1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-25 00:48:19 +00:00

crypto: explicitly initialize variables

This commit is contained in:
Ondřej Vejpustek 2019-10-02 16:31:36 +02:00 committed by Pavol Rusnak
parent fa9d349bc9
commit fdad317d8c
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
38 changed files with 397 additions and 397 deletions

View File

@ -66,11 +66,11 @@ void ethereum_address_checksum(const uint8_t *addr, char *address, bool rskip60,
} }
address[40] = 0; address[40] = 0;
SHA3_CTX ctx; SHA3_CTX ctx = {0};
uint8_t hash[32]; uint8_t hash[32] = {0};
keccak_256_Init(&ctx); keccak_256_Init(&ctx);
if (rskip60) { if (rskip60) {
char prefix[16]; char prefix[16] = {0};
int prefix_size = bn_format_uint64(chain_id, NULL, "0x", 0, 0, false, int prefix_size = bn_format_uint64(chain_id, NULL, "0x", 0, 0, false,
prefix, sizeof(prefix)); prefix, sizeof(prefix));
keccak_Update(&ctx, (const uint8_t *)prefix, prefix_size); keccak_Update(&ctx, (const uint8_t *)prefix, prefix_size);

View File

@ -108,7 +108,7 @@ aligned_array(unsigned long, dec_hybrid_table, 12, 16) = NEH_DEC_HYBRID_DATA;
AES_RETURN aes_test_alignment_detection(unsigned int n) /* 4 <= n <= 16 */ AES_RETURN aes_test_alignment_detection(unsigned int n) /* 4 <= n <= 16 */
{ uint8_t p[16]; { uint8_t p[16];
uint32_t i, count_eq = 0, count_neq = 0; uint32_t i = 0, count_eq = 0, count_neq = 0;
if(n < 4 || n > 16) if(n < 4 || n > 16)
return EXIT_FAILURE; return EXIT_FAILURE;
@ -156,7 +156,7 @@ AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
} }
else else
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16); { aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint8_t *ip, *op; uint8_t *ip = NULL, *op = NULL;
while(nb) while(nb)
{ {
@ -218,7 +218,7 @@ AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
} }
else else
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16); { aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint8_t *ip, *op; uint8_t *ip = NULL, *op = NULL;
while(nb) while(nb)
{ {
@ -287,7 +287,7 @@ AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
} }
else else
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16); { aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint8_t *ip, *op; uint8_t *ip = NULL, *op = NULL;
while(nb) while(nb)
{ {
@ -385,7 +385,7 @@ AES_RETURN aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
} }
else else
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16); { aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint8_t *ip, *op; uint8_t *ip = NULL, *op = NULL;
while(nb) while(nb)
{ {
@ -497,7 +497,7 @@ AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
} }
else /* input, output or both are unaligned */ else /* input, output or both are unaligned */
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16); { aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint8_t *ip, *op; uint8_t *ip = NULL, *op = NULL;
while(nb) while(nb)
{ {
@ -625,7 +625,7 @@ AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
} }
else /* input, output or both are unaligned */ else /* input, output or both are unaligned */
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16); { aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint8_t *ip, *op; uint8_t *ip = NULL, *op = NULL;
while(nb) while(nb)
{ {
@ -763,7 +763,7 @@ AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
} }
else /* input, output or both are unaligned */ else /* input, output or both are unaligned */
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16); { aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint8_t *ip, *op; uint8_t *ip = NULL, *op = NULL;
while(nb) while(nb)
{ {
@ -850,14 +850,14 @@ AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf, AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx ctx[1]) int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx ctx[1])
{ unsigned char *ip; { unsigned char *ip;
int i, blen, b_pos = (int)(ctx->inf.b[2]); int i = 0, blen = 0, b_pos = (int)(ctx->inf.b[2]);
#if defined( USE_VIA_ACE_IF_PRESENT ) #if defined( USE_VIA_ACE_IF_PRESENT )
aligned_auto(uint8_t, buf, BFR_LENGTH, 16); aligned_auto(uint8_t, buf, BFR_LENGTH, 16);
if(ctx->inf.b[1] == 0xff && ALIGN_OFFSET( ctx, 16 )) if(ctx->inf.b[1] == 0xff && ALIGN_OFFSET( ctx, 16 ))
return EXIT_FAILURE; return EXIT_FAILURE;
#else #else
uint8_t buf[BFR_LENGTH]; uint8_t buf[BFR_LENGTH] = {0};
#endif #endif
if(b_pos) if(b_pos)

View File

@ -96,7 +96,7 @@ extern "C"
AES_RETURN aes_xi(encrypt)(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1]) AES_RETURN aes_xi(encrypt)(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1])
{ uint32_t locals(b0, b1); { uint32_t locals(b0, b1);
const uint32_t *kp; const uint32_t *kp = NULL;
#if defined( dec_fmvars ) #if defined( dec_fmvars )
dec_fmvars; /* declare variables for fwd_mcol() if needed */ dec_fmvars; /* declare variables for fwd_mcol() if needed */
#endif #endif
@ -234,7 +234,7 @@ AES_RETURN aes_xi(decrypt)(const unsigned char *in, unsigned char *out, const ae
#if defined( dec_imvars ) #if defined( dec_imvars )
dec_imvars; /* declare variables for inv_mcol() if needed */ dec_imvars; /* declare variables for inv_mcol() if needed */
#endif #endif
const uint32_t *kp; const uint32_t *kp = NULL;
if(cx->inf.b[0] != 10 * AES_BLOCK_SIZE && cx->inf.b[0] != 12 * AES_BLOCK_SIZE && cx->inf.b[0] != 14 * AES_BLOCK_SIZE) if(cx->inf.b[0] != 10 * AES_BLOCK_SIZE && cx->inf.b[0] != 12 * AES_BLOCK_SIZE && cx->inf.b[0] != 14 * AES_BLOCK_SIZE)
return EXIT_FAILURE; return EXIT_FAILURE;

View File

@ -272,7 +272,7 @@ AES_RETURN aes_init(void)
#if defined(FF_TABLES) #if defined(FF_TABLES)
uint8_t pow[512], log[256]; uint8_t pow[512] = {0}, log[256] = {0};
if(init) if(init)
return EXIT_SUCCESS; return EXIT_SUCCESS;

View File

@ -77,7 +77,7 @@ void base32_encode_unsafe(const uint8_t *in, size_t inlen, uint8_t *out) {
uint8_t remainder = inlen % 5; uint8_t remainder = inlen % 5;
size_t limit = inlen - remainder; size_t limit = inlen - remainder;
size_t i, j; size_t i = 0, j = 0;
for (i = 0, j = 0; i < limit; i += 5, j += 8) { for (i = 0, j = 0; i < limit; i += 5, j += 8) {
base32_5to8(&in[i], 5, &out[j]); base32_5to8(&in[i], 5, &out[j]);
} }
@ -90,7 +90,7 @@ bool base32_decode_unsafe(const uint8_t *in, size_t inlen, uint8_t *out,
uint8_t remainder = inlen % 8; uint8_t remainder = inlen % 8;
size_t limit = inlen - remainder; size_t limit = inlen - remainder;
size_t i, j; size_t i = 0, j = 0;
for (i = 0, j = 0; i < limit; i += 8, j += 5) { for (i = 0, j = 0; i < limit; i += 8, j += 5) {
if (!base32_8to5(&in[i], 8, &out[j], alphabet)) { if (!base32_8to5(&in[i], 8, &out[j], alphabet)) {
return false; return false;

View File

@ -58,9 +58,9 @@ bool b58tobin(void *bin, size_t *binszp, const char *b58) {
size_t outisz = size_t outisz =
(binsz + sizeof(b58_almostmaxint_t) - 1) / sizeof(b58_almostmaxint_t); (binsz + sizeof(b58_almostmaxint_t) - 1) / sizeof(b58_almostmaxint_t);
b58_almostmaxint_t outi[outisz]; b58_almostmaxint_t outi[outisz];
b58_maxint_t t; b58_maxint_t t = 0;
b58_almostmaxint_t c; b58_almostmaxint_t c = 0;
size_t i, j; size_t i = 0, j = 0;
uint8_t bytesleft = binsz % sizeof(b58_almostmaxint_t); uint8_t bytesleft = binsz % sizeof(b58_almostmaxint_t);
b58_almostmaxint_t zeromask = b58_almostmaxint_t zeromask =
bytesleft ? (b58_almostmaxint_mask << (bytesleft * 8)) : 0; bytesleft ? (b58_almostmaxint_mask << (bytesleft * 8)) : 0;
@ -128,9 +128,9 @@ bool b58tobin(void *bin, size_t *binszp, const char *b58) {
int b58check(const void *bin, size_t binsz, HasherType hasher_type, int b58check(const void *bin, size_t binsz, HasherType hasher_type,
const char *base58str) { const char *base58str) {
unsigned char buf[32]; unsigned char buf[32] = {0};
const uint8_t *binc = bin; const uint8_t *binc = bin;
unsigned i; unsigned i = 0;
if (binsz < 4) return -4; if (binsz < 4) return -4;
hasher_Raw(hasher_type, bin, binsz - 4, buf); hasher_Raw(hasher_type, bin, binsz - 4, buf);
if (memcmp(&binc[binsz - 4], buf, 4)) return -1; if (memcmp(&binc[binsz - 4], buf, 4)) return -1;
@ -146,9 +146,9 @@ int b58check(const void *bin, size_t binsz, HasherType hasher_type,
bool b58enc(char *b58, size_t *b58sz, const void *data, size_t binsz) { bool b58enc(char *b58, size_t *b58sz, const void *data, size_t binsz) {
const uint8_t *bin = data; const uint8_t *bin = data;
int carry; int carry = 0;
size_t i, j, high, zcount = 0; size_t i = 0, j = 0, high = 0, zcount = 0;
size_t size; size_t size = 0;
while (zcount < binsz && !bin[zcount]) ++zcount; while (zcount < binsz && !bin[zcount]) ++zcount;
@ -219,9 +219,9 @@ int base58_decode_check(const char *str, HasherType hasher_type, uint8_t *data,
#if USE_GRAPHENE #if USE_GRAPHENE
int b58gphcheck(const void *bin, size_t binsz, const char *base58str) { int b58gphcheck(const void *bin, size_t binsz, const char *base58str) {
unsigned char buf[32]; unsigned char buf[32] = {0};
const uint8_t *binc = bin; const uint8_t *binc = bin;
unsigned i; unsigned i = 0;
if (binsz < 4) return -4; if (binsz < 4) return -4;
ripemd160(bin, binsz - 4, buf); // No double SHA256, but a single RIPEMD160 ripemd160(bin, binsz - 4, buf); // No double SHA256, but a single RIPEMD160
if (memcmp(&binc[binsz - 4], buf, 4)) return -1; if (memcmp(&binc[binsz - 4], buf, 4)) return -1;

