Properly initialize SSL endpoint objects
In some cases, we were calling `mbedtls_test_ssl_endpoint_free()` on an
uninitialized `mbedtls_test_ssl_endpoint` object if the test case failed
early, e.g. due to `psa_crypto_init()` failing. This was largely harmless,
but could have caused weird test results in case of failure, and was flagged
by Coverity.
Use a more systematic style for initializing the stack object as soon as
it's declared.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index ced15fc..6797a4d 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -2840,6 +2840,7 @@
{
enum { BUFFSIZE = 1024 };
mbedtls_test_ssl_endpoint ep;
+ memset(&ep, 0, sizeof(ep));
int ret = -1;
mbedtls_test_handshake_test_options options;
mbedtls_test_init_handshake_options(&options);
@@ -2871,6 +2872,8 @@
{
enum { BUFFSIZE = 1024 };
mbedtls_test_ssl_endpoint base_ep, second_ep;
+ memset(&base_ep, 0, sizeof(base_ep));
+ memset(&second_ep, 0, sizeof(second_ep));
int ret = -1;
(void) tls_version;
@@ -2896,8 +2899,6 @@
#endif
MD_OR_USE_PSA_INIT();
- mbedtls_platform_zeroize(&base_ep, sizeof(base_ep));
- mbedtls_platform_zeroize(&second_ep, sizeof(second_ep));
ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options,
NULL, NULL, NULL);
@@ -3606,6 +3607,8 @@
enum { BUFFSIZE = 1024 };
mbedtls_test_handshake_test_options options;
mbedtls_test_ssl_endpoint client, server;
+ memset(&client, 0, sizeof(client));
+ memset(&server, 0, sizeof(server));
mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern;
mbedtls_test_message_socket_context server_context, client_context;
@@ -3616,9 +3619,6 @@
options.srv_log_obj = &srv_pattern;
options.srv_log_fun = mbedtls_test_ssl_log_analyzer;
- mbedtls_platform_zeroize(&client, sizeof(client));
- mbedtls_platform_zeroize(&server, sizeof(server));
-
mbedtls_test_message_socket_init(&server_context);
mbedtls_test_message_socket_init(&client_context);
MD_OR_USE_PSA_INIT();
@@ -3803,6 +3803,8 @@
{
enum { BUFFSIZE = 17000 };
mbedtls_test_ssl_endpoint client, server;
+ memset(&client, 0, sizeof(client));
+ memset(&server, 0, sizeof(server));
mbedtls_psa_stats_t stats;
size_t free_slots_before = -1;
mbedtls_test_handshake_test_options client_options, server_options;
@@ -3812,8 +3814,6 @@
uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
MD_OR_USE_PSA_INIT();
- mbedtls_platform_zeroize(&client, sizeof(client));
- mbedtls_platform_zeroize(&server, sizeof(server));
/* Client side, force SECP256R1 to make one key bitflip fail
* the raw key agreement. Flipping the first byte makes the
@@ -3877,6 +3877,8 @@
{
int ret = -1;
mbedtls_test_ssl_endpoint client_ep, server_ep;
+ memset(&client_ep, 0, sizeof(client_ep));
+ memset(&server_ep, 0, sizeof(server_ep));
unsigned char *buf, *end;
size_t buf_len;
int step = 0;
@@ -3888,8 +3890,6 @@
/*
* Test set-up
*/
- mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
- mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
mbedtls_test_init_handshake_options(&client_options);
MD_OR_USE_PSA_INIT();
@@ -4132,12 +4132,12 @@
{
int ret = -1;
mbedtls_test_ssl_endpoint client_ep, server_ep;
+ memset(&client_ep, 0, sizeof(client_ep));
+ memset(&server_ep, 0, sizeof(server_ep));
mbedtls_test_handshake_test_options client_options;
mbedtls_test_handshake_test_options server_options;
mbedtls_ssl_session saved_session;
- mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
- mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
mbedtls_test_init_handshake_options(&client_options);
mbedtls_test_init_handshake_options(&server_options);
mbedtls_ssl_session_init(&saved_session);
@@ -4217,6 +4217,8 @@
const char *early_data = "This is early data.";
size_t early_data_len = strlen(early_data);
mbedtls_test_ssl_endpoint client_ep, server_ep;
+ memset(&client_ep, 0, sizeof(client_ep));
+ memset(&server_ep, 0, sizeof(server_ep));
mbedtls_test_handshake_test_options client_options;
mbedtls_test_handshake_test_options server_options;
mbedtls_ssl_session saved_session;
@@ -4227,8 +4229,6 @@
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
};
- mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
- mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
mbedtls_test_init_handshake_options(&client_options);
mbedtls_test_init_handshake_options(&server_options);
