Fix uninitialised memory access in constant time functions Fix an issue reported by Coverity whereby some constant time functions called from the ssl decrypt code could potentially access uninitialised memory. Signed-off-by: Paul Elliott <paul.elliott@arm.com>

commit: b83002831470bb0945f515c1cfaa94a449af7214 [log] [tgz]
author: Paul Elliott <paul.elliott@arm.com> Thu May 19 18:31:35 2022 +0100
committer: Paul Elliott <paul.elliott@arm.com> Thu May 19 18:31:35 2022 +0100
tree: 0e7e3374b86b5983454f3be764be9a80adf89c6b
parent: bdd6905a5cb44fce66af373b3faa80f23002afc4 [diff] [blame]
diff --git a/library/constant_time.c b/library/constant_time.c
index 7487b9b..e276d23 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c

@@ -489,6 +489,12 @@
     MD_CHK( mbedtls_md_update( ctx, add_data, add_data_len ) );
     MD_CHK( mbedtls_md_update( ctx, data, min_data_len ) );
 
+    /* Fill the hash buffer in advance with something that is
+     * not a valid hash (barring an attack on the hash and
+     * deliberately-crafted input), in case the caller doesn't
+     * check the return status properly. */
+    memset( output, '!', hash_size );
+
     /* For each possible length, compute the hash up to that point */
     for( offset = min_data_len; offset <= max_data_len; offset++ )
     {
commit	b83002831470bb0945f515c1cfaa94a449af7214	[log] [tgz]
author	Paul Elliott <paul.elliott@arm.com>	Thu May 19 18:31:35 2022 +0100
committer	Paul Elliott <paul.elliott@arm.com>	Thu May 19 18:31:35 2022 +0100
tree	0e7e3374b86b5983454f3be764be9a80adf89c6b
parent	bdd6905a5cb44fce66af373b3faa80f23002afc4 [diff] [blame]