View File

@ -127,7 +127,7 @@ int hdnode_from_xprv(uint32_t depth, uint32_t child_num,
if (info == 0) { if (info == 0) {
failed = true; failed = true;
} else if (info->params) { } else if (info->params) {
bignum256 a; bignum256 a = {0};
bn_read_be(private_key, &a); bn_read_be(private_key, &a);
if (bn_is_zero(&a)) { // == 0 if (bn_is_zero(&a)) { // == 0
failed = true; failed = true;
@ -170,7 +170,7 @@ int hdnode_from_seed(const uint8_t *seed, int seed_len, const char *curve,
hmac_sha512_Final(&ctx, I); hmac_sha512_Final(&ctx, I);
if (out->curve->params) { if (out->curve->params) {
bignum256 a; bignum256 a = {0};
while (true) { while (true) {
bn_read_be(I, &a); bn_read_be(I, &a);
if (!bn_is_zero(&a) // != 0 if (!bn_is_zero(&a) // != 0
@ -192,8 +192,8 @@ int hdnode_from_seed(const uint8_t *seed, int seed_len, const char *curve,
} }
uint32_t hdnode_fingerprint(HDNode *node) { uint32_t hdnode_fingerprint(HDNode *node) {
uint8_t digest[32]; uint8_t digest[32] = {0};
uint32_t fingerprint; uint32_t fingerprint = 0;
hdnode_fill_public_key(node); hdnode_fill_public_key(node);
hasher_Raw(node->curve->hasher_pubkey, node->public_key, 33, digest); hasher_Raw(node->curve->hasher_pubkey, node->public_key, 33, digest);
@ -422,9 +422,9 @@ int hdnode_from_entropy_cardano_icarus(const uint8_t *pass, int pass_len,
int hdnode_public_ckd_cp(const ecdsa_curve *curve, const curve_point *parent, int hdnode_public_ckd_cp(const ecdsa_curve *curve, const curve_point *parent,
const uint8_t *parent_chain_code, uint32_t i, const uint8_t *parent_chain_code, uint32_t i,
curve_point *child, uint8_t *child_chain_code) { curve_point *child, uint8_t *child_chain_code) {
uint8_t data[1 + 32 + 4]; uint8_t data[(1 + 32) + 4] = {0};
uint8_t I[32 + 32]; uint8_t I[32 + 32] = {0};
bignum256 c; bignum256 c = {0};
if (i & 0x80000000) { // private derivation if (i & 0x80000000) { // private derivation
return 0; return 0;
@ -459,7 +459,7 @@ int hdnode_public_ckd_cp(const ecdsa_curve *curve, const curve_point *parent,
} }
int hdnode_public_ckd(HDNode *inout, uint32_t i) { int hdnode_public_ckd(HDNode *inout, uint32_t i) {
curve_point parent, child; curve_point parent = {0}, child = {0};
if (!ecdsa_read_pubkey(inout->curve->params, inout->public_key, &parent)) { if (!ecdsa_read_pubkey(inout->curve->params, inout->public_key, &parent)) {
return 0; return 0;
@ -487,8 +487,8 @@ void hdnode_public_ckd_address_optimized(const curve_point *pub,
HasherType hasher_pubkey, HasherType hasher_pubkey,
HasherType hasher_base58, char *addr, HasherType hasher_base58, char *addr,
int addrsize, int addrformat) { int addrsize, int addrformat) {
uint8_t child_pubkey[33]; uint8_t child_pubkey[33] = {0};
curve_point b; curve_point b = {0};
hdnode_public_ckd_cp(&secp256k1, pub, chain_code, i, &b, NULL); hdnode_public_ckd_cp(&secp256k1, pub, chain_code, i, &b, NULL);
child_pubkey[0] = 0x02 | (b.y.val[0] & 0x01); child_pubkey[0] = 0x02 | (b.y.val[0] & 0x01);
@ -544,7 +544,7 @@ int hdnode_private_ckd_cached(HDNode *inout, const uint32_t *i, size_t i_count,
private_ckd_cache_root_set = true; private_ckd_cache_root_set = true;
} else { } else {
// try to find parent // try to find parent
int j; int j = 0;
for (j = 0; j < BIP32_CACHE_SIZE; j++) { for (j = 0; j < BIP32_CACHE_SIZE; j++) {
if (private_ckd_cache[j].set && if (private_ckd_cache[j].set &&
private_ckd_cache[j].depth == i_count - 1 && private_ckd_cache[j].depth == i_count - 1 &&
@ -560,7 +560,7 @@ int hdnode_private_ckd_cached(HDNode *inout, const uint32_t *i, size_t i_count,
// else derive parent // else derive parent
if (!found) { if (!found) {
size_t k; size_t k = 0;
for (k = 0; k < i_count - 1; k++) { for (k = 0; k < i_count - 1; k++) {
if (hdnode_private_ckd(inout, i[k]) == 0) return 0; if (hdnode_private_ckd(inout, i[k]) == 0) return 0;
} }
@ -633,8 +633,8 @@ void hdnode_fill_public_key(HDNode *node) {
#if USE_ETHEREUM #if USE_ETHEREUM
int hdnode_get_ethereum_pubkeyhash(const HDNode *node, uint8_t *pubkeyhash) { int hdnode_get_ethereum_pubkeyhash(const HDNode *node, uint8_t *pubkeyhash) {
uint8_t buf[65]; uint8_t buf[65] = {0};
SHA3_CTX ctx; SHA3_CTX ctx = {0};
/* get uncompressed public key */ /* get uncompressed public key */
ecdsa_get_public_key65(node->curve->params, node->private_key, buf); ecdsa_get_public_key65(node->curve->params, node->private_key, buf);
@ -687,7 +687,7 @@ int hdnode_get_nem_shared_key(const HDNode *node,
int hdnode_nem_encrypt(const HDNode *node, const ed25519_public_key public_key, int hdnode_nem_encrypt(const HDNode *node, const ed25519_public_key public_key,
const uint8_t *iv_immut, const uint8_t *salt, const uint8_t *iv_immut, const uint8_t *salt,
const uint8_t *payload, size_t size, uint8_t *buffer) { const uint8_t *payload, size_t size, uint8_t *buffer) {
uint8_t last_block[AES_BLOCK_SIZE]; uint8_t last_block[AES_BLOCK_SIZE] = {0};
uint8_t remainder = size % AES_BLOCK_SIZE; uint8_t remainder = size % AES_BLOCK_SIZE;
// Round down to last whole block // Round down to last whole block
@ -699,15 +699,15 @@ int hdnode_nem_encrypt(const HDNode *node, const ed25519_public_key public_key,
AES_BLOCK_SIZE - remainder); AES_BLOCK_SIZE - remainder);
// the IV gets mutated, so we make a copy not to touch the original // the IV gets mutated, so we make a copy not to touch the original
uint8_t iv[AES_BLOCK_SIZE]; uint8_t iv[AES_BLOCK_SIZE] = {0};
memcpy(iv, iv_immut, AES_BLOCK_SIZE); memcpy(iv, iv_immut, AES_BLOCK_SIZE);
uint8_t shared_key[SHA3_256_DIGEST_LENGTH]; uint8_t shared_key[SHA3_256_DIGEST_LENGTH] = {0};
if (!hdnode_get_nem_shared_key(node, public_key, salt, NULL, shared_key)) { if (!hdnode_get_nem_shared_key(node, public_key, salt, NULL, shared_key)) {
return 0; return 0;
} }
aes_encrypt_ctx ctx; aes_encrypt_ctx ctx = {0};
int ret = aes_encrypt_key256(shared_key, &ctx); int ret = aes_encrypt_key256(shared_key, &ctx);
memzero(shared_key, sizeof(shared_key)); memzero(shared_key, sizeof(shared_key));
@ -731,13 +731,13 @@ int hdnode_nem_encrypt(const HDNode *node, const ed25519_public_key public_key,
int hdnode_nem_decrypt(const HDNode *node, const ed25519_public_key public_key, int hdnode_nem_decrypt(const HDNode *node, const ed25519_public_key public_key,
uint8_t *iv, const uint8_t *salt, const uint8_t *payload, uint8_t *iv, const uint8_t *salt, const uint8_t *payload,
size_t size, uint8_t *buffer) { size_t size, uint8_t *buffer) {
uint8_t shared_key[SHA3_256_DIGEST_LENGTH]; uint8_t shared_key[SHA3_256_DIGEST_LENGTH] = {0};
if (!hdnode_get_nem_shared_key(node, public_key, salt, NULL, shared_key)) { if (!hdnode_get_nem_shared_key(node, public_key, salt, NULL, shared_key)) {
return 0; return 0;
} }
aes_decrypt_ctx ctx; aes_decrypt_ctx ctx = {0};
int ret = aes_decrypt_key256(shared_key, &ctx); int ret = aes_decrypt_key256(shared_key, &ctx);
memzero(shared_key, sizeof(shared_key)); memzero(shared_key, sizeof(shared_key));
@ -822,7 +822,7 @@ int hdnode_get_shared_key(const HDNode *node, const uint8_t *peer_public_key,
static int hdnode_serialize(const HDNode *node, uint32_t fingerprint, static int hdnode_serialize(const HDNode *node, uint32_t fingerprint,
uint32_t version, char use_public, char *str, uint32_t version, char use_public, char *str,
int strsize) { int strsize) {
uint8_t node_data[78]; uint8_t node_data[78] = {0};
write_be(node_data, version); write_be(node_data, version);
node_data[4] = node->depth; node_data[4] = node->depth;
write_be(node_data + 5, fingerprint); write_be(node_data + 5, fingerprint);
@ -854,7 +854,7 @@ int hdnode_serialize_private(const HDNode *node, uint32_t fingerprint,
int hdnode_deserialize(const char *str, uint32_t version_public, int hdnode_deserialize(const char *str, uint32_t version_public,
uint32_t version_private, const char *curve, uint32_t version_private, const char *curve,
HDNode *node, uint32_t *fingerprint) { HDNode *node, uint32_t *fingerprint) {
uint8_t node_data[78]; uint8_t node_data[78] = {0};
memzero(node, sizeof(HDNode)); memzero(node, sizeof(HDNode));
node->curve = get_curve_by_name(curve); node->curve = get_curve_by_name(curve);
if (base58_decode_check(str, node->curve->hasher_base58, node_data, if (base58_decode_check(str, node->curve->hasher_base58, node_data,

View File

@ -50,7 +50,7 @@ const char *mnemonic_generate(int strength) {
if (strength % 32 || strength < 128 || strength > 256) { if (strength % 32 || strength < 128 || strength > 256) {
return 0; return 0;
} }
uint8_t data[32]; uint8_t data[32] = {0};
random_buffer(data, 32); random_buffer(data, 32);
const char *r = mnemonic_from_data(data, strength / 8); const char *r = mnemonic_from_data(data, strength / 8);
memzero(data, sizeof(data)); memzero(data, sizeof(data));
@ -64,7 +64,7 @@ const char *mnemonic_from_data(const uint8_t *data, int len) {
return 0; return 0;
} }
uint8_t bits[32 + 1]; uint8_t bits[32 + 1] = {0};
sha256_Raw(data, len, bits); sha256_Raw(data, len, bits);
// checksum // checksum
@ -74,7 +74,7 @@ const char *mnemonic_from_data(const uint8_t *data, int len) {
int mlen = len * 3 / 4; int mlen = len * 3 / 4;
int i, j, idx; int i = 0, j = 0, idx = 0;
char *p = mnemo; char *p = mnemo;
for (i = 0; i < mlen; i++) { for (i = 0; i < mlen; i++) {
idx = 0; idx = 0;
@ -114,9 +114,9 @@ int mnemonic_to_entropy(const char *mnemonic, uint8_t *entropy) {
return 0; return 0;
} }
char current_word[10]; char current_word[10] = {0};
uint32_t j, k, ki, bi = 0; uint32_t j = 0, k = 0, ki = 0, bi = 0;
uint8_t bits[32 + 1]; uint8_t bits[32 + 1] = {0};
memzero(bits, sizeof(bits)); memzero(bits, sizeof(bits));
i = 0; i = 0;
@ -159,7 +159,7 @@ int mnemonic_to_entropy(const char *mnemonic, uint8_t *entropy) {
} }
int mnemonic_check(const char *mnemonic) { int mnemonic_check(const char *mnemonic) {
uint8_t bits[32 + 1]; uint8_t bits[32 + 1] = {0};
int seed_len = mnemonic_to_entropy(mnemonic, bits); int seed_len = mnemonic_to_entropy(mnemonic, bits);
if (seed_len != (12 * 11) && seed_len != (18 * 11) && seed_len != (24 * 11)) { if (seed_len != (12 * 11) && seed_len != (18 * 11) && seed_len != (24 * 11)) {
return 0; return 0;
@ -198,7 +198,7 @@ void mnemonic_to_seed(const char *mnemonic, const char *passphrase,
} }
} }
#endif #endif
uint8_t salt[8 + 256]; uint8_t salt[8 + 256] = {0};
memcpy(salt, "mnemonic", 8); memcpy(salt, "mnemonic", 8);
memcpy(salt + 8, passphrase, passphraselen); memcpy(salt + 8, passphrase, passphraselen);
static CONFIDENTIAL PBKDF2_HMAC_SHA512_CTX pctx; static CONFIDENTIAL PBKDF2_HMAC_SHA512_CTX pctx;

