Comments (6)
While at it, please also make sure the freshness of tests/src/test_certs.h
(which is similarly both generated and checked in), is tested on the CI.
from mbedtls.
like tests/src/test_certs.h: the file is commited and there is no check that it's up-to-date
please also make sure the freshness (…) is tested on the CI.
I would prefer to avoid having both files that are generated and files whose freshness is tested. Files that are generated are a lot more convenient because committing them requires extra steps in day-to-day development and causes more build conflicts. So I'd prefer to avoid reintroducting freshness testing.
from mbedtls.
like tests/src/test_certs.h: the file is commited and there is no check that it's up-to-date
Right, I just found that test_certs.h
should be generated from tests/data_files/Makefile
, so I think test_key.h
should follow the same pattern.
please also make sure the freshness (…) is tested on the CI.
I would prefer to avoid having both files that are generated and files whose freshness is tested. Files that are generated are a lot more convenient because committing them requires extra steps in day-to-day development and causes more build conflicts. So I'd prefer to avoid reintroducting freshness testing.
Having these header files generated from a Makefile should allow to skip the check for "freshness", isn't it?
However I'm not sure tests/data_files/Makefile
is ever called during the build. But I might be missing something...
from mbedtls.
I would prefer to avoid having both files that are generated and files whose freshness is tested.
Fully agreed, glad you said that. (I was afraid there was a reason why test_cert.h
had to be treated in a special way, but you clarified on Slack that wasn't the case.) So, let's make them both (test_certs.h
and the new test_key.h
) generated.
Having these header files generated from a Makefile should allow to skip the check for "freshness", isn't it?
However I'm not suretests/data_files/Makefile
is ever called during the build. But I might be missing something...
Indeed, what we want it to have them generated during the build:
- in a Makefile other than
tests/data_files/Makefile
(as that one is not really part of the build system); - and in CMake (as we support both build systems).
So, basically, this issue is about making the following changes with test_key.h
:
- Have external key files (commited, generation procedure documented in
tests/data_files/Makefile
) and then generatetest_key.h
from these files. - Make it generated as part of the build (make and CMake).
And #9015 is about doing just (2) for test_certs.h
. IMO it might make sense to address both this issue and #9015 in a single PR, unless part 1 is too big, in which case a part for part 1, then another PR for part 2 and #9015.
from mbedtls.
Actually, once part 1 is done, the generation scripts for test_certs.h
and test_key.h
will start looking very similar and probably want to share more code. Actually would if make sense to have a single generation script and a single file tests/src/test_keys_certs.h
? After all, test_certs.h
has a few keys as well, so if everything is in a single file perhaps we could avoid some duplication (like, if we already have a test certs with an RSA-2048 private key, we don't really need an extra RSA-2048 private key for key testing, we can just re-use that one). Wdyt?
from mbedtls.
I agree on both last comments (1 and 2). I will implement them
from mbedtls.
Related Issues (20)
- mbedtls_pk_sign_ext() returned -16000 (-0x3e80) HOT 1
- Do not perform adjustments on legacy crypto from PSA, when MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C HOT 2
- Can't disable certificate verification with TLSv1.3 HOT 2
- MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET breaks backwards-compatibility? HOT 1
- Clean up psk_list in ssl-opt.sh
- Support the `crypto_config.h` usage in depends.py
- Update the `cipher_id` domain to use PSA macros in `depends.py`
- Update the `cipher_chaining` domain to use PSA macros in `depends.py`
- Update the `curves` domain to use PSA macros in `depends.py`
- Update the `hashes` domain to use PSA macros in `depends.py`
- Update the `pkalgs` domain to use PSA macros in `depends.py`
- Guidance to remove check_config.h inclusion from mbedtls_config.h
- CMake: Dependency scope HOT 3
- Remove hkdf.c HOT 2
- Protect against spurious definitions of derived symbols
- 2.28 only: build broken when `check_config.h` is not included
- Missing include stdlib.h and stdio.h in some platform configurations
- MbedTLS v3.6.0 - Compilation errors and warnings HOT 1
- Implement tf_psa_crypto_config.py
- Adapt config.py to configuration file split
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mbedtls.