Closed AndrzejKurek closed 2 weeks ago
I haven't looked at the code, but I suspect the problem is a missing call to mbedtls_psa_crypto_free
, which should be called from a macro such as PSA_DONE
. The macro is likely called on the “normal” path but not in the exit
block, this is a mistake we tend to make.
With a missing call to mbedtls_psa_crypto_free
, when MBEDTLS_THREADING_C
is enabled (it's disabled by default, but enabled in full
), you get a "mutex usage error" from the test framework.
If my conjecture is correct, the resolution should be two things:
PSA_DONE
in that test function. (Check others as well while you're at it.)Note that you get a little more information if you run the test suite with -v
: you'll see something like
SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1 ....... [mutex: 2 leaked] FAILED
Mutex usage error
Checking the code of the test function ssl_tls13_derive_application_secrets
: it calls PSA_INIT()
and PSA_DONE()
on the normal path, and does not have an exit
label. So if the test case fails, no cleanup is done.
Several ssl_tls13_xxx
test functions in test_suite_ssl
have this structure. #7461 fixed this function and many others, so this particular bug is now fixed on all maintained branches.
It would be nice if the test framework helped us though. See https://github.com/Mbed-TLS/mbedtls/issues/9519.
Starting from https://github.com/AndrzejKurek/mbedtls/tree/ssl-tls-1-3-bugs
./tests/scripts/depends-ciphers.pl
MBEDTLS_AES_C
test should fail. It's possible to run this test by hand now and see that there's a mutex usage error in failing TLS 1.3 tests:Please note that there's one change to TLS 1.3 introduced (however this probably should not result in a mutex usage error): https://github.com/AndrzejKurek/mbedtls/commit/7864a0f9caff202a37f91f8018c0499eab9e7f52