It's ok if people use MBEDTLS_PSA_CRYPTO_CONFIG: it's not unstable or
unpredictable. But we still reserve the right to make minor changes
(e.g. https://github.com/Mbed-TLS/mbedtls/issues/7439).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add configuration to enforce minimum size when
generating a RSA key, it's default value is 1024
bits since this the minimum secure value currently
but it can be any value greater than or equal 128
bits. Tests were modifed to accommodate for this
change.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
'mbedtls_pk_psa_rsa_sign_ext' function allocates a buffer of maximum
size 5679 bytes (MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES) on the stack to store
DER encoded private key. This increased stack usage significantly for
RSA signature operations when MBEDTLS_PSA_CRYPTO_C is defined.
This issue was discovered when adding support for EAP-TLS 1.3 (rfc9190).
Signed-off-by: Sarvesh Bodakhe <sarvesh.bodakhe@espressif.com>
The result format for code size comparison is:
filename new(text) new(data) change(text) change(data)
yyy.o xxx xxx xx xx
The numbers followed are in bytes.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Percentage is not a useful number when looking at code size changes.
Since it depends on the base of the code size. It might give
misleading information by simply looking at the numbers.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Running clang-16 on mbedtls reports warnings of type "-Wstrict-prototypes".
This patch fixes these warnings by adding void to functions with no
arguments. The generate_test_code.py is modified to insert void into test
functions with no arguments in *.function files.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
The Ubuntu 16.04 and 22.04 docker images have been updated with
earliest and latest versions of gcc and clang respectively.
This patch adds the necessary component and support functions
required for the CI to run these compilers.
For FreeBSD we invoke the function by name so a condition is added
to disable the existing test_clang_opt function for linux.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
- RSA was missing the MBEDTLS_ prefix.
- DH needs the same temporary fix (prefix + suffix) for now.
- hack_dependencies_not_implemented() needs to ignore MBEDTLS_PSA_WANT
dependencies.
While at it, make the code currently used for ECC more generic, so that
it's ready to be used for RSA and DH in the near future.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
If we use option --stdout, the logging level is set as
logging.ERROR. But --verbose is able to overwrite logging level as
logging.INFO if we want to display intermediate log in the process
of code size comparison.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
