95b54f34a0
Merge pull request #1129 from gilles-peskine-arm/psa-buffers-test-poison-2.28
...
Backport 2.28: Memory poisoning function for Asan
2023-12-11 17:56:23 +00:00
e1f6d3bebd
Backport 2.28: Avoid use of ip_len as it clashes with a macro in AIX system headers
...
Fixes #8624
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2023-12-08 21:53:18 +00:00
ec4c47f62b
Move MPI initialization to start of function
...
This prevents a call to mbedtls_mpi_free() on uninitialized data when
USE_PSA_INIT() fails.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-12-08 18:36:07 +00:00
0dc3ed029a
Merge pull request #8620 from davidhorstmann-arm/fix-selftest-doublefree-2.28
...
[Backport 2.28] Fix potential double-free in calloc selftest
2023-12-08 12:23:05 +00:00
05fde60d89
Fix potential double-free in calloc selftest
...
Where calloc returns two references to the same buffer, avoid calling
free() on both references by setting one to NULL.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-12-07 14:28:52 +00:00
f09b837977
Merge pull request #8614 from daverodgman/backport-filter-components-in-pr-job
...
Do not run Valgrind tests in PR jobs - backport 2.28
2023-12-06 23:05:31 +00:00
e1c6c4c962
Do not run Valgrind tests in PR jobs
...
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com >
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2023-12-06 16:47:51 +00:00
7d68a1954c
Protect against compiler optimizations
...
GCC 5.4 optimized the write after poisoning (the surprising thing is that
11.4 doesn't).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-29 20:51:56 +01:00
0c7d3eda0a
Memory poisoning: meta-test writes as well as reads
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-29 20:51:56 +01:00
014d89b782
Avoid unused variable warnings in some plausible usage
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-29 20:51:56 +01:00
5e8740576c
Use the existing definition of MBEDTLS_TEST_HAVE_ASAN
...
A definition now exists in tests/helpers.h, which is a better place.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-29 20:51:56 +01:00
d751406f8d
Port to platforms where printf doesn't have %zu
...
Reuse the existing abstraction from include/mbedtls/debug.h.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-29 20:51:56 +01:00
ac8cd66bda
Fix MSVC build failure
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-29 20:51:56 +01:00
721a64463a
Basic functional test for memory poisoning
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-29 20:51:56 +01:00
962c5da52a
Fix memory poisoning with Asan on arbitrary byte boundaries
...
Asan poisons memory with an 8-byte granularity. We want to make sure that
the whole specified region is poisoned (our typical use case is a
heap-allocated object, and we want to poison the whole object, and we don't
care about the bytes after the end of the object and up to the beginning of
the next object). So align the start and end of the region to (un)poison to
an 8-byte boundary.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-29 20:51:56 +01:00
071d144a2e
Add memory poisoning framework
...
While an area of memory is poisoned, reading or writing from it triggers a
sanitizer violation.
Implemented for ASan.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-29 20:51:56 +01:00
87270e5337
New files for memory-related test functions
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-29 20:51:56 +01:00
242e4efcad
Merge remote-tracking branch 'mbedtls-2.28' into mbedtls-2.28-restricted
2023-11-29 19:50:46 +01:00
7655fd2d93
Merge pull request #8570 from yuhaoth/pr/fix-ciphersuite-list-wrong-for-mbedtls-2.28
...
Backport 2.28: ssl-opt.sh: Fix getting the list of supported ciphersuites.
2023-11-29 11:31:35 +00:00
ba77a66475
Align forced ciphersuite with test description
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-11-29 10:15:14 +08:00
6f2183f756
ssl-opt.sh: Remove unnecessary symmetric crypto dependencies
...
Same test cases as in the previous commit.
Remove the redundant symmetric crypto dependency.
The dependency is ensured by the fact that:
1) the test case forces a cipher suite
2) ssl-opt.sh enforces automatically that the
forced ciphersuite is available.
3) The fact that the forced ciphersuite is
available implies that the symmetric
cipher algorithm it uses is available as
well.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-11-29 10:15:12 +08:00
237e3f8e53
ssl-opt.sh: Fix some symmetric crypto dependencies
...
