* Fix a grammatical typo
* Mention shared memory
* Mention overlap support in the security section
* Improve wording
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Use the global data mutex, as the key slot mutex has to be held in some
of the functions where we are testing the flag, and we already hold the
global data mutex when calling the functions where the flag is set.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Internal only for now, but can be made external with some more
work. Break up psa_crypto_init into chunks to prevent deadlocks when
initialising RNG, likewise break up mbedtls_crypto_free() to stop having
to hold more than one mutex at a time.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
The already existing component_test_psa_crypto_client() is renamed
as component_test_default_psa_crypto_client_without_crypto_provider()
while component_build_full_psa_crypto_client_without_crypto_provider()
was added.
- Both of them check that the missing symbols at link time (if any)
belong to the psa_xxx() family.
- The former builds with default config + CRYPTO_CLIENT - CRYPTO_C and
then runs test suites.
- The latter only perform the builds using the full config and then
it checks that PK-PSA bridge functions are present.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
All current usages have this parameter set to 0 (meaning the behaviour
of these tests hasn't changed). We also now return the actual error code, not GENERIC_ERROR
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
All current usages have this parameter set to 0 (in this case the behaviour of
the test is unchanged)
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
If the key has been destroyed (and the new parameter is 1), we test that
psa_cipher_abort succeeds in this scenario.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
If the key has been destroyed (and the new parameter is 1) then we test that
psa_mac_abort succeeds in this scenario.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This will allow us to use this smoke test to ensure that key slot content reads are
only performed when we are registered to read a full slot. We will destroy the key
on another thread while the key is being exercised, and fail the test if an unexpected
error code is hit. Future commits will incrementally implement this new parameter.
All current usages of this function have this parameter set to 0, in which case
the new behaviour must be the same as the old behaviour
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Mention that arbitrary overlap is now supported, except whenever
MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
from ssl.h(public) to ssl_misc.h(private) even if
that means we cannot use the enum type for
early_data_state in ssl.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Do not use the return values of
mbedtls_ssl_get_early_data_status()
(MBEDTLS_SSL_EARLY_DATA_STATUS_ macros)
for the state of the negotiation and
transfer of early data during the
handshake.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Specifically:
* Clarify that passing shared buffers is now secure by default (not
newly supported)
* Remove spurious hyphen
* Clarify that we do not guarantee copying, but rather guarantee
protection, allowing us to implement this differently in future if
required.
* Mention both protection of inputs from modification and outputs from
exposure of intermediate results.
* Invert the config option, from an enable-option to a disable-option.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
