This commit
- Reverts changes previously done to psa_crypto_helpers.[c,h]
- Implements a new check for open key slots in
mbedtls_test_helper_is_psa_leaking():
- when CTR_DRBG does not use AES_C or PSA does not have an external
RNG, then we allow 1 key slot (it's the one holding the AES key)
- when the above conditions are not met, then we fallback to the
usual check for "no open key slots remaining"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
When AES_C is not defined CTR_DRBG relies on PSA to get AES-ECB. This
means that, when AES-ECB is accelerated, each random operation goes through
driver access as well. This might result in unexpectedly increased
counters for driver's access.
We add extra counters in test_driver_[cipher/key_management].c to be
more specific on which driver functions are accessed and ignore
extra accesses due to CTR_DRBG.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
After adding a check in ssl_conf_check(), we have configured RNG via
mbedtls_ssl_conf_rng() for TLS tests in both test_suite_ssl.function
and test_suite_debug.function. As a result, rng_get() is not only
available when MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED enabled.
Therefore, we remove the guard for rng_get() to make it accessible for
TLS tests which have call for mbedtls_ssl_setup().
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Asan poisons memory with an 8-byte granularity. We want to make sure that
the whole specified region is poisoned (our typical use case is a
heap-allocated object, and we want to poison the whole object, and we don't
care about the bytes after the end of the object and up to the beginning of
the next object). So align the start and end of the region to (un)poison to
an 8-byte boundary.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
While an area of memory is poisoned, reading or writing from it triggers a
sanitizer violation.
Implemented for ASan.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
A new internal function is added to get cipher's info (mode, key bits and
iv len) without relying on CIPHER_C. This function is basically a lookup
table used only for test purposes.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Conflicts:
* `include/mbedtls/build_info.h`: a new fragment to auto-enable
`MBEDTLS_CIPHER_PADDING_PKCS7` was added in
c9f4040f7f3356293e90c58d11f6567def641e08 in `development-restricted`.
In `development`, this section of the file has moved to
`include/mbedtls/config_adjust_legacy_crypto.h`.
* `library/bignum.c`: function name change in `development-restricted` vs
comment change in development. The comment change in `development` is not
really relevant, so just take the line from `development-restricted`.
New bignum modules are only needed when the new ecp_curves module is
present. Remove them when they are not needed to save code size.
Signed-off-by: Janos Follath <janos.follath@arm.com>
