Add MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
This option allows to test the constant-flow nature of selected code, using MemSan and the fundamental observation behind ctgrind that the set of operations allowed on undefined memory by dynamic analysers is the same as the set of operations allowed on secret data to avoid leaking it to a local attacker via side channels, namely, any operation except branching and dereferencing. (This isn't the full story, as on some CPUs some instructions have variable execution depending on the inputs, most notably division and on some cores multiplication. However, testing that no branch or memory access depends on secret data is already a good start.) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
parent
65a6fa3e26
commit
6240defd17
8 changed files with 99 additions and 0 deletions
|
|
@ -186,6 +186,16 @@
|
|||
#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(memory_sanitizer)
|
||||
#define MBEDTLS_HAS_MEMSAN
|
||||
#endif
|
||||
#endif
|
||||
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN)
|
||||
#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
|
||||
#endif
|
||||
#undef MBEDTLS_HAS_MEMSAN
|
||||
|
||||
#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
|
||||
( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) )
|
||||
#error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue