Fix Msan failure with explicit_bzero
On some platforms, including modern Linux, Clang with Msan does not recognize that explicit_bzero() writes well-defined content to its output buffer. For us, this causes CMAC operations to fail in Msan builds when mbedtls_platform_zeroize() is implemented over explicit_bzero(). Fix this. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
parent
8d60574b7b
commit
a8d2ff3fdf
1 changed files with 18 additions and 0 deletions
|
|
@ -57,6 +57,15 @@
|
|||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
|
||||
|
||||
#undef HAVE_MEMORY_SANITIZER
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(memory_sanitizer)
|
||||
#include <sanitizer/msan_interface.h>
|
||||
#define HAVE_MEMORY_SANITIZER
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Where possible, we try to detect the presence of a platform-provided
|
||||
* secure memset, such as explicit_bzero(), that is safe against being optimized
|
||||
|
|
@ -100,6 +109,15 @@ void mbedtls_platform_zeroize(void *buf, size_t len)
|
|||
if (len > 0) {
|
||||
#if defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO)
|
||||
explicit_bzero(buf, len);
|
||||
#if defined(HAVE_MEMORY_SANITIZER)
|
||||
/* You'd think that Msan would recognize explicit_bzero() as
|
||||
* equivalent to bzero(), but it actually doesn't on several
|
||||
* platforms, including Linux (Ubuntu 20.04).
|
||||
* https://github.com/google/sanitizers/issues/1507
|
||||
* https://github.com/openssh/openssh-portable/commit/74433a19bb6f4cef607680fa4d1d7d81ca3826aa
|
||||
*/
|
||||
__msan_unpoison(buf, len);
|
||||
#endif
|
||||
#elif defined(__STDC_LIB_EXT1__)
|
||||
memset_s(buf, len, 0, len);
|
||||
#elif defined(_WIN32)
|
||||
|
|
|
|||
Loading…
Reference in a new issue