Define `MBEDTLS_ENTROPY_TRUE_SOURCES` and `MBEDTLS_ENTROPY_HAVE_SOURCES`
similarly to TF-PSA-Crypto 1.0. Also define
`MBEDTLS_ENTROPY_HAVE_TRUE_SOURCES` for test function dependencies.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
They were in test_suite_psa_crypto_init, but their only connection to init
is that RNG setup is part of init. When testing how the RNG is set up, the
fact that it happens during init is incidental, what matters is the
difficulties around collecting entropy.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is not only convenient, but now necessary, because if the content of
the generated files changes due to changes in Python files in the framework,
`all.sh check_generated_files` will fail in the framework CI.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Improve DTLS proxy 3d tests with OpenSSL and
GnuTLS servers. Have a better control of which
message is fragmented and verify it is the
case.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Improve DTLS reassembly tests with OpenSSL
and GnuTLS server. Check that some messages
have been reassembled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
We are about to have full support for TLS 1.2
CH reassembly on server side. The equivalent
positive test would be a duplicate of one of
the tests generated by generate_tls_handshake_tests.py.
Thus just removing the negative test.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In the TLS-Exporter for TLS 1.3 we mistakenly call PSA_HASH_LENGTH() on
an mbedtls_md_type_t when it should be called on a psa_algorithm_t.
Fortunately, these two types have almost the same values, since we have
previously aligned them to make conversion more efficient. As a result,
PSA_HASH_LENGTH() produces exactly the same value when called on an
mbedtls_md_type_t as with the equivalent psa_algorithm_t.
Thanks to this happy coincidence, fix a largely cosmetic issue (rather
than a major functional bug).
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Fix the location of the ending braket of "extern C" block in order to
have it balanced between C guards.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
TLS-PRF uses either SHA-256 and SHA-384, so the removed paragraph was not
correct. The correct version is already available in "check_config.h".
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
In the default build, it was 2363 bytes which is a lot to put on the
stack for constrained devices. Fortunately we already have a large
enough buffer at hand: the user-provided output buffer. Use it.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Tell the GCC compiler that pointers to types "mbedtls_uintXX_unaligned_t"
(where XX is 16, 32 or 64) might alias with other types. This helps at
high optimizations level (i.e. "-O3") so that the compiler does not mess
up with instruction reordering and memory accesses.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
MBEDTLS_ALIGNMENT_DISABLE_EFFICENT_UNALIGNED_ACCESS is used to forcedly
prevent MBEDTLS_EFFICIENT_UNALIGNED_ACCESS from being set. This prevents
optimizations from being used on x86 which is useful for testing
purposes.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is meant to test a bug found on:
- Little endian platforms other than x86 or ARM (these have specific
optimizations available);
- GCC versions from 10 to 14.2 (below and above are fine);
- Optimization level "-O3" (lower levels are fine).
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This patch adjusts the include order so that some ACLE
intrinsics macros are configured before
the inclusion of `neon.h`. This fixes issues with older
clang compilers but has no effect in modern versions.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
