This helps reducing heap memory usage and, if heap memory is
not used anywhere else in an embedded device, it also reduces
code footprint since there is no need for heap management code
in this case.
A new build symbol is added for this purpose, named
MBEDTLS_PSA_STATIC_KEY_SLOTS. It's disabled by default so that
normal usage of Mbed TLS library is not affected.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit refactors tf-psa-crypto to include error_common.h instead of
error.h as these files have been split and the relevant error codes are
now inside error_common.h.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit updates the build scripts for error.c generation to be
generated in the Mbed TLS library directory.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit splits error.h into error_common.h containing error code
definitions and error.h which contains functions to convert error codes
to error messages.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
Use config_adjust_test_accelerators.h
to adjust the configuration needed for
test_psa_crypto_drivers all.sh component
with PSA_CRYPTO_CONFIG enabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
As we move to PSA_CRYPTO_CONFIG always on,
the way to configure the build with both
the builtin drivers and the transparent test
drivers (that are wrappers around the
builtin drivers) cannot be done through the
MBEDTLS_USER_CONFIG_FILE mechanism anymore.
With this mechanism and PSA_CRYPTO_CONFIG
enabled, the PSA_ACCEL_ macros are defined
before including config_adjust_legacy_from_psa.h
and the builtin implementations are removed.
Thus, we will rather define the PSA_ACCEL_
just after the inclusion of
config_adjust_legacy_from_psa.h through the
dedicated config_adjust_test_accelerators.h
header introduced by this commit.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit fixes potential buffer overrun in:
- pk_write_rsa_der
- pk_write_ec_pubkey
In both functions, when dealing with opaque keys, there was no
check that the provided buffer was large enough to contain the
key being exported. This commit fixes this problem and it also
adds some testing in test_suite_pkwrite to trigger these checks.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit moves version.h back into /include/mbedtls from
tf-psa-crypto/drivers/builtin/include. This commit also changes the
necessary build files and scripts to generate version_features.c
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit moves static functions that are necessary for
mbedtls_oid_get_numeric_string and mbedtls_oid_from_numeric_string from
oid.c to x509.c
Signed-off-by: Sam Berry <sam.berry@arm.com>
This commit moves the function declarations for
mbedtls_oid_get_numeric_string and mbedtls_oid_from_numeric_string from
oid.h to x509.h.
Signed-off-by: Sam Berry <sam.berry@arm.com>
The rest of the file uses mbedtls_mpi_uint_t unconditionally, so its
definition should also be #include'd unconditionally.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Without this, it's not at all obvious that turning on MBEDTLS_TEST_HOOKS
doesn't change the functional behavior of the code.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Unfortunately compilers aren't good at analyzing whether variables are
analyzed on all code paths, and it is better to initialize to the
safe-path values.
Signed-off-by: Janos Follath <janos.follath@arm.com>
A + B + 1 is not a good way to get a number that's neither A nor B.
This can be a problem for example if values later are changed to
A = 0 and B = -1.
Signed-off-by: Janos Follath <janos.follath@arm.com>
