Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data.

This is actually ok for this function, but initialised to zero anyway if PURIFY defined. This does have the impact of masking any *real* unitialised data reads in bn though. Patch based on approach suggested by Rich Salz. PR#3415
author: Matt Caswell <matt@openssl.org> 2014-07-10 23:47:31 +0100
committer: Matt Caswell <matt@openssl.org> 2014-07-13 22:17:39 +0100
commit: f8571ce82292ed340ed6302635f9bd6dfbc1043a (patch)
tree: c14cc9f259656a96a0d4ea7a695f84f0d21bea62 /crypto/bn/bn_lib.c
parent: 924e5eda2c82d737cc5a1b9c37918aa6e34825da (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index b1e224bb4d..efa77999ff 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -324,6 +324,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
 		BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
+#ifdef PURIFY
+	/* Valgrind complains in BN_consttime_swap because we process the whole
+	 * array even if it's not initialised yet. This doesn't matter in that
+	 * function - what's important is constant time operation (we're not
+	 * actually going to use the data)
+	*/
+	memset(a, 0, sizeof(BN_ULONG)*words);
+#endif
+
 #if 1
 	B=b->d;
 	/* Check if the previous number needs to be copied */
author	Matt Caswell <matt@openssl.org>	2014-07-10 23:47:31 +0100
committer	Matt Caswell <matt@openssl.org>	2014-07-13 22:17:39 +0100
commit	f8571ce82292ed340ed6302635f9bd6dfbc1043a (patch)
tree	c14cc9f259656a96a0d4ea7a695f84f0d21bea62 /crypto/bn/bn_lib.c
parent	924e5eda2c82d737cc5a1b9c37918aa6e34825da (diff)