Add programs/test/zeroize.c to test mbedtls_zeroize
The idea is to use the simple program that is expected to be modified
rarely to set a breakpoint in a specific line and check that the
function mbedtls_zeroize() does actually set the buffer to 0 and is not
optimised out by the compiler.
diff --git a/programs/.gitignore b/programs/.gitignore
index 27055b8..ddfa1a4 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -47,6 +47,7 @@
test/selftest
test/ssl_cert_test
test/udp_proxy
+test/zeroize
util/pem2der
util/strerror
x509/cert_app
diff --git a/programs/Makefile b/programs/Makefile
index 25f184f..4e659d4 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -67,6 +67,7 @@
random/gen_random_ctr_drbg$(EXEXT) \
test/ssl_cert_test$(EXEXT) test/benchmark$(EXEXT) \
test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \
+ test/zeroize$(EXEXT) \
util/pem2der$(EXEXT) util/strerror$(EXEXT) \
x509/cert_app$(EXEXT) x509/crl_app$(EXEXT) \
x509/cert_req$(EXEXT) x509/cert_write$(EXEXT) \
@@ -249,6 +250,10 @@
echo " CC test/udp_proxy.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/udp_proxy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+test/zeroize$(EXEXT): test/zeroize.c $(DEP)
+ echo " CC test/zeroize.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
util/pem2der$(EXEXT): util/pem2der.c $(DEP)
echo " CC util/pem2der.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/pem2der.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 0ed7145..1e87fca 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -22,6 +22,9 @@
add_executable(udp_proxy udp_proxy.c)
target_link_libraries(udp_proxy ${libs})
-install(TARGETS selftest benchmark ssl_cert_test udp_proxy
+add_executable(zeroize zeroize.c)
+target_link_libraries(zeroize ${libs})
+
+install(TARGETS selftest benchmark ssl_cert_test udp_proxy zeroize
DESTINATION "bin"
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c
new file mode 100644
index 0000000..7f3e8b4
--- /dev/null
+++ b/programs/test/zeroize.c
@@ -0,0 +1,91 @@
+/*
+ * Zeroize demonstration program
+ *
+ * Copyright (C) 2017, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stdio.h>
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif
+
+#include "mbedtls/utils.h"
+
+#define BUFFER_LEN 1024
+
+void usage( void )
+{
+ mbedtls_printf( "Zeroize is a simple program to assist with testing\n" );
+ mbedtls_printf( "the mbedtls_zeroize() function by using the\n" );
+ mbedtls_printf( "debugger. This program takes a file as input and\n" );
+ mbedtls_printf( "prints the first %d characters. Usage:\n\n", BUFFER_LEN );
+ mbedtls_printf( " zeroize <FILE>\n" );
+}
+
+int main( int argc, char** argv )
+{
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ FILE * fp;
+ char buf[BUFFER_LEN];
+ char *p = buf;
+ char *end = p + BUFFER_LEN;
+ char c;
+
+ if( argc != 2 )
+ {
+ mbedtls_printf( "This program takes exactly 1 agument\n" );
+ usage();
+ return( exit_code );
+ }
+
+ fp = fopen( argv[1], "r" );
+ if( fp == NULL )
+ {
+ mbedtls_printf( "Could not open file '%s'\n", argv[1] );
+ return( exit_code );
+ }
+
+ while( ( c = fgetc( fp ) ) != EOF && p < end - 1 )
+ *p++ = c;
+ *p = '\0';
+
+ if( p - buf != 0 )
+ {
+ mbedtls_printf( "%s\n", buf );
+ mbedtls_zeroize( buf, sizeof( buf ) );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+ }
+ else
+ mbedtls_printf( "The file is empty!\n" );
+
+ fclose( fp );
+
+ return( exit_code );
+}