commit a52d5d530956d2b2acf28400d1635b2fd1320f96
parent 776c1a5d1a39e5fd9ba3313730c47b10f25e4d24
Author: Nick Mathewson <nickm@torproject.org>
Date: Sun, 9 Sep 2018 10:15:44 -0400
Refactor initialization in curve25519_basepoint_spot_check
This is an attempt to work around what I think may be a bug in
OSS-Fuzz, which thinks that uninitialized data might be passed to
the curve25519 functions.
Diffstat:
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/lib/crypt_ops/crypto_curve25519.c b/src/lib/crypt_ops/crypto_curve25519.c
@@ -291,12 +291,18 @@ curve25519_basepoint_spot_check(void)
};
const int loop_max=200;
int save_use_ed = curve25519_use_ed;
- unsigned char e1[32] = { 5 };
- unsigned char e2[32] = { 5 };
+ unsigned char e1[32], e2[32];
unsigned char x[32],y[32];
int i;
int r=0;
+ memset(x, 0, sizeof(x));
+ memset(y, 0, sizeof(y));
+ memset(e1, 0, sizeof(e1));
+ memset(e2, 0, sizeof(e2));
+ e1[0]=5;
+ e2[0]=5;
+
/* Check the most basic possible sanity via the test secret/public key pair
* used in "Cryptography in NaCl - 2. Secret keys and public keys". This
* may catch catastrophic failures on systems where Curve25519 is expensive,
