diff options
author | Matt Caswell <matt@openssl.org> | 2014-07-10 23:47:31 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2014-07-13 22:20:15 +0100 |
commit | 14b5d0d029da51cb6874aa7d39d1253c43442ee2 (patch) | |
tree | 2686bb93bec79adfba2027f14ae66ff4e9a30ddb /crypto/bn | |
parent | 2fbd94252a119c064fc043da2b47a3510ee4b238 (diff) |
Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data.
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.
This does have the impact of masking any *real* unitialised data reads in bn though.
Patch based on approach suggested by Rich Salz.
PR#3415
(cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)
Diffstat (limited to 'crypto/bn')
-rw-r--r-- | crypto/bn/bn_lib.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 5461e6ee7d..d5a211e288 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); return(NULL); } +#ifdef PURIFY + /* Valgrind complains in BN_consttime_swap because we process the whole + * array even if it's not initialised yet. This doesn't matter in that + * function - what's important is constant time operation (we're not + * actually going to use the data) + */ + memset(a, 0, sizeof(BN_ULONG)*words); +#endif + #if 1 B=b->d; /* Check if the previous number needs to be copied */ |