Commit | Line | Data |
---|---|---|
1aaccf40 MW |
1 | /* -*-c-*- |
2 | * | |
3 | * Utilities for verifying constant-time programming | |
4 | * | |
5 | * (c) 2017 Straylight/Edgeware | |
6 | */ | |
7 | ||
8 | /*----- Licensing notice --------------------------------------------------* | |
9 | * | |
10 | * This file is part of Catacomb. | |
11 | * | |
12 | * Catacomb is free software: you can redistribute it and/or modify it | |
13 | * under the terms of the GNU Library General Public License as published | |
14 | * by the Free Software Foundation; either version 2 of the License, or | |
15 | * (at your option) any later version. | |
16 | * | |
17 | * Catacomb is distributed in the hope that it will be useful, but | |
18 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
20 | * Library General Public License for more details. | |
21 | * | |
22 | * You should have received a copy of the GNU Library General Public | |
23 | * License along with Catacomb. If not, write to the Free Software | |
24 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
25 | * USA. | |
26 | */ | |
27 | ||
28 | /*----- Header files ------------------------------------------------------*/ | |
29 | ||
30 | #include "config.h" | |
31 | ||
32 | #include "ct.h" | |
33 | ||
34 | #ifdef HAVE_VALGRIND_H | |
35 | # include <valgrind/valgrind.h> | |
36 | # include <valgrind/memcheck.h> | |
37 | #endif | |
38 | ||
39 | /*----- Main code ---------------------------------------------------------*/ | |
40 | ||
41 | /* --- @ct_poison@ --- * | |
42 | * | |
43 | * Arguments: @const void *p@ = pointer to a secret | |
44 | * @size_t sz@ = size of the secret | |
45 | * | |
46 | * Returns: --- | |
47 | * | |
48 | * Use: Ordinarily, does nothing. If the process is running under | |
49 | * the control of Valgrind's `memcheck' utility, then mark the | |
50 | * secret as `uninitialized', so that Valgrind warns about | |
51 | * conditional execution or memory addressing based on the value | |
52 | * of the secret. | |
53 | * | |
54 | * Credit for this idea goes to Adam Langley, who described it | |
55 | * in https://www.imperialviolet.org/2010/04/01/ctgrind.html, | |
56 | * though this implementation doesn't require patching Valgrind. | |
57 | */ | |
58 | ||
59 | void ct_poison(const void *p, size_t sz) | |
58ad700d MW |
60 | { |
61 | #ifdef HAVE_VALGRIND_H | |
62 | VALGRIND_MAKE_MEM_UNDEFINED(p, sz); | |
63 | #endif | |
64 | } | |
1aaccf40 MW |
65 | |
66 | /* --- @ct_remedy@ --- * | |
67 | * | |
68 | * Arguments: @const void *p@ = pointer to a secret | |
69 | * @size_t sz@ = size of the secret | |
70 | * | |
71 | * Returns: --- | |
72 | * | |
73 | * Use: Ordinarily, does nothing. If the process is running under | |
74 | * the control of Valgrind's `memcheck' utility, then mark the | |
75 | * secret as `initialized'. This is intended to reverse the | |
76 | * effect of @ct_poison@ so that a test program can verify | |
77 | * function outputs wihtout Valgrind warning. | |
78 | */ | |
79 | ||
80 | void ct_remedy(const void *p, size_t sz) | |
58ad700d MW |
81 | { |
82 | #ifdef HAVE_VALGRIND_H | |
83 | VALGRIND_MAKE_MEM_DEFINED(p, sz); | |
84 | #endif | |
85 | } | |
1aaccf40 MW |
86 | |
87 | /*----- That's all, folks -------------------------------------------------*/ |