View File

@ -64,7 +64,7 @@ static const uint8_t padding[129] =
static void blake256_compress( BLAKE256_CTX *S, const uint8_t *block ) static void blake256_compress( BLAKE256_CTX *S, const uint8_t *block )
{ {
uint32_t v[16], m[16], i; uint32_t v[16] = {0}, m[16] = {0}, i = 0;
#define ROT(x,n) (((x)<<(32-n))|( (x)>>(n))) #define ROT(x,n) (((x)<<(32-n))|( (x)>>(n)))
#define G(a,b,c,d,e) \ #define G(a,b,c,d,e) \
v[a] += (m[sigma[i][e]] ^ u256[sigma[i][e+1]]) + v[b]; \ v[a] += (m[sigma[i][e]] ^ u256[sigma[i][e+1]]) + v[b]; \
@ -177,7 +177,7 @@ void blake256_Update( BLAKE256_CTX *S, const uint8_t *in, size_t inlen )
void blake256_Final( BLAKE256_CTX *S, uint8_t *out ) void blake256_Final( BLAKE256_CTX *S, uint8_t *out )
{ {
uint8_t msglen[8], zo = 0x01, oo = 0x81; uint8_t msglen[8] = {0}, zo = 0x01, oo = 0x81;
uint32_t lo = S->t[0] + ( S->buflen << 3 ), hi = S->t[1]; uint32_t lo = S->t[0] + ( S->buflen << 3 ), hi = S->t[1];
/* support for hashing more than 2^32 bits */ /* support for hashing more than 2^32 bits */
@ -228,7 +228,7 @@ void blake256_Final( BLAKE256_CTX *S, uint8_t *out )
void blake256( const uint8_t *in, size_t inlen, uint8_t *out ) void blake256( const uint8_t *in, size_t inlen, uint8_t *out )
{ {
BLAKE256_CTX S; BLAKE256_CTX S = {0};
blake256_Init( &S ); blake256_Init( &S );
blake256_Update( &S, in, inlen ); blake256_Update( &S, in, inlen );
blake256_Final( &S, out ); blake256_Final( &S, out );

View File

@ -86,7 +86,7 @@ static void blake2b_increment_counter( blake2b_state *S, const uint64_t inc )
static void blake2b_init0( blake2b_state *S ) static void blake2b_init0( blake2b_state *S )
{ {
size_t i; size_t i = 0;
memzero( S, sizeof( blake2b_state ) ); memzero( S, sizeof( blake2b_state ) );
for( i = 0; i < 8; ++i ) S->h[i] = blake2b_IV[i]; for( i = 0; i < 8; ++i ) S->h[i] = blake2b_IV[i];
@ -96,7 +96,7 @@ static void blake2b_init0( blake2b_state *S )
int blake2b_init_param( blake2b_state *S, const blake2b_param *P ) int blake2b_init_param( blake2b_state *S, const blake2b_param *P )
{ {
const uint8_t *p = ( const uint8_t * )( P ); const uint8_t *p = ( const uint8_t * )( P );
size_t i; size_t i = 0;
blake2b_init0( S ); blake2b_init0( S );
@ -112,7 +112,7 @@ int blake2b_init_param( blake2b_state *S, const blake2b_param *P )
/* Sequential blake2b initialization */ /* Sequential blake2b initialization */
int blake2b_Init( blake2b_state *S, size_t outlen ) int blake2b_Init( blake2b_state *S, size_t outlen )
{ {
blake2b_param P[1]; blake2b_param P[1] = {0};
if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1; if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1;
@ -133,7 +133,7 @@ int blake2b_Init( blake2b_state *S, size_t outlen )
int blake2b_InitPersonal( blake2b_state *S, size_t outlen, const void *personal, size_t personal_len) int blake2b_InitPersonal( blake2b_state *S, size_t outlen, const void *personal, size_t personal_len)
{ {
blake2b_param P[1]; blake2b_param P[1] = {0};
if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1; if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1;
if ( ( !personal ) || ( personal_len != BLAKE2B_PERSONALBYTES ) ) return -1; if ( ( !personal ) || ( personal_len != BLAKE2B_PERSONALBYTES ) ) return -1;
@ -155,7 +155,7 @@ int blake2b_InitPersonal( blake2b_state *S, size_t outlen, const void *personal,
int blake2b_InitKey( blake2b_state *S, size_t outlen, const void *key, size_t keylen ) int blake2b_InitKey( blake2b_state *S, size_t outlen, const void *key, size_t keylen )
{ {
blake2b_param P[1]; blake2b_param P[1] = {0};
if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1; if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1;
@ -177,7 +177,7 @@ int blake2b_InitKey( blake2b_state *S, size_t outlen, const void *key, size_t ke
if( blake2b_init_param( S, P ) < 0 ) return -1; if( blake2b_init_param( S, P ) < 0 ) return -1;
{ {
uint8_t block[BLAKE2B_BLOCKBYTES]; uint8_t block[BLAKE2B_BLOCKBYTES] = {0};
memzero( block, BLAKE2B_BLOCKBYTES ); memzero( block, BLAKE2B_BLOCKBYTES );
memcpy( block, key, keylen ); memcpy( block, key, keylen );
blake2b_Update( S, block, BLAKE2B_BLOCKBYTES ); blake2b_Update( S, block, BLAKE2B_BLOCKBYTES );
@ -212,9 +212,9 @@ int blake2b_InitKey( blake2b_state *S, size_t outlen, const void *key, size_t ke
static void blake2b_compress( blake2b_state *S, const uint8_t block[BLAKE2B_BLOCKBYTES] ) static void blake2b_compress( blake2b_state *S, const uint8_t block[BLAKE2B_BLOCKBYTES] )
{ {
uint64_t m[16]; uint64_t m[16] = {0};
uint64_t v[16]; uint64_t v[16] = {0};
size_t i; size_t i = 0;
for( i = 0; i < 16; ++i ) { for( i = 0; i < 16; ++i ) {
m[i] = load64( block + i * sizeof( m[i] ) ); m[i] = load64( block + i * sizeof( m[i] ) );
@ -284,7 +284,7 @@ int blake2b_Update( blake2b_state *S, const void *pin, size_t inlen )
int blake2b_Final( blake2b_state *S, void *out, size_t outlen ) int blake2b_Final( blake2b_state *S, void *out, size_t outlen )
{ {
uint8_t buffer[BLAKE2B_OUTBYTES] = {0}; uint8_t buffer[BLAKE2B_OUTBYTES] = {0};
size_t i; size_t i = 0;
if( out == NULL || outlen < S->outlen ) if( out == NULL || outlen < S->outlen )
return -1; return -1;

View File

@ -81,7 +81,7 @@ static void blake2s_increment_counter( blake2s_state *S, const uint32_t inc )
static void blake2s_init0( blake2s_state *S ) static void blake2s_init0( blake2s_state *S )
{ {
size_t i; size_t i = 0;
memzero( S, sizeof( blake2s_state ) ); memzero( S, sizeof( blake2s_state ) );
for( i = 0; i < 8; ++i ) S->h[i] = blake2s_IV[i]; for( i = 0; i < 8; ++i ) S->h[i] = blake2s_IV[i];
@ -91,7 +91,7 @@ static void blake2s_init0( blake2s_state *S )
int blake2s_init_param( blake2s_state *S, const blake2s_param *P ) int blake2s_init_param( blake2s_state *S, const blake2s_param *P )
{ {
const unsigned char *p = ( const unsigned char * )( P ); const unsigned char *p = ( const unsigned char * )( P );
size_t i; size_t i = 0;
blake2s_init0( S ); blake2s_init0( S );
@ -107,7 +107,7 @@ int blake2s_init_param( blake2s_state *S, const blake2s_param *P )
/* Sequential blake2s initialization */ /* Sequential blake2s initialization */
int blake2s_Init( blake2s_state *S, size_t outlen ) int blake2s_Init( blake2s_state *S, size_t outlen )
{ {
blake2s_param P[1]; blake2s_param P[1] = {0};
if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1; if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1;
@ -128,7 +128,7 @@ int blake2s_Init( blake2s_state *S, size_t outlen )
int blake2s_InitPersonal( blake2s_state *S, size_t outlen, const void *personal, size_t personal_len) int blake2s_InitPersonal( blake2s_state *S, size_t outlen, const void *personal, size_t personal_len)
{ {
blake2s_param P[1]; blake2s_param P[1] = {0};
if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1; if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1;
if ( ( !personal ) || ( personal_len != BLAKE2S_PERSONALBYTES ) ) return -1; if ( ( !personal ) || ( personal_len != BLAKE2S_PERSONALBYTES ) ) return -1;
@ -151,7 +151,7 @@ int blake2s_InitPersonal( blake2s_state *S, size_t outlen, const void *personal,
int blake2s_InitKey( blake2s_state *S, size_t outlen, const void *key, size_t keylen ) int blake2s_InitKey( blake2s_state *S, size_t outlen, const void *key, size_t keylen )
{ {
blake2s_param P[1]; blake2s_param P[1] = {0};
if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1; if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1;
@ -173,7 +173,7 @@ int blake2s_InitKey( blake2s_state *S, size_t outlen, const void *key, size_t ke
if( blake2s_init_param( S, P ) < 0 ) return -1; if( blake2s_init_param( S, P ) < 0 ) return -1;
{ {
uint8_t block[BLAKE2S_BLOCKBYTES]; uint8_t block[BLAKE2S_BLOCKBYTES] = {0};
memzero( block, BLAKE2S_BLOCKBYTES ); memzero( block, BLAKE2S_BLOCKBYTES );
memcpy( block, key, keylen ); memcpy( block, key, keylen );
blake2s_Update( S, block, BLAKE2S_BLOCKBYTES ); blake2s_Update( S, block, BLAKE2S_BLOCKBYTES );
@ -208,9 +208,9 @@ int blake2s_InitKey( blake2s_state *S, size_t outlen, const void *key, size_t ke
static void blake2s_compress( blake2s_state *S, const uint8_t in[BLAKE2S_BLOCKBYTES] ) static void blake2s_compress( blake2s_state *S, const uint8_t in[BLAKE2S_BLOCKBYTES] )
{ {
uint32_t m[16]; uint32_t m[16] = {0};
uint32_t v[16]; uint32_t v[16] = {0};
size_t i; size_t i = 0;
for( i = 0; i < 16; ++i ) { for( i = 0; i < 16; ++i ) {
m[i] = load32( in + i * sizeof( m[i] ) ); m[i] = load32( in + i * sizeof( m[i] ) );
@ -278,7 +278,7 @@ int blake2s_Update( blake2s_state *S, const void *pin, size_t inlen )
int blake2s_Final( blake2s_state *S, void *out, size_t outlen ) int blake2s_Final( blake2s_state *S, void *out, size_t outlen )
{ {
uint8_t buffer[BLAKE2S_OUTBYTES] = {0}; uint8_t buffer[BLAKE2S_OUTBYTES] = {0};
size_t i; size_t i = 0;
if( out == NULL || outlen < S->outlen ) if( out == NULL || outlen < S->outlen )
return -1; return -1;

