Test that operation contexts are movable

[gilles-peskine-arm]

Test that it's possible to move contexts in memory. That is, sequences like the following must work:

mbedtls_xxx_context ctx1, ctx2;
mbedtls_xxx_init(&ctx1);
mbedtls_xxx_setup(&ctx1, …);
ctx2 = ctx1;
memset(&ctx1, 0, sizeof(ctx1));
mbedtls_xxx_do_stuff(&ctx2, …);
mbedtls_xxx_free(&ctx2);

Counter-example: the AES context in Mbed TLS 2.x.

We explicitly require this for alternative implementations in since Mbed TLS 3.0 (documented in alternative-implementations.md since #4595).

[mpg]

@gilles-peskine-arm I was about to add this to 3.x as I was thinking of it as finishing something we started in 3.0 - "documented but not tested" falls under "unfinished". But then I saw you did that but change your mind later, so I'm not sure - can you elaborate on why you didn't leave this in 3.x?

Also, do you have an idea how much work this would be? Seems like a lot as there's a large number of contexts, but OTOH we'll probably use the same pattern everywhere for testing. Also, I'm not sure the scope is clear: is it just contexts that may have alt implementation, all crypto contexts except Cipher/MD/PK?

[gilles-peskine-arm]

I'm on the fence about making it a should-have-been-3.0 requirement (i.e. 3.x) vs a backlog of things we don't test properly about alt implementations.

I think it'll be a lot of work to do properly: it'll involve ad hoc code for each context type, even if the general principle is the same. I can't think of an automated way to generate the code that is worth the trouble unless we can leverage an existing third-party FFI.