Always DPURIFY

The use of the uninitialized buffer in the RNG has no real security benefits and is only a nuisance when using memory sanitizers. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
author: Emilia Kasper <emilia@openssl.org> 2016-01-27 19:13:33 +0100
committer: Emilia Kasper <emilia@openssl.org> 2016-01-29 16:33:13 +0100
commit: d8ca44ba4158a9dafeaa30d3cba6f113904d2aa6 (patch)
tree: 96b3eb018ab876f0f8842ef909e709904b1168c3 /crypto/bn/bn_lib.c
parent: a01dab94622715fe2dd92a6f87a826cef6724e54 (diff)
1 files changed, 2 insertions, 11 deletions
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 885f48239c..cd8b1dc3bf 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -313,22 +313,13 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
         return (NULL);
     }
     if (BN_get_flags(b,BN_FLG_SECURE))
-        a = A = OPENSSL_secure_malloc(words * sizeof(*a));
+        a = A = OPENSSL_secure_zalloc(words * sizeof(*a));
     else
-        a = A = OPENSSL_malloc(words * sizeof(*a));
+        a = A = OPENSSL_zalloc(words * sizeof(*a));
     if (A == NULL) {
         BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
         return (NULL);
     }
-#ifdef PURIFY
-    /*
-     * Valgrind complains in BN_consttime_swap because we process the whole
-     * array even if it's not initialised yet. This doesn't matter in that
-     * function - what's important is constant time operation (we're not
-     * actually going to use the data)
-     */
-    memset(a, 0, sizeof(*a) * words);
-#endif
 
 #if 1
     B = b->d;
author	Emilia Kasper <emilia@openssl.org>	2016-01-27 19:13:33 +0100
committer	Emilia Kasper <emilia@openssl.org>	2016-01-29 16:33:13 +0100
commit	d8ca44ba4158a9dafeaa30d3cba6f113904d2aa6 (patch)
tree	96b3eb018ab876f0f8842ef909e709904b1168c3 /crypto/bn/bn_lib.c
parent	a01dab94622715fe2dd92a6f87a826cef6724e54 (diff)