From f4d0dd9807ec3d50483dd589455235569a1a63c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Vejpustek?= <ondrej.vejpustek@satoshilabs.com>
Date: Fri, 1 Jul 2022 14:57:52 +0200
Subject: [PATCH] fix(crypto): initialize local variables to zero in
 ed25519-dona

---
 crypto/ed25519-donna/curve25519-donna-helpers.c |  4 ++--
 crypto/ed25519-donna/ed25519.c                  | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/crypto/ed25519-donna/curve25519-donna-helpers.c b/crypto/ed25519-donna/curve25519-donna-helpers.c
index fe926d395..b18500aab 100644
--- a/crypto/ed25519-donna/curve25519-donna-helpers.c
+++ b/crypto/ed25519-donna/curve25519-donna-helpers.c
@@ -12,7 +12,7 @@
  * Out: b = 2^250 - 2^0
  */
 void curve25519_pow_two5mtwo0_two250mtwo0(bignum25519 b) {
-	bignum25519 ALIGN(16) t0,c;
+	bignum25519 ALIGN(16) t0 = {0}, c = {0};
 
 	/* 2^5  - 2^0 */ /* b */
 	/* 2^10 - 2^5 */ curve25519_square_times(t0, b, 5);
@@ -35,7 +35,7 @@ void curve25519_pow_two5mtwo0_two250mtwo0(bignum25519 b) {
  * z^(p - 2) = z(2^255 - 21)
  */
 void curve25519_recip(bignum25519 out, const bignum25519 z) {
-	bignum25519 ALIGN(16) a,t0,b;
+	bignum25519 ALIGN(16) a = {0}, t0 = {0}, b = {0};
 
 	/* 2 */ curve25519_square_times(a, z, 1); /* a = 2 */
 	/* 8 */ curve25519_square_times(t0, a, 2);
diff --git a/crypto/ed25519-donna/ed25519.c b/crypto/ed25519-donna/ed25519.c
index e114e357e..e25407a2a 100644
--- a/crypto/ed25519-donna/ed25519.c
+++ b/crypto/ed25519-donna/ed25519.c
@@ -140,7 +140,7 @@ ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_sec
 
 int
 ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS) {
-	ge25519 ALIGN(16) R, A;
+	ge25519 ALIGN(16) R = {0}, A = {0};
 	hash_512bits hash = {0};
 	bignum256modm hram = {0}, S = {0};
 	unsigned char checkR[32] = {0};
@@ -168,7 +168,7 @@ ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed2551
 int
 ED25519_FN(ed25519_scalarmult) (ed25519_public_key res, const ed25519_secret_key sk, const ed25519_public_key pk) {
 	bignum256modm a = {0};
-	ge25519 ALIGN(16) A, P;
+	ge25519 ALIGN(16) A = {0}, P = {0};
 	hash_512bits extsk = {0};
 
 	ed25519_extsk(extsk, sk);
@@ -194,7 +194,7 @@ ED25519_FN(ed25519_scalarmult) (ed25519_public_key res, const ed25519_secret_key
 void
 ed25519_publickey_ext(const ed25519_secret_key extsk, ed25519_public_key pk) {
 	bignum256modm a = {0};
-	ge25519 ALIGN(16) A;
+	ge25519 ALIGN(16) A = {0};
 
 	expand256_modm(a, extsk, 32);
 
@@ -256,8 +256,8 @@ void
 curve25519_scalarmult_basepoint(curve25519_key pk, const curve25519_key e) {
 	curve25519_key ec = {0};
 	bignum256modm s = {0};
-	bignum25519 ALIGN(16) yplusz, zminusy;
-	ge25519 ALIGN(16) p;
+	bignum25519 ALIGN(16) yplusz = {0}, zminusy = {0};
+	ge25519 ALIGN(16) p = {0};
 	size_t i = 0;
 
 	/* clamp */