generate_test_code.py doesn't support UTF-8 in .function files (but does
in .data files) when run in a non-UTF-8 locale with Python <=3.6.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_ecp_gen_key() generates a private key and calculates the public key.
Calculating the public key takes most of the CPU time. But the PSA key store
doesn't store the key, in order to simplify the plumbing when drivers are
involved. So the time spent calculating the public key is a waste.
Instead, call mbedtls_ecp_gen_privkey(), which does not calculate the public
key.
This also saves 8 instructions in a sample arm thumb build.
Resolves#9732.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Run the function on a few different curves with shorter, just-right and
larger buffer sizes. Perform some basic sanity checks on the output (which
is random).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Skip 6144-bit and 8192-bit FFDH tests in MSan or Valgrind test
configurations. These test cases are slow and sometimes trigger GnuTLS's
built-in timeout (which cannot be configured until more recent versions).
Resolves#9742.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that it's always on, this is no longer necessary.
Also this is a step towards no longer being able to set it, because it soon
won't be a selectable configuration option anymore.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that MBEDTLS_USE_PSA_CRYPTO is always on, remove code that handles the
case when it's disabled.
Also this is a step towards no longer expecting it to be reported by
query_compile_time_config.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that MBEDTLS_USE_PSA_CRYPTO is always on, we don't need to check for it.
Also this is a step towards no longer expecting it to be reported by
query_compile_time_config.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We no longer have two (only partially distinct) implementations of ECJ-PAKE
cipher suites in TLS, now that the non-MBEDTLS_USE_PSA_CRYPTO implementation
is being removed.
We may want to add this testing back in the future, but we'll have to use an
old Mbed TLS instead of a differently-built one.
https://github.com/Mbed-TLS/mbedtls/issues/9740
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The Thumb-1 tests are by far the slowest, so split the -O0 and -Os tests
into their own components.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
The header structure was initialized only field by
field. This does not initialized the padding bytes
and MemSan was complaining with use of
uninitialized data in test_memsan all.sh component.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
target_compile_options() does not set
link options as setting CMAKE_C_FLAGS
does. Thus set link options with
set_target_properties(). target_link_options()
is not available in CMake 3.5 used in the CI.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The UNSAFE_BUILD option was introduced for
the builds with NULL entropy
(option MBEDTLS_TEST_NULL_ENTROPY) but this
configuration option does not exist
anymore.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Since PSA is always on in 4.x, *_PSA_INIT() and *_PSA_DONE() can be
simply aliased to PSA_INIT() and PSA_DONE() until such a time as we
remove them.
Simplify the login of these PSA_INIT/DONE variants by aliasing them in
4.x and keeping the more complex 3.6 logic entirely separate.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
