If an identity has been determined as a
ticket identity but the ticket is not
usable, do not try to check if the
identity is that of an external
provided PSK.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Improve the values returned by
ssl_tls13_offered_psks_check_identity_match_ticket().
Distinguish between the two following cases:
1) the PSK identity is not a valid ticket identity
2) the PSK identity is a valid ticket identity but
the ticket cannot be used for session resumption.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Fix the value returned by
ssl_tls13_offered_psks_check_identity_match_ticket()
when there is no ticket parser function defined
or no time.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Enabling this causes TSan warnings, as some self-tests use unprotected globals
(see X_count variables in ecp.c). This isn't an issue, as these globals are only
read in self tests, which do not use threads.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
For every generate_key test there is now a concurrently_generate_keys test.
8 threads per test, and 5 repetitions.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Split into n threads, each thread will repeatedly generate,
exercise and destroy a key.
Then join the threads, and ensure using PSA_DONE that no keys still exist.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
In test_suite_psa_crypto_op_fail.generated.function
the function key_agreement_fail was setting the
public_key_length variable to SIZE_MAX which meant that
a huge allocation was being attempted.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
These calls to sprintf may overflow buf because opt.mail_from and opt.mail_to
are controlled by users. Fix by replacing sprintf with snprintf.
Signed-off-by: Mingjie Shen <shen497@purdue.edu>
When building with -Og (specifically Zephyr with
CONFIG_DEBUG_OPTIMIZATIONS=y) one observes the following warning:
'shared_secret' may be used uninitialized [-Werror=maybe-uninitialized]
Fix this by zero initializing 'shared_secret' similar to the issue
addressed in commit 2fab5c960 ("Work around for GCC bug").
Signed-off-by: Moritz Fischer <moritzf@google.com>
Not all of the writes to this field are protected by a mutex.
There is no also no protection in place to stop another thread from overwriting
the current transaction
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Explain how to use mbedtls_pk_get_psa_attributes() and
mbedtls_pk_import_into_psa() to make a PSA key from a PK key.
Remove the discussion of how to do the same manually.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Replaces the recommendation to use mbedtls_rsa_gen_key() for RSA key
generation with a custom public exponent.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This way, `make lib` will work in the absence of the framework, as long as
generated files are present.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
