8 +38,8 @@
* The version number x.y.z is split into three parts.
* Major, Minor, Patchlevel
*/
-#define MBEDTLS_VERSION_MAJOR 0
-#define MBEDTLS_VERSION_MINOR 0
+#define MBEDTLS_VERSION_MAJOR 2
+#define MBEDTLS_VERSION_MINOR 17
#define MBEDTLS_VERSION_PATCH 0
/**
@@ -47,9 +47,9 @@
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x00000000
-#define MBEDTLS_VERSION_STRING "0.0.0"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 0.0.0"
+#define MBEDTLS_VERSION_NUMBER 0x02110000
+#define MBEDTLS_VERSION_STRING "2.17.0"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.17.0"
#if defined(MBEDTLS_VERSION_C)
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index bd58b8a..fb43fd0 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -182,20 +182,20 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
if(NOT USE_CRYPTO_SUBMODULE)
add_library(mbedcrypto SHARED ${src_crypto})
- set_target_properties(mbedcrypto PROPERTIES VERSION 0.0.0 SOVERSION 3)
+ set_target_properties(mbedcrypto PROPERTIES VERSION 2.17.0 SOVERSION 3)
target_link_libraries(mbedcrypto ${libs})
target_include_directories(mbedcrypto PUBLIC ${CMAKE_SOURCE_DIR}/include/)
endif()
add_library(mbedx509 SHARED ${src_x509})
- set_target_properties(mbedx509 PROPERTIES VERSION 0.0.0 SOVERSION 0)
+ set_target_properties(mbedx509 PROPERTIES VERSION 2.17.0 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
target_include_directories(mbedx509
PUBLIC ${CMAKE_SOURCE_DIR}/include/
PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/)
add_library(mbedtls SHARED ${src_tls})
- set_target_properties(mbedtls PROPERTIES VERSION 0.0.0 SOVERSION 12)
+ set_target_properties(mbedtls PROPERTIES VERSION 2.17.0 SOVERSION 12)
target_link_libraries(mbedtls ${libs} mbedx509)
target_include_directories(mbedtls
PUBLIC ${CMAKE_SOURCE_DIR}/include/
diff --git a/library/version_features.c b/library/version_features.c
index 161788c..1be0e0f 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -429,9 +429,9 @@
#if defined(MBEDTLS_PSA_CRYPTO_SPM)
"MBEDTLS_PSA_CRYPTO_SPM",
#endif /* MBEDTLS_PSA_CRYPTO_SPM */
-#if defined(MBEDTLS_PSA_HAS_ITS_IO)
- "MBEDTLS_PSA_HAS_ITS_IO",
-#endif /* MBEDTLS_PSA_HAS_ITS_IO */
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+ "MBEDTLS_PSA_INJECT_ENTROPY",
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
#if defined(MBEDTLS_RSA_NO_CRT)
"MBEDTLS_RSA_NO_CRT",
#endif /* MBEDTLS_RSA_NO_CRT */
@@ -708,12 +708,9 @@
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
"MBEDTLS_PSA_CRYPTO_STORAGE_C",
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C)
- "MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C",
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C */
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
- "MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C",
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C */
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+ "MBEDTLS_PSA_ITS_FILE_C",
+#endif /* MBEDTLS_PSA_ITS_FILE_C */
#if defined(MBEDTLS_RIPEMD160_C)
"MBEDTLS_RIPEMD160_C",
#endif /* MBEDTLS_RIPEMD160_C */
diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c
index f2f7b46..f272676 100644
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -1186,13 +1186,13 @@
}
#endif /* MBEDTLS_PSA_CRYPTO_SPM */
-#if defined(MBEDTLS_PSA_HAS_ITS_IO)
- if( strcmp( "MBEDTLS_PSA_HAS_ITS_IO", config ) == 0 )
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+ if( strcmp( "MBEDTLS_PSA_INJECT_ENTROPY", config ) == 0 )
{
- MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_HAS_ITS_IO );
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_INJECT_ENTROPY );
return( 0 );
}
-#endif /* MBEDTLS_PSA_HAS_ITS_IO */
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
#if defined(MBEDTLS_RSA_NO_CRT)
if( strcmp( "MBEDTLS_RSA_NO_CRT", config ) == 0 )
@@ -1930,21 +1930,13 @@
}
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C)
- if( strcmp( "MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C", config ) == 0 )