View File

@ -87,9 +87,9 @@ int cash_encode(char* output, const char* hrp, const uint8_t* data,
int cash_decode(char* hrp, uint8_t* data, size_t* data_len, const char* input) { int cash_decode(char* hrp, uint8_t* data, size_t* data_len, const char* input) {
uint64_t chk = 1; uint64_t chk = 1;
size_t i; size_t i = 0;
size_t input_len = strlen(input); size_t input_len = strlen(input);
size_t hrp_len; size_t hrp_len = 0;
int have_lower = 0, have_upper = 0; int have_lower = 0, have_upper = 0;
if (input_len < CHECKSUM_SIZE || input_len > MAX_CASHADDR_SIZE) { if (input_len < CHECKSUM_SIZE || input_len > MAX_CASHADDR_SIZE) {
return 0; return 0;
@ -167,7 +167,7 @@ static int convert_bits(uint8_t* out, size_t* outlen, int outbits,
int cash_addr_encode(char* output, const char* hrp, const uint8_t* data, int cash_addr_encode(char* output, const char* hrp, const uint8_t* data,
size_t data_len) { size_t data_len) {
uint8_t base32[MAX_BASE32_SIZE]; uint8_t base32[MAX_BASE32_SIZE] = {0};
size_t base32len = 0; size_t base32len = 0;
if (data_len < 2 || data_len > MAX_DATA_SIZE) return 0; if (data_len < 2 || data_len > MAX_DATA_SIZE) return 0;
convert_bits(base32, &base32len, 5, data, data_len, 8, 1); convert_bits(base32, &base32len, 5, data, data_len, 8, 1);
@ -176,9 +176,9 @@ int cash_addr_encode(char* output, const char* hrp, const uint8_t* data,
int cash_addr_decode(uint8_t* witdata, size_t* witdata_len, const char* hrp, int cash_addr_decode(uint8_t* witdata, size_t* witdata_len, const char* hrp,
const char* addr) { const char* addr) {
uint8_t data[MAX_BASE32_SIZE]; uint8_t data[MAX_BASE32_SIZE] = {0};
char hrp_actual[MAX_HRP_SIZE + 1]; char hrp_actual[MAX_HRP_SIZE + 1] = {0};
size_t data_len; size_t data_len = 0;
if (!cash_decode(hrp_actual, data, &data_len, addr)) return 0; if (!cash_decode(hrp_actual, data, &data_len, addr)) return 0;
if (data_len == 0 || data_len > MAX_BASE32_SIZE) return 0; if (data_len == 0 || data_len > MAX_BASE32_SIZE) return 0;
if (strncmp(hrp, hrp_actual, MAX_HRP_SIZE + 1) != 0) return 0; if (strncmp(hrp, hrp_actual, MAX_HRP_SIZE + 1) != 0) return 0;

View File

@ -13,7 +13,7 @@ void hchacha20(ECRYPT_ctx *x,u8 *c);
void xchacha20poly1305_init(chacha20poly1305_ctx *ctx, const uint8_t key[32], const uint8_t nonce[24]) { void xchacha20poly1305_init(chacha20poly1305_ctx *ctx, const uint8_t key[32], const uint8_t nonce[24]) {
unsigned char subkey[32] = {0}; unsigned char subkey[32] = {0};
unsigned char block0[64] = {0}; unsigned char block0[64] = {0};
ECRYPT_ctx tmp; ECRYPT_ctx tmp = {0};
// Generate the Chacha20 key by applying HChaCha20 to the // Generate the Chacha20 key by applying HChaCha20 to the
// original key and the first 16 bytes of the nonce. // original key and the first 16 bytes of the nonce.

View File

@ -29,7 +29,7 @@ static const char tau[16] = "expand 16-byte k";
void ECRYPT_keysetup(ECRYPT_ctx *x,const u8 *k,u32 kbits,u32 ivbits) void ECRYPT_keysetup(ECRYPT_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
{ {
(void)ivbits; (void)ivbits;
const char *constants; const char *constants = NULL;
x->input[4] = U8TO32_LITTLE(k + 0); x->input[4] = U8TO32_LITTLE(k + 0);
x->input[5] = U8TO32_LITTLE(k + 4); x->input[5] = U8TO32_LITTLE(k + 4);
@ -61,11 +61,11 @@ void ECRYPT_ivsetup(ECRYPT_ctx *x,const u8 *iv)
void ECRYPT_encrypt_bytes(ECRYPT_ctx *x,const u8 *m,u8 *c,u32 bytes) void ECRYPT_encrypt_bytes(ECRYPT_ctx *x,const u8 *m,u8 *c,u32 bytes)
{ {
u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; u32 x0 = 0, x1 = 0, x2 = 0, x3 = 0, x4 = 0, x5 = 0, x6 = 0, x7 = 0, x8 = 0, x9 = 0, x10 = 0, x11 = 0, x12 = 0, x13 = 0, x14 = 0, x15 = 0;
u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; u32 j0 = 0, j1 = 0, j2 = 0, j3 = 0, j4 = 0, j5 = 0, j6 = 0, j7 = 0, j8 = 0, j9 = 0, j10 = 0, j11 = 0, j12 = 0, j13 = 0, j14 = 0, j15 = 0;
u8 *ctarget = 0; u8 *ctarget = 0;
u8 tmp[64]; u8 tmp[64] = {0};
int i; int i = 0;
if (!bytes) return; if (!bytes) return;
@ -197,15 +197,15 @@ void ECRYPT_decrypt_bytes(ECRYPT_ctx *x,const u8 *c,u8 *m,u32 bytes)
void ECRYPT_keystream_bytes(ECRYPT_ctx *x,u8 *stream,u32 bytes) void ECRYPT_keystream_bytes(ECRYPT_ctx *x,u8 *stream,u32 bytes)
{ {
u32 i; u32 i = 0;
for (i = 0;i < bytes;++i) stream[i] = 0; for (i = 0;i < bytes;++i) stream[i] = 0;
ECRYPT_encrypt_bytes(x,stream,stream,bytes); ECRYPT_encrypt_bytes(x,stream,stream,bytes);
} }
void hchacha20(ECRYPT_ctx *x,u8 *c) void hchacha20(ECRYPT_ctx *x,u8 *c)
{ {
u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; u32 x0 = 0, x1 = 0, x2 = 0, x3 = 0, x4 = 0, x5 = 0, x6 = 0, x7 = 0, x8 = 0, x9 = 0, x10 = 0, x11 = 0, x12 = 0, x13 = 0, x14 = 0, x15 = 0;
int i; int i = 0;
x0 = x->input[0]; x0 = x->input[0];
x1 = x->input[1]; x1 = x->input[1];

View File

@ -4,7 +4,7 @@
void void
poly1305_update(poly1305_context *ctx, const unsigned char *m, size_t bytes) { poly1305_update(poly1305_context *ctx, const unsigned char *m, size_t bytes) {
poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx; poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx;
size_t i; size_t i = 0;
/* handle leftover */ /* handle leftover */
if (st->leftover) { if (st->leftover) {
@ -40,7 +40,7 @@ poly1305_update(poly1305_context *ctx, const unsigned char *m, size_t bytes) {
void void
poly1305_auth(unsigned char mac[16], const unsigned char *m, size_t bytes, const unsigned char key[32]) { poly1305_auth(unsigned char mac[16], const unsigned char *m, size_t bytes, const unsigned char key[32]) {
poly1305_context ctx; poly1305_context ctx = {0};
poly1305_init(&ctx, key); poly1305_init(&ctx, key);
poly1305_update(&ctx, m, bytes); poly1305_update(&ctx, m, bytes);
poly1305_finish(&ctx, mac); poly1305_finish(&ctx, mac);
@ -48,7 +48,7 @@ poly1305_auth(unsigned char mac[16], const unsigned char *m, size_t bytes, const
int int
poly1305_verify(const unsigned char mac1[16], const unsigned char mac2[16]) { poly1305_verify(const unsigned char mac1[16], const unsigned char mac2[16]) {
size_t i; size_t i = 0;
unsigned int dif = 0; unsigned int dif = 0;
for (i = 0; i < 16; i++) for (i = 0; i < 16; i++)
dif |= (mac1[i] ^ mac2[i]); dif |= (mac1[i] ^ mac2[i]);
@ -127,12 +127,12 @@ poly1305_power_on_self_test(void) {
0xd2,0x87,0xf9,0x7c,0x44,0x62,0x3d,0x39 0xd2,0x87,0xf9,0x7c,0x44,0x62,0x3d,0x39
}; };
poly1305_context ctx; poly1305_context ctx = {0};
poly1305_context total_ctx; poly1305_context total_ctx = {0};
unsigned char all_key[32]; unsigned char all_key[32] = {0};
unsigned char all_msg[256]; unsigned char all_msg[256] = {0};
unsigned char mac[16]; unsigned char mac[16] = {0};
size_t i, j; size_t i = 0, j = 0;
int result = 1; int result = 1;
for (i = 0; i < sizeof(mac); i++) for (i = 0; i < sizeof(mac); i++)

