1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-25 04:55:07 -07:00
Commit Graph

28 Commits

Author SHA1 Message Date
Frank Denis
45aa3adb96 Handle SIGPROT, CHERI's in-address space security exception 2023-09-12 21:02:18 +02:00
Frank Denis
a3c44aba94 sodium_utils{2,3} are not worth running in benchmarks 2023-06-16 19:01:57 +02:00
Frank Denis
55b4510986 sodium_utils tests: exit() -> _exit() 2022-11-13 23:49:38 +01:00
Frank Denis
a8fa837aac Don't even include signal.h on WASI
Since version 11, wasi-sysroot doesn't ignore it but spits out
an error instead.
2020-06-04 10:54:53 +02:00
Frank Denis
67a9e79655 Remove memory shielding
That was a great idea to protect against information leak through
speculative loads.

Realistically, nobody is going to use this.
2020-05-10 21:05:24 +02:00
Frank Denis
e97760ad68 shielding requires memory protection 2019-07-09 20:29:36 +02:00
Frank Denis
bfeca0eb73 Implement key shielding to protect against side channels
We may want to fold this into `sodium_mprotect_*()` instead of
exposing these functions.

The drawback is that a transition from PROT_NONE to PROT_READ
(or the other way round) would need an intermediary state in PROT_WRITE
for shielding/unshielding.

Shielding is also not thread-safe, while the `mprotect_*()` functions
are, and adding locks would make things more complicated than they
probably should.
2019-06-22 14:56:16 +02:00
Frank Denis
8745c85114 First step towards WASI support 2019-04-08 20:47:33 +02:00
Frank Denis
18d5940bc6 Use a simple memory pool for benchmarks
In the test suite, a significant amount of time is spent in memory
allocations. A memory pool helps achieve more relevant results with
less iterations.
2017-12-16 13:07:15 +01:00
Frank Denis
7334060f43 Add a workaround for old asan versions (CentOS 7) 2017-06-23 17:30:48 +02:00
Frank Denis
c3045e2cb0 Check that SIGSEGV handlers work
Tools such as ASAN may trap violations instead of our handlers,
making the sodium_utils{2,3} test fail.

This has been documented for a long time, but it's probably better
to detect this and ignore tests depending on working signal handlers.
2017-06-23 11:11:16 +02:00
Frank Denis
cac2dde218 Indent 2017-02-23 11:24:48 +01:00
Frank Denis
7afe93f9a2 Mark test functions as static and __attribute__ ((noreturn)) 2016-03-27 00:32:25 +01:00
Frank Denis
2aa703fcc7 Restore the previous sodium_malloc(0) behavior
If aligned memory cannot be obtained, allocate 1 byte
to always return a non-NULL pointer.
2016-03-25 16:26:37 +01:00
Frank Denis
d91adb2cff Avoid implicit sodium_malloc(0) in tests 2016-03-25 10:50:52 +01:00
Frank Denis
eb13ec0cff Make sodium_malloc(0) well-defined. It always returns NULL. 2016-03-25 09:44:41 +01:00
Frank Denis
a5ca5b1b25 Unused param 2016-03-06 14:00:18 +01:00
Frank Denis
771e32bd18 CompCert compatibility 2015-10-26 16:59:28 +01:00
Frank Denis
eb4e9e48f9 Turn ASAN errors into warnings in sodium_utils{2,3} tests 2015-04-24 15:11:29 +02:00
Frank Denis
f379ab8766 Add a test for sodium_allocarray(0, x) 2015-03-23 21:47:44 +01:00
Frank Denis
5e364632e0 Make sodium_free() callable even if protection is PROT_NONE.
Reported by @stouset, thanks!
2014-12-07 14:52:44 -08:00
Frank Denis
d556a56c3c Add extra assert() in tests allocating memory on the heap. 2014-11-25 16:19:20 -08:00
Frank Denis
5437f8974d Don't expect signals to work in Javascript 2014-11-24 17:48:51 -08:00
Frank Denis
5fd91b8f0f SIGSEGV handlers are incompatible with -fsanitize=address 2014-10-16 14:08:43 -07:00
Frank Denis
1cf170a90e Test sodium_allocarray(), and sodium_malloc() with a huge size 2014-09-16 15:35:21 -07:00
Frank Denis
82bc039d6c Consistent syle for the tests. 2014-09-14 11:32:55 -07:00
Frank Denis
4d276a81e7 Include header files commonly used by the tests to cmptest.h 2014-09-13 14:11:12 -07:00
Frank Denis
473e1718cc Add sodium_{malloc,allocarray,free}() and sodium_mprotect_*()
ptr = sodium_malloc(size) returns a pointer from which exactly "size" bytes
can be accessed.

ptr = sodium_allocarray(count, size) allocates enough storage space for
"count" pointers or scalars of unit size "size".

In both cases, the region is immediately followed by a guard page.
As a result, any attempt to access a memory location after ptr[size - 1] will
immediately trigger a segmentation fault.

The allocated region is mlock()ed and filled with 0xd0 bytes.

A read-only page with the size, a guard page, as well as a canary are
placed before the returned pointer.

The canary is checked by sodium_free(); as a result, altering data right
before ptr is likely to cause sodium_free() to kill the process.

sodium_free() munlock()s the region and fills it with zeros before
actually calling free().

sodium_mprotect_noaccess(), sodium_mprotect_readonly() and
sodium_mprotect_readwrite() can be used to change the protection on the set
of allocated pages.

Reverting the protection to read+write is not required before calling
sodium_free().
2014-08-14 21:41:05 -07:00