Don't use uninitialized memory in RAND_bytes.

We can't actually catch this with MSan because it requires all code be
instrumented, so it needs a NO_ASM build which no disables that code. valgrind
doesn't notice either, possibly because there's some computation being done on
it. Still, we shouldn't use uninitialized memory.

Also get us closer to being instrumentable by MSan, but the runner tests will
need to build against an instrumented STL and I haven't tried that yet.

Change-Id: I2d65697a3269b5b022899f361730a85c51ecaa12
Reviewed-on: https://boringssl-review.googlesource.com/4760
Reviewed-by: Adam Langley <agl@google.com>

crypto/rand/rand.c

@@ -96,6 +96,7 @@ int RAND_bytes(uint8_t *buf, size_t len) {
       return 1;
     }
 
+    memset(state->partial_block, 0, sizeof(state->partial_block));
     state->calls_used = kMaxCallsPerRefresh;
   }
 

ssl/test/malloc.cc

@@ -15,7 +15,7 @@
 #include <openssl/base.h>
 
 #if defined(__has_feature)
-#if __has_feature(address_sanitizer)
+#if __has_feature(address_sanitizer) || __has_feature(memory_sanitizer)
 #define OPENSSL_ASAN
 #endif
 #endif
@@ -24,7 +24,8 @@
 // builds and trying to override malloc in a static link doesn't work. It's also
 // disabled on ASan builds as this interferes with ASan's malloc interceptor.
 //
-// TODO(davidben): See if this and ASan's interceptors can be made to coexist.
+// TODO(davidben): See if this and ASan's and MSan's interceptors can be made to
+// coexist.
 #if defined(__linux__) && !defined(OPENSSL_ARM) && \
     !defined(OPENSSL_AARCH64) && !defined(OPENSSL_ASAN)