mbedtls/tests/scripts/test_zeroize.gdb

72 lines
2.7 KiB
Plaintext
Raw Permalink Normal View History

2017-10-24 23:47:14 +02:00
# test_zeroize.gdb
#
# This file is part of Mbed TLS (https://tls.mbed.org)
2017-10-24 23:47:14 +02:00
#
# Copyright (c) 2018, Arm Limited, All Rights Reserved
2017-10-24 23:47:14 +02:00
#
# Purpose
#
# Run a test using the debugger to check that the mbedtls_platform_zeroize()
# function in platform_util.h is not being optimized out by the compiler. To do
# so, the script loads the test program at programs/test/zeroize.c and sets a
# breakpoint at the last return statement in main(). When the breakpoint is
# hit, the debugger manually checks the contents to be zeroized and checks that
# it is actually cleared.
2017-10-24 23:47:14 +02:00
#
# The mbedtls_platform_zeroize() test is debugger driven because there does not
# seem to be a mechanism to reliably check whether the zeroize calls are being
# eliminated by compiler optimizations from within the compiled program. The
# problem is that a compiler would typically remove what it considers to be
# "unnecessary" assignments as part of redundant code elimination. To identify
# such code, the compilar will create some form dependency graph between
# reads and writes to variables (among other situations). It will then use this
# data structure to remove redundant code that does not have an impact on the
# program's observable behavior. In the case of mbedtls_platform_zeroize(), an
# intelligent compiler could determine that this function clears a block of
# memory that is not accessed later in the program, so removing the call to
# mbedtls_platform_zeroize() does not have an observable behavior. However,
# inserting a test after a call to mbedtls_platform_zeroize() to check whether
# the block of memory was correctly zeroed would force the compiler to not
# eliminate the mbedtls_platform_zeroize() call. If this does not occur, then
# the compiler potentially has a bug.
#
2017-10-24 23:47:14 +02:00
# Note: This test requires that the test program is compiled with -g3.
#
# WARNING: There does not seem to be a mechanism in GDB scripts to set a
# breakpoint at the end of a function (probably because there are a lot of
# complications as function can have multiple exit points, etc). Therefore, it
# was necessary to hard-code the line number of the breakpoint in the zeroize.c
# test app. The assumption is that zeroize.c is a simple test app that does not
# change often (as opposed to the actual library code), so the breakpoint line
# number does not need to be updated often.
2017-10-24 23:47:14 +02:00
set confirm off
file ./programs/test/zeroize
Merge mbedtls 2.16.6 into baremetal Conflicts: mbedtls.doxyfile - PROJECT_NAME - mbed TLS v2.16.6 chosen. doc_mainpage.h - mbed TLS v2.16.6 version chosen. hmac_drbg.h - line 260, extended description chosen. - line 313, extended description chosen. - line 338, extended description chosen. version.h - 2.16.6 chosen. CMakeLists.txt - 2.16.6 chosen. test_suite_version.data - 2.16.6 chosen. Makefile - 141 - manual correction - baremetal version of C_SOURCE_FILES with variables for directories plus 2.16.6 CTAGS addition. pkparse.c - lines 846 onwards - the asn1_get_nonzero_mpi implementation chosen. ssl_tls.c - line 5269 - edited manually, left the ret=0, because baremetal has a different behaviour since commit 87b5626, but added a debug message that's new in 2.16.6. all.sh: - component_build_deprecated - chosen the refactored version from 2.16.6, but with extra flags from baremetal. - rest of the _no_xxx tests - merged make options to have PTHREAD=1 and other changes from 2.16.6 (like -O1 instead of -O0). - component_build_arm_none_eabi_gcc_no_64bit_multiplication - added TINYCRYPT_BUILD=0 to the 2.16.6 version of make. x509/req_app.c - left baremetal log but with mbedtls_exit( 0 ) call. x509/crl_app.c - left baremetal log but with mbedtls_exit( 0 ) call. x509/cert_app.c - left baremetal log but with mbedtls_exit( 0 ) call. ssl/ssl_mail_client.c - left baremetal log but with mbedtls_exit( 0 ) call. ssl/ssl_pthread_server.c - left baremetal log but with mbedtls_exit( 0 ) call. ssl/ssl_fork_server.c - left baremetal log but with mbedtls_exit( 0 ) call. ssl_client1.c - line 54 - left baremetal log but with mbedtls_exit( 0 ) call. ssl_client2.c - line 54 - left baremetal log but with mbedtls_exit( 0 ) call. - line 132 - new options of both branches added. - skip close notify handled as in 2.16.6, but with `ssl` instead of `&ssl`. - Merged the 2.16.6 usage split with additional baremetal usages. - Merged options from baremetal and 2.16.6. ssl_server.c - left baremetal log but with mbedtls_exit( 0 ) call. ssl_server2.c - Merged the 2.16.6 usage split with additional baremetal usages. config.pl - fixed missing defines from the documentation, removed duplicates, and reorganised so that the documentation and excluded list are ordered in the same way. test_suite_x509parse.data - only added the two new pathlen tests. x509_crt.c - change the return code by removing MBEDTLS_ERR_X509_INVALID_EXTENSIONS, since it's added by x509_crt_frame_parse_ext not by an "or", but by "+=". Changelog - Assigned all entries to appropriate sections. ssl-opt.sh - line 8263 - merged options. - removed lines 1165 - 1176 - there was a duplicate test, probably an artifact of previous merges. check-files.py - sticked to old formatting. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-05-18 17:47:25 +02:00
break zeroize.c:102
set args ./programs/test/zeroize.c
run
set $i = 0
set $len = sizeof(buf)
set $buf = buf
while $i < $len
if $buf[$i++] != 0
echo The buffer at was not zeroized\n
quit 1
end
end
echo The buffer was correctly zeroized\n
continue
if $_exitcode != 0
echo The program did not terminate correctly\n
quit 1
end
quit 0