View File

@ -43,7 +43,7 @@ void point_copy(const curve_point *cp1, curve_point *cp2) { *cp2 = *cp1; }
// cp2 = cp1 + cp2 // cp2 = cp1 + cp2
void point_add(const ecdsa_curve *curve, const curve_point *cp1, void point_add(const ecdsa_curve *curve, const curve_point *cp1,
curve_point *cp2) { curve_point *cp2) {
bignum256 lambda, inv, xr, yr; bignum256 lambda = {0}, inv = {0}, xr = {0}, yr = {0};
if (point_is_infinity(cp1)) { if (point_is_infinity(cp1)) {
return; return;
@ -88,7 +88,7 @@ void point_add(const ecdsa_curve *curve, const curve_point *cp1,
// cp = cp + cp // cp = cp + cp
void point_double(const ecdsa_curve *curve, curve_point *cp) { void point_double(const ecdsa_curve *curve, curve_point *cp) {
bignum256 lambda, xr, yr; bignum256 lambda = {0}, xr = {0}, yr = {0};
if (point_is_infinity(cp)) { if (point_is_infinity(cp)) {
return; return;
@ -165,7 +165,7 @@ int point_is_negative_of(const curve_point *p, const curve_point *q) {
// Negate a (modulo prime) if cond is 0xffffffff, keep it if cond is 0. // Negate a (modulo prime) if cond is 0xffffffff, keep it if cond is 0.
// The timing of this function does not depend on cond. // The timing of this function does not depend on cond.
void conditional_negate(uint32_t cond, bignum256 *a, const bignum256 *prime) { void conditional_negate(uint32_t cond, bignum256 *a, const bignum256 *prime) {
int j; int j = 0;
uint32_t tmp = 1; uint32_t tmp = 1;
assert(a->val[8] < 0x20000); assert(a->val[8] < 0x20000);
for (j = 0; j < 8; j++) { for (j = 0; j < 8; j++) {
@ -185,7 +185,7 @@ typedef struct jacobian_curve_point {
// generate random K for signing/side-channel noise // generate random K for signing/side-channel noise
static void generate_k_random(bignum256 *k, const bignum256 *prime) { static void generate_k_random(bignum256 *k, const bignum256 *prime) {
do { do {
int i; int i = 0;
for (i = 0; i < 8; i++) { for (i = 0; i < 8; i++) {
k->val[i] = random32() & 0x3FFFFFFF; k->val[i] = random32() & 0x3FFFFFFF;
} }
@ -230,10 +230,10 @@ void jacobian_to_curve(const jacobian_curve_point *jp, curve_point *p,
void point_jacobian_add(const curve_point *p1, jacobian_curve_point *p2, void point_jacobian_add(const curve_point *p1, jacobian_curve_point *p2,
const ecdsa_curve *curve) { const ecdsa_curve *curve) {
bignum256 r, h, r2; bignum256 r = {0}, h = {0}, r2 = {0};
bignum256 hcby, hsqx; bignum256 hcby = {0}, hsqx = {0};
bignum256 xz, yz, az; bignum256 xz = {0}, yz = {0}, az = {0};
int is_doubling; int is_doubling = 0;
const bignum256 *prime = &curve->prime; const bignum256 *prime = &curve->prime;
int a = curve->a; int a = curve->a;
@ -348,7 +348,7 @@ void point_jacobian_add(const curve_point *p1, jacobian_curve_point *p2,
} }
void point_jacobian_double(jacobian_curve_point *p, const ecdsa_curve *curve) { void point_jacobian_double(jacobian_curve_point *p, const ecdsa_curve *curve) {
bignum256 az4, m, msq, ysq, xysq; bignum256 az4 = {0}, m = {0}, msq = {0}, ysq = {0}, xysq = {0};
const bignum256 *prime = &curve->prime; const bignum256 *prime = &curve->prime;
assert(-3 <= curve->a && curve->a <= 0); assert(-3 <= curve->a && curve->a <= 0);
@ -424,15 +424,15 @@ void point_multiply(const ecdsa_curve *curve, const bignum256 *k,
// Side Channel Attacks. // Side Channel Attacks.
assert(bn_is_less(k, &curve->order)); assert(bn_is_less(k, &curve->order));
int i, j; int i = 0, j = 0;
static CONFIDENTIAL bignum256 a; static CONFIDENTIAL bignum256 a;
uint32_t *aptr; uint32_t *aptr = NULL;
uint32_t abits; uint32_t abits = 0;
int ashift; int ashift = 0;
uint32_t is_even = (k->val[0] & 1) - 1; uint32_t is_even = (k->val[0] & 1) - 1;
uint32_t bits, sign, nsign; uint32_t bits = {0}, sign = {0}, nsign = {0};
static CONFIDENTIAL jacobian_curve_point jres; static CONFIDENTIAL jacobian_curve_point jres;
curve_point pmult[8]; curve_point pmult[8] = {0};
const bignum256 *prime = &curve->prime; const bignum256 *prime = &curve->prime;
// is_even = 0xffffffff if k is even, 0 otherwise. // is_even = 0xffffffff if k is even, 0 otherwise.
@ -545,10 +545,10 @@ void scalar_multiply(const ecdsa_curve *curve, const bignum256 *k,
curve_point *res) { curve_point *res) {
assert(bn_is_less(k, &curve->order)); assert(bn_is_less(k, &curve->order));
int i, j; int i = {0}, j = {0};
static CONFIDENTIAL bignum256 a; static CONFIDENTIAL bignum256 a;
uint32_t is_even = (k->val[0] & 1) - 1; uint32_t is_even = (k->val[0] & 1) - 1;
uint32_t lowbits; uint32_t lowbits = 0;
static CONFIDENTIAL jacobian_curve_point jres; static CONFIDENTIAL jacobian_curve_point jres;
const bignum256 *prime = &curve->prime; const bignum256 *prime = &curve->prime;
@ -636,12 +636,12 @@ void scalar_multiply(const ecdsa_curve *curve, const bignum256 *k,
int ecdh_multiply(const ecdsa_curve *curve, const uint8_t *priv_key, int ecdh_multiply(const ecdsa_curve *curve, const uint8_t *priv_key,
const uint8_t *pub_key, uint8_t *session_key) { const uint8_t *pub_key, uint8_t *session_key) {
curve_point point; curve_point point = {0};
if (!ecdsa_read_pubkey(curve, pub_key, &point)) { if (!ecdsa_read_pubkey(curve, pub_key, &point)) {
return 1; return 1;
} }
bignum256 k; bignum256 k = {0};
bn_read_be(priv_key, &k); bn_read_be(priv_key, &k);
point_multiply(curve, &k, &point, &point); point_multiply(curve, &k, &point, &point);
memzero(&k, sizeof(k)); memzero(&k, sizeof(k));
@ -660,7 +660,7 @@ int ecdsa_sign(const ecdsa_curve *curve, HasherType hasher_sign,
const uint8_t *priv_key, const uint8_t *msg, uint32_t msg_len, const uint8_t *priv_key, const uint8_t *msg, uint32_t msg_len,
uint8_t *sig, uint8_t *pby, uint8_t *sig, uint8_t *pby,
int (*is_canonical)(uint8_t by, uint8_t sig[64])) { int (*is_canonical)(uint8_t by, uint8_t sig[64])) {
uint8_t hash[32]; uint8_t hash[32] = {0};
hasher_Raw(hasher_sign, msg, msg_len, hash); hasher_Raw(hasher_sign, msg, msg_len, hash);
int res = ecdsa_sign_digest(curve, priv_key, hash, sig, pby, is_canonical); int res = ecdsa_sign_digest(curve, priv_key, hash, sig, pby, is_canonical);
memzero(hash, sizeof(hash)); memzero(hash, sizeof(hash));
@ -676,14 +676,14 @@ int ecdsa_sign(const ecdsa_curve *curve, HasherType hasher_sign,
int ecdsa_sign_digest(const ecdsa_curve *curve, const uint8_t *priv_key, int ecdsa_sign_digest(const ecdsa_curve *curve, const uint8_t *priv_key,
const uint8_t *digest, uint8_t *sig, uint8_t *pby, const uint8_t *digest, uint8_t *sig, uint8_t *pby,
int (*is_canonical)(uint8_t by, uint8_t sig[64])) { int (*is_canonical)(uint8_t by, uint8_t sig[64])) {
int i; int i = 0;
curve_point R; curve_point R = {0};
bignum256 k, z, randk; bignum256 k = {0}, z = {0}, randk = {0};
bignum256 *s = &R.y; bignum256 *s = &R.y;
uint8_t by; // signature recovery byte uint8_t by; // signature recovery byte
#if USE_RFC6979 #if USE_RFC6979
rfc6979_state rng; rfc6979_state rng = {0};
init_rfc6979(priv_key, digest, &rng); init_rfc6979(priv_key, digest, &rng);
#endif #endif
@ -768,8 +768,8 @@ int ecdsa_sign_digest(const ecdsa_curve *curve, const uint8_t *priv_key,
void ecdsa_get_public_key33(const ecdsa_curve *curve, const uint8_t *priv_key, void ecdsa_get_public_key33(const ecdsa_curve *curve, const uint8_t *priv_key,
uint8_t *pub_key) { uint8_t *pub_key) {
curve_point R; curve_point R = {0};
bignum256 k; bignum256 k = {0};