mbedtls_ssl_session_init(&saved_session);
@@ -4416,6 +4416,8 @@
{
int ret = -1;
mbedtls_test_ssl_endpoint client_ep, server_ep;
+ memset(&client_ep, 0, sizeof(client_ep));
+ memset(&server_ep, 0, sizeof(server_ep));
mbedtls_test_handshake_test_options client_options;
mbedtls_test_handshake_test_options server_options;
mbedtls_ssl_session saved_session;
@@ -4426,8 +4428,6 @@
};
uint8_t client_random[MBEDTLS_CLIENT_HELLO_RANDOM_LEN];
- mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
- mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
mbedtls_test_init_handshake_options(&client_options);
mbedtls_test_init_handshake_options(&server_options);
mbedtls_ssl_session_init(&saved_session);
@@ -4789,6 +4789,8 @@
{
int ret = -1;
mbedtls_test_ssl_endpoint client_ep, server_ep;
+ memset(&client_ep, 0, sizeof(client_ep));
+ memset(&server_ep, 0, sizeof(server_ep));
mbedtls_test_handshake_test_options client_options;
mbedtls_test_handshake_test_options server_options;
mbedtls_ssl_session saved_session;
@@ -4799,8 +4801,6 @@
};
int beyond_first_hello = 0;
- mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
- mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
mbedtls_test_init_handshake_options(&client_options);
mbedtls_test_init_handshake_options(&server_options);
mbedtls_ssl_session_init(&saved_session);
@@ -5138,6 +5138,8 @@
{
int ret = -1;
mbedtls_test_ssl_endpoint client_ep, server_ep;
+ memset(&client_ep, 0, sizeof(client_ep));
+ memset(&server_ep, 0, sizeof(server_ep));
mbedtls_test_handshake_test_options client_options;
mbedtls_test_handshake_test_options server_options;
mbedtls_ssl_session saved_session;
@@ -5147,8 +5149,6 @@
uint32_t written_early_data_size = 0;
uint32_t read_early_data_size = 0;
- mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
- mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
mbedtls_test_init_handshake_options(&client_options);
mbedtls_test_init_handshake_options(&server_options);
mbedtls_ssl_session_init(&saved_session);
@@ -5291,6 +5291,8 @@
{
int ret = -1;
mbedtls_test_ssl_endpoint client_ep, server_ep;
+ memset(&client_ep, 0, sizeof(client_ep));
+ memset(&server_ep, 0, sizeof(server_ep));
mbedtls_test_handshake_test_options client_options;
mbedtls_test_handshake_test_options server_options;
mbedtls_ssl_session saved_session;
@@ -5309,8 +5311,6 @@
uint32_t written_early_data_size = 0;
uint32_t max_early_data_size;
- mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
- mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
mbedtls_test_init_handshake_options(&client_options);
mbedtls_test_init_handshake_options(&server_options);
mbedtls_ssl_session_init(&saved_session);
@@ -5736,6 +5736,8 @@
uint8_t *key_buffer_server = NULL;
uint8_t *key_buffer_client = NULL;
mbedtls_test_ssl_endpoint client_ep, server_ep;
+ memset(&client_ep, 0, sizeof(client_ep));
+ memset(&server_ep, 0, sizeof(server_ep));
mbedtls_test_handshake_test_options options;
MD_OR_USE_PSA_INIT();
@@ -5781,6 +5783,8 @@
int ret = -1;
mbedtls_test_ssl_endpoint client_ep, server_ep;
+ memset(&client_ep, 0, sizeof(client_ep));
+ memset(&server_ep, 0, sizeof(server_ep));
mbedtls_test_handshake_test_options options;
MD_OR_USE_PSA_INIT();
@@ -5820,6 +5824,8 @@
int ret = -1;
mbedtls_test_ssl_endpoint client_ep, server_ep;
+ memset(&client_ep, 0, sizeof(client_ep));
+ memset(&server_ep, 0, sizeof(server_ep));
mbedtls_test_handshake_test_options options;
MD_OR_USE_PSA_INIT();
@@ -5860,6 +5866,8 @@
int ret = -1;
mbedtls_test_ssl_endpoint client_ep, server_ep;
+ memset(&client_ep, 0, sizeof(client_ep));
+ memset(&server_ep, 0, sizeof(server_ep));
mbedtls_test_handshake_test_options options;
MD_OR_USE_PSA_INIT();
@@ -5903,6 +5911,8 @@
char *label = NULL;
uint8_t *context = NULL;
mbedtls_test_ssl_endpoint client_ep, server_ep;
+ memset(&client_ep, 0, sizeof(client_ep));
+ memset(&server_ep, 0, sizeof(server_ep));
mbedtls_test_handshake_test_options options;
TEST_ASSERT(exported_key_length > 0);
@@ -5941,6 +5951,8 @@
int ret = -1;
mbedtls_test_ssl_endpoint server_ep, client_ep;
+ memset(&client_ep, 0, sizeof(client_ep));
+ memset(&server_ep, 0, sizeof(server_ep));
mbedtls_test_handshake_test_options options;
mbedtls_test_init_handshake_options(&options);