`gcc-14` added a new `-Wcalloc-transposed-args` warning recently. It
detected minor infelicity in `calloc()` API usage in `mbedtls`:
In file included from /build/mbedtls/tests/include/test/ssl_helpers.h:19,
from /build/mbedtls/tests/src/test_helpers/ssl_helpers.c:11:
/build/mbedtls/tests/src/test_helpers/ssl_helpers.c: In function 'mbedtls_test_init_handshake_options':
/build/mbedtls/tests/include/test/macros.h:128:46:
error: 'calloc' sizes specified with 'sizeof' in the earlier argument
and not in the later argument [-Werror=calloc-transposed-args]
128 | (pointer) = mbedtls_calloc(sizeof(*(pointer)), \
| ^
Signed-off-by: Sergei Trofimovich <slyich@gmail.com>
In the ecjpake_do_round(), fix a magic number that was causing buffer
size to be incorrectly advertised.
Followup of 'Fix magic number buffer length in J-PAKE tests' for what
seem to be duplicate tests.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Since we officially disabled support for importing of PEM formatted keys
into PSA we removed dedicated tests from test_suite_psa_crypto. As a
consequence MBEDTLS_PEM_PARSE_C is no more an exception for
component_check_test_dependencies().
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
In principle the RSA tests shouldn't depend on RSA key generation: they just
need to operate on RSA keys. However they do need some method of creating an
RSA key, and we're currently doing random generation. So depend on what the
test code needs.
Depend on the legacy RSA interface, since driver-only RSA isn't currently
supported in the PK module.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move the flags and find of Threads to root CMakeLists.txt, rather
than duplicate these everywhere. Make explicit linking of library with
PThreads use the same mechanism.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Enable memory poisoning for all functions whose names start with
'psa_pake'. Regenerate the wrappers and commit the result.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The buffer size was advertised as 512-bytes, despite sometimes being
smaller. This did not cause a crash until buffer copying, which always
copies all of the buffer, was added.
When copying back to the original, we would cause a heap buffer
overflow, which ASan detected.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Tests with 256 bits curve simply depends on any curve of that size,
but they don't really care about which family is enabled.
Here I replaced PSA_WANT_ECC_SECP_R1_256 with PSA_WANT_ECC_SECP_K1_256
because otherwise there were test disparities in the
"analyze_driver_vs_reference_tfm_config" component of
"analyze_outcomes.py". It looked simpler to change the curve type
in the test suite's data rather than adding proper exceptions
in "analyze_outcomes.py"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is mandatory to have support for the error codes defined
in the asn1write.h header file.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Do not disable RSA_C and related modules because now it does not
automatically re-enable PK module.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The goal is to remove usage of PK return values in order to
completely eliminate that dependency.
This commit also updates pkparse and test_suite_x509parse to
align with this change in return values.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
When building without PSA crypto functions, disable
MBEDTLS_PSA_CRYPTO_CLIENT as well as MBEDTLS_PSA_CRYPTO_C. With
just MBEDTLS_PSA_CRYPTO_CLIENT, PSA crypto API functions are supposed to
exist at link time but be provided by a third party.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add code and unit tests for MBEDTLS_PK_ECxxx in
mbedtls_pk_get_psa_attributes().
This commit only supports built-in ECC (MBEDTLS_ECP_C). A subsequent commit
will handle driver-only ECC.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This feature was an unofficial extension which was never documented.
Now that we are removing the PK dependency in order to use only
functions from RSA module, PEM support is unavailable. Therefore
we explicitly remove it.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
