From 0a2924e5489897cfeba9a8ec8f1293df32ced093 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Niels=20M=C3=B6ller?= Date: Wed, 12 Apr 2023 09:47:48 +0200 Subject: [PATCH] Add valgrind annotations to ghash tests. --- ChangeLog | 6 ++++++ testsuite/gcm-test.c | 15 +++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/ChangeLog b/ChangeLog index 674c3769..410e1d9d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2023-04-12 Niels Möller + + * testsuite/gcm-test.c (test_ghash_internal): Add valgrind + annotations, to verify that the ghash makes no data-dependent + branches or memory accesses. + 2023-04-08 Niels Möller * examples/nettle-benchmark.c (bench_ghash_update): New function. diff --git a/testsuite/gcm-test.c b/testsuite/gcm-test.c index d70cdd1e..bc555d60 100644 --- a/testsuite/gcm-test.c +++ b/testsuite/gcm-test.c @@ -6,6 +6,13 @@ #include "gcm.h" #include "ghash-internal.h" +#if HAVE_VALGRIND_MEMCHECK_H +# include +#else +# define VALGRIND_MAKE_MEM_UNDEFINED(p, n) +# define VALGRIND_MAKE_MEM_DEFINED(p, n) +#endif + static void test_gcm_hash (const struct tstring *msg, const struct tstring *ref) { @@ -42,11 +49,19 @@ test_ghash_internal (const struct tstring *key, struct gcm_key gcm_key; union nettle_block16 state; + /* Use VALGRIND_MAKE_MEM_DEFINED to mark inputs as "undefined", to + get valgrind to warn about any branches or memory accesses + depending on secret data. */ memcpy (state.b, key->data, GCM_BLOCK_SIZE); + VALGRIND_MAKE_MEM_UNDEFINED (&state, sizeof(state)); _ghash_set_key (&gcm_key, &state); memcpy (state.b, iv->data, GCM_BLOCK_SIZE); + VALGRIND_MAKE_MEM_UNDEFINED (&state, sizeof(state)); + VALGRIND_MAKE_MEM_UNDEFINED (message->data, message->length); _ghash_update (&gcm_key, &state, message->length / GCM_BLOCK_SIZE, message->data); + VALGRIND_MAKE_MEM_DEFINED (&state, sizeof(state)); + VALGRIND_MAKE_MEM_DEFINED (message->data, message->length); if (!MEMEQ(GCM_BLOCK_SIZE, state.b, digest->data)) { fprintf (stderr, "gcm_hash (internal) failed\n"); -- 2.47.2