commit 97cbff7c0dd9767b2e82c0b313e469fc823c877d
author Andrzej Kurek <andrzej.kurek@arm.com> Tue Apr 25 05:51:34 2023 -0400
committer Andrzej Kurek <andrzej.kurek@arm.com> Tue Apr 25 05:51:34 2023 -0400
tree 8be4b64db27550a15e55304344c0517ce2ae68d1
parent a242c757c22a27dd34822b0835246a0553d7529d

Add a test for calloc zeroization

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

include/mbedtls/config.h

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index d9835b3..be6ad83 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -3798,7 +3798,7 @@
 
 /* Platform options */
 //#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
-//#define MBEDTLS_PLATFORM_STD_CALLOC        calloc /**< Default allocator to use, can be undefined. Please note that it should zeroize the buffer after allocation. */
+//#define MBEDTLS_PLATFORM_STD_CALLOC        calloc /**< Default allocator to use, can be undefined. Please note that it should zeroize the allocated buffer. */
 //#define MBEDTLS_PLATFORM_STD_FREE            free /**< Default free to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_EXIT            exit /**< Default exit to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_TIME            time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */

programs/test/selftest.c

diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 229f0d8..3adf2e5 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -167,6 +167,23 @@
            test_snprintf(5, "123",         3) != 0;
 }
 
+static int run_test_mbedtls_calloc(void)
+{
+    unsigned int buf_size = 256;
+    unsigned char *buf;
+    int ret = -1;
+    buf = mbedtls_calloc(buf_size, sizeof(unsigned char));
+    for (unsigned int i = 0; i < buf_size; i++) {
+        if (buf[i] != 0) {
+            ret = -1;
+            goto exit;
+        }
+    }
+    ret = 0;
+exit:
+    mbedtls_free(buf);
+    return ret;
+}
 /*
  * Check if a seed file is present, and if not create one for the entropy
  * self-test. If this fails, we attempt the test anyway, so no error is passed
@@ -376,6 +393,12 @@
         mbedtls_exit(MBEDTLS_EXIT_FAILURE);
     }
 
+    /* Make sure that mbedtls_calloc zeroizes the buffer */
+    if (run_test_mbedtls_calloc() != 0) {
+        mbedtls_printf("the calloc implementation does not zeroize the buffer\n");
+        mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+    }
+
     for (argp = argv + (argc >= 1 ? 1 : argc); *argp != NULL; ++argp) {
         if (strcmp(*argp, "--quiet") == 0 ||
             strcmp(*argp, "-q") == 0) {