From a8d2ff3fdfe835fcb4c78524dae6496e438fb5c0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 Mar 2023 10:53:46 +0100 Subject: [PATCH] Fix Msan failure with explicit_bzero On some platforms, including modern Linux, Clang with Msan does not recognize that explicit_bzero() writes well-defined content to its output buffer. For us, this causes CMAC operations to fail in Msan builds when mbedtls_platform_zeroize() is implemented over explicit_bzero(). Fix this. Signed-off-by: Gilles Peskine --- library/platform_util.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/library/platform_util.c b/library/platform_util.c index 6d4759cbbb..f891cd48a3 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -57,6 +57,15 @@ #endif #if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT) + +#undef HAVE_MEMORY_SANITIZER +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) +#include +#define HAVE_MEMORY_SANITIZER +#endif +#endif + /* * Where possible, we try to detect the presence of a platform-provided * secure memset, such as explicit_bzero(), that is safe against being optimized @@ -100,6 +109,15 @@ void mbedtls_platform_zeroize(void *buf, size_t len) if (len > 0) { #if defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO) explicit_bzero(buf, len); +#if defined(HAVE_MEMORY_SANITIZER) + /* You'd think that Msan would recognize explicit_bzero() as + * equivalent to bzero(), but it actually doesn't on several + * platforms, including Linux (Ubuntu 20.04). + * https://github.com/google/sanitizers/issues/1507 + * https://github.com/openssh/openssh-portable/commit/74433a19bb6f4cef607680fa4d1d7d81ca3826aa + */ + __msan_unpoison(buf, len); +#endif #elif defined(__STDC_LIB_EXT1__) memset_s(buf, len, 0, len); #elif defined(_WIN32)