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+ if( strcmp( "MBEDTLS_PSA_ITS_FILE_C", config ) == 0 )
{
- MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C );
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_ITS_FILE_C );
return( 0 );
}
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C */
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
- if( strcmp( "MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C", config ) == 0 )
- {
- MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C );
- return( 0 );
- }
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C */
+#endif /* MBEDTLS_PSA_ITS_FILE_C */
#if defined(MBEDTLS_RIPEMD160_C)
if( strcmp( "MBEDTLS_RIPEMD160_C", config ) == 0 )
diff --git a/scripts/config.pl b/scripts/config.pl
index 84069d2..6300362 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -41,10 +41,9 @@
# MBEDTLS_USE_PSA_CRYPTO
# - experimental, and more an alternative implementation than a feature
# MBEDTLS_PSA_CRYPTO_STORAGE_C
-# MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
-# MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+# MBEDTLS_PSA_ITS_FILE_C
# MBEDTLS_PSA_CRYPTO_SPM
-# MBEDTLS_PSA_HAS_ITS_IO
+# MBEDTLS_PSA_INJECT_ENTROPY
# and any symbol beginning _ALT
#
@@ -109,10 +108,9 @@
MBEDTLS_NO_64BIT_MULTIPLICATION
MBEDTLS_USE_PSA_CRYPTO
MBEDTLS_PSA_CRYPTO_STORAGE_C
-MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
-MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+MBEDTLS_PSA_ITS_FILE_C
MBEDTLS_PSA_CRYPTO_SPM
-MBEDTLS_PSA_HAS_ITS_IO
+MBEDTLS_PSA_INJECT_ENTROPY
_ALT\s*$
);
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 1b7ea78..52dac48 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -60,77 +60,79 @@
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-")
endif(MSVC)
-add_test_suite(aes aes.ecb)
-add_test_suite(aes aes.cbc)
-add_test_suite(aes aes.cfb)
-add_test_suite(aes aes.ofb)
-add_test_suite(aes aes.rest)
-add_test_suite(aes aes.xts)
-add_test_suite(arc4)
-add_test_suite(aria)
-add_test_suite(asn1write)
-add_test_suite(base64)
-add_test_suite(blowfish)
-add_test_suite(camellia)
-add_test_suite(ccm)
-add_test_suite(chacha20)
-add_test_suite(chachapoly)
-add_test_suite(cipher cipher.aes)
-add_test_suite(cipher cipher.arc4)
-add_test_suite(cipher cipher.blowfish)
-add_test_suite(cipher cipher.camellia)
-add_test_suite(cipher cipher.ccm)
-add_test_suite(cipher cipher.chacha20)
-add_test_suite(cipher cipher.chachapoly)
-add_test_suite(cipher cipher.des)
-add_test_suite(cipher cipher.gcm)
-add_test_suite(cipher cipher.misc)
-add_test_suite(cipher cipher.null)
-add_test_suite(cipher cipher.padding)
-add_test_suite(cmac)
-add_test_suite(ctr_drbg)
+if(NOT USE_CRYPTO_SUBMODULE)
+ add_test_suite(aes aes.ecb)
+ add_test_suite(aes aes.cbc)
+ add_test_suite(aes aes.cfb)
+ add_test_suite(aes aes.ofb)
+ add_test_suite(aes aes.rest)
+ add_test_suite(aes aes.xts)
+ add_test_suite(arc4)
+ add_test_suite(aria)
+ add_test_suite(asn1write)
+ add_test_suite(base64)
+ add_test_suite(blowfish)
+ add_test_suite(camellia)
+ add_test_suite(ccm)
+ add_test_suite(chacha20)
+ add_test_suite(chachapoly)
+ add_test_suite(cipher cipher.aes)
+ add_test_suite(cipher cipher.arc4)
+ add_test_suite(cipher cipher.blowfish)
+ add_test_suite(cipher cipher.camellia)
+ add_test_suite(cipher cipher.ccm)
+ add_test_suite(cipher cipher.chacha20)
+ add_test_suite(cipher cipher.chachapoly)
+ add_test_suite(cipher cipher.des)
+ add_test_suite(cipher cipher.gcm)
+ add_test_suite(cipher cipher.misc)
+ add_test_suite(cipher cipher.null)
+ add_test_suite(cipher cipher.padding)
+ add_test_suite(cmac)
+ add_test_suite(ctr_drbg)
+ add_test_suite(des)
+ add_test_suite(dhm)
+ add_test_suite(ecdh)
+ add_test_suite(ecdsa)
+ add_test_suite(ecjpake)
+ add_test_suite(ecp)
+ add_test_suite(entropy)
+ add_test_suite(error)
+ add_test_suite(gcm gcm.aes128_en)
+ add_test_suite(gcm gcm.aes192_en)
+ add_test_suite(gcm gcm.aes256_en)
+ add_test_suite(gcm gcm.aes128_de)
+ add_test_suite(gcm gcm.aes192_de)
