Skip to content

Commit 5386f6b

Browse files
gilles-peskine-armgilles-peskine-arm
committed
Fix PSA init/deinit in mbedtls_xxx tests when using PSA
In tests of mbedtls_cipher_xxx and mbedtls_pk_xxx with MBEDTLS_USE_PSA_CRYPTO enabled, initialize and deinitialize the PSA subsystem in every function. Before, the tests were only passing because the first function to be called happened to call psa_crypto_init() but not mbedtls_psa_crypto_free(). In some configurations (not tested on CI), psa_crypto_init() was not called so the tests using PSA failed. Call PSA_DONE() at the end of each test function. This ensures that no resources are leaked in the form of PSA crypto slot contents. Incidentally, this also fixes a build error due to test_helper_psa_done() being unused in test_suite_pk: the fact that it wasn't used betrayed the missing calls to PSA_DONE().
1 parent 8b66389 commit 5386f6b

File tree

2 files changed

+29
-6
lines changed

2 files changed

+29
-6
lines changed

tests/suites/test_suite_cipher.function

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,11 @@
44
#if defined(MBEDTLS_GCM_C)
55
#include "mbedtls/gcm.h"
66
#endif
7+
8+
#if defined(MBEDTLS_USE_PSA_CRYPTO)
9+
#include "psa_crypto_helpers.h"
10+
#endif
11+
712
/* END_HEADER */
813

914
/* BEGIN_DEPENDENCIES
@@ -982,7 +987,7 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
982987
#else
983988
if( use_psa == 1 )
984989
{
985-
TEST_ASSERT( psa_crypto_init() == 0 );
990+
PSA_ASSERT( psa_crypto_init( ) );
986991

987992
/* PSA requires that the tag immediately follows the ciphertext. */
988993
tmp_cipher = mbedtls_calloc( 1, cipher->len + tag->len );
@@ -1066,14 +1071,15 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
10661071

10671072
exit:
10681073

1074+
mbedtls_cipher_free( &ctx );
1075+
10691076
#if defined(MBEDTLS_USE_PSA_CRYPTO)
10701077
if( use_psa == 1 )
10711078
{
10721079
mbedtls_free( tmp_cipher );
1080+
PSA_DONE( );
10731081
}
10741082
#endif /* MBEDTLS_USE_PSA_CRYPTO */
1075-
1076-
mbedtls_cipher_free( &ctx );
10771083
}
10781084
/* END_CASE */
10791085

@@ -1143,7 +1149,7 @@ void test_vec_crypt( int cipher_id, int operation, char *hex_key,
11431149
#else
11441150
if( use_psa == 1 )
11451151
{
1146-
TEST_ASSERT( psa_crypto_init() == 0 );
1152+
PSA_ASSERT( psa_crypto_init( ) );
11471153
TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx,
11481154
mbedtls_cipher_info_from_type( cipher_id ), 0 ) );
11491155
}
@@ -1172,6 +1178,9 @@ void test_vec_crypt( int cipher_id, int operation, char *hex_key,
11721178

11731179
exit:
11741180
mbedtls_cipher_free( &ctx );
1181+
#if defined(MBEDTLS_USE_PSA_CRYPTO)
1182+
PSA_DONE( );
1183+
#endif /* MBEDTLS_USE_PSA_CRYPTO */
11751184
}
11761185
/* END_CASE */
11771186

tests/suites/test_suite_pk.function

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,13 @@
1313
#if defined(MBEDTLS_USE_PSA_CRYPTO)
1414
#include "mbedtls/psa_util.h"
1515
#include "psa_crypto_helpers.h"
16+
#define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) )
17+
#else
18+
/* Define empty macros so that we can use them in the preamble and teardown
19+
* of every test function that uses PSA conditionally based on
20+
* MBEDTLS_USE_PSA_CRYPTO. */
21+
#define PSA_INIT( ) ( (void) 0 )
22+
#define PSA_DONE( ) ( (void) 0 )
1623
#endif
1724

1825
static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len );
@@ -117,7 +124,7 @@ void pk_psa_utils( )
117124
size_t len;
118125
mbedtls_pk_debug_item dbg;
119126

120-
TEST_ASSERT( psa_crypto_init() == 0 );
127+
PSA_ASSERT( psa_crypto_init( ) );
121128

122129
mbedtls_pk_init( &pk );
123130
mbedtls_pk_init( &pk2 );
@@ -173,6 +180,7 @@ void pk_psa_utils( )
173180
exit:
174181
mbedtls_pk_free( &pk ); /* redundant except upon error */
175182
mbedtls_pk_free( &pk2 );
183+
PSA_DONE( );
176184
}
177185
/* END_CASE */
178186

@@ -763,7 +771,7 @@ void pk_ec_test_vec( int type, int id, data_t * key, data_t * hash,
763771
mbedtls_ecp_keypair *eckey;
764772

765773
mbedtls_pk_init( &pk );
766-
774+
PSA_INIT( );
767775

768776
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
769777

@@ -780,6 +788,7 @@ void pk_ec_test_vec( int type, int id, data_t * key, data_t * hash,
780788

781789
exit:
782790
mbedtls_pk_free( &pk );
791+
PSA_DONE( );
783792
}
784793
/* END_CASE */
785794

@@ -904,6 +913,7 @@ void pk_sign_verify( int type, int sign_ret, int verify_ret )
904913
#endif
905914

906915
mbedtls_pk_init( &pk );
916+
PSA_INIT( );
907917

908918
memset( hash, 0x2a, sizeof hash );
909919
memset( sig, 0, sizeof sig );
@@ -955,6 +965,7 @@ exit:
955965
mbedtls_pk_restart_free( rs_ctx );
956966
#endif
957967
mbedtls_pk_free( &pk );
968+
PSA_DONE( );
958969
}
959970
/* END_CASE */
960971

@@ -1210,6 +1221,8 @@ void pk_psa_sign( )
12101221
* - parse it to a PK context and verify the signature this way
12111222
*/
12121223

1224+
PSA_ASSERT( psa_crypto_init( ) );
1225+
12131226
/* Create legacy EC public/private key in PK context. */
12141227
mbedtls_pk_init( &pk );
12151228
TEST_ASSERT( mbedtls_pk_setup( &pk,
@@ -1259,5 +1272,6 @@ void pk_psa_sign( )
12591272

12601273
exit:
12611274
mbedtls_pk_free( &pk );
1275+
PSA_DONE( );
12621276
}
12631277
/* END_CASE */

0 commit comments

Comments
 (0)