From cd2ae320e34c3ebda1ae2c93ddc9dcf8edc0f3ef Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Mon, 1 Jul 2024 16:55:19 +0100 Subject: [PATCH 1/7] Alter constant-flow memsan testing Disable asm in memsan constant-flow testing and add a check in check_config.h Signed-off-by: Elena Uziunaite --- include/mbedtls/check_config.h | 3 +++ tests/scripts/components-sanitizers.sh | 2 ++ 2 files changed, 5 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 67a05f83b8..a17ccb85b4 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -247,6 +247,9 @@ #if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN) #error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer" #endif +#if defined(MBEDTLS_HAS_MEMSAN) && defined(MBEDTLS_HAVE_ASM) +#error "MEMSAN does not support assembly implementation" +#endif #undef MBEDTLS_HAS_MEMSAN // temporary macro defined above #if defined(MBEDTLS_CCM_C) && \ diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh index 5b79d2b778..261652a832 100644 --- a/tests/scripts/components-sanitizers.sh +++ b/tests/scripts/components-sanitizers.sh @@ -42,6 +42,7 @@ component_test_memsan_constant_flow () { scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm + scripts/config.py unset MBEDTLS_HAVE_ASM CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . make @@ -60,6 +61,7 @@ component_test_memsan_constant_flow_psa () { scripts/config.py full scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm + scripts/config.py unset MBEDTLS_HAVE_ASM CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . make From 9af882dcfb8a6d351a6ab821303fe47086deaa42 Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Tue, 2 Jul 2024 10:52:13 +0100 Subject: [PATCH 2/7] Disable asm in component_test_memsan Signed-off-by: Elena Uziunaite --- tests/scripts/components-sanitizers.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh index 261652a832..ed4635e023 100644 --- a/tests/scripts/components-sanitizers.sh +++ b/tests/scripts/components-sanitizers.sh @@ -147,6 +147,7 @@ component_test_tsan () { component_test_memsan () { msg "build: MSan (clang)" # ~ 1 min 20s scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm + scripts/config.py unset MBEDTLS_HAVE_ASM CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . make From f0871be2580881744865eddc54b2af0add444c2d Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Tue, 2 Jul 2024 15:52:03 +0100 Subject: [PATCH 3/7] Change valgrind constant flow testing to test without asm Signed-off-by: Elena Uziunaite --- tests/scripts/components-sanitizers.sh | 61 ++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh index ed4635e023..c327b79f31 100644 --- a/tests/scripts/components-sanitizers.sh +++ b/tests/scripts/components-sanitizers.sh @@ -103,6 +103,42 @@ component_release_test_valgrind_constant_flow () { make memcheck } +component_release_test_valgrind_constant_flow_no_asm () { + # This tests both (1) everything that valgrind's memcheck usually checks + # (heap buffer overflows, use of uninitialized memory, use-after-free, + # etc.) and (2) branches or memory access depending on secret values, + # which will be reported as uninitialized memory. To distinguish between + # secret and actually uninitialized: + # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? + # - or alternatively, build with debug info and manually run the offending + # test suite with valgrind --track-origins=yes, then check if the origin + # was TEST_CF_SECRET() or something else. + msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO, minus MBEDTLS_HAVE_ASM with constant flow testing" + scripts/config.py full + scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_AESNI_C + scripts/config.py unset MBEDTLS_HAVE_ASM + skip_suites_without_constant_flow + cmake -D CMAKE_BUILD_TYPE:String=Release . + make + + # this only shows a summary of the results (how many of each type) + # details are left in Testing//DynamicAnalysis.xml + msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, minus MBEDTLS_HAVE_ASM, valgrind + constant flow)" + make memcheck + + # Test asm path in constant time module - by default, it will test the plain