Disable optionally safe test hook in threading builds

Signed-off-by: Janos Follath <janos.follath@arm.com>
2025-06-05 14:26:42 +08:00 · 2024-08-20 10:21:54 +01:00 · 2024-08-20 10:21:54 +01:00 · d6aaee10fd
commit d6aaee10fd
parent 08091d79dd
3 changed files with 17 additions and 14 deletions
--- a/tf-psa-crypto/drivers/builtin/src/bignum_core.c
+++ b/tf-psa-crypto/drivers/builtin/src/bignum_core.c
@ -747,7 +747,7 @@ static void exp_mod_precompute_window(const mbedtls_mpi_uint *A,
    }
 }
-#if defined(MBEDTLS_TEST_HOOKS)
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
 // Set to a default that is neither MBEDTLS_MPI_IS_PUBLIC nor MBEDTLS_MPI_IS_SECRET
 int mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_PUBLIC + MBEDTLS_MPI_IS_SECRET + 1;
 #endif
@ -771,7 +771,7 @@ static inline void exp_mod_calc_first_bit_optionally_safe(const mbedtls_mpi_uint
            *E_limb_index = E_bits / biL;
            *E_bit_index = E_bits % biL;
        }
-#if defined(MBEDTLS_TEST_HOOKS)
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
        mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_PUBLIC;
 #endif
    } else {
@ -781,7 +781,7 @@ static inline void exp_mod_calc_first_bit_optionally_safe(const mbedtls_mpi_uint
         */
        *E_limb_index = E_limbs;
        *E_bit_index = 0;
-#if defined(MBEDTLS_TEST_HOOKS)
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
        // Only mark the codepath safe if there wasn't an unsafe codepath before
        if (mbedtls_mpi_optionally_safe_codepath != MBEDTLS_MPI_IS_PUBLIC) {
            mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_SECRET;
@ -803,7 +803,7 @@ static inline void exp_mod_table_lookup_optionally_safe(mbedtls_mpi_uint *Wselec
 {
    if (window_public == MBEDTLS_MPI_IS_PUBLIC) {
        memcpy(Wselect, Wtable + window * AN_limbs, AN_limbs * ciL);
-#if defined(MBEDTLS_TEST_HOOKS)
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
        mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_PUBLIC;
 #endif
    } else {
@ -811,7 +811,7 @@ static inline void exp_mod_table_lookup_optionally_safe(mbedtls_mpi_uint *Wselec
         * memory access patterns. */
        mbedtls_mpi_core_ct_uint_table_lookup(Wselect, Wtable,
                                              AN_limbs, welem, window);
-#if defined(MBEDTLS_TEST_HOOKS)
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
        // Only mark the codepath safe if there wasn't an unsafe codepath before
        if (mbedtls_mpi_optionally_safe_codepath != MBEDTLS_MPI_IS_PUBLIC) {
            mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_SECRET;
--- a/tf-psa-crypto/drivers/builtin/src/bignum_core.h
+++ b/tf-psa-crypto/drivers/builtin/src/bignum_core.h
@ -830,7 +830,10 @@ void mbedtls_mpi_core_from_mont_rep(mbedtls_mpi_uint *X,
                                    mbedtls_mpi_uint mm,
                                    mbedtls_mpi_uint *T);
-#if defined(MBEDTLS_TEST_HOOKS)
+/*
 * Can't define thread local variables with our abstraction layer: do nothing if threading is on.
 */
 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
 extern int mbedtls_mpi_optionally_safe_codepath;
 static inline void mbedtls_mpi_optionally_safe_codepath_reset(void)
--- a/tf-psa-crypto/tests/suites/test_suite_bignum_core.function
+++ b/tf-psa-crypto/tests/suites/test_suite_bignum_core.function
@ -1302,11 +1302,11 @@ void mpi_core_exp_mod(char *input_N, char *input_A,
    TEST_CF_SECRET(A, A_limbs * sizeof(mbedtls_mpi_uint));
    TEST_CF_SECRET(N, N_limbs * sizeof(mbedtls_mpi_uint));
    TEST_CF_SECRET(E, E_limbs * sizeof(mbedtls_mpi_uint));
-#if defined(MBEDTLS_TEST_HOOKS)
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
    mbedtls_mpi_optionally_safe_codepath_reset();
 #endif
    mbedtls_mpi_core_exp_mod(Y, A, N, N_limbs, E, E_limbs, R2, T);
-#if defined(MBEDTLS_TEST_HOOKS)
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
    TEST_EQUAL(mbedtls_mpi_optionally_safe_codepath, MBEDTLS_MPI_IS_SECRET);
 #endif
    TEST_EQUAL(0, memcmp(X, Y, N_limbs * sizeof(mbedtls_mpi_uint)));
@ -1317,11 +1317,11 @@ void mpi_core_exp_mod(char *input_N, char *input_A,
    /* Test the unsafe variant */
-#if defined(MBEDTLS_TEST_HOOKS)
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
    mbedtls_mpi_optionally_safe_codepath_reset();
 #endif
    mbedtls_mpi_core_exp_mod_unsafe(Y, A, N, N_limbs, E, E_limbs, R2, T);
-#if defined(MBEDTLS_TEST_HOOKS)
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
    TEST_EQUAL(mbedtls_mpi_optionally_safe_codepath, MBEDTLS_MPI_IS_PUBLIC);
 #endif
    TEST_EQUAL(0, memcmp(X, Y, N_limbs * sizeof(mbedtls_mpi_uint)));
@ -1334,22 +1334,22 @@ void mpi_core_exp_mod(char *input_N, char *input_A,
    TEST_CF_SECRET(A, A_limbs * sizeof(mbedtls_mpi_uint));
    TEST_CF_SECRET(N, N_limbs * sizeof(mbedtls_mpi_uint));
    TEST_CF_SECRET(E, E_limbs * sizeof(mbedtls_mpi_uint));
-#if defined(MBEDTLS_TEST_HOOKS)
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
    mbedtls_mpi_optionally_safe_codepath_reset();
 #endif
    mbedtls_mpi_core_exp_mod(A, A, N, N_limbs, E, E_limbs, R2, T);
-#if defined(MBEDTLS_TEST_HOOKS)
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
    TEST_EQUAL(mbedtls_mpi_optionally_safe_codepath, MBEDTLS_MPI_IS_SECRET);
 #endif
    TEST_EQUAL(0, memcmp(X, A, N_limbs * sizeof(mbedtls_mpi_uint)));
    TEST_CF_PUBLIC(A, A_limbs * sizeof(mbedtls_mpi_uint));
    memcpy(A, A_copy, sizeof(A) * A_limbs);
-#if defined(MBEDTLS_TEST_HOOKS)
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
    mbedtls_mpi_optionally_safe_codepath_reset();
 #endif
    mbedtls_mpi_core_exp_mod_unsafe(A, A, N, N_limbs, E, E_limbs, R2, T);
-#if defined(MBEDTLS_TEST_HOOKS)
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
    TEST_EQUAL(mbedtls_mpi_optionally_safe_codepath, MBEDTLS_MPI_IS_PUBLIC);
 #endif
    TEST_EQUAL(0, memcmp(X, A, N_limbs * sizeof(mbedtls_mpi_uint)));