lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Improve docs for zeroize.c and test_zeroize.gdb

Browse Source
This commit is contained in:
Andres Amaya Garcia
2018-03-08 21:21:40 +00:00
parent 1e8ea5fa68
commit 42defd10a6
2 changed files with 36 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
tests/scripts/test_zeroize.gdb
View File

@ -13,11 +13,36 @@
# debugger manually checks the contents to be zeroized and checks that it is
# actually cleared.
#
# The mbedtls_zeroize() test is debugger driven because there does not seem to
# be a mechanism to reliably check whether the zeroize calls are being
# eliminated by compiler optimizations from within the compiled program. The
# problem is that a compiler would typically remove what it considers to be
# "unecessary" assignments as part of redundant code elimination. To identify
# such code, the compilar will create some form dependency graph between
# reads and writes to variables (among other situations). It will then use this
# data structure to remove redundant code that does not have an impact on the
# program's observable behavior. In the case of mbedtls_zeroize(), an
# intelligent compiler could determine that this function clears a block of
# memory that is not accessed later in the program, so removing the call to
# mbedtls_zeroize() does not have an observable behavior. However, inserting a
# test after a call to mbedtls_zeroize() to check whether the block of
# memory was correctly zeroed would force the compiler to not eliminate the
# mbedtls_zeroize() call. If this does not occur, then the compiler potentially
# has a bug.
#
# Note: This test requires that the test program is compiled with -g3.
#
# WARNING: There does not seem to be a mechanism in GDB scripts to set a
# breakpoint at the end of a function (probably because there are a lot of
# complications as function can have multiple exit points, etc). Therefore, it
# was necessary to hard-code the line number of the breakpoint in the zeroize.c
# test app. The assumption is that zeroize.c is a simple test app that does not
# change often (as opposed to the actual library code), so the breakpoint line
# number does not need to be updated often.
set confirm off
file ./programs/test/zeroize
break zeroize.c:90
break zeroize.c:99
set args ./programs/test/zeroize.c
run