Move the global variable to the PSA layer, and just set that when calling PSA
level functions.
Move the internal ecp set to before each ecp call.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit adds well-formed reproducers for the memory management
issues fixed in the following commits:
290f01b3f5e7f8c616d0f7641544ea
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
As tested in https://github.com/Mbed-TLS/mbedtls/issues/6790,
after introducing side-channel counter-measures to bignum,
the performance of RSA decryption in correlation to the
MBEDTLS_ECP_WINDOW_SIZE has changed.
The default value of 2 has been chosen as it provides best
or close-to-best results for tests on Cortex-M4 and Intel i7.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
The name sha512 might have made sense when it was an
mbedtls_sha512_context, but now it's weird to see things like
mbedtls_md_setup(&sha512, ...MBEDTLS_MD_SHA384...);
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
X.509 already depends on MD_C || USE_PSA_CRYPTO, and this is for the
!USE_PSA_CRYPTO branch, so we're free to use MD.
This change supports our ability to use MBEDTLS_MD_CAN_xxx macros
everywhere in the future, once they have been introduced.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
There's little reason for accessing the hash implementation's internal
state, its output contains most of the same information.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
If MBEDTLS_PSA_CRYPTO_C is enabled, we always enable
MBEDTLS_PSA_CRYPTO_CLIENT, since the client-side functions are part of the
full PSA crypto feature set. Historically, we didn't have a good place for
configuration modification, so we did this early in the crypto.h include
tree. Since Mbed TLS 3.0, we have mbedtls/build_info.h for that.
Addresses https://github.com/Mbed-TLS/mbedtls/issues/7144 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Before, if psa/crypto_platform.h was overridden and the override didn't
include "mbedtls/build_info.h", it was possible to end up with parts of
the headers not taking the library configuration into account, if no
mbedtls header was included before "psa/crypto.h". Make sure that
the mbedtls configuration is visible from the start, no matter what is
or is not in the platform header.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and
MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes
after the standard directory in the include file search path.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This moslty focus on tests using "server5*" cerificate. Several cases
are taken into account depending on:
- TLS version (1.2 or 1.3)
- server or client roles
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>