diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2020-04-05 11:04:54 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2020-04-05 11:04:54 +0000 |
commit | a2255cb259b5b7df76cd47b27410ee87ffe5eac0 (patch) | |
tree | aa1a91ec8d97d3bb89ae2509b4dc1a3417de5edb | |
parent | 555ea294c485d0d924690e1954627a404a79df66 (diff) | |
parent | 50ad8778a81f9421effa4c5a3b457f98e559b178 (diff) | |
download | gnutls-a2255cb259b5b7df76cd47b27410ee87ffe5eac0.tar.gz |
Merge branch 'tmp-valgrind-memcheck' into 'master'
build: use valgrind client request to detect undefined memory use
See merge request gnutls/gnutls!1228
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | lib/handshake.c | 15 | ||||
-rw-r--r-- | lib/state.c | 21 |
3 files changed, 35 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac index 79ee38cabe..bc25c5bd91 100644 --- a/configure.ac +++ b/configure.ac @@ -233,6 +233,8 @@ AS_IF([test "$ac_cv_search___atomic_load_4" = "none required" || test "$ac_cv_se dnl We use its presence to detect C11 threads AC_CHECK_HEADERS([threads.h]) +AC_CHECK_HEADERS([valgrind/memcheck.h]) + AC_ARG_ENABLE(padlock, AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]), use_padlock=$enableval) diff --git a/lib/handshake.c b/lib/handshake.c index 84a0e52101..8d58fa48e7 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -57,6 +57,9 @@ #include "secrets.h" #include "tls13/session_ticket.h" #include "locks.h" +#ifdef HAVE_VALGRIND_MEMCHECK_H +#include <valgrind/memcheck.h> +#endif #define TRUE 1 #define FALSE 0 @@ -242,6 +245,12 @@ int _gnutls_gen_client_random(gnutls_session_t session) return gnutls_assert_val(ret); } +#ifdef HAVE_VALGRIND_MEMCHECK_H + if (RUNNING_ON_VALGRIND) + VALGRIND_MAKE_MEM_DEFINED(session->security_parameters.client_random, + GNUTLS_RANDOM_SIZE); +#endif + return 0; } @@ -320,6 +329,12 @@ int _gnutls_gen_server_random(gnutls_session_t session, int version) return ret; } +#ifdef HAVE_VALGRIND_MEMCHECK_H + if (RUNNING_ON_VALGRIND) + VALGRIND_MAKE_MEM_DEFINED(session->security_parameters.server_random, + GNUTLS_RANDOM_SIZE); +#endif + return 0; } diff --git a/lib/state.c b/lib/state.c index 0e1d155442..98900c171f 100644 --- a/lib/state.c +++ b/lib/state.c @@ -55,6 +55,9 @@ #include "ext/cert_types.h" #include "locks.h" #include "kx.h" +#ifdef HAVE_VALGRIND_MEMCHECK_H +#include <valgrind/memcheck.h> +#endif /* to be used by supplemental data support to disable TLS1.3 * when supplemental data have been globally registered */ @@ -564,10 +567,22 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags) UINT32_MAX; } - /* everything else not initialized here is initialized - * as NULL or 0. This is why calloc is used. + /* Everything else not initialized here is initialized as NULL + * or 0. This is why calloc is used. However, we want to + * ensure that certain portions of data are initialized at + * runtime before being used. Mark such regions with a + * valgrind client request as undefined. */ - +#ifdef HAVE_VALGRIND_MEMCHECK_H + if (RUNNING_ON_VALGRIND) { + if (flags & GNUTLS_CLIENT) + VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.client_random, + GNUTLS_RANDOM_SIZE); + if (flags & GNUTLS_SERVER) + VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.server_random, + GNUTLS_RANDOM_SIZE); + } +#endif handshake_internal_state_clear1(*session); #ifdef HAVE_WRITEV |