Move the flags and find of Threads to root CMakeLists.txt, rather
than duplicate these everywhere. Make explicit linking of library with
PThreads use the same mechanism.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Enable memory poisoning for all functions whose names start with
'psa_pake'. Regenerate the wrappers and commit the result.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The buffer size was advertised as 512-bytes, despite sometimes being
smaller. This did not cause a crash until buffer copying, which always
copies all of the buffer, was added.
When copying back to the original, we would cause a heap buffer
overflow, which ASan detected.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Tests with 256 bits curve simply depends on any curve of that size,
but they don't really care about which family is enabled.
Here I replaced PSA_WANT_ECC_SECP_R1_256 with PSA_WANT_ECC_SECP_K1_256
because otherwise there were test disparities in the
"analyze_driver_vs_reference_tfm_config" component of
"analyze_outcomes.py". It looked simpler to change the curve type
in the test suite's data rather than adding proper exceptions
in "analyze_outcomes.py"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is mandatory to have support for the error codes defined
in the asn1write.h header file.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Putting the id at the of the psa_key_attributes_s structure allows
for a more efficient marshalling of the parameters around a transport
channel which provides separation between a client view and a service
view of the key parameters.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Add a new macro `LOCAL_OUTPUT_ALLOC_WITH_COPY` to support the output buffer
handling of the multipart operations like `psa_cipher_update`. This will
allocate a local buffer and copy the content of the original buffer.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Do not disable RSA_C and related modules because now it does not
automatically re-enable PK module.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The goal is to remove usage of PK return values in order to
completely eliminate that dependency.
This commit also updates pkparse and test_suite_x509parse to
align with this change in return values.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
When building without PSA crypto functions, disable
MBEDTLS_PSA_CRYPTO_CLIENT as well as MBEDTLS_PSA_CRYPTO_C. With
just MBEDTLS_PSA_CRYPTO_CLIENT, PSA crypto API functions are supposed to
exist at link time but be provided by a third party.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In our tests, we run `tests/scripts/doxygen.sh`, which checks that `doxygen`
runs without warnings after `scripts/config.py realfull`. In this
configuration, alternative implementations such as `MBEDTLS_RSA_ALT` are
enabled, which allows the documentation to contain references to the
`MBEDTLS_xxx_ALT` symbol itself. However, this disables context types that
alternative implementations must define in their header, such as
`mbedtls_rsa_context`. See https://github.com/Mbed-TLS/mbedtls/issues/4518
As a partial fix, allow `tests/scripts/doxygen.sh` to see dummy definitions
of the context type. This way, we can use both `#MBEDTLS_RSA_ALT` and
`#mbedtls_rsa_context` cross-references in our documentation. This is not
ideal, because `doxygen.sh` isn't testing for errors in the documentation of
the affected context types, but it's cheap progress.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit makes the code arguably slightly simpler and fixes the build
with clang -Wimplicit-fallthrough. No intended semantic change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This isn't officially supported, but it's convenient to build the library
this way for quick testing.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
