[openssl] openssl-3.0 update

tomas at openssl.org tomas at openssl.org
Mon Dec 13 10:33:30 UTC 2021


The branch openssl-3.0 has been updated
       via  110b005465f3d3edb0fe0f61b87595d011770317 (commit)
      from  bfa90fcaeaef775d0dfa5da3c0ad7da9f09fb60d (commit)


- Log -----------------------------------------------------------------
commit 110b005465f3d3edb0fe0f61b87595d011770317
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed Dec 8 18:26:03 2021 +0100

    bn2binpad: Use memset as the buffer will be used later
    
    Apparently using OPENSSL_cleanse() confuses the fuzzer so it
    makes the buffer to appear uninitialized. And memset can be
    safely used here and it is also potentially faster.
    
    Fixes #17237
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/17240)
    
    (cherry picked from commit 858d5ac16d256db24f78b8c84e723b7d34c8b1ea)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/bn_lib.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 28a3e91679..d37b89c2a6 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -505,7 +505,8 @@ int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen, endianess_t endiane
     /* Swipe through whole available data and don't give away padded zero. */
     atop = a->dmax * BN_BYTES;
     if (atop == 0) {
-        OPENSSL_cleanse(to, tolen);
+        if (tolen != 0)
+            memset(to, '\0', tolen);
         return tolen;
     }
 


More information about the openssl-commits mailing list