From: Mark Wooding <mdw@distorted.org.uk>
Date: Sun, 1 Oct 2017 02:01:02 +0000 (+0100)
Subject: Start verifying that code which should be constant-time really is.
X-Git-Tag: 2.4.2~21
X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/commitdiff_plain/1aaccf40b93719fd3df7cc89e023b9bb48b358b6?hp=1aaccf40b93719fd3df7cc89e023b9bb48b358b6

Start verifying that code which should be constant-time really is.

Introduce utilities `ct_poison' and `ct_remedy' to control Valgrind's
uninitialized-data checking, based on Adam Langley's `ctgrind' idea
described in https://www.imperialviolet.org/2010/04/01/ctgrind.html.
Use these in the tests for fancy-bignum algorithms, such as Poly1305 and
X25519.

There's currently no automated machinery for running these tests.  This
is a little tricky:

  * Some of the tests will need to be skipped because they just take too
    long if they run under Valgrind.

  * The test programs are actually libtool wrappers, which are bash(1)
    scripts.  Firstly, this means we get lots of spurious errors about
    bash; and secondly, the actual test program doesn't end up being
    checked by Valgrind at all.

So it's just manual for now.
---