Fix some dependencies on symmetric crypto that
were not correct in case of driver but not
builtin support. Revealed by "Analyze driver
test_psa_crypto_config_accel_cipher_aead vs reference
test_psa_crypto_config_reference_cipher_aead" in
analyze_outcomes.py.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-11-29 10:13:50 +08:00
a8b474f42f
ssl-opt.sh: Add a check of the list of supported ciphersuites
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-11-29 10:11:47 +08:00
46a660a2c5
ssl-opt.sh: Fix getting the list of supported ciphersuites.
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-11-29 10:11:17 +08:00
806c27c5f4
Merge pull request #1126 from davidhorstmann-arm/psa-buffer-copy-fn-2.28
...
[Backport 2.28] Implement buffer copying functions for PSA crypto
2023-11-24 10:46:31 +00:00
8e1f0d0d31
Improve description of psa_crypto_input_copy_alloc
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-23 16:04:11 +00:00
0d52c71ccd
Use initializers in alloc functions
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-23 16:04:11 +00:00
45221ffdc4
Add casts to local input / output initializers
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-23 16:04:11 +00:00
60dcdd1686
Merge pull request #8558 from gilles-peskine-arm/MBEDTLS_TEST_HAVE_xSAN-2.28
...
Backport 2.28: Fix test_suite_platform failure with Asan on modern Clang
2023-11-23 14:04:09 +00:00
20e76134ea
Merge pull request #8557 from gilles-peskine-arm/metatest-gcc-12-2.28
...
Backport 2.28: Fix metatest.c with gcc-12 -Wuse-after-free
2023-11-23 11:09:24 +00:00
c3a9bdb2b5
Detect enabled GCC/Clang sanitizers
...
Occasionally we want tests to take advantage of sanitizers, or work around
them.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-22 18:00:31 +01:00
e9616fdbc9
Fix the build with gcc-12 -Wuse-after-free
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-22 17:37:57 +01:00
1a76ab1c34
Rename "output_copy" -> "local_output"
...
This helps to prevent confusion as it avoids overloading the word
"copy" as both an action and an object.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 15:09:04 +00:00
81a0d57e36
Rename "input_copy" -> "local_input"
...
This helps to prevent confusion as it avoids overloading the word
"copy" as both an action and an object.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 15:09:02 +00:00
48ffb93d7f
De-abbreviate "len" -> "length"
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 15:07:31 +00:00
232ab25bcd
Change psa_crypto_copy_output error code
...
When we are copying output, it makes sense to return
PSA_ERROR_BUFFER_TOO_SMALL since the buffer we are copying to is a user
output buffer.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 15:07:31 +00:00
34c434a3ca
Add initializers for input / output copies
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 15:07:31 +00:00
37e3fc6c76
Remove unnecessary checks for NULL-ness of copies
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 15:07:31 +00:00
d79d5e7ed0
Check for len == 0 rather than buffer == NULL
...
This makes the intention clearer
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 15:07:31 +00:00
c3be8cb24a
Fix code style in psa_crypto_core.h
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 15:07:31 +00:00
2d730c015e
Compare buffers even for zero-length cases
...
This enables us to test that lengths are correctly zero when the buffer
pointer is NULL.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 15:07:31 +00:00
0ee4d18bc6
Use TEST_CALLOC_NONNULL
...
Check that input/output copying works for zero-length NULL input
buffers.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 15:07:31 +00:00
e8a92227dc
Change data pattern to simpler one
...
Just use the index modulo 256, as this has a greater stride and is
simpler to use.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 15:07:31 +00:00
726bf058fe
Remove redundant NULL check
...
A NULL buffer with a non-zero length is an internal error, so just
check the length.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 15:07:31 +00:00
660027f310
Skip call to memcpy if buffer length is zero
...
This allows the copy functions to work when passed a (NULL, 0) buffer.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 15:07:31 +00:00
df49355faa
Make copy functions static-testable
...
This allows greater compiler optimisation.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 15:07:29 +00:00
761761ff64
Fix unintentional direct use of memcpy()
...
Change psa_crypto_output_copy_free() to use psa_crypto_copy_output()
rather than calling memcpy directly as was erroneously done previously.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 14:59:17 +00:00
ba65bd79e8
Add output round-trip testcase
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 14:59:17 +00:00
aca210d4c7
Add input round-trip testcase
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 14:59:17 +00:00
aeeb2740a9
Add psa_crypto_output_copy_free() implementation
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-11-22 14:59:17 +00:00
