Old GCC versions hit a performance problem with test_suite_pkwrite
"Private keey write check EC" tests when building with Asan+UBSan
and -O3: those tests take more than 100x time than normal, with
test_suite_pkwrite taking >3h on the CI. Observed with GCC 5.4 on
Ubuntu 16.04 x86_64 and GCC 6.5 on Ubuntu 18.04 x86_64.
GCC 7.5 and above on Ubuntu 18.04 appear fine.
To avoid the performance problem, use -O2 instead of -O3 in then "Asan"
build type with GCC. It doesn't slow down much even with modern compiler
versions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit fixes potential buffer overrun in:
- pk_write_rsa_der
- pk_write_ec_pubkey
In both functions, when dealing with opaque keys, there was no
check that the provided buffer was large enough to contain the
key being exported. This commit fixes this problem and it also
adds some testing in test_suite_pkwrite to trigger these checks.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Now that dtls_server doesn't print "error" when it receives stray messages
while it's waiting for a second handshake, have the tests fail if "error" is
printed for some other reason.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE happens during the handshake, don't
show it as an "error". It might be an error, but it might also be a fact of
life if it happens during the second or more handshake: it can be a
duplicated packet or a close_notify alert from the previous connection,
which is hard to avoid and harmless.
Fixes#9652.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Copy of mbedtls top CMakeLists.txt file.
The TF-PSA-Crypto top CMakeList.txt file
will be derived from that file to outline
what is common and what is different
between the two.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Move library options to the top CMakeLists.txt.
That way:
- we will be able to set the TF-PSA-Crypto
library options according to the Mbed TLS ones.
- we can define the crypto library target names
in the top CMakeLists.txt and not in the library
one that is dedicated to the TLS and x509
libraries now.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Remove dependency on mbedtls_test_helpers
to build the crypto test suites.
mbedtls_test_helpers is TLS specific.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Rename MBEDTLS_PSA_CRYPTO_(USER_)CONFIG_FILE to
TF_PSA_CRYPTO_(USER_)CONFIG_FILE as we rename
crypto_config.h to tf_psa_crypto_config.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Re-organize "Mbed TLS modules" and "Module configuration options"
into "X.509 feature selection" and "TLS feature selection" for
better alignment with tf_psa_crypto_config.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Re-order mbedtls_config.h sections for
the order to be more aligned with the
tf_psa_crypto_config.h one.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
