PSA wrappers: don't poison buffers when buffer copying is disabled

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-01-30 06:33:06 +00:00 · 2024-01-04 20:33:29 +01:00 · 2024-01-04 20:33:29 +01:00 · 88385c2f74
commit 88385c2f74
parent a1871f318b
2 changed files with 20 additions and 4 deletions
--- a/tests/scripts/generate_psa_wrappers.py
+++ b/tests/scripts/generate_psa_wrappers.py
@ -121,6 +121,20 @@ class PSAWrapperGenerator(c_wrapper_generator.Base):
            param.buffer_name, param.size_name
        ))

+    def _write_poison_buffer_parameters(self, out: typing_util.Writable,
+                                        buffer_parameters: List[BufferParameter],
+                                        poison: bool) -> None:
+        """Write poisoning or unpoisoning code for the buffer parameters.
+
+        Write poisoning code if poison is true, unpoisoning code otherwise.
+        """
+        if not buffer_parameters:
+            return
+        out.write('#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)\n')
+        for param in buffer_parameters:
+            self._write_poison_buffer_parameter(out, param, poison)
+        out.write('#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */\n')
+
    @staticmethod
    def _parameter_should_be_copied(function_name: str,
                                    _buffer_name: Optional[str]) -> bool:
@ -140,11 +154,9 @@ class PSAWrapperGenerator(c_wrapper_generator.Base):
                                                        argument_names)
            if self._parameter_should_be_copied(function.name,
                                                function.arguments[param.index].name))
-        for param in buffer_parameters:
-            self._write_poison_buffer_parameter(out, param, True)
+        self._write_poison_buffer_parameters(out, buffer_parameters, True)
        super()._write_function_call(out, function, argument_names)
-        for param in buffer_parameters:
-            self._write_poison_buffer_parameter(out, param, False)
+        self._write_poison_buffer_parameters(out, buffer_parameters, False)

    def _write_prologue(self, out: typing_util.Writable, header: bool) -> None:
        super()._write_prologue(out, header)
--- a/tests/src/psa_test_wrappers.c
+++ b/tests/src/psa_test_wrappers.c
@ -266,11 +266,15 @@ psa_status_t mbedtls_test_wrap_psa_cipher_encrypt(
    size_t arg5_output_size,
    size_t *arg6_output_length)
 {
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
    MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length);
    MBEDTLS_TEST_MEMORY_POISON(arg4_output, arg5_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
    psa_status_t status = (psa_cipher_encrypt)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
    MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length);
    MBEDTLS_TEST_MEMORY_UNPOISON(arg4_output, arg5_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
    return status;
 }