diff options
author | David Benjamin <davidben@chromium.org> | 2015-05-15 22:50:22 +0300 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2015-05-15 23:31:27 +0300 |
commit | 81091d55e14280c611fa6dc31d1d392566359b1c (patch) | |
tree | cd4924ce9dfc58de31088eda2ed70f2372693e01 /crypto/rand | |
parent | d72e2842715ada993157540e121f8030e158857b (diff) |
Don't use uninitialized memory in RAND_bytes.
We can't actually catch this with MSan because it requires all code be
instrumented, so it needs a NO_ASM build which no disables that code. valgrind
doesn't notice either, possibly because there's some computation being done on
it. Still, we shouldn't use uninitialized memory.
Also get us closer to being instrumentable by MSan, but the runner tests will
need to build against an instrumented STL and I haven't tried that yet.
Change-Id: I2d65697a3269b5b022899f361730a85c51ecaa12
Reviewed-on: https://boringssl-review.googlesource.com/4760
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'crypto/rand')
-rw-r--r-- | crypto/rand/rand.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/rand/rand.c b/crypto/rand/rand.c index 192fc7d3..a647b6a2 100644 --- a/crypto/rand/rand.c +++ b/crypto/rand/rand.c @@ -96,6 +96,7 @@ int RAND_bytes(uint8_t *buf, size_t len) { return 1; } + memset(state->partial_block, 0, sizeof(state->partial_block)); state->calls_used = kMaxCallsPerRefresh; } |