Don't use uninitialized memory in RAND_bytes.

We can't actually catch this with MSan because it requires all code be
instrumented, so it needs a NO_ASM build which no disables that code. valgrind
doesn't notice either, possibly because there's some computation being done on
it. Still, we shouldn't use uninitialized memory.

Also get us closer to being instrumentable by MSan, but the runner tests will
need to build against an instrumented STL and I haven't tried that yet.

Change-Id: I2d65697a3269b5b022899f361730a85c51ecaa12
Reviewed-on: https://boringssl-review.googlesource.com/4760
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2015-05-15 15:50:22 -04:00 committed by Adam Langley
parent d72e284271
commit 81091d55e1
2 changed files with 4 additions and 2 deletions

View File

@ -96,6 +96,7 @@ int RAND_bytes(uint8_t *buf, size_t len) {
return 1;
}
memset(state->partial_block, 0, sizeof(state->partial_block));
state->calls_used = kMaxCallsPerRefresh;
}

View File

@ -15,7 +15,7 @@
#include <openssl/base.h>
#if defined(__has_feature)
#if __has_feature(address_sanitizer)
#if __has_feature(address_sanitizer) || __has_feature(memory_sanitizer)
#define OPENSSL_ASAN
#endif
#endif
@ -24,7 +24,8 @@
// builds and trying to override malloc in a static link doesn't work. It's also
// disabled on ASan builds as this interferes with ASan's malloc interceptor.
//
// TODO(davidben): See if this and ASan's interceptors can be made to coexist.
// TODO(davidben): See if this and ASan's and MSan's interceptors can be made to
// coexist.
#if defined(__linux__) && !defined(OPENSSL_ARM) && \
!defined(OPENSSL_AARCH64) && !defined(OPENSSL_ASAN)