Add MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
This option allows to test the constant-flow nature of selected code, using MemSan and the fundamental observation behind ctgrind that the set of operations allowed on undefined memory by dynamic analysers is the same as the set of operations allowed on secret data to avoid leaking it to a local attacker via side channels, namely, any operation except branching and dereferencing. (This isn't the full story, as on some CPUs some instructions have variable execution depending on the inputs, most notably division and on some cores multiplication. However, testing that no branch or memory access depends on secret data is already a good start.) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
parent
65a6fa3e26
commit
6240defd17
8 changed files with 99 additions and 0 deletions
|
|
@ -194,6 +194,7 @@ EXCLUDE_FROM_FULL = frozenset([
|
|||
'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS
|
||||
'MBEDTLS_SHA512_NO_SHA384', # removes a feature
|
||||
'MBEDTLS_SSL_HW_RECORD_ACCEL', # build dependency (hook functions)
|
||||
'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan)
|
||||
'MBEDTLS_TEST_NULL_ENTROPY', # removes a feature
|
||||
'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', # influences the use of X.509 in TLS
|
||||
'MBEDTLS_ZLIB_SUPPORT', # build dependency (libz)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue