test-memwipe.c 5.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223
  1. /* Copyright (c) 2015-2019, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. #include "orconfig.h"
  4. #include "lib/crypt_ops/crypto_util.h"
  5. #include "lib/intmath/cmp.h"
  6. #include "lib/malloc/malloc.h"
  7. #include <string.h>
  8. #include <stdio.h>
  9. #include <sys/types.h>
  10. #include <stdlib.h>
  11. #ifdef HAVE_SYS_PARAM_H
  12. #include <sys/param.h>
  13. #endif
  14. static unsigned fill_a_buffer_memset(void) __attribute__((noinline));
  15. static unsigned fill_a_buffer_memwipe(void) __attribute__((noinline));
  16. static unsigned fill_a_buffer_nothing(void) __attribute__((noinline));
  17. static unsigned fill_heap_buffer_memset(void) __attribute__((noinline));
  18. static unsigned fill_heap_buffer_memwipe(void) __attribute__((noinline));
  19. static unsigned fill_heap_buffer_nothing(void) __attribute__((noinline));
  20. static unsigned check_a_buffer(void) __attribute__((noinline));
  21. extern const char *s; /* Make the linkage global */
  22. const char *s = NULL;
  23. #define BUF_LEN 2048
  24. #define FILL_BUFFER_IMPL() \
  25. unsigned int i; \
  26. unsigned sum = 0; \
  27. \
  28. /* Fill up a 1k buffer with a recognizable pattern. */ \
  29. for (i = 0; i < BUF_LEN; i += strlen(s)) { \
  30. memcpy(buf+i, s, MIN(strlen(s), BUF_LEN-i)); \
  31. } \
  32. \
  33. /* Use the buffer as input to a computation so the above can't get */ \
  34. /* optimized away. */ \
  35. for (i = 0; i < BUF_LEN; ++i) { \
  36. sum += (unsigned char)buf[i]; \
  37. }
  38. #ifdef OpenBSD
  39. /* Disable some of OpenBSD's malloc protections for this test. This helps
  40. * us do bad things, such as access freed buffers, without crashing. */
  41. extern const char *malloc_options;
  42. const char *malloc_options = "sufjj";
  43. #endif /* defined(OpenBSD) */
  44. static unsigned
  45. fill_a_buffer_memset(void)
  46. {
  47. char buf[BUF_LEN];
  48. FILL_BUFFER_IMPL()
  49. memset(buf, 0, sizeof(buf));
  50. return sum;
  51. }
  52. static unsigned
  53. fill_a_buffer_memwipe(void)
  54. {
  55. char buf[BUF_LEN];
  56. FILL_BUFFER_IMPL()
  57. memwipe(buf, 0, sizeof(buf));
  58. return sum;
  59. }
  60. static unsigned
  61. fill_a_buffer_nothing(void)
  62. {
  63. char buf[BUF_LEN];
  64. FILL_BUFFER_IMPL()
  65. return sum;
  66. }
  67. static inline int
  68. vmemeq(volatile char *a, const char *b, size_t n)
  69. {
  70. while (n--) {
  71. if (*a++ != *b++)
  72. return 0;
  73. }
  74. return 1;
  75. }
  76. static unsigned
  77. check_a_buffer(void)
  78. {
  79. unsigned int i;
  80. volatile char buf[BUF_LEN];
  81. unsigned sum = 0;
  82. /* See if this buffer has the string in it.
  83. YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM AN UNINITIALIZED
  84. BUFFER.
  85. If you know a better way to figure out whether the compiler eliminated
  86. the memset/memwipe calls or not, please let me know.
  87. */
  88. for (i = 0; i < BUF_LEN - strlen(s); ++i) {
  89. if (vmemeq(buf+i, s, strlen(s)))
  90. ++sum;
  91. }
  92. return sum;
  93. }
  94. static char *heap_buf = NULL;
  95. static unsigned
  96. fill_heap_buffer_memset(void)
  97. {
  98. char *buf = heap_buf = raw_malloc(BUF_LEN);
  99. FILL_BUFFER_IMPL()
  100. memset(buf, 0, BUF_LEN);
  101. raw_free(buf);
  102. return sum;
  103. }
  104. static unsigned
  105. fill_heap_buffer_memwipe(void)
  106. {
  107. char *buf = heap_buf = raw_malloc(BUF_LEN);
  108. FILL_BUFFER_IMPL()
  109. memwipe(buf, 0, BUF_LEN);
  110. raw_free(buf);
  111. return sum;
  112. }
  113. static unsigned
  114. fill_heap_buffer_nothing(void)
  115. {
  116. char *buf = heap_buf = raw_malloc(BUF_LEN);
  117. FILL_BUFFER_IMPL()
  118. raw_free(buf);
  119. return sum;
  120. }
  121. static unsigned
  122. check_heap_buffer(void)
  123. {
  124. unsigned int i;
  125. unsigned sum = 0;
  126. volatile char *buf = heap_buf;
  127. /* See if this buffer has the string in it.
  128. YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM A FREED BUFFER.
  129. If you know a better way to figure out whether the compiler eliminated
  130. the memset/memwipe calls or not, please let me know.
  131. */
  132. for (i = 0; i < BUF_LEN - strlen(s); ++i) {
  133. if (vmemeq(buf+i, s, strlen(s)))
  134. ++sum;
  135. }
  136. return sum;
  137. }
  138. static struct testcase {
  139. const char *name;
  140. /* this spacing satisfies make check-spaces */
  141. unsigned
  142. (*fill_fn)(void);
  143. unsigned
  144. (*check_fn)(void);
  145. } testcases[] = {
  146. { "nil", fill_a_buffer_nothing, check_a_buffer },
  147. { "nil-heap", fill_heap_buffer_nothing, check_heap_buffer },
  148. { "memset", fill_a_buffer_memset, check_a_buffer },
  149. { "memset-heap", fill_heap_buffer_memset, check_heap_buffer },
  150. { "memwipe", fill_a_buffer_memwipe, check_a_buffer },
  151. { "memwipe-heap", fill_heap_buffer_memwipe, check_heap_buffer },
  152. { NULL, NULL, NULL }
  153. };
  154. int
  155. main(int argc, char **argv)
  156. {
  157. unsigned x, x2;
  158. int i;
  159. int working = 1;
  160. unsigned found[6];
  161. (void) argc; (void) argv;
  162. s = "squamous haberdasher gallimaufry";
  163. memset(found, 0, sizeof(found));
  164. for (i = 0; testcases[i].name; ++i) {
  165. x = testcases[i].fill_fn();
  166. found[i] = testcases[i].check_fn();
  167. x2 = fill_a_buffer_nothing();
  168. if (x != x2) {
  169. working = 0;
  170. }
  171. }
  172. if (!working || !found[0] || !found[1]) {
  173. printf("It appears that this test case may not give you reliable "
  174. "information. Sorry.\n");
  175. }
  176. if (!found[2] && !found[3]) {
  177. printf("It appears that memset is good enough on this platform. Good.\n");
  178. }
  179. if (found[4] || found[5]) {
  180. printf("ERROR: memwipe does not wipe data!\n");
  181. return 1;
  182. } else {
  183. printf("OKAY: memwipe seems to work.\n");
  184. return 0;
  185. }
  186. }