From 0344c602eadc0802776b65ff90f0a02c856cf53c Mon Sep 17 00:00:00 2001
From: Tom Rini <trini@konsulko.com>
Date: Tue, 8 Oct 2024 13:56:50 -0600
Subject: Squashed 'lib/mbedtls/external/mbedtls/' content from commit
 2ca6c285a0dd

git-subtree-dir: lib/mbedtls/external/mbedtls
git-subtree-split: 2ca6c285a0dd3f33982dd57299012dacab1ff206
---
 tests/suites/test_suite_platform_util.function | 61 ++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 tests/suites/test_suite_platform_util.function

(limited to 'tests/suites/test_suite_platform_util.function')

diff --git a/tests/suites/test_suite_platform_util.function b/tests/suites/test_suite_platform_util.function
new file mode 100644
index 00000000000..a4c11433a22
--- /dev/null
+++ b/tests/suites/test_suite_platform_util.function
@@ -0,0 +1,61 @@
+/* BEGIN_HEADER */
+#include "mbedtls/platform_util.h"
+/* END_HEADER */
+
+/* BEGIN_CASE */
+void mbedtls_platform_zeroize(int len, int null)
+{
+    char buf[130];
+    char *p = NULL;
+
+    TEST_ASSERT(len <= 128);
+
+    /* Write sentinel values */
+    buf[0] = 2;
+    buf[len + 1] = 2;
+
+    /* Write non-zero content */
+    if (!null) {
+        p = &buf[1];
+        for (int i = 0; i < len; i++) {
+            p[i] = 1;
+        }
+    }
+
+    /* Check content is non-zero */
+    TEST_EQUAL(buf[0], 2);
+    for (int i = 0; i < len; i++) {
+        TEST_ASSERT(p[i] == 1);
+    }
+    TEST_EQUAL(buf[len + 1], 2);
+
+    mbedtls_platform_zeroize(p, len);
+
+    /* Check content is zero and sentinels un-changed */
+    TEST_EQUAL(buf[0], 2);
+    for (int i = 0; i < len; i++) {
+        TEST_ASSERT(p[i] == 0);
+    }
+    TEST_EQUAL(buf[len + 1], 2);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_platform_zeroize_uninitialised(int len, int p)
+{
+    /*
+     * As per #7301: on some platforms, including modern Linux, Clang with Msan
+     * does not recognize that explicit_bzero() writes well-defined content to
+     * its output buffer. For us, this causes CMAC operations to fail in Msan
+     * builds when mbedtls_platform_zeroize() is implemented over
+     * explicit_bzero().
+     *
+     * This test ensures we have a simple/obvious MSan test rather than
+     * spurious errors in crypto code that are hard to track down.
+     */
+    char buf[128];
+    mbedtls_platform_zeroize(buf, len);
+
+    TEST_EQUAL(buf[p], 0);
+}
+/* END_CASE */
-- 
cgit v1.2.3