From 5e65cec5e81cfd203e6f5b8c5c90ce70fae8bd85 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Aug 2020 23:38:39 +0200 Subject: [PATCH] Simplify output bounds check in mac_sign test Rely on Asan to detect a potential buffer overflow, instead of doing a manual check. This makes the code simpler and Asan can detect underflows as well as overflows. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.function | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index fb0f2b2e4..5b0054d64 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3028,15 +3028,11 @@ void mac_sign( int key_type_arg, psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - /* Leave a little extra room in the output buffer. At the end of the - * test, we'll check that the implementation didn't overwrite onto - * this extra room. */ - uint8_t actual_mac[PSA_MAC_MAX_SIZE + 10]; + uint8_t *actual_mac = NULL; size_t mac_buffer_size = PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key->len ), alg ); size_t mac_length = 0; - memset( actual_mac, '+', sizeof( actual_mac ) ); TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE ); /* We expect PSA_MAC_FINAL_SIZE to be exact. */ TEST_ASSERT( expected_mac->len == mac_buffer_size ); @@ -3049,6 +3045,8 @@ void mac_sign( int key_type_arg, PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + ASSERT_ALLOC( actual_mac, mac_buffer_size ); + /* Calculate the MAC. */ PSA_ASSERT( psa_mac_sign_setup( &operation, handle, alg ) ); @@ -3062,13 +3060,10 @@ void mac_sign( int key_type_arg, ASSERT_COMPARE( expected_mac->x, expected_mac->len, actual_mac, mac_length ); - /* Verify that the end of the buffer is untouched. */ - TEST_ASSERT( mem_is_char( actual_mac + mac_length, '+', - sizeof( actual_mac ) - mac_length ) ); - exit: psa_destroy_key( handle ); PSA_DONE( ); + mbedtls_free( actual_mac ); } /* END_CASE */