summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2018-09-09 10:15:44 -0400
committerNick Mathewson <nickm@torproject.org>2018-09-09 10:21:13 -0400
commita52d5d530956d2b2acf28400d1635b2fd1320f96 (patch)
tree691c47e505a5709db98b719c9e3c7bef70844e7c
parent776c1a5d1a39e5fd9ba3313730c47b10f25e4d24 (diff)
downloadtor-a52d5d530956d2b2acf28400d1635b2fd1320f96.tar.gz
tor-a52d5d530956d2b2acf28400d1635b2fd1320f96.zip
Refactor initialization in curve25519_basepoint_spot_check
This is an attempt to work around what I think may be a bug in OSS-Fuzz, which thinks that uninitialized data might be passed to the curve25519 functions.
-rw-r--r--src/lib/crypt_ops/crypto_curve25519.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/src/lib/crypt_ops/crypto_curve25519.c b/src/lib/crypt_ops/crypto_curve25519.c
index 6ad2587f48..e6a39a8c08 100644
--- a/src/lib/crypt_ops/crypto_curve25519.c
+++ b/src/lib/crypt_ops/crypto_curve25519.c
@@ -291,12 +291,18 @@ curve25519_basepoint_spot_check(void)
};
const int loop_max=200;
int save_use_ed = curve25519_use_ed;
- unsigned char e1[32] = { 5 };
- unsigned char e2[32] = { 5 };
+ unsigned char e1[32], e2[32];
unsigned char x[32],y[32];
int i;
int r=0;
+ memset(x, 0, sizeof(x));
+ memset(y, 0, sizeof(y));
+ memset(e1, 0, sizeof(e1));
+ memset(e2, 0, sizeof(e2));
+ e1[0]=5;
+ e2[0]=5;
+
/* Check the most basic possible sanity via the test secret/public key pair
* used in "Cryptography in NaCl - 2. Secret keys and public keys". This
* may catch catastrophic failures on systems where Curve25519 is expensive,