bn_read_be(priv_key, &k); bn_read_be(priv_key, &k);
// compute k*G // compute k*G
@ -782,8 +782,8 @@ void ecdsa_get_public_key33(const ecdsa_curve *curve, const uint8_t *priv_key,
void ecdsa_get_public_key65(const ecdsa_curve *curve, const uint8_t *priv_key, void ecdsa_get_public_key65(const ecdsa_curve *curve, const uint8_t *priv_key,
uint8_t *pub_key) { uint8_t *pub_key) {
curve_point R; curve_point R = {0};
bignum256 k; bignum256 k = {0};
bn_read_be(priv_key, &k); bn_read_be(priv_key, &k);
// compute k*G // compute k*G
@ -797,7 +797,7 @@ void ecdsa_get_public_key65(const ecdsa_curve *curve, const uint8_t *priv_key,
int ecdsa_uncompress_pubkey(const ecdsa_curve *curve, const uint8_t *pub_key, int ecdsa_uncompress_pubkey(const ecdsa_curve *curve, const uint8_t *pub_key,
uint8_t *uncompressed) { uint8_t *uncompressed) {
curve_point pub; curve_point pub = {0};
if (!ecdsa_read_pubkey(curve, pub_key, &pub)) { if (!ecdsa_read_pubkey(curve, pub_key, &pub)) {
return 0; return 0;
@ -812,7 +812,7 @@ int ecdsa_uncompress_pubkey(const ecdsa_curve *curve, const uint8_t *pub_key,
void ecdsa_get_pubkeyhash(const uint8_t *pub_key, HasherType hasher_pubkey, void ecdsa_get_pubkeyhash(const uint8_t *pub_key, HasherType hasher_pubkey,
uint8_t *pubkeyhash) { uint8_t *pubkeyhash) {
uint8_t h[HASHER_DIGEST_LENGTH]; uint8_t h[HASHER_DIGEST_LENGTH] = {0};
if (pub_key[0] == 0x04) { // uncompressed format if (pub_key[0] == 0x04) { // uncompressed format
hasher_Raw(hasher_pubkey, pub_key, 65, h); hasher_Raw(hasher_pubkey, pub_key, 65, h);
} else if (pub_key[0] == 0x00) { // point at infinity } else if (pub_key[0] == 0x00) { // point at infinity
@ -834,7 +834,7 @@ void ecdsa_get_address_raw(const uint8_t *pub_key, uint32_t version,
void ecdsa_get_address(const uint8_t *pub_key, uint32_t version, void ecdsa_get_address(const uint8_t *pub_key, uint32_t version,
HasherType hasher_pubkey, HasherType hasher_base58, HasherType hasher_pubkey, HasherType hasher_base58,
char *addr, int addrsize) { char *addr, int addrsize) {
uint8_t raw[MAX_ADDR_RAW_SIZE]; uint8_t raw[MAX_ADDR_RAW_SIZE] = {0};
size_t prefix_len = address_prefix_bytes_len(version); size_t prefix_len = address_prefix_bytes_len(version);
ecdsa_get_address_raw(pub_key, version, hasher_pubkey, raw); ecdsa_get_address_raw(pub_key, version, hasher_pubkey, raw);
base58_encode_check(raw, 20 + prefix_len, hasher_base58, addr, addrsize); base58_encode_check(raw, 20 + prefix_len, hasher_base58, addr, addrsize);
@ -845,7 +845,7 @@ void ecdsa_get_address(const uint8_t *pub_key, uint32_t version,
void ecdsa_get_address_segwit_p2sh_raw(const uint8_t *pub_key, uint32_t version, void ecdsa_get_address_segwit_p2sh_raw(const uint8_t *pub_key, uint32_t version,
HasherType hasher_pubkey, HasherType hasher_pubkey,
uint8_t *addr_raw) { uint8_t *addr_raw) {
uint8_t buf[32 + 2]; uint8_t buf[32 + 2] = {0};
buf[0] = 0; // version byte buf[0] = 0; // version byte
buf[1] = 20; // push 20 bytes buf[1] = 20; // push 20 bytes
ecdsa_get_pubkeyhash(pub_key, hasher_pubkey, buf + 2); ecdsa_get_pubkeyhash(pub_key, hasher_pubkey, buf + 2);
@ -858,7 +858,7 @@ void ecdsa_get_address_segwit_p2sh(const uint8_t *pub_key, uint32_t version,
HasherType hasher_pubkey, HasherType hasher_pubkey,
HasherType hasher_base58, char *addr, HasherType hasher_base58, char *addr,
int addrsize) { int addrsize) {
uint8_t raw[MAX_ADDR_RAW_SIZE]; uint8_t raw[MAX_ADDR_RAW_SIZE] = {0};
size_t prefix_len = address_prefix_bytes_len(version); size_t prefix_len = address_prefix_bytes_len(version);
ecdsa_get_address_segwit_p2sh_raw(pub_key, version, hasher_pubkey, raw); ecdsa_get_address_segwit_p2sh_raw(pub_key, version, hasher_pubkey, raw);
base58_encode_check(raw, prefix_len + 20, hasher_base58, addr, addrsize); base58_encode_check(raw, prefix_len + 20, hasher_base58, addr, addrsize);
@ -867,7 +867,7 @@ void ecdsa_get_address_segwit_p2sh(const uint8_t *pub_key, uint32_t version,
void ecdsa_get_wif(const uint8_t *priv_key, uint32_t version, void ecdsa_get_wif(const uint8_t *priv_key, uint32_t version,
HasherType hasher_base58, char *wif, int wifsize) { HasherType hasher_base58, char *wif, int wifsize) {
uint8_t wif_raw[MAX_WIF_RAW_SIZE]; uint8_t wif_raw[MAX_WIF_RAW_SIZE] = {0};
size_t prefix_len = address_prefix_bytes_len(version); size_t prefix_len = address_prefix_bytes_len(version);
address_write_prefix_bytes(version, wif_raw); address_write_prefix_bytes(version, wif_raw);
memcpy(wif_raw + prefix_len, priv_key, 32); memcpy(wif_raw + prefix_len, priv_key, 32);
@ -931,7 +931,7 @@ int ecdsa_read_pubkey(const ecdsa_curve *curve, const uint8_t *pub_key,
// - pub is on the curve. // - pub is on the curve.
int ecdsa_validate_pubkey(const ecdsa_curve *curve, const curve_point *pub) { int ecdsa_validate_pubkey(const ecdsa_curve *curve, const curve_point *pub) {
bignum256 y_2, x3_ax_b; bignum256 y_2 = {0}, x3_ax_b = {0};
if (point_is_infinity(pub)) { if (point_is_infinity(pub)) {
return 0; return 0;
@ -972,7 +972,7 @@ int ecdsa_validate_pubkey(const ecdsa_curve *curve, const curve_point *pub) {
int ecdsa_verify(const ecdsa_curve *curve, HasherType hasher_sign, int ecdsa_verify(const ecdsa_curve *curve, HasherType hasher_sign,
const uint8_t *pub_key, const uint8_t *sig, const uint8_t *msg, const uint8_t *pub_key, const uint8_t *sig, const uint8_t *msg,
uint32_t msg_len) { uint32_t msg_len) {
uint8_t hash[32]; uint8_t hash[32] = {0};
hasher_Raw(hasher_sign, msg, msg_len, hash); hasher_Raw(hasher_sign, msg, msg_len, hash);
int res = ecdsa_verify_digest(curve, pub_key, sig, hash); int res = ecdsa_verify_digest(curve, pub_key, sig, hash);
memzero(hash, sizeof(hash)); memzero(hash, sizeof(hash));
@ -984,8 +984,8 @@ int ecdsa_verify(const ecdsa_curve *curve, HasherType hasher_sign,
int ecdsa_recover_pub_from_sig(const ecdsa_curve *curve, uint8_t *pub_key, int ecdsa_recover_pub_from_sig(const ecdsa_curve *curve, uint8_t *pub_key,
const uint8_t *sig, const uint8_t *digest, const uint8_t *sig, const uint8_t *digest,
int recid) { int recid) {
bignum256 r, s, e; bignum256 r = {0}, s = {0}, e = {0};
curve_point cp, cp2; curve_point cp = {0}, cp2 = {0};
// read r and s // read r and s
bn_read_be(sig, &r); bn_read_be(sig, &r);
@ -1033,8 +1033,8 @@ int ecdsa_recover_pub_from_sig(const ecdsa_curve *curve, uint8_t *pub_key,
// returns 0 if verification succeeded // returns 0 if verification succeeded
int ecdsa_verify_digest(const ecdsa_curve *curve, const uint8_t *pub_key, int ecdsa_verify_digest(const ecdsa_curve *curve, const uint8_t *pub_key,
const uint8_t *sig, const uint8_t *digest) { const uint8_t *sig, const uint8_t *digest) {
curve_point pub, res; curve_point pub = {0}, res = {0};
bignum256 r, s, z; bignum256 r = {0}, s = {0}, z = {0};
if (!ecdsa_read_pubkey(curve, pub_key, &pub)) { if (!ecdsa_read_pubkey(curve, pub_key, &pub)) {
return 1; return 1;
@ -1087,8 +1087,8 @@ int ecdsa_verify_digest(const ecdsa_curve *curve, const uint8_t *pub_key,
} }
int ecdsa_sig_to_der(const uint8_t *sig, uint8_t *der) { int ecdsa_sig_to_der(const uint8_t *sig, uint8_t *der) {
int i; int i = 0;
uint8_t *p = der, *len, *len1, *len2; uint8_t *p = der, *len = NULL, *len1 = NULL, *len2 = NULL;
*p = 0x30; *p = 0x30;
p++; // sequence p++; // sequence
*p = 0x00; *p = 0x00;