C + # path under Valgrind or Memsan. Running only the constant_time tests is fast (<1s) + msg "test: valgrind asm constant_time" + scripts/config.py --force set MBEDTLS_TEST_CONSTANT_FLOW_ASM + skip_all_except_given_suite test_suite_constant_time + cmake -D CMAKE_BUILD_TYPE:String=Release . + make clean + make + make memcheck +} + component_release_test_valgrind_constant_flow_psa () { # This tests both (1) everything that valgrind's memcheck usually checks # (heap buffer overflows, use of uninitialized memory, use-after-free, @@ -126,6 +162,31 @@ component_release_test_valgrind_constant_flow_psa () { make memcheck } +component_release_test_valgrind_constant_flow_psa_no_asm () { + # This tests both (1) everything that valgrind's memcheck usually checks + # (heap buffer overflows, use of uninitialized memory, use-after-free, + # etc.) and (2) branches or memory access depending on secret values, + # which will be reported as uninitialized memory. To distinguish between + # secret and actually uninitialized: + # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? + # - or alternatively, build with debug info and manually run the offending + # test suite with valgrind --track-origins=yes, then check if the origin + # was TEST_CF_SECRET() or something else. + msg "build: cmake release GCC, full config minus MBEDTLS_HAVE_ASM with constant flow testing" + scripts/config.py full + scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND + scripts/config.py unset MBEDTLS_AESNI_C + scripts/config.py unset MBEDTLS_HAVE_ASM + skip_suites_without_constant_flow + cmake -D CMAKE_BUILD_TYPE:String=Release . + make + + # this only shows a summary of the results (how many of each type) + # details are left in Testing//DynamicAnalysis.xml + msg "test: some suites (full minus MBEDTLS_HAVE_ASM, valgrind + constant flow)" + make memcheck +} + component_test_tsan () { msg "build: TSan (clang)" scripts/config.py full From 27c953dcbc5531d35f1a676769b9aafa5b7f559b Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Wed, 3 Jul 2024 17:17:40 +0100 Subject: [PATCH 4/7] Edit component_release_test_valgrind_constant_flow_no_asm Signed-off-by: Elena Uziunaite --- tests/scripts/components-sanitizers.sh | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh index c327b79f31..0b3c99f70a 100644 --- a/tests/scripts/components-sanitizers.sh +++ b/tests/scripts/components-sanitizers.sh @@ -127,16 +127,6 @@ component_release_test_valgrind_constant_flow_no_asm () { # details are left in Testing//DynamicAnalysis.xml msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, minus MBEDTLS_HAVE_ASM, valgrind + constant flow)" make memcheck - - # Test asm path in constant time module - by default, it will test the plain C - # path under Valgrind or Memsan. Running only the constant_time tests is fast (<1s) - msg "test: valgrind asm constant_time" - scripts/config.py --force set MBEDTLS_TEST_CONSTANT_FLOW_ASM - skip_all_except_given_suite test_suite_constant_time - cmake -D CMAKE_BUILD_TYPE:String=Release . - make clean - make - make memcheck } component_release_test_valgrind_constant_flow_psa () { From 81d6b6b576db446f2f8e5d19470e695765cb626d Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Wed, 3 Jul 2024 17:20:35 +0100 Subject: [PATCH 5/7] Remove the hack in library/constant_time_impl.h Signed-off-by: Elena Uziunaite --- library/constant_time_impl.h | 15 --------------- tests/scripts/components-sanitizers.sh | 1 - 2 files changed, 16 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 2a4574ba68..761d117c34 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -36,21 +36,6 @@ #pragma GCC diagnostic ignored "-Wredundant-decls" #endif -/* Disable asm under Memsan because it confuses Memsan and generates false errors. - * - * We also disable under Valgrind by default, because it's more useful - * for Valgrind to test the plain C implementation. MBEDTLS_TEST_CONSTANT_FLOW_ASM //no-check-names - * may be set to permit building asm under Valgrind. - */ -#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) || \ - (defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) && !defined(MBEDTLS_TEST_CONSTANT_FLOW_ASM)) //no-check-names -#define MBEDTLS_CT_NO_ASM -#elif defined(__has_feature) -#if __has_feature(memory_sanitizer) -#define MBEDTLS_CT_NO_ASM -#endif -#endif - /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ #if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && (!defined(__ARMCC_VERSION) || \ __ARMCC_VERSION >= 6000000) && !defined(MBEDTLS_CT_NO_ASM) diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh index 0b3c99f70a..7ee35d8eb6 100644 --- a/tests/scripts/components-sanitizers.sh +++ b/tests/scripts/components-sanitizers.sh @@ -95,7 +95,6 @@ component_release_test_valgrind_constant_flow () { # Test asm path in constant time module - by default, it will test the plain C # path under Valgrind or Memsan. Running only the constant_time tests is fast (<1s) msg "test: valgrind asm constant_time" - scripts/config.py --force set MBEDTLS_TEST_CONSTANT_FLOW_ASM skip_all_except_given_suite test_suite_constant_time cmake -D CMAKE_BUILD_TYPE:String=Release . make clean From dc74d8effcbb9e3b4663862cbac65a291c5b92d0 Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Thu, 4 Jul 2024 11:46:58 +0100 Subject: [PATCH 6/7] Tiny fix in library/constant_time_impl.h Signed-off-by: Elena Uziunaite --- library/constant_time_impl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 761d117c34..aeaeecb7de 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -38,7 +38,7 @@ /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ #if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && (!defined(__ARMCC_VERSION) || \ - __ARMCC_VERSION >= 6000000) && !defined(MBEDTLS_CT_NO_ASM) + __ARMCC_VERSION >= 6000000) #define MBEDTLS_CT_ASM #if (defined(__arm__) || defined(__thumb__) || defined(__thumb2__)) #define MBEDTLS_CT_ARM_ASM From bc7bffcb76aa6ee29ce3a71b951070250ede0b76 Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Thu, 18 Jul 2024 14:40:43 +0300 Subject: [PATCH 7/7] Remove test_valgrind_constant_flow_psa_no_asm + typo fix Signed-off-by: Elena Uziunaite --- include/mbedtls/check_config.h | 2 +- tests/scripts/components-sanitizers.sh | 25 ------------------------- 2 files changed, 1 insertion(+), 26 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index a17ccb85b4..c80e286baf 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -248,7 +248,7 @@ #error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer" #endif #if defined(MBEDTLS_HAS_MEMSAN) && defined(MBEDTLS_HAVE_ASM) -#error "MEMSAN does not support assembly implementation" +#error "MemorySanitizer does not support assembly implementation" #endif #undef MBEDTLS_HAS_MEMSAN // temporary macro defined above diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh index 7ee35d8eb6..c9648aa48d 100644 --- a/tests/scripts/components-sanitizers.sh +++ b/tests/scripts/components-sanitizers.sh @@ -151,31 +151,6 @@ component_release_test_valgrind_constant_flow_psa () { make memcheck } -component_release_test_valgrind_constant_flow_psa_no_asm () { - # This tests both (1) everything that valgrind's memcheck usually checks - # (heap buffer overflows, use of uninitialized memory, use-after-free, - # etc.) and (2) branches or memory access depending on secret values, - # which will be reported as uninitialized memory. To distinguish between - # secret and actually uninitialized: - # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? - # - or alternatively, build with debug info and manually run the offending - # test suite with valgrind --track-origins=yes, then check if the origin - # was TEST_CF_SECRET() or something else. - msg "build: cmake release GCC, full config minus MBEDTLS_HAVE_ASM with constant flow testing" - scripts/config.py full - scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_HAVE_ASM - skip_suites_without_constant_flow - cmake -D CMAKE_BUILD_TYPE:String=Release . - make - - # this only shows a summary of the results (how many of each type) - # details are left in Testing//DynamicAnalysis.xml - msg "test: some suites (full minus MBEDTLS_HAVE_ASM, valgrind + constant flow)" - make memcheck -} - component_test_tsan () { msg "build: TSan (clang)" scripts/config.py full