commit a3008e7e2ee944e9ae9f2e62dd16664e7b204134
author Leonid Rozenboim <leonid.rozenboim@oracle.com> Thu Apr 21 17:28:18 2022 -0700
committer Paul Elliott <paul.elliott@arm.com> Fri May 13 18:08:11 2022 +0100
tree 1fcc16900616bd33b5cee61bfecb51ca419cb303
parent 1c7c5969ea4382abbf9b64516ad5015e687cc84c

Add missing local variable initialization

These issues were flagged by Coverity as instances where a local
variable may be used prior to being initialized. Please note that
none of these changes fixes any particular bug, this is just an attempt
to add more robustness.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>

library/ecp.c

diff --git a/library/ecp.c b/library/ecp.c
index f39cb02..35265f5 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -1817,7 +1817,7 @@
     unsigned char i;
     size_t j = 0;
     const unsigned char T_size = 1U << ( w - 1 );
-    mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1];
+    mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1] = {NULL};
 
     mbedtls_mpi tmp[4];
 

library/gcm.c

diff --git a/library/gcm.c b/library/gcm.c
index 8505cf4..6d07f87 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -430,7 +430,7 @@
     const unsigned char *p = input;
     unsigned char *out_p = output;
     size_t offset;
-    unsigned char ectr[16];
+    unsigned char ectr[16] = {0};
 
     if( output_size < input_length )
         return( MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL );

library/pkcs12.c

diff --git a/library/pkcs12.c b/library/pkcs12.c
index a90d1f9..e725a97 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -218,7 +218,7 @@
     unsigned int j;
 
     unsigned char diversifier[128];
-    unsigned char salt_block[128], pwd_block[128], hash_block[128];
+    unsigned char salt_block[128], pwd_block[128], hash_block[128] = {0};
     unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
     unsigned char *p;
     unsigned char c;

library/pkparse.c

diff --git a/library/pkparse.c b/library/pkparse.c
index 22dab3a..0e3e6ee 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -866,7 +866,7 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     int version, pubkey_done;
     size_t len;
-    mbedtls_asn1_buf params;
+    mbedtls_asn1_buf params = { 0, 0, NULL };
     unsigned char *p = (unsigned char *) key;
     unsigned char *end = p + keylen;
     unsigned char *end2;

library/rsa.c

diff --git a/library/rsa.c b/library/rsa.c
index 36f487f..d5f9ef0 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1965,7 +1965,7 @@
     size_t observed_salt_len, msb;
     const mbedtls_md_info_t *md_info;
     mbedtls_md_context_t md_ctx;
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = {0};
 
     RSA_VALIDATE_RET( ctx != NULL );
     RSA_VALIDATE_RET( sig != NULL );

library/ssl_ticket.c

diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 7f65849..a9036a2 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -70,7 +70,7 @@
                                unsigned char index )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char buf[MAX_KEY_BYTES];
+    unsigned char buf[MAX_KEY_BYTES] = {0};
     mbedtls_ssl_ticket_key *key = ctx->keys + index;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)