commit 88385c2f74d46c26abb10e5d80ec16d7a257aefa
author Gilles Peskine <Gilles.Peskine@arm.com> Thu Jan 04 20:33:29 2024 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Mon Jan 15 19:30:29 2024 +0100
tree 8c547df53f4ab55e4fecece9b1804f1f2d12ea2e
parent a1871f318bb4c4a36672f78159dacd0e917344b3

PSA wrappers: don't poison buffers when buffer copying is disabled

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/scripts/generate_psa_wrappers.py

diff --git a/tests/scripts/generate_psa_wrappers.py b/tests/scripts/generate_psa_wrappers.py
index 551acbd..85c9278 100755
--- a/tests/scripts/generate_psa_wrappers.py
+++ b/tests/scripts/generate_psa_wrappers.py
@@ -121,6 +121,20 @@
             param.buffer_name, param.size_name
         ))
 
+    def _write_poison_buffer_parameters(self, out: typing_util.Writable,
+                                        buffer_parameters: List[BufferParameter],
+                                        poison: bool) -> None:
+        """Write poisoning or unpoisoning code for the buffer parameters.
+
+        Write poisoning code if poison is true, unpoisoning code otherwise.
+        """
+        if not buffer_parameters:
+            return
+        out.write('#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)\n')
+        for param in buffer_parameters:
+            self._write_poison_buffer_parameter(out, param, poison)
+        out.write('#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */\n')
+
     @staticmethod
     def _parameter_should_be_copied(function_name: str,
                                     _buffer_name: Optional[str]) -> bool:
@@ -140,11 +154,9 @@
                                                         argument_names)
             if self._parameter_should_be_copied(function.name,
                                                 function.arguments[param.index].name))
-        for param in buffer_parameters:
-            self._write_poison_buffer_parameter(out, param, True)
+        self._write_poison_buffer_parameters(out, buffer_parameters, True)
         super()._write_function_call(out, function, argument_names)
-        for param in buffer_parameters:
-            self._write_poison_buffer_parameter(out, param, False)
+        self._write_poison_buffer_parameters(out, buffer_parameters, False)
 
     def _write_prologue(self, out: typing_util.Writable, header: bool) -> None:
         super()._write_prologue(out, header)

tests/src/psa_test_wrappers.c

diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c
index c26835f..f3fb852 100644
--- a/tests/src/psa_test_wrappers.c
+++ b/tests/src/psa_test_wrappers.c
@@ -266,11 +266,15 @@
     size_t arg5_output_size,
     size_t *arg6_output_length)
 {
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
     MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length);
     MBEDTLS_TEST_MEMORY_POISON(arg4_output, arg5_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
     psa_status_t status = (psa_cipher_encrypt)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
     MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length);
     MBEDTLS_TEST_MEMORY_UNPOISON(arg4_output, arg5_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
     return status;
 }