search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.57k stars 2.61k forks source link

Test calling sequence of MD functions #4524

Open mpg opened 3 years ago

mpg commented 3 years ago

Our MD modules provides a multi-part API where some sequences are guaranteed to work, and some other sequences just happen to work with our software implementation but are no guaranteed to work with alt implementations, for example starts-update-starts-update-finish.

This has led to at least two bugs being reported: #3246 and #4118 - and perhaps other, more subtle bugs unnoticed so far.

We should have special build modes (controlled by TEST_HOOKS) where the software implementation checks that the calling sequence is correct and otherwise returns an error (or silently outputs an incorrect hash), similarly to what has been done with mutexes in #4104. This needs to be done at least at the MD level and ideally also at the level of each MD/SHA module.

mpg commented 3 years ago

Note: also check if any documentation improvements would be helpful (e.g., consider updating the documentation for mbedtls_md_starts to say that you need to first call mbedtls_md_finish if you are reusing a context).