From 7eced7d1d2d0bcf7a2318bb565962546c1bb9f23 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 1 Sep 2023 13:55:39 +0100 Subject: [PATCH] Move zeroize-as-memset into a config file under tests/ Signed-off-by: Tom Cosgrove --- include/mbedtls/platform_util.h | 23 ++++---------- tests/configs/config-wrapper-zeroize-memset.h | 31 +++++++++++++++++++ tests/scripts/all.sh | 2 +- 3 files changed, 38 insertions(+), 18 deletions(-) create mode 100644 tests/configs/config-wrapper-zeroize-memset.h diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 17e17525b..4dcce36ca 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -167,28 +167,17 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; * \param len Length of the buffer in bytes * */ -#if defined(MBEDTLS_PLATFORM_ZEROIZE_CHECK_UNSAFE) -#define MBEDTLS_PLATFORM_ZEROIZE_ALT -#define mbedtls_platform_zeroize(buf, len) memset(buf, 0, len) -#include -#else +#if !defined(MBEDTLS_TEST_DEFINES_ZEROIZE) void mbedtls_platform_zeroize(void *buf, size_t len); #endif -/* MBEDTLS_PLATFORM_ZEROIZE_CHECK_UNSAFE +/* MBEDTLS_TEST_DEFINES_ZEROIZE * - * Replaces calls to mbedtls_platform_zeroize() with calls to memset(), - * to allow compiler analysis to check for invalid length arguments (e.g. - * specifying sizeof(pointer) rather than sizeof(pointee)). - * - * Note that this option is meant for internal use only and must not be used - * in production builds, because that would lead to zeroization calls being - * optimised out by the compiler. - * - * It is only intended to be used in CFLAGS, with -Wsizeof-pointer-memaccess, - * to check for those incorrect calls to mbedtls_platform_zeroize(). + * Indicates that the library is being built by the test framework, and the + * framework is going to provide a replacement mbedtls_platform_zeroize() + * using a pre-processor macro, so the function declaration should be omitted. */ -//#define MBEDTLS_PLATFORM_ZEROIZE_CHECK_UNSAFE +//#define MBEDTLS_TEST_DEFINES_ZEROIZE #if defined(MBEDTLS_HAVE_TIME_DATE) /** diff --git a/tests/configs/config-wrapper-zeroize-memset.h b/tests/configs/config-wrapper-zeroize-memset.h new file mode 100644 index 000000000..d1bfa1717 --- /dev/null +++ b/tests/configs/config-wrapper-zeroize-memset.h @@ -0,0 +1,31 @@ +/* mbedtls_config.h wrapper that defines mbedtls_platform_zeroize() to be + * memset(), so that the compile can check arguments for us. + * Used for testing. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "mbedtls/mbedtls_config.h" + +#include + +/* Define _ALT so we don't get the built-in implementation. The test code will + * also need to define MBEDTLS_TEST_DEFINES_ZEROIZE so we don't get the + * declaration. */ +#define MBEDTLS_PLATFORM_ZEROIZE_ALT + +#define mbedtls_platform_zeroize(buf, len) memset(buf, 0, len) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index dad8464fa..55cd66392 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -5123,7 +5123,7 @@ component_build_zeroize_checks () { scripts/config.py full # Only compile - we're looking for sizeof-pointer-memaccess warnings - make CC=gcc CFLAGS='-Werror -DMBEDTLS_PLATFORM_ZEROIZE_CHECK_UNSAFE -Wsizeof-pointer-memaccess' + make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/config-wrapper-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" }