Enable testing of asm under Memsan
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h
index 91418e5..f8f6bb1 100644
--- a/library/constant_time_impl.h
+++ b/library/constant_time_impl.h
@@ -37,15 +37,7 @@
#include "mbedtls/bignum.h"
#endif
-
-/* Disable asm under Memsan because it confuses Memsan and generates false errors */
-#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
-#define MBEDTLS_CT_NO_ASM
-#elif defined(__has_feature)
-#if __has_feature(memory_sanitizer)
-#define MBEDTLS_CT_NO_ASM
-#endif
-#endif
+#include "../tests/include/test/constant_flow.h"
/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && (!defined(__ARMCC_VERSION) || \
@@ -79,7 +71,19 @@
static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x)
{
#if defined(MBEDTLS_CT_ASM)
+ /* Prevent false positives from Memsan - otherwise it will report the asm as
+ * accessing secret data. */
+ TEST_CF_PUBLIC(&x, sizeof(x));
+
asm volatile ("" : [x] "+r" (x) :);
+
+ /* Mark the return value as secret. This is needed so that code of the form:
+ *
+ * if (mbedtls_ct_compiler_opaque(secret)) { ... }
+ *
+ * will fail const-flow tests.
+ */
+ TEST_CF_SECRET(&x, sizeof(x));
return x;
#else
return x ^ mbedtls_ct_zero;