test-memwipe.c 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218
  1. /* Copyright (c) 2015-2018, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. #include "orconfig.h"
  4. #include "lib/crypt_ops/crypto_util.h"
  5. #include "lib/intmath/cmp.h"
  6. #include "lib/malloc/malloc.h"
  7. #include <string.h>
  8. #include <stdio.h>
  9. #include <sys/types.h>
  10. #include <stdlib.h>
  11. static unsigned fill_a_buffer_memset(void) __attribute__((noinline));
  12. static unsigned fill_a_buffer_memwipe(void) __attribute__((noinline));
  13. static unsigned fill_a_buffer_nothing(void) __attribute__((noinline));
  14. static unsigned fill_heap_buffer_memset(void) __attribute__((noinline));
  15. static unsigned fill_heap_buffer_memwipe(void) __attribute__((noinline));
  16. static unsigned fill_heap_buffer_nothing(void) __attribute__((noinline));
  17. static unsigned check_a_buffer(void) __attribute__((noinline));
  18. extern const char *s; /* Make the linkage global */
  19. const char *s = NULL;
  20. #define BUF_LEN 2048
  21. #define FILL_BUFFER_IMPL() \
  22. unsigned int i; \
  23. unsigned sum = 0; \
  24. \
  25. /* Fill up a 1k buffer with a recognizable pattern. */ \
  26. for (i = 0; i < BUF_LEN; i += strlen(s)) { \
  27. memcpy(buf+i, s, MIN(strlen(s), BUF_LEN-i)); \
  28. } \
  29. \
  30. /* Use the buffer as input to a computation so the above can't get */ \
  31. /* optimized away. */ \
  32. for (i = 0; i < BUF_LEN; ++i) { \
  33. sum += (unsigned char)buf[i]; \
  34. }
  35. #ifdef OpenBSD
  36. /* Disable some of OpenBSD's malloc protections for this test. This helps
  37. * us do bad things, such as access freed buffers, without crashing. */
  38. const char *malloc_options="sufjj";
  39. #endif
  40. static unsigned
  41. fill_a_buffer_memset(void)
  42. {
  43. char buf[BUF_LEN];
  44. FILL_BUFFER_IMPL()
  45. memset(buf, 0, sizeof(buf));
  46. return sum;
  47. }
  48. static unsigned
  49. fill_a_buffer_memwipe(void)
  50. {
  51. char buf[BUF_LEN];
  52. FILL_BUFFER_IMPL()
  53. memwipe(buf, 0, sizeof(buf));
  54. return sum;
  55. }
  56. static unsigned
  57. fill_a_buffer_nothing(void)
  58. {
  59. char buf[BUF_LEN];
  60. FILL_BUFFER_IMPL()
  61. return sum;
  62. }
  63. static inline int
  64. vmemeq(volatile char *a, const char *b, size_t n)
  65. {
  66. while (n--) {
  67. if (*a++ != *b++)
  68. return 0;
  69. }
  70. return 1;
  71. }
  72. static unsigned
  73. check_a_buffer(void)
  74. {
  75. unsigned int i;
  76. volatile char buf[BUF_LEN];
  77. unsigned sum = 0;
  78. /* See if this buffer has the string in it.
  79. YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM AN UNINITIALIZED
  80. BUFFER.
  81. If you know a better way to figure out whether the compiler eliminated
  82. the memset/memwipe calls or not, please let me know.
  83. */
  84. for (i = 0; i < BUF_LEN - strlen(s); ++i) {
  85. if (vmemeq(buf+i, s, strlen(s)))
  86. ++sum;
  87. }
  88. return sum;
  89. }
  90. static char *heap_buf = NULL;
  91. static unsigned
  92. fill_heap_buffer_memset(void)
  93. {
  94. char *buf = heap_buf = raw_malloc(BUF_LEN);
  95. FILL_BUFFER_IMPL()
  96. memset(buf, 0, BUF_LEN);
  97. raw_free(buf);
  98. return sum;
  99. }
  100. static unsigned
  101. fill_heap_buffer_memwipe(void)
  102. {
  103. char *buf = heap_buf = raw_malloc(BUF_LEN);
  104. FILL_BUFFER_IMPL()
  105. memwipe(buf, 0, BUF_LEN);
  106. raw_free(buf);
  107. return sum;
  108. }
  109. static unsigned
  110. fill_heap_buffer_nothing(void)
  111. {
  112. char *buf = heap_buf = raw_malloc(BUF_LEN);
  113. FILL_BUFFER_IMPL()
  114. raw_free(buf);
  115. return sum;
  116. }
  117. static unsigned
  118. check_heap_buffer(void)
  119. {
  120. unsigned int i;
  121. unsigned sum = 0;
  122. volatile char *buf = heap_buf;
  123. /* See if this buffer has the string in it.
  124. YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM A FREED BUFFER.
  125. If you know a better way to figure out whether the compiler eliminated
  126. the memset/memwipe calls or not, please let me know.
  127. */
  128. for (i = 0; i < BUF_LEN - strlen(s); ++i) {
  129. if (vmemeq(buf+i, s, strlen(s)))
  130. ++sum;
  131. }
  132. return sum;
  133. }
  134. static struct testcase {
  135. const char *name;
  136. /* this spacing satisfies make check-spaces */
  137. unsigned
  138. (*fill_fn)(void);
  139. unsigned
  140. (*check_fn)(void);
  141. } testcases[] = {
  142. { "nil", fill_a_buffer_nothing, check_a_buffer },
  143. { "nil-heap", fill_heap_buffer_nothing, check_heap_buffer },
  144. { "memset", fill_a_buffer_memset, check_a_buffer },
  145. { "memset-heap", fill_heap_buffer_memset, check_heap_buffer },
  146. { "memwipe", fill_a_buffer_memwipe, check_a_buffer },
  147. { "memwipe-heap", fill_heap_buffer_memwipe, check_heap_buffer },
  148. { NULL, NULL, NULL }
  149. };
  150. int
  151. main(int argc, char **argv)
  152. {
  153. unsigned x, x2;
  154. int i;
  155. int working = 1;
  156. unsigned found[6];
  157. (void) argc; (void) argv;
  158. s = "squamous haberdasher gallimaufry";
  159. memset(found, 0, sizeof(found));
  160. for (i = 0; testcases[i].name; ++i) {
  161. x = testcases[i].fill_fn();
  162. found[i] = testcases[i].check_fn();
  163. x2 = fill_a_buffer_nothing();
  164. if (x != x2) {
  165. working = 0;
  166. }
  167. }
  168. if (!working || !found[0] || !found[1]) {
  169. printf("It appears that this test case may not give you reliable "
  170. "information. Sorry.\n");
  171. }
  172. if (!found[2] && !found[3]) {
  173. printf("It appears that memset is good enough on this platform. Good.\n");
  174. }
  175. if (found[4] || found[5]) {
  176. printf("ERROR: memwipe does not wipe data!\n");
  177. return 1;
  178. } else {
  179. printf("OKAY: memwipe seems to work.\n");
  180. return 0;
  181. }
  182. }