Don't use uninitialized memory in RAND_bytes.

We can't actually catch this with MSan because it requires all code be instrumented, so it needs a NO_ASM build which no disables that code. valgrind doesn't notice either, possibly because there's some computation being done on it. Still, we shouldn't use uninitialized memory. Also get us closer to being instrumentable by MSan, but the runner tests will need to build against an instrumented STL and I haven't tried that yet. Change-Id: I2d65697a3269b5b022899f361730a85c51ecaa12 Reviewed-on: https://boringssl-review.googlesource.com/4760 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2015-05-15 22:50:22 +0300
committer: Adam Langley <agl@google.com> 2015-05-15 23:31:27 +0300
commit: 81091d55e14280c611fa6dc31d1d392566359b1c (patch)
tree: cd4924ce9dfc58de31088eda2ed70f2372693e01 /crypto/rand/rand.c
parent: d72e2842715ada993157540e121f8030e158857b (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/rand/rand.c b/crypto/rand/rand.c
index 192fc7d3..a647b6a2 100644
--- a/crypto/rand/rand.c
+++ b/crypto/rand/rand.c
@@ -96,6 +96,7 @@ int RAND_bytes(uint8_t *buf, size_t len) {
       return 1;
     }
 
+    memset(state->partial_block, 0, sizeof(state->partial_block));
     state->calls_used = kMaxCallsPerRefresh;
   }
author	David Benjamin <davidben@chromium.org>	2015-05-15 22:50:22 +0300
committer	Adam Langley <agl@google.com>	2015-05-15 23:31:27 +0300
commit	81091d55e14280c611fa6dc31d1d392566359b1c (patch)
tree	cd4924ce9dfc58de31088eda2ed70f2372693e01 /crypto/rand/rand.c
parent	d72e2842715ada993157540e121f8030e158857b (diff)