Merge remote-tracking branch 'restricted/development-restricted' into update-development-r

Conflicts:
	programs/Makefile
	tests/scripts/check-generated-files.sh

programs/Makefile

@@ -7,6 +7,9 @@ else
 DLOPEN_LDFLAGS ?=
 endif
 
+ifdef RECORD_PSA_STATUS_COVERAGE_LOG
+LOCAL_CFLAGS += -Werror -DRECORD_PSA_STATUS_COVERAGE_LOG
+endif
 DEP=${MBEDLIBS} ${MBEDTLS_TEST_OBJS}
 
 # Only build the dlopen test in shared library builds, and not when building

programs/test/CMakeLists.txt

@@ -78,6 +78,9 @@ foreach(exe IN LISTS executables_libs executables_mbedcrypto)
         target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR})
     endif()
 
+    # Request C11, required for memory poisoning
+    set_target_properties(${exe} PROPERTIES C_STANDARD 11)
+
     # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3
     list(FIND executables_libs ${exe} exe_index)
     if (${exe_index} GREATER -1)

programs/test/metatest.c

@@ -28,10 +28,13 @@
 
 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
 
+#include <mbedtls/debug.h>
 #include <mbedtls/platform.h>
 #include <mbedtls/platform_util.h>
 #include "test/helpers.h"
 #include "test/macros.h"
+#include "test/memory.h"
+#include "common.h"
 
 #include <stdio.h>
 #include <string.h>
@@ -59,6 +62,15 @@ static void set_to_zero_but_the_compiler_does_not_know(volatile void *p, size_t
     memset((void *) p, false_but_the_compiler_does_not_know, n);
 }
 
+/* Simulate an access to the given object, to avoid compiler optimizations
+ * in code that prepares or consumes the object. */
+static void do_nothing_with_object(void *p)
+{
+    (void) p;
+}
+void(*volatile do_nothing_with_object_but_the_compiler_does_not_know)(void *) =
+    do_nothing_with_object;
+
 
 /****************************************************************/
 /* Test framework features */
@@ -143,6 +155,65 @@ void memory_leak(const char *name)
     /* Leak of a heap object */
 }
 
+/* name = "test_memory_poison_%(start)_%(offset)_%(count)_%(direction)"
+ * Poison a region starting at start from an 8-byte aligned origin,
+ * encompassing count bytes. Access the region at offset from the start.
+ * %(start), %(offset) and %(count) are decimal integers.
+ * %(direction) is either the character 'r' for read or 'w' for write.
+ */
+void test_memory_poison(const char *name)
+{
+    size_t start = 0, offset = 0, count = 0;
+    char direction = 'r';
+    if (sscanf(name,
+               "%*[^0-9]%" MBEDTLS_PRINTF_SIZET
+               "%*[^0-9]%" MBEDTLS_PRINTF_SIZET
+               "%*[^0-9]%" MBEDTLS_PRINTF_SIZET
+               "_%c",
+               &start, &offset, &count, &direction) != 4) {
+        mbedtls_fprintf(stderr, "%s: Bad name format: %s\n", __func__, name);
+        return;
+    }
+
+    union {
+        long long ll;
+        unsigned char buf[32];
+    } aligned;
+    memset(aligned.buf, 'a', sizeof(aligned.buf));
+
+    if (start > sizeof(aligned.buf)) {
+        mbedtls_fprintf(stderr,
+                        "%s: start=%" MBEDTLS_PRINTF_SIZET
+                        " > size=%" MBEDTLS_PRINTF_SIZET,
+                        __func__, start, sizeof(aligned.buf));
+        return;
+    }
+    if (start + count > sizeof(aligned.buf)) {
+        mbedtls_fprintf(stderr,
+                        "%s: start+count=%" MBEDTLS_PRINTF_SIZET
+                        " > size=%" MBEDTLS_PRINTF_SIZET,
+                        __func__, start + count, sizeof(aligned.buf));
+        return;
+    }
+    if (offset >= count) {
+        mbedtls_fprintf(stderr,
+                        "%s: offset=%" MBEDTLS_PRINTF_SIZET
+                        " >= count=%" MBEDTLS_PRINTF_SIZET,
+                        __func__, offset, count);
+        return;
+    }
+
+    MBEDTLS_TEST_MEMORY_POISON(aligned.buf + start, count);
+
+    if (direction == 'w') {
+        aligned.buf[start + offset] = 'b';
+        do_nothing_with_object_but_the_compiler_does_not_know(aligned.buf);
+    } else {
+        do_nothing_with_object_but_the_compiler_does_not_know(aligned.buf);
+        mbedtls_printf("%u\n", (unsigned) aligned.buf[start + offset]);
+    }
+}
+
 
 /****************************************************************/
 /* Threading */
@@ -291,6 +362,22 @@ metatest_t metatests[] = {
     { "double_free", "asan", double_free },
     { "read_uninitialized_stack", "msan", read_uninitialized_stack },
     { "memory_leak", "asan", memory_leak },
+    { "test_memory_poison_0_0_8_r", "poison", test_memory_poison },
+    { "test_memory_poison_0_0_8_w", "poison", test_memory_poison },
+    { "test_memory_poison_0_7_8_r", "poison", test_memory_poison },
+    { "test_memory_poison_0_7_8_w", "poison", test_memory_poison },
+    { "test_memory_poison_0_0_1_r", "poison", test_memory_poison },
+    { "test_memory_poison_0_0_1_w", "poison", test_memory_poison },
+    { "test_memory_poison_0_1_2_r", "poison", test_memory_poison },
+    { "test_memory_poison_0_1_2_w", "poison", test_memory_poison },
+    { "test_memory_poison_7_0_8_r", "poison", test_memory_poison },
+    { "test_memory_poison_7_0_8_w", "poison", test_memory_poison },
+    { "test_memory_poison_7_7_8_r", "poison", test_memory_poison },
+    { "test_memory_poison_7_7_8_w", "poison", test_memory_poison },
+    { "test_memory_poison_7_0_1_r", "poison", test_memory_poison },
+    { "test_memory_poison_7_0_1_w", "poison", test_memory_poison },
+    { "test_memory_poison_7_1_2_r", "poison", test_memory_poison },
+    { "test_memory_poison_7_1_2_w", "poison", test_memory_poison },
     { "mutex_lock_not_initialized", "pthread", mutex_lock_not_initialized },
     { "mutex_unlock_not_initialized", "pthread", mutex_unlock_not_initialized },
     { "mutex_free_not_initialized", "pthread", mutex_free_not_initialized },