From ecd649205db1d886ac4021f37fb7bd583c720c0f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 16 Mar 2023 12:00:24 +0000 Subject: [PATCH 1/3] Add tests that cover msan explicit_bzero issue Signed-off-by: Dave Rodgman --- tests/suites/test_suite_platform_util.data | 24 +++++++++++++++++++ .../suites/test_suite_platform_util.function | 10 ++++++++ 2 files changed, 34 insertions(+) diff --git a/tests/suites/test_suite_platform_util.data b/tests/suites/test_suite_platform_util.data index 948543a6f..b820293b9 100644 --- a/tests/suites/test_suite_platform_util.data +++ b/tests/suites/test_suite_platform_util.data @@ -21,3 +21,27 @@ mbedtls_platform_zeroize:127:0 Zeroize len 128 mbedtls_platform_zeroize:128:0 + +Zeroize uninitialised 1 0 +mbedtls_platform_zeroize_uninitialised:1:0 + +Zeroize uninitialised 16 0 +mbedtls_platform_zeroize_uninitialised:16:0 + +Zeroize uninitialised 16 1 +mbedtls_platform_zeroize_uninitialised:16:1 + +Zeroize uninitialised 16 10 +mbedtls_platform_zeroize_uninitialised:16:10 + +Zeroize uninitialised 16 15 +mbedtls_platform_zeroize_uninitialised:16:15 + +Zeroize uninitialised 128 0 +mbedtls_platform_zeroize_uninitialised:128:0 + +Zeroize uninitialised 128 64 +mbedtls_platform_zeroize_uninitialised:128:64 + +Zeroize uninitialised 128 127 +mbedtls_platform_zeroize_uninitialised:128:127 diff --git a/tests/suites/test_suite_platform_util.function b/tests/suites/test_suite_platform_util.function index e5464e0ec..8f131dfa7 100644 --- a/tests/suites/test_suite_platform_util.function +++ b/tests/suites/test_suite_platform_util.function @@ -39,3 +39,13 @@ void mbedtls_platform_zeroize(int len, int null) TEST_EQUAL(buf[len + 1], 2); } /* END_CASE */ + +/* BEGIN_CASE */ +void mbedtls_platform_zeroize_uninitialised(int len, int p) +{ + char buf[128]; + mbedtls_platform_zeroize(buf, len); + + TEST_EQUAL(buf[p], 0); +} +/* END_CASE */ \ No newline at end of file From 5d2024333ba2a30b26e158ef2d1ba2959d3ecb6f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 16 Mar 2023 12:14:51 +0000 Subject: [PATCH 2/3] Fix missing line ending Signed-off-by: Dave Rodgman --- tests/suites/test_suite_platform_util.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_platform_util.function b/tests/suites/test_suite_platform_util.function index 8f131dfa7..d6d6d1f5e 100644 --- a/tests/suites/test_suite_platform_util.function +++ b/tests/suites/test_suite_platform_util.function @@ -48,4 +48,4 @@ void mbedtls_platform_zeroize_uninitialised(int len, int p) TEST_EQUAL(buf[p], 0); } -/* END_CASE */ \ No newline at end of file +/* END_CASE */ From 0a3c72df02a8ab8381ff6827afc18b32265e1242 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 16 Mar 2023 13:43:32 +0000 Subject: [PATCH 3/3] Add explanatory comment Signed-off-by: Dave Rodgman --- tests/suites/test_suite_platform_util.function | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/suites/test_suite_platform_util.function b/tests/suites/test_suite_platform_util.function index d6d6d1f5e..a4c11433a 100644 --- a/tests/suites/test_suite_platform_util.function +++ b/tests/suites/test_suite_platform_util.function @@ -43,6 +43,16 @@ void mbedtls_platform_zeroize(int len, int null) /* BEGIN_CASE */ void mbedtls_platform_zeroize_uninitialised(int len, int p) { + /* + * As per #7301: on some platforms, including modern Linux, Clang with Msan + * does not recognize that explicit_bzero() writes well-defined content to + * its output buffer. For us, this causes CMAC operations to fail in Msan + * builds when mbedtls_platform_zeroize() is implemented over + * explicit_bzero(). + * + * This test ensures we have a simple/obvious MSan test rather than + * spurious errors in crypto code that are hard to track down. + */ char buf[128]; mbedtls_platform_zeroize(buf, len);