Merge pull request #8082 from daverodgman/misc-code-size

Misc code size improvements
diff --git a/.travis.yml b/.travis.yml
index 719654c..f411ec3 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -171,7 +171,7 @@
 env:
   global:
     - SEED=1
-    - secure: "JECCru6HASpKZ0OLfHh8f/KXhKkdrCwjquZghd/qbA4ksxsWImjR7KEPERcaPndXEilzhDbKwuFvJiQX2duVgTGoq745YGhLZIjzo1i8tySkceCVd48P8WceYGz+F/bmY7r+m6fFNuxDSoGGSVeA4Lnjvmm8PFUP45YodDV9no4="
+    - secure: "GF/Fde5fkm15T/RNykrjrPV5Uh1KJ70cP308igL6Xkk3eJmqkkmWCe9JqRH12J3TeWw2fu9PYPHt6iFSg6jasgqysfUyg+W03knRT5QNn3h5eHgt36cQJiJr6t3whPrRaiM6U9omE0evm+c0cAwlkA3GGSMw8Z+na4EnKI6OFCo="
 
 install:
   - $PYTHON scripts/min_requirements.py
diff --git a/ChangeLog.d/config_psa-include-order.txt b/ChangeLog.d/config_psa-include-order.txt
new file mode 100644
index 0000000..674c286
--- /dev/null
+++ b/ChangeLog.d/config_psa-include-order.txt
@@ -0,0 +1,4 @@
+Bugfix
+   * Fix a build error in some configurations with MBEDTLS_PSA_CRYPTO_CONFIG
+     enabled, where some low-level modules required by requested PSA crypto
+     features were not getting automatically enabled. Fixes #7420.
diff --git a/ChangeLog.d/fix-tls-padbuf-zeroization b/ChangeLog.d/fix-tls-padbuf-zeroization
new file mode 100644
index 0000000..36451cb
--- /dev/null
+++ b/ChangeLog.d/fix-tls-padbuf-zeroization
@@ -0,0 +1,4 @@
+Security
+   * Fix a case where potentially sensitive information held in memory would not
+     be completely zeroized during TLS 1.2 handshake, in both server and client
+     configurations.
diff --git a/ChangeLog.d/initialize-struct-get-other-name.txt b/ChangeLog.d/initialize-struct-get-other-name.txt
new file mode 100644
index 0000000..dc8395d
--- /dev/null
+++ b/ChangeLog.d/initialize-struct-get-other-name.txt
@@ -0,0 +1,8 @@
+Bugfix
+   * Fix an issue when parsing an otherName subject alternative name into a
+     mbedtls_x509_san_other_name struct. The type-id of the otherName was not
+     copied to the struct. This meant that the struct had incomplete
+     information about the otherName SAN and contained uninitialized memory.
+   * Fix the detection of HardwareModuleName otherName SANs. These were being
+     detected by comparing the wrong field and the check was erroneously
+     inverted.
diff --git a/library/platform_util.c b/library/platform_util.c
index 63b7c41..09216ed 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -126,6 +126,26 @@
 #else
         memset_func(buf, 0, len);
 #endif
+
+#if defined(__GNUC__)
+        /* For clang and recent gcc, pretend that we have some assembly that reads the
+         * zero'd memory as an additional protection against being optimised away. */
+#if defined(__clang__) || (__GNUC__ >= 10)
+#if defined(__clang__)
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wvla"
+#elif defined(MBEDTLS_COMPILER_IS_GCC)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wvla"
+#endif
+        asm volatile ("" : : "m" (*(char (*)[len]) buf) :);
+#if defined(__clang__)
+#pragma clang diagnostic pop
+#elif defined(MBEDTLS_COMPILER_IS_GCC)
+#pragma GCC diagnostic pop
+#endif
+#endif
+#endif
     }
 }
 #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 6ed8a86..7a1f855 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7722,7 +7722,7 @@
 
     MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len);
 
