Since the bug affecting the performance only affects GCC versions
before 7.0, use -O2 flag instead of -O3 for them and keep the
better optimization for newer compilers.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Variables that are in any way destructed on exit should be initialised
prior to any tests that might jump to exit, to save potential
uninitialised memory accesses.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
In the test examples and real usage scenarios, 'mbedtls_net_free' is called after 'mbedtls_net_connect' fails, which will cause the problem of double close the same fd. It is possible to close this closed fd which has been applied by other link.
Signed-off-by: makejian <makejian@xiaomi.com>
- psa_crypto_helpers.h
mbedtls-3.6 branch misses some crypto client changes that has
been done in the development branch since the LTS release. Therefore
CRYPTO_C guard here is more accurate than CRYPTO_CLIENT.
- entropy.h
In the development branch MBEDTLS_ENTROPY_BLOCK_SIZE is defined
when PSA_WANT_ALG_SHA_[256/512] is defined while in the mbedtls-3.6
branch is guarded by MBEDTLS_MD_CAN_SHA[256/512] which is slightly
different. Since MBEDTLS_ENTROPY_BLOCK_SIZE is used in some tests's
data files, we need to have it defined also if the related test
is skipped. Therefore we add the PSA_WANT_ALG_SHA conditions together
with the MBEDTLS_MD_CAN_SHA ones to mimic the development behavior.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE is only used in tests so it should
not be defined in a public header such as "crypto_extra.h".
"psa_crypto_helpers.h" is a better option.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE() is not defined when there
is no MBEDTLS_PSA_CRYPTO_CLIENT so we need this guard to
define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_[2048/4096].
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Instead of skipping some tests when !MBEDTLS_PSA_STATIC_KEY_SLOTS,
add a proper check in the depends_on to verify if
MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE is actually large enough to contain
the key used in such test.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_[2048/4096] are always
defined because they are only used in test_suite_psa_crypto
tests.
- MBEDTLS_TEST_ALLOW_RSA_4096 was renamed as
MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 because this is only used in
PK related test suites.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Move the default definition of MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
from psa_crypto_core.h to the public header crypto_extra.h in order
to solve documentation build issues.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This value should be:
- OK for all EC/FFDH key pairs/public keys;
- OK for all supported public RSA keys;
- OK for RSA key pairs up to 2048 bits;
- FAIL for RSA key pairs above 2048 bits.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE slightly
smaller than the maximum RSA key pair size for an RSA key of 4096
bits. Also add a test in test_suite_psa_crypto to verify this
condition.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Instead of checking for "in_use" to be true/false or "key.data"
to be not NULL, simply check that "key.bytes" is 0/not-0.
psa_allocate_buffer_to_slot() will update this value whenever
a new slot is allocated (for the fully static case "allocated"
actually mean "taken").
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
If MBEDTLS_PSA_STATIC_KEY_SLOTS is set then limit PSA_CRYPTO_MAX_STORAGE_SIZE
to MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE, otherwise keep the previous
PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS) size.
This commit also removes changes to test_suite_psa_crypto_persistent_key.data
done previously since MBEDTLS_PSA_STATIC_KEY_SLOTS is always up to date
with key buffer size.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Disable all MBEDTLS_xxx symbols (keeping only the relevant ones enabled)
when building the main library.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
