From: Matt Caswell <matt@openssl.org>
Date: Thu, 10 Jul 2014 22:47:31 +0000 (+0100)
Subject: Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data.
X-Git-Tag: OpenSSL_0_9_8zb~25
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=02fef91630524703df3f3e567a09c7ddef8ec164;p=oweals%2Fopenssl.git

Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data.
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.

This does have the impact of masking any *real* unitialised data reads in bn though.

Patch based on approach suggested by Rich Salz.

PR#3415

(cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)
---

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 32a8fbaf51..c288844aa5 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
 		BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
+#ifdef PURIFY
+	/* Valgrind complains in BN_consttime_swap because we process the whole
+	 * array even if it's not initialised yet. This doesn't matter in that
+	 * function - what's important is constant time operation (we're not
+	 * actually going to use the data)
+	*/
+	memset(a, 0, sizeof(BN_ULONG)*words);
+#endif
+
 #if 1
 	B=b->d;
 	/* Check if the previous number needs to be copied */