+ add_test_suite(gcm gcm.aes256_de)
+ add_test_suite(gcm gcm.camellia)
+ add_test_suite(gcm gcm.misc)
+ add_test_suite(hkdf)
+ add_test_suite(hmac_drbg hmac_drbg.misc)
+ add_test_suite(hmac_drbg hmac_drbg.no_reseed)
+ add_test_suite(hmac_drbg hmac_drbg.nopr)
+ add_test_suite(hmac_drbg hmac_drbg.pr)
+ add_test_suite(md)
+ add_test_suite(mdx)
+ add_test_suite(memory_buffer_alloc)
+ add_test_suite(mpi)
+ add_test_suite(nist_kw)
+ add_test_suite(oid)
+ add_test_suite(pem)
+ add_test_suite(pkcs1_v15)
+ add_test_suite(pkcs1_v21)
+ add_test_suite(pkcs5)
+ add_test_suite(pk)
+ add_test_suite(pkparse)
+ add_test_suite(pkwrite)
+ add_test_suite(poly1305)
+ add_test_suite(shax)
+ add_test_suite(timing)
+ add_test_suite(rsa)
+ add_test_suite(xtea)
+endif()
add_test_suite(debug)
-add_test_suite(des)
-add_test_suite(dhm)
-add_test_suite(ecdh)
-add_test_suite(ecdsa)
-add_test_suite(ecjpake)
-add_test_suite(ecp)
-add_test_suite(entropy)
-add_test_suite(error)
-add_test_suite(gcm gcm.aes128_en)
-add_test_suite(gcm gcm.aes192_en)
-add_test_suite(gcm gcm.aes256_en)
-add_test_suite(gcm gcm.aes128_de)
-add_test_suite(gcm gcm.aes192_de)
-add_test_suite(gcm gcm.aes256_de)
-add_test_suite(gcm gcm.camellia)
-add_test_suite(gcm gcm.misc)
-add_test_suite(hkdf)
-add_test_suite(hmac_drbg hmac_drbg.misc)
-add_test_suite(hmac_drbg hmac_drbg.no_reseed)
-add_test_suite(hmac_drbg hmac_drbg.nopr)
-add_test_suite(hmac_drbg hmac_drbg.pr)
-add_test_suite(md)
-add_test_suite(mdx)
-add_test_suite(memory_buffer_alloc)
-add_test_suite(mpi)
-add_test_suite(nist_kw)
-add_test_suite(oid)
-add_test_suite(pem)
-add_test_suite(pkcs1_v15)
-add_test_suite(pkcs1_v21)
-add_test_suite(pkcs5)
-add_test_suite(pk)
-add_test_suite(pkparse)
-add_test_suite(pkwrite)
-add_test_suite(poly1305)
-add_test_suite(shax)
add_test_suite(ssl)
-add_test_suite(timing)
-add_test_suite(rsa)
add_test_suite(version)
-add_test_suite(xtea)
add_test_suite(x509parse)
add_test_suite(x509write)
diff --git a/tests/Makefile b/tests/Makefile
index 598bed6..f5cc409 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -66,6 +66,53 @@
# constructed by stripping path 'suites/' and extension .data.
APPS = $(basename $(subst suites/,,$(wildcard suites/test_suite_*.data)))
+ifdef USE_CRYPTO_SUBMODULE
+APPS := $(filter-out \
+ test_suite_aes.% \
+ test_suite_arc4 \
+ test_suite_aria \
+ test_suite_asn1write \
+ test_suite_base64 \
+ test_suite_blowfish \
+ test_suite_camellia \
+ test_suite_ccm \
+ test_suite_chacha20 \
+ test_suite_chachapoly \
+ test_suite_cipher.% \
+ test_suite_cmac \
+ test_suite_ctr_drbg \
+ test_suite_des \
+ test_suite_dhm \
+ test_suite_ecdh \
+ test_suite_ecdsa \
+ test_suite_ecjpake \
+ test_suite_ecp \
+ test_suite_entropy \
+ test_suite_error \
+ test_suite_gcm.% \
+ test_suite_hkdf \
+ test_suite_hmac_drbg.% \
+ test_suite_md \
+ test_suite_mdx \
+ test_suite_memory_buffer_alloc \
+ test_suite_mpi \
+ test_suite_nist_kw \
+ test_suite_oid \
+ test_suite_pem \
+ test_suite_pk \
+ test_suite_pkcs1_v15 \
+ test_suite_pkcs1_v21 \
+ test_suite_pkcs5 \
+ test_suite_pkparse \
+ test_suite_pkwrite \
+ test_suite_poly1305 \
+ test_suite_rsa \
+ test_suite_shax \
+ test_suite_timing \
+ test_suite_xtea \
+ ,$(APPS))
+endif
+
# Construct executable name by adding OS specific suffix $(EXEXT).
BINARIES := $(addsuffix $(EXEXT),$(APPS))
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 3f5d1d9..301dc52 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -406,6 +406,9 @@
if [ ! -f "./tests/seedfile" ]; then
dd if=/dev/urandom of=./tests/seedfile bs=32 count=1
fi
+ if [ ! -f "./crypto/tests/seedfile" ]; then
+ dd if=/dev/urandom of=./crypto/tests/seedfile bs=32 count=1
+ fi
}
pre_setup_keep_going () {
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 7165f36..a4575ab 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"0.0.0"
+check_compiletime_version:"2.17.0"
Check runtime library version
-check_runtime_version:"0.0.0"
+check_runtime_version:"2.17.0"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0