Merge pull request #7303 from daverodgman/msan_bzero_testcase
Add tests that cover msan explicit_bzero issue
diff --git a/tests/suites/test_suite_platform_util.data b/tests/suites/test_suite_platform_util.data
index 948543a..b820293 100644
--- a/tests/suites/test_suite_platform_util.data
+++ b/tests/suites/test_suite_platform_util.data
@@ -21,3 +21,27 @@
Zeroize len 128
mbedtls_platform_zeroize:128:0
+
+Zeroize uninitialised 1 0
+mbedtls_platform_zeroize_uninitialised:1:0
+
+Zeroize uninitialised 16 0
+mbedtls_platform_zeroize_uninitialised:16:0
+
+Zeroize uninitialised 16 1
+mbedtls_platform_zeroize_uninitialised:16:1
+
+Zeroize uninitialised 16 10
+mbedtls_platform_zeroize_uninitialised:16:10
+
+Zeroize uninitialised 16 15
+mbedtls_platform_zeroize_uninitialised:16:15
+
+Zeroize uninitialised 128 0
+mbedtls_platform_zeroize_uninitialised:128:0
+
+Zeroize uninitialised 128 64
+mbedtls_platform_zeroize_uninitialised:128:64
+
+Zeroize uninitialised 128 127
+mbedtls_platform_zeroize_uninitialised:128:127
diff --git a/tests/suites/test_suite_platform_util.function b/tests/suites/test_suite_platform_util.function
index e5464e0..a4c1143 100644
--- a/tests/suites/test_suite_platform_util.function
+++ b/tests/suites/test_suite_platform_util.function
@@ -39,3 +39,23 @@
TEST_EQUAL(buf[len + 1], 2);
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_platform_zeroize_uninitialised(int len, int p)
+{
+ /*
+ * As per #7301: on some platforms, including modern Linux, Clang with Msan
+ * does not recognize that explicit_bzero() writes well-defined content to
+ * its output buffer. For us, this causes CMAC operations to fail in Msan
+ * builds when mbedtls_platform_zeroize() is implemented over
+ * explicit_bzero().
+ *
+ * This test ensures we have a simple/obvious MSan test rather than
+ * spurious errors in crypto code that are hard to track down.
+ */
+ char buf[128];
+ mbedtls_platform_zeroize(buf, len);
+
+ TEST_EQUAL(buf[p], 0);
+}
+/* END_CASE */