Add a test for calloc zeroization

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2025-09-10 07:36:28 -04:00 · 2023-04-25 05:51:34 -04:00 · 2023-04-25 05:51:34 -04:00 · 97cbff7c0d
commit 97cbff7c0d
parent a242c757c2
2 changed files with 24 additions and 1 deletions
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -3798,7 +3798,7 @@

 /* Platform options */
 //#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
-//#define MBEDTLS_PLATFORM_STD_CALLOC        calloc /**< Default allocator to use, can be undefined. Please note that it should zeroize the buffer after allocation. */
+//#define MBEDTLS_PLATFORM_STD_CALLOC        calloc /**< Default allocator to use, can be undefined. Please note that it should zeroize the allocated buffer. */
 //#define MBEDTLS_PLATFORM_STD_FREE            free /**< Default free to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_EXIT            exit /**< Default exit to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_TIME            time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@ -167,6 +167,23 @@ static int run_test_snprintf(void)
           test_snprintf(5, "123",         3) != 0;
 }

+static int run_test_mbedtls_calloc(void)
+{
+    unsigned int buf_size = 256;
+    unsigned char *buf;
+    int ret = -1;
+    buf = mbedtls_calloc(buf_size, sizeof(unsigned char));
+    for (unsigned int i = 0; i < buf_size; i++) {
+        if (buf[i] != 0) {
+            ret = -1;
+            goto exit;
+        }
+    }
+    ret = 0;
+exit:
+    mbedtls_free(buf);
+    return ret;
+}
 /*
 * Check if a seed file is present, and if not create one for the entropy
 * self-test. If this fails, we attempt the test anyway, so no error is passed
@ -376,6 +393,12 @@ int main(int argc, char *argv[])
        mbedtls_exit(MBEDTLS_EXIT_FAILURE);
    }

+    /* Make sure that mbedtls_calloc zeroizes the buffer */
+    if (run_test_mbedtls_calloc() != 0) {
+        mbedtls_printf("the calloc implementation does not zeroize the buffer\n");
+        mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+    }
+
    for (argp = argv + (argc >= 1 ? 1 : argc); *argp != NULL; ++argp) {
        if (strcmp(*argp, "--quiet") == 0 ||
            strcmp(*argp, "-q") == 0) {