test-memwipe.c 5.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215
  1. #include "orconfig.h"
  2. #include <string.h>
  3. #include <stdio.h>
  4. #include <sys/types.h>
  5. #include <stdlib.h>
  6. #include "crypto.h"
  7. #include "compat.h"
  8. #include "util.h"
  9. static unsigned fill_a_buffer_memset(void) __attribute__((noinline));
  10. static unsigned fill_a_buffer_memwipe(void) __attribute__((noinline));
  11. static unsigned fill_a_buffer_nothing(void) __attribute__((noinline));
  12. static unsigned fill_heap_buffer_memset(void) __attribute__((noinline));
  13. static unsigned fill_heap_buffer_memwipe(void) __attribute__((noinline));
  14. static unsigned fill_heap_buffer_nothing(void) __attribute__((noinline));
  15. static unsigned check_a_buffer(void) __attribute__((noinline));
  16. extern const char *s; /* Make the linkage global */
  17. const char *s = NULL;
  18. #define BUF_LEN 2048
  19. #define FILL_BUFFER_IMPL() \
  20. unsigned int i; \
  21. unsigned sum = 0; \
  22. \
  23. /* Fill up a 1k buffer with a recognizable pattern. */ \
  24. for (i = 0; i < BUF_LEN; i += strlen(s)) { \
  25. memcpy(buf+i, s, MIN(strlen(s), BUF_LEN-i)); \
  26. } \
  27. \
  28. /* Use the buffer as input to a computation so the above can't get */ \
  29. /* optimized away. */ \
  30. for (i = 0; i < BUF_LEN; ++i) { \
  31. sum += (unsigned char)buf[i]; \
  32. }
  33. #ifdef OpenBSD
  34. /* Disable some of OpenBSD's malloc protections for this test. This helps
  35. * us do bad things, such as access freed buffers, without crashing. */
  36. const char *malloc_options="sufjj";
  37. #endif
  38. static unsigned
  39. fill_a_buffer_memset(void)
  40. {
  41. char buf[BUF_LEN];
  42. FILL_BUFFER_IMPL()
  43. memset(buf, 0, sizeof(buf));
  44. return sum;
  45. }
  46. static unsigned
  47. fill_a_buffer_memwipe(void)
  48. {
  49. char buf[BUF_LEN];
  50. FILL_BUFFER_IMPL()
  51. memwipe(buf, 0, sizeof(buf));
  52. return sum;
  53. }
  54. static unsigned
  55. fill_a_buffer_nothing(void)
  56. {
  57. char buf[BUF_LEN];
  58. FILL_BUFFER_IMPL()
  59. return sum;
  60. }
  61. static inline int
  62. vmemeq(volatile char *a, const char *b, size_t n)
  63. {
  64. while (n--) {
  65. if (*a++ != *b++)
  66. return 0;
  67. }
  68. return 1;
  69. }
  70. static unsigned
  71. check_a_buffer(void)
  72. {
  73. unsigned int i;
  74. volatile char buf[1024];
  75. unsigned sum = 0;
  76. /* See if this buffer has the string in it.
  77. YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM AN UNINITIALIZED
  78. BUFFER.
  79. If you know a better way to figure out whether the compiler eliminated
  80. the memset/memwipe calls or not, please let me know.
  81. */
  82. for (i = 0; i < BUF_LEN - strlen(s); ++i) {
  83. if (vmemeq(buf+i, s, strlen(s)))
  84. ++sum;
  85. }
  86. return sum;
  87. }
  88. static char *heap_buf = NULL;
  89. static unsigned
  90. fill_heap_buffer_memset(void)
  91. {
  92. char *buf = heap_buf = raw_malloc(BUF_LEN);
  93. FILL_BUFFER_IMPL()
  94. memset(buf, 0, BUF_LEN);
  95. raw_free(buf);
  96. return sum;
  97. }
  98. static unsigned
  99. fill_heap_buffer_memwipe(void)
  100. {
  101. char *buf = heap_buf = raw_malloc(BUF_LEN);
  102. FILL_BUFFER_IMPL()
  103. memwipe(buf, 0, BUF_LEN);
  104. raw_free(buf);
  105. return sum;
  106. }
  107. static unsigned
  108. fill_heap_buffer_nothing(void)
  109. {
  110. char *buf = heap_buf = raw_malloc(BUF_LEN);
  111. FILL_BUFFER_IMPL()
  112. raw_free(buf);
  113. return sum;
  114. }
  115. static unsigned
  116. check_heap_buffer(void)
  117. {
  118. unsigned int i;
  119. unsigned sum = 0;
  120. volatile char *buf = heap_buf;
  121. /* See if this buffer has the string in it.
  122. YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM A FREED BUFFER.
  123. If you know a better way to figure out whether the compiler eliminated
  124. the memset/memwipe calls or not, please let me know.
  125. */
  126. for (i = 0; i < BUF_LEN - strlen(s); ++i) {
  127. if (vmemeq(buf+i, s, strlen(s)))
  128. ++sum;
  129. }
  130. return sum;
  131. }
  132. static struct testcase {
  133. const char *name;
  134. /* this spacing satisfies make check-spaces */
  135. unsigned
  136. (*fill_fn)(void);
  137. unsigned
  138. (*check_fn)(void);
  139. } testcases[] = {
  140. { "nil", fill_a_buffer_nothing, check_a_buffer },
  141. { "nil-heap", fill_heap_buffer_nothing, check_heap_buffer },
  142. { "memset", fill_a_buffer_memset, check_a_buffer },
  143. { "memset-heap", fill_heap_buffer_memset, check_heap_buffer },
  144. { "memwipe", fill_a_buffer_memwipe, check_a_buffer },
  145. { "memwipe-heap", fill_heap_buffer_memwipe, check_heap_buffer },
  146. { NULL, NULL, NULL }
  147. };
  148. int
  149. main(int argc, char **argv)
  150. {
  151. unsigned x, x2;
  152. int i;
  153. int working = 1;
  154. unsigned found[6];
  155. (void) argc; (void) argv;
  156. s = "squamous haberdasher gallimaufry";
  157. memset(found, 0, sizeof(found));
  158. for (i = 0; testcases[i].name; ++i) {
  159. x = testcases[i].fill_fn();
  160. found[i] = testcases[i].check_fn();
  161. x2 = fill_a_buffer_nothing();
  162. if (x != x2) {
  163. working = 0;
  164. }
  165. }
  166. if (!working || !found[0] || !found[1]) {
  167. printf("It appears that this test case may not give you reliable "
  168. "information. Sorry.\n");
  169. }
  170. if (!found[2] && !found[3]) {
  171. printf("It appears that memset is good enough on this platform. Good.\n");
  172. }
  173. if (found[4] || found[5]) {
  174. printf("ERROR: memwipe does not wipe data!\n");
  175. return 1;
  176. } else {
  177. printf("OKAY: memwipe seems to work.\n");
  178. return 0;
  179. }
  180. }