Add MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
This option allows to test the constant-flow nature of selected code, using MemSan and the fundamental observation behind ctgrind that the set of operations allowed on undefined memory by dynamic analysers is the same as the set of operations allowed on secret data to avoid leaking it to a local attacker via side channels, namely, any operation except branching and dereferencing. (This isn't the full story, as on some CPUs some instructions have variable execution depending on the inputs, most notably division and on some cores multiplication. However, testing that no branch or memory access depends on secret data is already a good start.) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
parent
368fc65f80
commit
a237722118
7 changed files with 63 additions and 0 deletions
library
|
|
@ -279,6 +279,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
|
||||
"MBEDTLS_ECP_NORMALIZE_MXZ_ALT",
|
||||
#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
|
||||
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
|
||||
"MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN",
|
||||
#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */
|
||||
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
|
||||
"MBEDTLS_TEST_NULL_ENTROPY",
|
||||
#endif /* MBEDTLS_TEST_NULL_ENTROPY */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue