This fixes a warning from some compilers (e.g. MSVC) about comparisons
between signed and unsigned values in perfectly reasonable code. In
particular, there was one such warning in psa_pbkdf2_hmac_set_password.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When MBEDTLS_USE_PSA_CRYPTO is disabled on a base of full, mention it.
Now that full implies MBEDTLS_PSA_CRYPTO_CONFIG, don't mention it, and don't
set it explicitly.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Back when we introduced MBEDTLS_PSA_CRYPTO_CONFIG and it was still
experimental, it made sense that we tested it separately. Nowadays, the
feature is fully implemented, and the full config without
MBEDTLS_PSA_CRYPTO_CONFIG keeps cryptographic mechanisms that only have a
PSA implementation and aren't in the default build disabled (currently:
PBKDF2). So enable MBEDTLS_PSA_CRYPTO_CONFIG in the full config.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Having a wrapper made it harder to use: incompatible with setting
MBEDTLS_CONFIG_FILE, harder to combine with other settings. It was also
surprising since it was the only test config that was structured in that
way.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The original goal (https://github.com/Mbed-TLS/mbedtls/pull/5072) was to run
a test with ChaChaPoly disabled in PSA. It was actually implemented with GCM
also partially disabled (legacy GCM enabled but PSA GCM disabled), which
distracted from the objective. It's actually useful to test both with and
without GCM, so test both. Don't test inconsistencies between legacy and PSA
support because that's not a common case and not one we have particular
reasons to test.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
There were two copies of component_test_psa_crypto_config_accel_pake,
identical except for two typos. Keep the copy without the typos.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
* Prevent pkcs5_pbe2 encryption when PKCS7 padding has been
disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
reasons, However, invalid padding is not checked.
* Add tests to check these scenarios. Test data has been
reused but with changing padding data in last block to
check for valid/invalid padding.
* Document new behaviour, known limitations and possible
security concerns.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
This PR was originally created before the code
style was changed. This commit updates the style.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This commit adds the example program for PSA
hash as well as the relevant changes to
CMakeLists.txt and the Makefile.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
