In preparation of the removal of MBEDTLS_ECP_DP_*
configuration options, replace them by their
PSA_WANT_ECC_* equivalent in dependencies.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In preparation of the removal of MBEDTLS_RSA_C,
replace MBEDTLS_RSA_C by its PSA_WANT_ closest
equivalent PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
in dependencies.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Remove dependencies on MBEDTLS_CIPHER_MODE_CBC and
MBEDTLS_AES_C, as these options will no longer be
available once they are removed from the configuration.
The affected tests rely on the built-in CBC and AES
implementations. With the removal of
MBEDTLS_CIPHER_MODE_CBC and MBEDTLS_AES_C as
configuration options, there is no longer a mechanism
in ssl-opt.sh to express these dependencies.
As a result, filter out these tests at the all.sh
component level when the built-in CBC and AES
implementations are not available.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
ssl-opt checks for specific error code values in the output, but as
MBEDTLS_ERR_ECP_IN_PROGRESS is becoming an alias of PSA_OPERATION_INCOMPLETE
then this hardcoded value will change.
Therefore allow the result to be either the old mbedtls error, or the new PSA
error, as not to break the CI.
Signed-off-by: Felix Conway <felix.conway@arm.com>
* development-restricted:
Add missing credit for set_hostname issue
Add changelog entry for TLS 1.2 Finished fix
TLS1.2: Check for failures in Finished calculation
ssl_session_reset: preserve HOSTNAME_SET flag
Document the need to call mbedtls_ssl_set_hostname
Improve documentation of mbedtls_ssl_set_hostname
Changelog entries for requiring mbedls_ssl_set_hostname() in TLS clients
Add a note about calling mbedtls_ssl_set_hostname to mbedtls_ssl_setup
mbedtls_ssl_set_hostname tests: add tests with CA callback
Call mbedtls_ssl_set_hostname in the generic endpoint setup in unit tests
Require calling mbedtls_ssl_set_hostname() for security
Create error code for mbedtls_ssl_set_hostname not called
Keep track of whether mbedtls_ssl_set_hostname() has been called
Access ssl->hostname through abstractions in certificate verification
mbedtls_ssl_set_hostname tests: baseline
Add a flags field to mbedtls_ssl_context
Automate MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK dependency
Make guards more consistent between X.509-has-certs and SSL-has-certs
Fix Doxygen markup
Make ticket_alpn field private
Conflicts:
programs/ssl/ssl_test_common_source.c
The openssl version in the docker image doesn't support TLS 1.3, so we
can't run the test.
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
