Line data Source code
1 : /* Copyright (c) 2015-2021, The Tor Project, Inc. */
2 : /* See LICENSE for licensing information */
3 :
4 : #include "orconfig.h"
5 : #include "lib/crypt_ops/crypto_util.h"
6 :
7 : #include "lib/intmath/cmp.h"
8 : #include "lib/malloc/malloc.h"
9 :
10 : #include <string.h>
11 : #include <stdio.h>
12 : #include <sys/types.h>
13 : #include <stdlib.h>
14 :
15 : #ifdef HAVE_SYS_PARAM_H
16 : #include <sys/param.h>
17 : #endif
18 :
19 : static unsigned fill_a_buffer_memset(void) __attribute__((noinline));
20 : static unsigned fill_a_buffer_memwipe(void) __attribute__((noinline));
21 : static unsigned fill_a_buffer_nothing(void) __attribute__((noinline));
22 : static unsigned fill_heap_buffer_memset(void) __attribute__((noinline));
23 : static unsigned fill_heap_buffer_memwipe(void) __attribute__((noinline));
24 : static unsigned fill_heap_buffer_nothing(void) __attribute__((noinline));
25 : static unsigned check_a_buffer(void) __attribute__((noinline));
26 :
27 : extern const char *s; /* Make the linkage global */
28 : const char *s = NULL;
29 :
30 : #define BUF_LEN 2048
31 :
32 : #define FILL_BUFFER_IMPL() \
33 : do { \
34 : unsigned int i; \
35 : \
36 : /* Fill up a 1k buffer with a recognizable pattern. */ \
37 : for (i = 0; i < BUF_LEN; i += strlen(s)) { \
38 : memcpy(buf+i, s, MIN(strlen(s), BUF_LEN-i)); \
39 : } \
40 : \
41 : /* Use the buffer as input to a computation so the above can't get */ \
42 : /* optimized away. */ \
43 : for (i = 0; i < BUF_LEN; ++i) { \
44 : sum += (unsigned char)buf[i]; \
45 : } \
46 : } while (0)
47 :
48 : #ifdef OpenBSD
49 : /* Disable some of OpenBSD's malloc protections for this test. This helps
50 : * us do bad things, such as access freed buffers, without crashing. */
51 : extern const char *malloc_options;
52 : const char *malloc_options = "sufjj";
53 : #endif /* defined(OpenBSD) */
54 :
55 : static unsigned
56 1 : fill_a_buffer_memset(void)
57 : {
58 1 : char buf[BUF_LEN];
59 1 : unsigned sum = 0;
60 2113 : FILL_BUFFER_IMPL();
61 1 : memset(buf, 0, sizeof(buf));
62 1 : return sum;
63 : }
64 :
65 : static unsigned
66 1 : fill_a_buffer_memwipe(void)
67 : {
68 1 : char buf[BUF_LEN];
69 1 : unsigned sum = 0;
70 2113 : FILL_BUFFER_IMPL();
71 1 : memwipe(buf, 0, sizeof(buf));
72 1 : return sum;
73 : }
74 :
75 : static unsigned
76 7 : fill_a_buffer_nothing(void)
77 : {
78 7 : char buf[BUF_LEN];
79 7 : unsigned sum = 0;
80 14791 : FILL_BUFFER_IMPL();
81 7 : return sum;
82 : }
83 :
84 : static inline int
85 12096 : vmemeq(volatile char *a, const char *b, size_t n)
86 : {
87 20664 : while (n--) {
88 20412 : if (*a++ != *b++)
89 : return 0;
90 : }
91 : return 1;
92 : }
93 :
94 : static unsigned
95 3 : check_a_buffer(void)
96 : {
97 3 : unsigned int i;
98 3 : volatile char buf[BUF_LEN];
99 3 : unsigned sum = 0;
100 :
101 : /* See if this buffer has the string in it.
102 :
103 : YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM AN UNINITIALIZED
104 : BUFFER.
105 :
106 : If you know a better way to figure out whether the compiler eliminated
107 : the memset/memwipe calls or not, please let me know.
