Fix Msan failure with explicit_bzero

On some platforms, including modern Linux, Clang with Msan does not
recognize that explicit_bzero() writes well-defined content to its output
buffer. For us, this causes CMAC operations to fail in Msan builds when
mbedtls_platform_zeroize() is implemented over explicit_bzero(). Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2023-03-16 10:53:46 +01:00
parent 8d60574b7b
commit a8d2ff3fdf

View file

@ -57,6 +57,15 @@
#endif #endif
#if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT) #if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
#undef HAVE_MEMORY_SANITIZER
#if defined(__has_feature)
#if __has_feature(memory_sanitizer)
#include <sanitizer/msan_interface.h>
#define HAVE_MEMORY_SANITIZER
#endif
#endif
/* /*
* Where possible, we try to detect the presence of a platform-provided * Where possible, we try to detect the presence of a platform-provided
* secure memset, such as explicit_bzero(), that is safe against being optimized * secure memset, such as explicit_bzero(), that is safe against being optimized
@ -100,6 +109,15 @@ void mbedtls_platform_zeroize(void *buf, size_t len)
if (len > 0) { if (len > 0) {
#if defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO) #if defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO)
explicit_bzero(buf, len); explicit_bzero(buf, len);
#if defined(HAVE_MEMORY_SANITIZER)
/* You'd think that Msan would recognize explicit_bzero() as
* equivalent to bzero(), but it actually doesn't on several
* platforms, including Linux (Ubuntu 20.04).
* https://github.com/google/sanitizers/issues/1507
* https://github.com/openssh/openssh-portable/commit/74433a19bb6f4cef607680fa4d1d7d81ca3826aa
*/
__msan_unpoison(buf, len);
#endif
#elif defined(__STDC_LIB_EXT1__) #elif defined(__STDC_LIB_EXT1__)
memset_s(buf, len, 0, len); memset_s(buf, len, 0, len);
#elif defined(_WIN32) #elif defined(_WIN32)