-    mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
+    mbedtls_platform_zeroize(padbuf, hlen);
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
 
diff --git a/library/x509.c b/library/x509.c
index ba8d719..ee7a2b2 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -1097,6 +1097,7 @@
     if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) {
         return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
     }
+    other_name->type_id = cur_oid;
 
     p += len;
     if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
@@ -1488,7 +1489,7 @@
                 MBEDTLS_X509_SAFE_SNPRINTF;
 
                 if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME,
-                                    &other_name->value.hardware_module_name.oid) != 0) {
+                                    &other_name->type_id) == 0) {
                     ret = mbedtls_snprintf(p, n, "\n%s        hardware module name :", prefix);
                     MBEDTLS_X509_SAFE_SNPRINTF;
                     ret =
diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py
index f52b785..b48a277 100644
--- a/scripts/mbedtls_dev/build_tree.py
+++ b/scripts/mbedtls_dev/build_tree.py
@@ -19,12 +19,19 @@
 import os
 import inspect
 
+def looks_like_psa_crypto_root(path: str) -> bool:
+    """Whether the given directory looks like the root of the PSA Crypto source tree."""
+    return all(os.path.isdir(os.path.join(path, subdir))
+               for subdir in ['include', 'core', 'drivers', 'programs', 'tests'])
 
 def looks_like_mbedtls_root(path: str) -> bool:
     """Whether the given directory looks like the root of the Mbed TLS source tree."""
     return all(os.path.isdir(os.path.join(path, subdir))
                for subdir in ['include', 'library', 'programs', 'tests'])
 
+def looks_like_root(path: str) -> bool:
+    return looks_like_psa_crypto_root(path) or looks_like_mbedtls_root(path)
+
 def check_repo_path():
     """
     Check that the current working directory is the project root, and throw
@@ -42,7 +49,7 @@
     for d in [os.path.curdir,
               os.path.pardir,
               os.path.join(os.path.pardir, os.path.pardir)]:
-        if looks_like_mbedtls_root(d):
+        if looks_like_root(d):
             os.chdir(d)
             return
     raise Exception('Mbed TLS source tree not found')
@@ -62,6 +69,6 @@
             if d in dirs:
                 continue
             dirs.add(d)
-            if looks_like_mbedtls_root(d):
+            if looks_like_root(d):
                 return d
     raise Exception('Mbed TLS source tree not found')
diff --git a/scripts/mbedtls_dev/psa_storage.py b/scripts/mbedtls_dev/psa_storage.py
index bae9938..a2e4c74 100644
--- a/scripts/mbedtls_dev/psa_storage.py
+++ b/scripts/mbedtls_dev/psa_storage.py
@@ -27,6 +27,7 @@
 import unittest
 
 from . import c_build_helper
+from . import build_tree
 
 
 class Expr:
@@ -51,13 +52,16 @@
     def update_cache(self) -> None:
         """Update `value_cache` for expressions registered in `unknown_values`."""
         expressions = sorted(self.unknown_values)
+        includes = ['include']
+        if build_tree.looks_like_psa_crypto_root('.'):
+            includes.append('drivers/builtin/include')
         values = c_build_helper.get_c_expression_values(
             'unsigned long', '%lu',
             expressions,
             header="""
             #include <psa/crypto.h>
             """,
-            include_path=['include']) #type: List[str]
+            include_path=includes) #type: List[str]
         for e, v in zip(expressions, values):
             self.value_cache[e] = int(v, 0)
         self.unknown_values.clear()
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index c3c1275..f8df522 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -123,15 +123,27 @@
 # Enable ksh/bash extended file matching patterns
 shopt -s extglob
 
+in_mbedtls_repo () {
+    test -d include -a -d library -a -d programs -a -d tests
+}
+
+in_psa_crypto_repo () {
+    test -d include -a -d core -a -d drivers -a -d programs -a -d tests
+}
+
 pre_check_environment () {
-    if [ -d library -a -d include -a -d tests ]; then :; else
-        echo "Must be run from mbed TLS root" >&2
+    if in_mbedtls_repo || in_psa_crypto_repo; then :; else
+        echo "Must be run from Mbed TLS / psa-crypto root" >&2
         exit 1
     fi
 }
 
 pre_initialize_variables () {
-    CONFIG_H='include/mbedtls/mbedtls_config.h'
+    if in_mbedtls_repo; then
+        CONFIG_H='include/mbedtls/mbedtls_config.h'
+    else
+        CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h'
+    fi
     CRYPTO_CONFIG_H='include/psa/crypto_config.h'
     CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
 
