From 2467aed96150ca6254f675f2ede6c7412a9d5645 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 1 Feb 2022 10:42:30 +0100 Subject: [PATCH] Misc updates to testing.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/architecture/psa-migration/testing.md | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/docs/architecture/psa-migration/testing.md b/docs/architecture/psa-migration/testing.md index 754686b404..6ed294a6cb 100644 --- a/docs/architecture/psa-migration/testing.md +++ b/docs/architecture/psa-migration/testing.md @@ -9,9 +9,11 @@ General considerations ---------------------- There needs to be at least one build in `all.sh` that enables -`MBEDTLS_USE_PSA_CRYPTO` and runs the full battery of tests. Currently that's +`MBEDTLS_USE_PSA_CRYPTO` and runs the full battery of tests; currently that's ensured by the fact that `scripts/config.py full` enables -`MBEDTLS_USE_PSA_CRYPTO`. +`MBEDTLS_USE_PSA_CRYPTO`. There needs to be at least one build with +`MBEDTLS_USE_PSA_CRYPTO` disabled (as long as it's optional); currently that's +ensured by the fact that it's disabled in the default config. Generally, code review is enough to ensure that PSA APIs are indeed used where they should be when `MBEDTLS_USE_PSA_CRYPTO` is enabled. @@ -56,8 +58,9 @@ In that case, we want: (We should have something similar for `mbedtls_x509write_crt_set_issuer_key()`.) -For some APIs, for example with `mbedtls_ssl_conf_psk_opaque()`, unit testing -does not make sense, so we only have integration testing. +For some APIs, for example with `mbedtls_ssl_conf_psk_opaque()`, testing in +`test_suite_ssl` was historicaly not possible, so we only have testing in +`ssl-opt.sh`. New APIs meant for internal use ------------------------------- @@ -89,7 +92,8 @@ For example, use of PSA to compute the TLS 1.2 PRF. Changes in this category rarely require specific testing, as everything should be already be covered by running the existing tests in a build with -`MBEDTLS_USE_PSA_CRYPTO` enabled. +`MBEDTLS_USE_PSA_CRYPTO` enabled; however we need to make sure the existing +test have sufficient coveraged, and improve them if necessary. However, if additional logic is involved, or there are run-time decisions about whether to use the PSA or legacy code paths, specific tests might be in order.