View File

@ -39,7 +39,7 @@ void curve25519_add(bignum25519 out, const bignum25519 a, const bignum25519 b) {
} }
void curve25519_add_after_basic(bignum25519 out, const bignum25519 a, const bignum25519 b) { void curve25519_add_after_basic(bignum25519 out, const bignum25519 a, const bignum25519 b) {
uint32_t c; uint32_t c = 0;
out[0] = a[0] + b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26; out[0] = a[0] + b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
out[1] = a[1] + b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25; out[1] = a[1] + b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
out[2] = a[2] + b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26; out[2] = a[2] + b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
@ -54,7 +54,7 @@ void curve25519_add_after_basic(bignum25519 out, const bignum25519 a, const bign
} }
void curve25519_add_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) { void curve25519_add_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) {
uint32_t c; uint32_t c = 0;
out[0] = a[0] + b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26; out[0] = a[0] + b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
out[1] = a[1] + b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25; out[1] = a[1] + b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
out[2] = a[2] + b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26; out[2] = a[2] + b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
@ -78,7 +78,7 @@ static const uint32_t fourP2468 = 0x0ffffffc;
/* out = a - b */ /* out = a - b */
void curve25519_sub(bignum25519 out, const bignum25519 a, const bignum25519 b) { void curve25519_sub(bignum25519 out, const bignum25519 a, const bignum25519 b) {
uint32_t c; uint32_t c = 0;
out[0] = twoP0 + a[0] - b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26; out[0] = twoP0 + a[0] - b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
out[1] = twoP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25; out[1] = twoP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
out[2] = twoP2468 + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26; out[2] = twoP2468 + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
@ -93,8 +93,8 @@ void curve25519_sub(bignum25519 out, const bignum25519 a, const bignum25519 b) {
/* out = in * scalar */ /* out = in * scalar */
void curve25519_scalar_product(bignum25519 out, const bignum25519 in, const uint32_t scalar) { void curve25519_scalar_product(bignum25519 out, const bignum25519 in, const uint32_t scalar) {
uint64_t a; uint64_t a = 0;
uint32_t c; uint32_t c = 0;
a = mul32x32_64(in[0], scalar); out[0] = (uint32_t)a & reduce_mask_26; c = (uint32_t)(a >> 26); a = mul32x32_64(in[0], scalar); out[0] = (uint32_t)a & reduce_mask_26; c = (uint32_t)(a >> 26);
a = mul32x32_64(in[1], scalar) + c; out[1] = (uint32_t)a & reduce_mask_25; c = (uint32_t)(a >> 25); a = mul32x32_64(in[1], scalar) + c; out[1] = (uint32_t)a & reduce_mask_25; c = (uint32_t)(a >> 25);
a = mul32x32_64(in[2], scalar) + c; out[2] = (uint32_t)a & reduce_mask_26; c = (uint32_t)(a >> 26); a = mul32x32_64(in[2], scalar) + c; out[2] = (uint32_t)a & reduce_mask_26; c = (uint32_t)(a >> 26);
@ -110,7 +110,7 @@ void curve25519_scalar_product(bignum25519 out, const bignum25519 in, const uint
/* out = a - b, where a is the result of a basic op (add,sub) */ /* out = a - b, where a is the result of a basic op (add,sub) */
void curve25519_sub_after_basic(bignum25519 out, const bignum25519 a, const bignum25519 b) { void curve25519_sub_after_basic(bignum25519 out, const bignum25519 a, const bignum25519 b) {
uint32_t c; uint32_t c = 0;
out[0] = fourP0 + a[0] - b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26; out[0] = fourP0 + a[0] - b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
out[1] = fourP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25; out[1] = fourP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
out[2] = fourP2468 + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26; out[2] = fourP2468 + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
@ -125,7 +125,7 @@ void curve25519_sub_after_basic(bignum25519 out, const bignum25519 a, const bign
} }
void curve25519_sub_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) { void curve25519_sub_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) {
uint32_t c; uint32_t c = 0;
out[0] = fourP0 + a[0] - b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26; out[0] = fourP0 + a[0] - b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
out[1] = fourP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25; out[1] = fourP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
out[2] = fourP2468 + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26; out[2] = fourP2468 + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
@ -141,7 +141,7 @@ void curve25519_sub_reduce(bignum25519 out, const bignum25519 a, const bignum255
/* out = -a */ /* out = -a */
void curve25519_neg(bignum25519 out, const bignum25519 a) { void curve25519_neg(bignum25519 out, const bignum25519 a) {
uint32_t c; uint32_t c = 0;
out[0] = twoP0 - a[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26; out[0] = twoP0 - a[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
out[1] = twoP13579 - a[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25; out[1] = twoP13579 - a[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
out[2] = twoP2468 - a[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26; out[2] = twoP2468 - a[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
@ -158,10 +158,10 @@ void curve25519_neg(bignum25519 out, const bignum25519 a) {
/* out = a * b */ /* out = a * b */
#define curve25519_mul_noinline curve25519_mul #define curve25519_mul_noinline curve25519_mul
void curve25519_mul(bignum25519 out, const bignum25519 a, const bignum25519 b) { void curve25519_mul(bignum25519 out, const bignum25519 a, const bignum25519 b) {
uint32_t r0,r1,r2,r3,r4,r5,r6,r7,r8,r9; uint32_t r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0, r5 = 0, r6 = 0, r7 = 0, r8 = 0, r9 = 0;
uint32_t s0,s1,s2,s3,s4,s5,s6,s7,s8,s9; uint32_t s0 = 0, s1 = 0, s2 = 0, s3 = 0, s4 = 0, s5 = 0, s6 = 0, s7 = 0, s8 = 0, s9 = 0;
uint64_t m0,m1,m2,m3,m4,m5,m6,m7,m8,m9,c; uint64_t m0 = 0, m1 = 0, m2 = 0, m3 = 0, m4 = 0, m5 = 0, m6 = 0, m7 = 0, m8 = 0, m9 = 0, c = 0;
uint32_t p; uint32_t p = 0;
r0 = b[0]; r0 = b[0];
r1 = b[1]; r1 = b[1];
@ -255,10 +255,10 @@ void curve25519_mul(bignum25519 out, const bignum25519 a, const bignum25519 b) {
/* out = in * in */ /* out = in * in */
void curve25519_square(bignum25519 out, const bignum25519 in) { void curve25519_square(bignum25519 out, const bignum25519 in) {
uint32_t r0,r1,r2,r3,r4,r5,r6,r7,r8,r9; uint32_t r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0, r5 = 0, r6 = 0, r7 = 0, r8 = 0, r9 = 0;
uint32_t d6,d7,d8,d9; uint32_t d6 = 0, d7 = 0, d8 = 0, d9 = 0;
uint64_t m0,m1,m2,m3,m4,m5,m6,m7,m8,m9,c; uint64_t m0 = 0, m1 = 0, m2 = 0, m3 = 0, m4 = 0, m5 = 0, m6 = 0, m7 = 0, m8 = 0, m9 = 0, c = 0;
uint32_t p; uint32_t p = 0;
r0 = in[0]; r0 = in[0];
r1 = in[1]; r1 = in[1];
@ -328,10 +328,10 @@ void curve25519_square(bignum25519 out, const bignum25519 in) {
/* out = in ^ (2 * count) */ /* out = in ^ (2 * count) */
void curve25519_square_times(bignum25519 out, const bignum25519 in, int count) { void curve25519_square_times(bignum25519 out, const bignum25519 in, int count) {
uint32_t r0,r1,r2,r3,r4,r5,r6,r7,r8,r9; uint32_t r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0, r5 = 0, r6 = 0, r7 = 0, r8 = 0, r9 = 0;
uint32_t d6,d7,d8,d9; uint32_t d6 = 0, d7 = 0, d8 = 0, d9 = 0;
uint64_t m0,m1,m2,m3,m4,m5,m6,m7,m8,m9,c; uint64_t m0 = 0, m1 = 0, m2 = 0, m3 = 0, m4 = 0, m5 = 0, m6 = 0, m7 = 0, m8 = 0, m9 = 0, c = 0;
uint32_t p; uint32_t p = 0;
r0 = in[0]; r0 = in[0];
r1 = in[1]; r1 = in[1];
@ -403,7 +403,7 @@ void curve25519_square_times(bignum25519 out, const bignum25519 in, int count) {
/* Take a little-endian, 32-byte number and expand it into polynomial form */ /* Take a little-endian, 32-byte number and expand it into polynomial form */
void curve25519_expand(bignum25519 out, const unsigned char in[32]) { void curve25519_expand(bignum25519 out, const unsigned char in[32]) {
uint32_t x0,x1,x2,x3,x4,x5,x6,x7; uint32_t x0 = 0, x1 = 0, x2 = 0, x3 = 0, x4 = 0, x5 = 0, x6 = 0, x7 = 0;
#define F(s) \ #define F(s) \
((((uint32_t)in[s + 0]) ) | \ ((((uint32_t)in[s + 0]) ) | \
(((uint32_t)in[s + 1]) << 8) | \ (((uint32_t)in[s + 1]) << 8) | \
@ -435,7 +435,7 @@ void curve25519_expand(bignum25519 out, const unsigned char in[32]) {
* little-endian, 32-byte array * little-endian, 32-byte array
*/ */
void curve25519_contract(unsigned char out[32], const bignum25519 in) { void curve25519_contract(unsigned char out[32], const bignum25519 in) {
bignum25519 f; bignum25519 f = {0};
curve25519_copy(f, in); curve25519_copy(f, in);
#define carry_pass() \ #define carry_pass() \
@ -517,7 +517,7 @@ void curve25519_contract(unsigned char out[32], const bignum25519 in) {
/* if (iswap) swap(a, b) */ /* if (iswap) swap(a, b) */
void curve25519_swap_conditional(bignum25519 a, bignum25519 b, uint32_t iswap) { void curve25519_swap_conditional(bignum25519 a, bignum25519 b, uint32_t iswap) {
const uint32_t swap = (uint32_t)(-(int32_t)iswap); const uint32_t swap = (uint32_t)(-(int32_t)iswap);
uint32_t x0,x1,x2,x3,x4,x5,x6,x7,x8,x9; uint32_t x0 = 0, x1 = 0, x2 = 0, x3 = 0, x4 = 0, x5 = 0, x6 = 0, x7 = 0, x8 = 0, x9 = 0;
x0 = swap & (a[0] ^ b[0]); a[0] ^= x0; b[0] ^= x0; x0 = swap & (a[0] ^ b[0]); a[0] ^= x0; b[0] ^= x0;
x1 = swap & (a[1] ^ b[1]); a[1] ^= x1; b[1] ^= x1; x1 = swap & (a[1] ^ b[1]); a[1] ^= x1; b[1] ^= x1;
@ -557,13 +557,13 @@ void curve25519_set_sqrtneg1(bignum25519 r){
} }
int curve25519_isnegative(const bignum25519 f) { int curve25519_isnegative(const bignum25519 f) {
unsigned char s[32]; unsigned char s[32] = {0};
curve25519_contract(s, f); curve25519_contract(s, f);
return s[0] & 1; return s[0] & 1;
} }
int curve25519_isnonzero(const bignum25519 f) { int curve25519_isnonzero(const bignum25519 f) {
unsigned char s[32]; unsigned char s[32] = {0};
curve25519_contract(s, f); curve25519_contract(s, f);
return ((((int) (s[0] | s[1] | s[2] | s[3] | s[4] | s[5] | s[6] | s[7] | s[8] | return ((((int) (s[0] | s[1] | s[2] | s[3] | s[4] | s[5] | s[6] | s[7] | s[8] |
s[9] | s[10] | s[11] | s[12] | s[13] | s[14] | s[15] | s[16] | s[17] | s[9] | s[10] | s[11] | s[12] | s[13] | s[14] | s[15] | s[16] | s[17] |
@ -572,7 +572,7 @@ int curve25519_isnonzero(const bignum25519 f) {
} }
void curve25519_reduce(bignum25519 out, const bignum25519 in) { void curve25519_reduce(bignum25519 out, const bignum25519 in) {
uint32_t c; uint32_t c = 0;
out[0] = in[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26; out[0] = in[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
out[1] = in[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25; out[1] = in[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
out[2] = in[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26; out[2] = in[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
@ -588,7 +588,7 @@ void curve25519_reduce(bignum25519 out, const bignum25519 in) {
void curve25519_divpowm1(bignum25519 r, const bignum25519 u, const bignum25519 v) { void curve25519_divpowm1(bignum25519 r, const bignum25519 u, const bignum25519 v) {
bignum25519 v3={0}, uv7={0}, t0={0}, t1={0}, t2={0}; bignum25519 v3={0}, uv7={0}, t0={0}, t1={0}, t2={0};
int i; int i = 0;
curve25519_square(v3, v); curve25519_square(v3, v);
curve25519_mul(v3, v3, v); /* v3 = v^3 */ curve25519_mul(v3, v3, v); /* v3 = v^3 */
@ -650,7 +650,7 @@ void curve25519_divpowm1(bignum25519 r, const bignum25519 u, const bignum25519 v
} }
void curve25519_expand_reduce(bignum25519 out, const unsigned char in[32]) { void curve25519_expand_reduce(bignum25519 out, const unsigned char in[32]) {
uint32_t x0,x1,x2,x3,x4,x5,x6,x7; uint32_t x0 = 0, x1 = 0, x2 = 0, x3 = 0, x4 = 0, x5 = 0, x6 = 0, x7 = 0;
#define F(s) \ #define F(s) \
((((uint32_t)in[s + 0]) ) | \ ((((uint32_t)in[s + 0]) ) | \
(((uint32_t)in[s + 1]) << 8) | \ (((uint32_t)in[s + 1]) << 8) | \

View File

@ -9,10 +9,10 @@
*/ */
void curve25519_scalarmult_donna(curve25519_key mypublic, const curve25519_key n, const curve25519_key basepoint) { void curve25519_scalarmult_donna(curve25519_key mypublic, const curve25519_key n, const curve25519_key basepoint) {
bignum25519 nqpqx = {1}, nqpqz = {0}, nqz = {1}, nqx; bignum25519 nqpqx = {1}, nqpqz = {0}, nqz = {1}, nqx = {0};
bignum25519 q, qx, qpqx, qqx, zzz, zmone; bignum25519 q = {0}, qx = {0}, qpqx = {0}, qqx = {0}, zzz = {0}, zmone = {0};
size_t bit, lastbit; size_t bit = 0, lastbit = 0;
int32_t i; int32_t i = 0;
curve25519_expand(q, basepoint); curve25519_expand(q, basepoint);
curve25519_copy(nqx, q); curve25519_copy(nqx, q);