@@ -141,8 +153,10 @@
     backup_suffix='.all.bak'
     # Files clobbered by config.py
     files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H"
-    # Files clobbered by in-tree cmake
-    files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
+    if in_mbedtls_repo; then
+        # Files clobbered by in-tree cmake
+        files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
+    fi
 
     append_outcome=0
     MEMORY=0
@@ -299,7 +313,9 @@
 # Does not remove generated source files.
 cleanup()
 {
-    command make clean
+    if in_mbedtls_repo; then
+        command make clean
+    fi
 
     # Remove CMake artefacts
     find . -name .git -prune -o \
@@ -556,7 +572,7 @@
         fi
 
         if ! git diff --quiet "$CONFIG_H"; then
-            err_msg "Warning - the configuration file 'include/mbedtls/mbedtls_config.h' has been edited. "
+            err_msg "Warning - the configuration file '$CONFIG_H' has been edited. "
             echo "You can either delete or preserve your work, or force the test by rerunning the"
             echo "script as: $0 --force"
             exit 1
@@ -5284,7 +5300,9 @@
 pre_print_configuration
 pre_check_tools
 cleanup
-pre_generate_files
+if in_mbedtls_repo; then
+    pre_generate_files
+fi
 
 # Run the requested tests.
 for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 92db417..3590436 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -1,10 +1,10 @@
 #!/usr/bin/env python3
 """Run the PSA Crypto API compliance test suite.
 Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF,
-then compile and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests.
-Known defects in either the test suite or mbedtls - identified by their test number - are ignored,
-while unexpected failures AND successes are reported as errors,
-to help keep the list of known defects as up to date as possible.
+then compile and run the test suite. The clone is stored at <repository root>/psa-arch-tests.
+Known defects in either the test suite or mbedtls / psa-crypto - identified by their test
+number - are ignored, while unexpected failures AND successes are reported as errors, to help
+keep the list of known defects as up to date as possible.
 """
 
 # Copyright The Mbed TLS Contributors
@@ -22,13 +22,20 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+import argparse
 import os
 import re
 import shutil
 import subprocess
 import sys
+from typing import List
 
-# PSA Compliance tests we expect to fail due to known defects in Mbed TLS (or the test suite)
+#pylint: disable=unused-import
+import scripts_path
+from mbedtls_dev import build_tree
+
+# PSA Compliance tests we expect to fail due to known defects in Mbed TLS / PSA Crypto
+# (or the test suite).
 # The test numbers correspond to the numbers used by the console output of the test suite.
 # Test number 2xx corresponds to the files in the folder
 # psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx
@@ -49,12 +56,32 @@
 PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git'
 PSA_ARCH_TESTS_REF = 'fix-pr-5736'
 
-#pylint: disable=too-many-branches,too-many-statements
-def main():
-    mbedtls_dir = os.getcwd()
+#pylint: disable=too-many-branches,too-many-statements,too-many-locals
+def main(library_build_dir: str):
+    root_dir = os.getcwd()
 
-    if not os.path.exists('library/libmbedcrypto.a'):
-        subprocess.check_call(['make', '-C', 'library', 'libmbedcrypto.a'])
+    in_psa_crypto_repo = build_tree.looks_like_psa_crypto_root(root_dir)
+
+    if in_psa_crypto_repo:
+        crypto_name = 'psacrypto'
+        library_subdir = 'core'
+    else:
+        crypto_name = 'mbedcrypto'
+        library_subdir = 'library'
+
+    crypto_lib_filename = (library_build_dir + '/' +
+                           library_subdir + '/' +
+                           'lib' + crypto_name + '.a')
+
+    if not os.path.exists(crypto_lib_filename):
+        #pylint: disable=bad-continuation
+        subprocess.check_call([
+            'cmake', '.',
+                     '-GUnix Makefiles',
+                     '-B' + library_build_dir
+        ])
+        subprocess.check_call(['cmake', '--build', library_build_dir,
+                               '--target', crypto_name])
 
     psa_arch_tests_dir = 'psa-arch-tests'
     os.makedirs(psa_arch_tests_dir, exist_ok=True)
@@ -74,6 +101,9 @@
         os.mkdir(build_dir)
         os.chdir(build_dir)
 
