From a52d5d530956d2b2acf28400d1635b2fd1320f96 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Sun, 9 Sep 2018 10:15:44 -0400 Subject: Refactor initialization in curve25519_basepoint_spot_check This is an attempt to work around what I think may be a bug in OSS-Fuzz, which thinks that uninitialized data might be passed to the curve25519 functions. --- src/lib/crypt_ops/crypto_curve25519.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'src/lib/crypt_ops') diff --git a/src/lib/crypt_ops/crypto_curve25519.c b/src/lib/crypt_ops/crypto_curve25519.c index 6ad2587f48..e6a39a8c08 100644 --- a/src/lib/crypt_ops/crypto_curve25519.c +++ b/src/lib/crypt_ops/crypto_curve25519.c @@ -291,12 +291,18 @@ curve25519_basepoint_spot_check(void) }; const int loop_max=200; int save_use_ed = curve25519_use_ed; - unsigned char e1[32] = { 5 }; - unsigned char e2[32] = { 5 }; + unsigned char e1[32], e2[32]; unsigned char x[32],y[32]; int i; int r=0; + memset(x, 0, sizeof(x)); + memset(y, 0, sizeof(y)); + memset(e1, 0, sizeof(e1)); + memset(e2, 0, sizeof(e2)); + e1[0]=5; + e2[0]=5; + /* Check the most basic possible sanity via the test secret/public key pair * used in "Cryptography in NaCl - 2. Secret keys and public keys". This * may catch catastrophic failures on systems where Curve25519 is expensive, -- cgit v1.2.3-54-g00ecf