diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-09-09 10:15:44 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-09-09 10:21:13 -0400 |
| commit | a52d5d530956d2b2acf28400d1635b2fd1320f96 (patch) | |
| tree | 691c47e505a5709db98b719c9e3c7bef70844e7c | |
| parent | 776c1a5d1a39e5fd9ba3313730c47b10f25e4d24 (diff) | |
| download | tor-a52d5d530956d2b2acf28400d1635b2fd1320f96.tar.gz tor-a52d5d530956d2b2acf28400d1635b2fd1320f96.zip | |
Refactor initialization in curve25519_basepoint_spot_check
This is an attempt to work around what I think may be a bug in
OSS-Fuzz, which thinks that uninitialized data might be passed to
the curve25519 functions.
| -rw-r--r-- | src/lib/crypt_ops/crypto_curve25519.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/lib/crypt_ops/crypto_curve25519.c b/src/lib/crypt_ops/crypto_curve25519.c index 6ad2587f48..e6a39a8c08 100644 --- a/src/lib/crypt_ops/crypto_curve25519.c +++ b/src/lib/crypt_ops/crypto_curve25519.c @@ -291,12 +291,18 @@ curve25519_basepoint_spot_check(void) }; const int loop_max=200; int save_use_ed = curve25519_use_ed; - unsigned char e1[32] = { 5 }; - unsigned char e2[32] = { 5 }; + unsigned char e1[32], e2[32]; unsigned char x[32],y[32]; int i; int r=0; + memset(x, 0, sizeof(x)); + memset(y, 0, sizeof(y)); + memset(e1, 0, sizeof(e1)); + memset(e2, 0, sizeof(e2)); + e1[0]=5; + e2[0]=5; + /* Check the most basic possible sanity via the test secret/public key pair * used in "Cryptography in NaCl - 2. Secret keys and public keys". This * may catch catastrophic failures on systems where Curve25519 is expensive, |