Although the library documentation does not guarantee that calling
mbedtls_entropy_free() twice works, it's a plausible assumption and it's
natural to write code that frees an object twice. While this is uncommon for
an entropy context, which is usually a global variable, it came up in our
own unit tests (random_twice tests in test_suite_random).
Announce this in the same changelog entry as for RSA because it's the same
bug in the two modules.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
These tests validate that an entropy object can be reused and that
calling mbedtls_entropy_free() twice is ok.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The PSA subsystem may consume global resources. It currently doesn't
consume any heap when no keys are registered, but it may do so in the
future. It does consume mutexes, which are reported as leaks when
mutex usage checking is enabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Test hook failure checks may print information to stdout, which messes
up the usage of query_config mode. Nothing interesting happens in
query_config mode anyway, so that's no loss.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Create utility functions to set up test hooks and report errors that
the test hooks might detect. Call them in ssl_client2 and ssl_server2.
Test hooks are potentially enabled by compiling with
MBEDTLS_TEST_HOOKS.
This commit only sets up the functions. It doesn't make them do
anything yet.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_rsa_gen_key() was not freeing the RSA object, and specifically
not freeing the mutex, in some error cases.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When MBEDTLS_THREADING_C is enabled, RSA code protects the use of the
key with a mutex. mbedtls_rsa_free() frees this mutex by calling
mbedtls_mutex_free(). This does not match the usage of
mbedtls_mutex_free(), which in general can only be done once.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
These tests are trivial except when compiling with MBEDTLS_THREADING_C
and a mutex implementation that are picky about matching each
mbedtls_mutex_init() with exactly one mbedtls_mutex_free().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_hmac_drbg_free() left a mutex in the initialized state. This
caused a resource leak on platforms where mbedtls_mutex_init()
allocates resources.
To fix this, mbedtls_hmac_drbg_free() no longer reinitializes the
mutex. To preserve the property that mbedtls_hmac_drbg_free() leaves
the object in an initialized state, which is generally true throughout
the library except regarding mutex objects on some platforms, no
longer initialize the mutex in mbedtls_hmac_drbg_init(). Since the
mutex is only used after seeding, and seeding is only permitted once,
call mbedtls_mutex_init() as part of the seeding process.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_ctr_drbg_free() left a mutex in the initialized state. This
caused a resource leak on platforms where mbedtls_mutex_init()
allocates resources.
To fix this, mbedtls_ctr_drbg_free() no longer reinitializes the
mutex. To preserve the property that mbedtls_ctr_drbg_free() leaves
the object in an initialized state, which is generally true throughout
the library except regarding mutex objects on some platforms, no
longer initialize the mutex in mbedtls_ctr_drbg_init(). Since the
mutex is only used after seeding, and seeding is only permitted once,
call mbedtls_mutex_init() as part of the seeding process.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Document the usage inside the library, and relate it with how it's
additionally used in the test code.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Subtract the number of calls to mbedtls_mutex_free() from the number
of calls to mbedtls_mutex_init(). A mutex leak will manifest as a
positive result at the end of the test case.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If the mutex usage verification framework is enabled and it detects a
mutex usage error, report this error and mark the test as failed.
This detects most usage errors, but not all cases of using
uninitialized memory (which is impossible in full generality) and not
leaks due to missing free (which will be handled in a subsequent commit).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When using pthread mutexes (MBEDTLS_THREADING_C and
MBEDTLS_THREADING_PTHREAD enabled), and when test hooks are
enabled (MBEDTLS_TEST_HOOKS), set up wrappers around the
mbedtls_mutex_xxx abstraction. In this commit, the wrapper functions
don't do anything yet.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some functions were not deinitializing the PSA subsystem. This could
lead to resource leaks at the level of individual test cases, and
possibly at the level of the whole test suite depending on the order
and selection of test cases.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Make USE_PSA_INIT() and USE_PSA_DONE() available in all test suites in
all cases, doing nothing if MBEDTLS_USE_PSA_CRYPTO is disabled. Use
those in preference to having explicit
defined(MBEDTLS_USE_PSA_CRYPTO) checks (but there may still be places
left where using the new macros would be better).
Also provide PSA_INIT() by symmetry with PSA_DONE(), functional
whenver MBEDTLS_PSA_CRYPTO_C is enabled, but currently unused.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Part of build_default_make_gcc_and_cxx compares the list of headers
included by `programs/test/cpp_dummy_build.cpp` and the actual headers
present. Add in the missing `mbedtls/psa_config.h` file to this list so
that this test passes.
Signed-off-by: David Brown <david.brown@linaro.org>
Test signature and signature verification by a transparent
driver in all.sh test_psa_crypto_config_basic and
test_psa_crypto_drivers components.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In test_suite_psa_crypto_driver_wrappers test suite, the
sign/verify tests with software fallback tests should be run
only if the software fallback is available.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Change signature test driver default forced return
value from PSA_ERROR_NOT_SUPPORTED to PSA_SUCCESS to
be able to run the PSA unit tests with hash signature
and signature verification being handled by the
transparent test driver.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Change psa_ecdsa_sign/verify signature to that of
a sign/verify_hash driver entry point before to
move them to the psa_crypto_ecp.c ECP specific file.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
There are type annotations that indirectly depend on the
typing_extensions module (on Python 3.5-3.7: Protocol was added to the
core typing module in 3.8). The typing_extensions module is not
installed by default, so the code didn't run on a pristine Python
installation.
To avoid depending on a non-default module, make the dependency on
typing_extensions optional. (It's still required to run mypy, but
installing mypy takes care of providing typing_extensions.) If it
isn't available, provide a substitute definition that's just good
enough to get the scripts to run.
Move this ugly code to its own module to avoid the temptation of
spreading such ugliness all over the place. It's likely to be used in
other modules anyway.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
A temporary hack: at the time of writing, not all dependency symbols
are implemented yet. Skip test cases for which the dependency symbols are
not available. Once all dependency symbols are available, this comit
should be reverted.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
PSA_KEY_TYPE_RAW_DATA and PSA_KEY_TYPE_DERIVE are always supported.
Make this explicit by declaring PSA_WANT_KEY_TYPE_RAW_DATA and
PSA_WANT_KEY_TYPE_DERIVE unconditionally. This makes it easier to
infer dependencies in a systematic way.
Don't generate not-supported test cases for those key types. They
would always be skipped, which is noise and would make it impossible
to eventually validate that all test cases pass in at least one
configuration over the whole CI.
Don't remove the exception in set_psa_test_dependencies.py for now, to
get less noise in dependencies. This may be revised later if it is
deemed more important to be systematic.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
ECC curve dependency symbols include the key size in addition to the
curve family. Tweak the dependencies once the key size is known.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
