Add a test for CRYPTO_memcmp.

This test is written in honor of CVE-2018-0733. Change-Id: I8a41f917b08496870037f745f19bdcdb65b3d623 Reviewed-on: https://boringssl-review.googlesource.com/26845 Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
пре 6 година · 2e16f6ba81
--- a/crypto/constant_time_test.cc
+++ b/crypto/constant_time_test.cc
@@ -53,6 +53,9 @@

 #include <gtest/gtest.h>

 #include <openssl/mem.h>
 #include <openssl/rand.h>


 static uint8_t FromBool8(bool b) {
  return b ? CONSTTIME_TRUE_8 : CONSTTIME_FALSE_8;
@@ -134,3 +137,19 @@ TEST(ConstantTimeTest, Test) {
    }
  }
 }

 TEST(ConstantTimeTest, MemCmp) {
  uint8_t buf[256], copy[256];
  RAND_bytes(buf, sizeof(buf));

  OPENSSL_memcpy(copy, buf, sizeof(buf));
  EXPECT_EQ(0, CRYPTO_memcmp(buf, copy, sizeof(buf)));

  for (size_t i = 0; i < sizeof(buf); i++) {
    for (uint8_t bit = 1; bit != 0; bit <<= 1) {
      OPENSSL_memcpy(copy, buf, sizeof(buf));
      copy[i] ^= bit;
      EXPECT_NE(0, CRYPTO_memcmp(buf, copy, sizeof(buf)));
    }
  }
 }