Filtering on cipher suites that have RSA in their name excludes a few old
RSA-based cipher suites whose name doesn't contain RSA.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We were only requesting 3DES cipher suites (which is weirdly restrictive
since the configuration also includes AES), but DES is in the default
exclusion list for compat.sh, so we ended up having no acceptable cipher
suites. Fix this.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Including `mbedtls/check_config.h` from `mbedtls/config.h` is optional. If
done, `limits.h` gets included. If not done, we were missing the inclusion
of `limits.h` in several source files. Fix this and add a test build that
doesn't include `mbedtls/check_config.h`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It makes little sense to run full compat.sh in the non-ASan component
but only partial compat.sh in the ASan component.
Actually, the non-ASan component doesn't need compat.sh at all, it's
more than covered with ssl-opt.sh and test_suite_ssl already.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Now run everything we can with the default version in one go, then
everything that needs legacy, then next.
Don't rely on the default value of -e (EXCLUDE), use explicit values
everywhere - this makes it obvious that we are running everything.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
No sure if it'd possible to build a version of OpenSSL that supports
both by tuning the config, but pretty sure improving testing for
single-DES ciphersuites is not the best use of our time in 2024.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Update the guards generated by the wrapper generation script to use
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS and regenerate the PSA test
wrappers.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Replace MBEDTLS_PSA_COPY_CALLER_BUFFERS with inverse:
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. This ensures that buffer
protection is enabled by default without any change to the Mbed TLS
config file.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Change to excluding mbedtls_psa_inject_entropy() (not a PSA function)
rather than explicitly including every PSA function.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
