From 0b14d1407d4d2b067f075c877fcc2002225ce20f Mon Sep 17 00:00:00 2001 From: Ryan Date: Tue, 5 Mar 2024 13:55:33 +0000 Subject: [PATCH 1/3] Document deprecated transaction system as non thread safe Not all of the writes to this field are protected by a mutex. There is no also no protection in place to stop another thread from overwriting the current transaction Signed-off-by: Ryan Everett --- library/psa_crypto_storage.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index f1ea265b42..d7f5b18953 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -231,8 +231,9 @@ typedef uint16_t psa_crypto_transaction_type_t; * This type is designed to be serialized by writing the memory representation * and reading it back on the same device. * - * \note The transaction mechanism is designed for a single active transaction - * at a time. The transaction object is #psa_crypto_transaction. + * \note The transaction mechanism is not thread-safe. There can only be one + * single active transaction at a time. + * The transaction object is #psa_crypto_transaction. * * \note If an API call starts a transaction, it must complete this transaction * before returning to the application. From 6caf84f71740630fe33883cb0cec97a70a827e1d Mon Sep 17 00:00:00 2001 From: Ryan Date: Tue, 5 Mar 2024 13:57:00 +0000 Subject: [PATCH 2/3] Explicitely remove the deprecated driver interface from the TSan config Signed-off-by: Ryan Everett --- tests/scripts/all.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c25f044409..007f8e684f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2178,6 +2178,9 @@ component_test_tsan () { scripts/config.py set MBEDTLS_THREADING_C scripts/config.py set MBEDTLS_THREADING_PTHREAD + # The deprecated MBEDTLS_PSA_CRYPTO_SE_C interface is not thread safe. + scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C + CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan . make From 32a64588803711174947f9853bac9869c6da3aeb Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 5 Mar 2024 18:16:18 +0000 Subject: [PATCH 3/3] Add a warning to the definition of MBEDTLS_PSA_CRYPTO_SE_C Signed-off-by: Ryan Everett --- include/mbedtls/mbedtls_config.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 7cf4153b11..feb2054902 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3201,6 +3201,9 @@ * \deprecated This feature is deprecated. Please switch to the PSA driver * interface. * + * \warning This feature is not thread-safe, and should not be used in a + * multi-threaded environment. + * * Module: library/psa_crypto_se.c * * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C