Generate memory poisoning in wrappers

Generate memory poisoning code in test wrappers for: * psa_sign_hash_start() * psa_sign_hash_complete() * psa_verify_hash_start() Signed-off-by: David Horstmann <david.horstmann@arm.com>
2025-03-16 04:20:49 +00:00 · 2024-03-11 13:58:07 +00:00 · 2024-03-11 13:58:07 +00:00 · 5d64c6acca
commit 5d64c6acca
parent 0fea6a52b4
2 changed files with 24 additions and 0 deletions
--- a/tests/scripts/generate_psa_wrappers.py
+++ b/tests/scripts/generate_psa_wrappers.py
@ -143,6 +143,10 @@ class PSAWrapperGenerator(c_wrapper_generator.Base):
        """Whether the specified buffer argument to a PSA function should be copied.
        """
        #pylint: disable=too-many-return-statements
+        if function_name in ('psa_sign_hash_start',
+                             'psa_sign_hash_complete',
+                             'psa_verify_hash_start'):
+            return True
        if function_name.startswith('psa_pake'):
            return True
        if function_name.startswith('psa_aead'):
--- a/tests/src/psa_test_wrappers.c
+++ b/tests/src/psa_test_wrappers.c
@ -1162,7 +1162,13 @@ psa_status_t mbedtls_test_wrap_psa_sign_hash_complete(
    size_t arg2_signature_size,
    size_t *arg3_signature_length)
 {
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+    MBEDTLS_TEST_MEMORY_POISON(arg1_signature, arg2_signature_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
    psa_status_t status = (psa_sign_hash_complete)(arg0_operation, arg1_signature, arg2_signature_size, arg3_signature_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+    MBEDTLS_TEST_MEMORY_UNPOISON(arg1_signature, arg2_signature_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
    return status;
 }

@ -1174,7 +1180,13 @@ psa_status_t mbedtls_test_wrap_psa_sign_hash_start(
    const uint8_t *arg3_hash,
    size_t arg4_hash_length)
 {
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+    MBEDTLS_TEST_MEMORY_POISON(arg3_hash, arg4_hash_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
    psa_status_t status = (psa_sign_hash_start)(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+    MBEDTLS_TEST_MEMORY_UNPOISON(arg3_hash, arg4_hash_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
    return status;
 }

@ -1247,7 +1259,15 @@ psa_status_t mbedtls_test_wrap_psa_verify_hash_start(
    const uint8_t *arg5_signature,
    size_t arg6_signature_length)
 {
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+    MBEDTLS_TEST_MEMORY_POISON(arg3_hash, arg4_hash_length);
+    MBEDTLS_TEST_MEMORY_POISON(arg5_signature, arg6_signature_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
    psa_status_t status = (psa_verify_hash_start)(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length, arg5_signature, arg6_signature_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+    MBEDTLS_TEST_MEMORY_UNPOISON(arg3_hash, arg4_hash_length);
+    MBEDTLS_TEST_MEMORY_UNPOISON(arg5_signature, arg6_signature_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
    return status;
 }