[tor-commits] [tor/master] Refactor initialization in curve25519_basepoint_spot_check

[nickm at torproject.org]

commit a52d5d530956d2b2acf28400d1635b2fd1320f96
Author: Nick Mathewson <nickm at torproject.org>
Date:   Sun Sep 9 10:15:44 2018 -0400

    Refactor initialization in curve25519_basepoint_spot_check
    
    This is an attempt to work around what I think may be a bug in
    OSS-Fuzz, which thinks that uninitialized data might be passed to
    the curve25519 functions.
---
 src/lib/crypt_ops/crypto_curve25519.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/lib/crypt_ops/crypto_curve25519.c b/src/lib/crypt_ops/crypto_curve25519.c
index 6ad2587f4..e6a39a8c0 100644
--- a/src/lib/crypt_ops/crypto_curve25519.c
+++ b/src/lib/crypt_ops/crypto_curve25519.c
@@ -291,12 +291,18 @@ curve25519_basepoint_spot_check(void)
   };
   const int loop_max=200;
   int save_use_ed = curve25519_use_ed;
-  unsigned char e1[32] = { 5 };
-  unsigned char e2[32] = { 5 };
+  unsigned char e1[32], e2[32];
   unsigned char x[32],y[32];
   int i;
   int r=0;
 
+  memset(x, 0, sizeof(x));
+  memset(y, 0, sizeof(y));
+  memset(e1, 0, sizeof(e1));
+  memset(e2, 0, sizeof(e2));
+  e1[0]=5;
+  e2[0]=5;
+
   /* Check the most basic possible sanity via the test secret/public key pair
    * used in "Cryptography in NaCl - 2. Secret keys and public keys".  This
    * may catch catastrophic failures on systems where Curve25519 is expensive,