As discovered by @davidhorstmann-arm, our constant-flow testing leveraging MSan (MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) fails on Clang 16 and above.

This is due to a change in the memory sanitizer. It forbids passing “uninitialized” values in and out of functions. In constant-flow testing, “uninitialized” values are actually secrets that must be manipulated with a data-independent flow, and it's perfectly fine to pass these in and out of functions.

The fix is to pass the extra command line option -fno-sanitize-memory-param-retval when building with MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN with Clang ≥16.

This is currently not a problem on the CI because we use an older image. But it tends to come up on typical developer machines nowadays, and it's one of many things that we'll need to fix before we upgrade our CI images.