diff options
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | lib/handshake.c | 15 | ||||
-rw-r--r-- | lib/state.c | 21 |
3 files changed, 35 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac index 172cf429e4..12da283430 100644 --- a/configure.ac +++ b/configure.ac @@ -233,6 +233,8 @@ AS_IF([test "$ac_cv_search___atomic_load_4" = "none required" || test "$ac_cv_se dnl We use its presence to detect C11 threads AC_CHECK_HEADERS([threads.h]) +AC_CHECK_HEADERS([valgrind/memcheck.h]) + AC_ARG_ENABLE(padlock, AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]), use_padlock=$enableval) diff --git a/lib/handshake.c b/lib/handshake.c index 84a0e52101..8d58fa48e7 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -57,6 +57,9 @@ #include "secrets.h" #include "tls13/session_ticket.h" #include "locks.h" +#ifdef HAVE_VALGRIND_MEMCHECK_H +#include <valgrind/memcheck.h> +#endif #define TRUE 1 #define FALSE 0 @@ -242,6 +245,12 @@ int _gnutls_gen_client_random(gnutls_session_t session) return gnutls_assert_val(ret); } +#ifdef HAVE_VALGRIND_MEMCHECK_H + if (RUNNING_ON_VALGRIND) + VALGRIND_MAKE_MEM_DEFINED(session->security_parameters.client_random, + GNUTLS_RANDOM_SIZE); +#endif + return 0; } @@ -320,6 +329,12 @@ int _gnutls_gen_server_random(gnutls_session_t session, int version) return ret; } +#ifdef HAVE_VALGRIND_MEMCHECK_H + if (RUNNING_ON_VALGRIND) + VALGRIND_MAKE_MEM_DEFINED(session->security_parameters.server_random, + GNUTLS_RANDOM_SIZE); +#endif + return 0; } diff --git a/lib/state.c b/lib/state.c index 0e1d155442..98900c171f 100644 --- a/lib/state.c +++ b/lib/state.c @@ -55,6 +55,9 @@ #include "ext/cert_types.h" #include "locks.h" #include "kx.h" +#ifdef HAVE_VALGRIND_MEMCHECK_H +#include <valgrind/memcheck.h> +#endif /* to be used by supplemental data support to disable TLS1.3 * when supplemental data have been globally registered */ @@ -564,10 +567,22 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags) UINT32_MAX; } - /* everything else not initialized here is initialized - * as NULL or 0. This is why calloc is used. + /* Everything else not initialized here is initialized as NULL + * or 0. This is why calloc is used. However, we want to + * ensure that certain portions of data are initialized at + * runtime before being used. Mark such regions with a + * valgrind client request as undefined. */ - +#ifdef HAVE_VALGRIND_MEMCHECK_H + if (RUNNING_ON_VALGRIND) { + if (flags & GNUTLS_CLIENT) + VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.client_random, + GNUTLS_RANDOM_SIZE); + if (flags & GNUTLS_SERVER) + VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.server_random, + GNUTLS_RANDOM_SIZE); + } +#endif handshake_internal_state_clear1(*session); #ifdef HAVE_WRITEV |