When reseting an SSL context with
mbedtls_ssl_session_reset() reset
the TLS maximum negotiable version
as configured.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
If the alloc fails I belive it is okay to preserve the algorithm.
The alloc cannot fail with BAD_STATE, and this setting is only used
to differentiate between a exhausted and blank.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Encrypt more than 2 blocks of data, causing both update() calls to
output data as well as the call to finish().
This exposes a test bug where the pointer to a buffer is not updated
as it is filled with data.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
* Rename psa_aead_set_nonce() to psa_aead_set_nonce_internal()
* Recreate psa_aead_set_nonce() as a wrapper that copies buffers before
calling the internal function.
This is because psa_aead_set_nonce() is currently called by
psa_aead_generate_nonce(). Refactoring this to call the static internal
function avoids an extra set of buffer copies as well as simplifying
future memory poisoning testing.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Resize buffer used to hold the nonce to twice the maximum nonce size.
Some test cases were requesting more than the maximum nonce size
without actually having backing space. This caused a buffer overflow
when PSA buffer-copying code was added.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Note that this is not strictly necessary as this function only copies to
the output buffer at the end. However, it simplifies testing for the
time being.
Future optimisation work could consider removing this copying.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The psa_test_wrappers.h inclusion was breaking the examples in programs/
on functions with poisoning added
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This option causes nested calls to PSA functions, so is not compatible
with memory poisoning as it currently stands.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
In the ecjpake_do_round(), fix a magic number that was causing buffer
size to be incorrectly advertised.
Followup of 'Fix magic number buffer length in J-PAKE tests' for what
seem to be duplicate tests.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Enable memory poisoning for all functions whose names start with
'psa_pake'. Regenerate the wrappers and commit the result.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The buffer size was advertised as 512-bytes, despite sometimes being
smaller. This did not cause a crash until buffer copying, which always
copies all of the buffer, was added.
When copying back to the original, we would cause a heap buffer
overflow, which ASan detected.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