108 : */
109 6051 : for (i = 0; i < BUF_LEN - strlen(s); ++i) {
110 6048 : if (vmemeq(buf+i, s, strlen(s)))
111 126 : ++sum;
112 : }
113 :
114 3 : return sum;
115 : }
116 :
117 : static char *heap_buf = NULL;
118 :
119 : static unsigned
120 1 : fill_heap_buffer_memset(void)
121 : {
122 1 : char *buf = heap_buf = raw_malloc(BUF_LEN);
123 1 : unsigned sum = 0;
124 2113 : FILL_BUFFER_IMPL();
125 1 : memset(buf, 0, BUF_LEN);
126 1 : raw_free(buf);
127 1 : return sum;
128 : }
129 :
130 : static unsigned
131 1 : fill_heap_buffer_memwipe(void)
132 : {
133 1 : char *buf = heap_buf = raw_malloc(BUF_LEN);
134 1 : unsigned sum = 0;
135 2113 : FILL_BUFFER_IMPL();
136 1 : memwipe(buf, 0, BUF_LEN);
137 1 : raw_free(buf);
138 1 : return sum;
139 : }
140 :
141 : static unsigned
142 1 : fill_heap_buffer_nothing(void)
143 : {
144 1 : char *buf = heap_buf = raw_malloc(BUF_LEN);
145 1 : unsigned sum = 0;
146 2113 : FILL_BUFFER_IMPL();
147 1 : raw_free(buf);
148 1 : return sum;
149 : }
150 :
151 : static unsigned
152 3 : check_heap_buffer(void)
153 : {
154 3 : unsigned int i;
155 3 : unsigned sum = 0;
156 3 : volatile char *buf = heap_buf;
157 :
158 : /* See if this buffer has the string in it.
159 :
160 : YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM A FREED BUFFER.
161 :
162 : If you know a better way to figure out whether the compiler eliminated
163 : the memset/memwipe calls or not, please let me know.
164 : */
165 6051 : for (i = 0; i < BUF_LEN - strlen(s); ++i) {
166 6048 : if (vmemeq(buf+i, s, strlen(s)))
167 126 : ++sum;
168 : }
169 :
170 3 : return sum;
171 : }
172 :
173 : static struct testcase {
174 : const char *name;
175 : /* this spacing satisfies make check-spaces */
176 : unsigned
177 : (*fill_fn)(void);
178 : unsigned
179 : (*check_fn)(void);
180 : } testcases[] = {
181 : { "nil", fill_a_buffer_nothing, check_a_buffer },
182 : { "nil-heap", fill_heap_buffer_nothing, check_heap_buffer },
183 : { "memset", fill_a_buffer_memset, check_a_buffer },
184 : { "memset-heap", fill_heap_buffer_memset, check_heap_buffer },
185 : { "memwipe", fill_a_buffer_memwipe, check_a_buffer },
186 : { "memwipe-heap", fill_heap_buffer_memwipe, check_heap_buffer },
187 : { NULL, NULL, NULL }
188 : };
189 :
190 : int
191 1 : main(int argc, char **argv)
192 : {
193 1 : unsigned x, x2;
194 1 : int i;
195 1 : int working = 1;
196 1 : unsigned found[6];
197 1 : (void) argc; (void) argv;
198 :
199 1 : s = "squamous haberdasher gallimaufry";
200 :
201 1 : memset(found, 0, sizeof(found));
202 :
203 7 : for (i = 0; testcases[i].name; ++i) {
204 6 : x = testcases[i].fill_fn();
205 6 : found[i] = testcases[i].check_fn();
206 :
207 6 : x2 = fill_a_buffer_nothing();
208 :
209 6 : if (x != x2) {
210 0 : working = 0;
211 : }
212 : }
213 :
214 1 : if (!working || !found[0] || !found[1]) {
215 0 : printf("It appears that this test case may not give you reliable "
216 : "information. Sorry.\n");
217 : }
218 :
219 1 : if (!found[2] && !found[3]) {
220 0 : printf("It appears that memset is good enough on this platform. Good.\n");
221 : }
222 :
223 1 : if (found[4] || found[5]) {
224 0 : printf("ERROR: memwipe does not wipe data!\n");
225 0 : return 1;
226 : } else {
227 1 : printf("OKAY: memwipe seems to work.\n");
228 1 : return 0;
229 : }
230 : }
|
