Merge remote-tracking branch 'teor/bug18384'

2 files changed, 9 insertions, 4 deletions

diff --git a/changes/bug18384 b/changes/bug18384
new file mode 100644
index 0000000000..78befcabaa
--- /dev/null
+++ b/changes/bug18384
@@ -0,0 +1,5 @@
+  o Minor bugfixes (crypto, static analysis):
+    - Silence spurious clang-scan warnings in the ed25519_donna code
+      by explicitly initialising some objects.
+      Fixes bug 18384; bugfix on 0f3eeca9 in 0.2.7.2-alpha.
+      Patch by "teor".
diff --git a/src/ext/ed25519/donna/ed25519_tor.c b/src/ext/ed25519/donna/ed25519_tor.c
index ac726ba045..52b259dfe1 100644
--- a/src/ext/ed25519/donna/ed25519_tor.c
+++ b/src/ext/ed25519/donna/ed25519_tor.c
@@ -168,8 +168,8 @@ ed25519_donna_seckey_expand(unsigned char *sk, const unsigned char *skseed)
 int
 ed25519_donna_pubkey(unsigned char *pk, const unsigned char *sk)
 {
-  bignum256modm a;
-  ge25519 ALIGN(16) A;
+  bignum256modm a = {0};
+  ge25519 ALIGN(16) A = {{0}, {0}, {0}, {0}};
 
   /* A = aB */
   expand256_modm(a, sk, 32);
@@ -204,8 +204,8 @@ ed25519_donna_sign(unsigned char *sig, const unsigned char *m, size_t mlen,
   const unsigned char *sk, const unsigned char *pk)
 {
   ed25519_hash_context ctx;
-  bignum256modm r, S, a;
-  ge25519 ALIGN(16) R;
+  bignum256modm r = {0}, S, a;
+  ge25519 ALIGN(16) R = {{0}, {0}, {0}, {0}};
   hash_512bits hashr, hram;
 
   /* This is equivalent to the removed `ED25519_FN(ed25519_sign)` routine,