+        extra_includes = (';{}/drivers/builtin/include'.format(root_dir)
+                          if in_psa_crypto_repo else '')
+
         #pylint: disable=bad-continuation
         subprocess.check_call([
             'cmake', '..',
@@ -81,8 +111,9 @@
                      '-DTARGET=tgt_dev_apis_stdc',
                      '-DTOOLCHAIN=HOST_GCC',
                      '-DSUITE=CRYPTO',
-                     '-DPSA_CRYPTO_LIB_FILENAME={}/library/libmbedcrypto.a'.format(mbedtls_dir),
-                     '-DPSA_INCLUDE_PATHS={}/include'.format(mbedtls_dir)
+                     '-DPSA_CRYPTO_LIB_FILENAME={}/{}'.format(root_dir,
+                                                              crypto_lib_filename),
+                     ('-DPSA_INCLUDE_PATHS={}/include' + extra_includes).format(root_dir)
         ])
         subprocess.check_call(['cmake', '--build', '.'])
 
@@ -95,8 +126,11 @@
         )
         test = -1
         unexpected_successes = set(EXPECTED_FAILURES)
-        expected_failures = []
-        unexpected_failures = []
+        expected_failures = [] # type: List[int]
+        unexpected_failures = [] # type: List[int]
+        if proc.stdout is None:
+            return 1
+
         for line in proc.stdout:
             print(line, end='')
             match = test_re.match(line)
@@ -136,7 +170,18 @@
             print('SUCCESS')
             return 0
     finally:
-        os.chdir(mbedtls_dir)
+        os.chdir(root_dir)
 
 if __name__ == '__main__':
-    sys.exit(main())
+    BUILD_DIR = 'out_of_source_build'
+
+    # pylint: disable=invalid-name
+    parser = argparse.ArgumentParser()
+    parser.add_argument('--build-dir', nargs=1,
+                        help='path to Mbed TLS / PSA Crypto build directory')
+    args = parser.parse_args()
+
+    if args.build_dir is not None:
+        BUILD_DIR = args.build_dir[0]
+
+    sys.exit(main(BUILD_DIR))
diff --git a/tests/suites/test_suite_common.function b/tests/suites/test_suite_common.function
index a583e46..5c5700c 100644
--- a/tests/suites/test_suite_common.function
+++ b/tests/suites/test_suite_common.function
@@ -1,5 +1,5 @@
 /* BEGIN_HEADER */
-#include "../library/common.h"
+#include "common.h"
 
 void fill_arrays(unsigned char *a, unsigned char *b, unsigned char *r1, unsigned char *r2, size_t n)
 {
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index c4408df..619a5dd 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -1324,8 +1324,8 @@
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
         case MBEDTLS_ECP_DP_SECP521R1:
-            limbs = BITS_TO_LIMBS(522) * 2;
-            curve_bits = 522;
+            limbs = BITS_TO_LIMBS(521) * 2;
+            curve_bits = 521;
             curve_func = &mbedtls_ecp_mod_p521_raw;
             break;
 #endif
@@ -1377,8 +1377,8 @@
 
     TEST_EQUAL((*curve_func)(X, limbs_X), 0);
 
-    TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), curve_bits);
     mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
+    TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), curve_bits);
     TEST_MEMORY_COMPARE(X, bytes, res, bytes);
 
 exit:
diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function
index cb11f18..0f66c79 100644
--- a/tests/suites/test_suite_psa_its.function
+++ b/tests/suites/test_suite_psa_its.function
@@ -10,7 +10,7 @@
  * before changing how test data is constructed or validated.
  */
 
-#include "../library/psa_crypto_its.h"
+#include "psa_crypto_its.h"
 
 #include "test/psa_helpers.h"
 
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 1b08bc3..e6bce1d 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -242,7 +242,7 @@
             MBEDTLS_X509_SAFE_SNPRINTF;
 
             if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME,
-                                &san->san.other_name.value.hardware_module_name.oid) != 0) {
+                                &san->san.other_name.type_id) == 0) {
                 ret = mbedtls_snprintf(p, n, " hardware module name :");
                 MBEDTLS_X509_SAFE_SNPRINTF;
                 ret = mbedtls_snprintf(p, n, " hardware type : ");