Mutex usage error when running TLS 1.3 tests without all dependencies satisfied

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.

https://www.trustedfirmware.org/projects/mbed-tls/

Other

5.21k stars 2.55k forks source link

Mutex usage error when running TLS 1.3 tests without all dependencies satisfied #6404

Closed AndrzejKurek closed 2 weeks ago

AndrzejKurek commented 1 year ago

Starting from https://github.com/AndrzejKurek/mbedtls/tree/ssl-tls-1-3-bugs

./tests/scripts/depends-ciphers.pl

MBEDTLS_AES_C test should fail. It's possible to run this test by hand now and see that there's a mutex usage error in failing TLS 1.3 tests:

SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1 ....... FAILED
mbedtls_ssl_tls13_populate_transform( &transform_send, endpoint, ciphersuite, &keys, NULL ) == 0
at line 4577, suites/test_suite_ssl.function
SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2 ....... FAILED
mbedtls_ssl_tls13_populate_transform( &transform_send, endpoint, ciphersuite, &keys, NULL ) == 0
at line 4577, suites/test_suite_ssl.function
SSL TLS 1.3 Record Encryption RFC 8448 Example #1 ................. FAILED
mbedtls_ssl_tls13_populate_transform( &transform_send, endpoint, ciphersuite, &keys, NULL ) == 0
at line 4577, suites/test_suite_ssl.function
SSL TLS 1.3 Record Encryption RFC 8448 Example #2 ................. FAILED
mbedtls_ssl_tls13_populate_transform( &transform_send, endpoint, ciphersuite, &keys, NULL ) == 0
at line 4577, suites/test_suite_ssl.function
SSL TLS 1.3 Key schedule: Application secrets derivation helper ... FAILED
Mutex usage error
at line 218, src/threading_helpers.c

Please note that there's one change to TLS 1.3 introduced (however this probably should not result in a mutex usage error): https://github.com/AndrzejKurek/mbedtls/commit/7864a0f9caff202a37f91f8018c0499eab9e7f52

gilles-peskine-arm commented 12 months ago

I haven't looked at the code, but I suspect the problem is a missing call to mbedtls_psa_crypto_free, which should be called from a macro such as PSA_DONE. The macro is likely called on the “normal” path but not in the exit block, this is a mistake we tend to make.

With a missing call to mbedtls_psa_crypto_free, when MBEDTLS_THREADING_C is enabled (it's disabled by default, but enabled in full), you get a "mutex usage error" from the test framework.

If my conjecture is correct, the resolution should be two things:

Fix the missing or misplaced PSA_DONE in that test function. (Check others as well while you're at it.)
Fiddle with the test framework to get a more meaningful error when forgetting to deinit PSA.

Note that you get a little more information if you run the test suite with -v: you'll see something like

SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1 ....... [mutex: 2 leaked] FAILED
  Mutex usage error

gilles-peskine-arm commented 2 weeks ago

Checking the code of the test function ssl_tls13_derive_application_secrets: it calls PSA_INIT() and PSA_DONE() on the normal path, and does not have an exit label. So if the test case fails, no cleanup is done.

Several ssl_tls13_xxx test functions in test_suite_ssl have this structure. #7461 fixed this function and many others, so this particular bug is now fixed on all maintained branches.

It would be nice if the test framework helped us though. See https://github.com/Mbed-TLS/mbedtls/issues/9519.