View File

@ -67,7 +67,7 @@ void ge25519_full_to_pniels(ge25519_pniels *p, const ge25519 *r) {
*/ */
void ge25519_double_p1p1(ge25519_p1p1 *r, const ge25519 *p) { void ge25519_double_p1p1(ge25519_p1p1 *r, const ge25519 *p) {
bignum25519 a,b,c; bignum25519 a = {0}, b = {0}, c = {0};
curve25519_square(a, p->x); curve25519_square(a, p->x);
curve25519_square(b, p->y); curve25519_square(b, p->y);
@ -85,7 +85,7 @@ void ge25519_double_p1p1(ge25519_p1p1 *r, const ge25519 *p) {
void ge25519_nielsadd2_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_niels *q, unsigned char signbit) { void ge25519_nielsadd2_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_niels *q, unsigned char signbit) {
const bignum25519 *qb = (const bignum25519 *)q; const bignum25519 *qb = (const bignum25519 *)q;
bignum25519 *rb = (bignum25519 *)r; bignum25519 *rb = (bignum25519 *)r;
bignum25519 a,b,c; bignum25519 a = {0}, b = {0}, c = {0};
curve25519_sub(a, p->y, p->x); curve25519_sub(a, p->y, p->x);
curve25519_add(b, p->y, p->x); curve25519_add(b, p->y, p->x);
@ -104,7 +104,7 @@ void ge25519_nielsadd2_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_nie
void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_pniels *q, unsigned char signbit) { void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_pniels *q, unsigned char signbit) {
const bignum25519 *qb = (const bignum25519 *)q; const bignum25519 *qb = (const bignum25519 *)q;
bignum25519 *rb = (bignum25519 *)r; bignum25519 *rb = (bignum25519 *)r;
bignum25519 a,b,c; bignum25519 a = {0}, b = {0}, c = {0};
curve25519_sub(a, p->y, p->x); curve25519_sub(a, p->y, p->x);
curve25519_add(b, p->y, p->x); curve25519_add(b, p->y, p->x);
@ -121,19 +121,19 @@ void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_pni
} }
void ge25519_double_partial(ge25519 *r, const ge25519 *p) { void ge25519_double_partial(ge25519 *r, const ge25519 *p) {
ge25519_p1p1 t; ge25519_p1p1 t = {0};
ge25519_double_p1p1(&t, p); ge25519_double_p1p1(&t, p);
ge25519_p1p1_to_partial(r, &t); ge25519_p1p1_to_partial(r, &t);
} }
void ge25519_double(ge25519 *r, const ge25519 *p) { void ge25519_double(ge25519 *r, const ge25519 *p) {
ge25519_p1p1 t; ge25519_p1p1 t = {0};
ge25519_double_p1p1(&t, p); ge25519_double_p1p1(&t, p);
ge25519_p1p1_to_full(r, &t); ge25519_p1p1_to_full(r, &t);
} }
void ge25519_nielsadd2(ge25519 *r, const ge25519_niels *q) { void ge25519_nielsadd2(ge25519 *r, const ge25519_niels *q) {
bignum25519 a,b,c,e,f,g,h; bignum25519 a = {0}, b = {0}, c = {0}, e = {0}, f = {0}, g = {0}, h = {0};
curve25519_sub(a, r->y, r->x); curve25519_sub(a, r->y, r->x);
curve25519_add(b, r->y, r->x); curve25519_add(b, r->y, r->x);
@ -152,7 +152,7 @@ void ge25519_nielsadd2(ge25519 *r, const ge25519_niels *q) {
} }
void ge25519_pnielsadd(ge25519_pniels *r, const ge25519 *p, const ge25519_pniels *q) { void ge25519_pnielsadd(ge25519_pniels *r, const ge25519 *p, const ge25519_pniels *q) {
bignum25519 a,b,c,x,y,z,t; bignum25519 a = {0}, b = {0}, c = {0}, x = {0}, y = {0}, z = {0}, t = {0};
curve25519_sub(a, p->y, p->x); curve25519_sub(a, p->y, p->x);
curve25519_add(b, p->y, p->x); curve25519_add(b, p->y, p->x);
@ -181,8 +181,8 @@ void ge25519_pnielsadd(ge25519_pniels *r, const ge25519 *p, const ge25519_pniels
*/ */
void ge25519_pack(unsigned char r[32], const ge25519 *p) { void ge25519_pack(unsigned char r[32], const ge25519 *p) {
bignum25519 tx, ty, zi; bignum25519 tx = {0}, ty = {0}, zi = {0};
unsigned char parity[32]; unsigned char parity[32] = {0};
curve25519_recip(zi, p->z); curve25519_recip(zi, p->z);
curve25519_mul(tx, p->x, zi); curve25519_mul(tx, p->x, zi);
curve25519_mul(ty, p->y, zi); curve25519_mul(ty, p->y, zi);
@ -195,8 +195,8 @@ int ge25519_unpack_negative_vartime(ge25519 *r, const unsigned char p[32]) {
const unsigned char zero[32] = {0}; const unsigned char zero[32] = {0};
const bignum25519 one = {1}; const bignum25519 one = {1};
unsigned char parity = p[31] >> 7; unsigned char parity = p[31] >> 7;
unsigned char check[32]; unsigned char check[32] = {0};
bignum25519 t, root, num, den, d3; bignum25519 t = {0}, root = {0}, num = {0}, den = {0}, d3 = {0};
curve25519_expand(r->y, p); curve25519_expand(r->y, p);
curve25519_copy(r->z, one); curve25519_copy(r->z, one);
@ -262,14 +262,14 @@ void ge25519_set_neutral(ge25519 *r)
/* computes [s1]p1 + [s2]base */ /* computes [s1]p1 + [s2]base */
void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const bignum256modm s2) { void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const bignum256modm s2) {
signed char slide1[256], slide2[256]; signed char slide1[256] = {0}, slide2[256] = {0};
ge25519_pniels pre1[S1_TABLE_SIZE]; ge25519_pniels pre1[S1_TABLE_SIZE] = {0};
#ifdef ED25519_NO_PRECOMP #ifdef ED25519_NO_PRECOMP
ge25519_pniels pre2[S2_TABLE_SIZE]; ge25519_pniels pre2[S2_TABLE_SIZE] = {0};
#endif #endif
ge25519 dp; ge25519 dp = {0};
ge25519_p1p1 t; ge25519_p1p1 t = {0};
int32_t i; int32_t i = 0;
memzero(&t, sizeof(ge25519_p1p1)); memzero(&t, sizeof(ge25519_p1p1));
contract256_slidingwindow_modm(slide1, s1, S1_SWINDOWSIZE); contract256_slidingwindow_modm(slide1, s1, S1_SWINDOWSIZE);
@ -320,12 +320,12 @@ void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bign
/* computes [s1]p1 + [s2]p2 */ /* computes [s1]p1 + [s2]p2 */
#if USE_MONERO #if USE_MONERO
void ge25519_double_scalarmult_vartime2(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const ge25519 *p2, const bignum256modm s2) { void ge25519_double_scalarmult_vartime2(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const ge25519 *p2, const bignum256modm s2) {
signed char slide1[256], slide2[256]; signed char slide1[256] = {0}, slide2[256] = {0};
ge25519_pniels pre1[S1_TABLE_SIZE]; ge25519_pniels pre1[S1_TABLE_SIZE] = {0};
ge25519_pniels pre2[S1_TABLE_SIZE]; ge25519_pniels pre2[S1_TABLE_SIZE] = {0};
ge25519 dp; ge25519 dp = {0};
ge25519_p1p1 t; ge25519_p1p1 t = {0};
int32_t i; int32_t i = 0;
memzero(&t, sizeof(ge25519_p1p1)); memzero(&t, sizeof(ge25519_p1p1));
contract256_slidingwindow_modm(slide1, s1, S1_SWINDOWSIZE); contract256_slidingwindow_modm(slide1, s1, S1_SWINDOWSIZE);
@ -378,7 +378,7 @@ void ge25519_double_scalarmult_vartime2(ge25519 *r, const ge25519 *p1, const big
* with less than i686 on x86 * with less than i686 on x86
*/ */
static void ge25519_cmove_stride4(long * r, long * p, long * pos, long * n, int stride) { static void ge25519_cmove_stride4(long * r, long * p, long * pos, long * n, int stride) {
long x0=r[0], x1=r[1], x2=r[2], x3=r[3], y0, y1, y2, y3; long x0=r[0], x1=r[1], x2=r[2], x3=r[3], y0 = 0, y1 = 0, y2 = 0, y3 = 0;
for(; p<n; p+=stride) { for(; p<n; p+=stride) {
volatile int flag=(p==pos); volatile int flag=(p==pos);
y0 = p[0]; y0 = p[0];
@ -398,7 +398,7 @@ static void ge25519_cmove_stride4(long * r, long * p, long * pos, long * n, int
#define HAS_CMOVE_STRIDE4 #define HAS_CMOVE_STRIDE4
static void ge25519_cmove_stride4b(long * r, long * p, long * pos, long * n, int stride) { static void ge25519_cmove_stride4b(long * r, long * p, long * pos, long * n, int stride) {
long x0=p[0], x1=p[1], x2=p[2], x3=p[3], y0, y1, y2, y3; long x0=p[0], x1=p[1], x2=p[2], x3=p[3], y0 = 0, y1 = 0, y2 = 0, y3 = 0;
for(p+=stride; p<n; p+=stride) { for(p+=stride; p<n; p+=stride) {
volatile int flag=(p==pos); volatile int flag=(p==pos);
y0 = p[0]; y0 = p[0];
@ -419,7 +419,7 @@ static void ge25519_cmove_stride4b(long * r, long * p, long * pos, long * n, int
void ge25519_move_conditional_pniels_array(ge25519_pniels * r, const ge25519_pniels * p, int pos, int n) { void ge25519_move_conditional_pniels_array(ge25519_pniels * r, const ge25519_pniels * p, int pos, int n) {
#ifdef HAS_CMOVE_STRIDE4B #ifdef HAS_CMOVE_STRIDE4B
size_t i; size_t i = 0;
for(i=0; i<sizeof(ge25519_pniels)/sizeof(long); i+=4) { for(i=0; i<sizeof(ge25519_pniels)/sizeof(long); i+=4) {
ge25519_cmove_stride4b(((long*)r)+i, ge25519_cmove_stride4b(((long*)r)+i,
((long*)p)+i, ((long*)p)+i,
@ -428,7 +428,7 @@ void ge25519_move_conditional_pniels_array(ge25519_pniels * r, const ge25519_pni
sizeof(ge25519_pniels)/sizeof(long)); sizeof(ge25519_pniels)/sizeof(long));
} }
#else #else
size_t i; size_t i = 0;
for(i=0; i<n; i++) { for(i=0; i<n; i++) {
ge25519_move_conditional_pniels(r, p+i, pos==i); ge25519_move_conditional_pniels(r, p+i, pos==i);
} }
@ -436,7 +436,7 @@ void ge25519_move_conditional_pniels_array(ge25519_pniels * r, const ge25519_pni
} }
void ge25519_move_conditional_niels_array(ge25519_niels * r, const uint8_t p[8][96], int pos, int n) { void ge25519_move_conditional_niels_array(ge25519_niels * r, const uint8_t p[8][96], int pos, int n) {
size_t i; size_t i = 0;
for(i=0; i<96/sizeof(long); i+=4) { for(i=0; i<96/sizeof(long); i+=4) {
ge25519_cmove_stride4(((long*)r)+i, ge25519_cmove_stride4(((long*)r)+i,
((long*)p)+i, ((long*)p)+i,
@ -448,12 +448,12 @@ void ge25519_move_conditional_niels_array(ge25519_niels * r, const uint8_t p[8][
/* computes [s1]p1, constant time */ /* computes [s1]p1, constant time */
void ge25519_scalarmult(ge25519 *r, const ge25519 *p1, const bignum256modm s1) { void ge25519_scalarmult(ge25519 *r, const ge25519 *p1, const bignum256modm s1) {
signed char slide1[64]; signed char slide1[64] = {0};
ge25519_pniels pre1[9]; ge25519_pniels pre1[9] = {0};
ge25519_pniels pre; ge25519_pniels pre = {0};
ge25519 d1; ge25519 d1 = {0};
ge25519_p1p1 t; ge25519_p1p1 t = {0};
int32_t i; int32_t i = 0;
contract256_window4_modm(slide1, s1); contract256_window4_modm(slide1, s1);
@ -484,7 +484,7 @@ void ge25519_scalarmult(ge25519 *r, const ge25519 *p1, const bignum256modm s1) {
} }
void ge25519_scalarmult_base_choose_niels(ge25519_niels *t, const uint8_t table[256][96], uint32_t pos, signed char b) { void ge25519_scalarmult_base_choose_niels(ge25519_niels *t, const uint8_t table[256][96], uint32_t pos, signed char b) {
bignum25519 neg; bignum25519 neg = {0};
uint32_t sign = (uint32_t)((unsigned char)b >> 7); uint32_t sign = (uint32_t)((unsigned char)b >> 7);
uint32_t mask = ~(sign - 1); uint32_t mask = ~(sign - 1);
uint32_t u = (b + mask) ^ mask; uint32_t u = (b + mask) ^ mask;
@ -509,9 +509,9 @@ void ge25519_scalarmult_base_choose_niels(ge25519_niels *t, const uint8_t table[
/* computes [s]basepoint */ /* computes [s]basepoint */
void ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96], const bignum256modm s) { void ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96], const bignum256modm s) {
signed char b[64]; signed char b[64] = {0};
uint32_t i; uint32_t i = 0;
ge25519_niels t; ge25519_niels t = {0};
contract256_window4_modm(b, s); contract256_window4_modm(b, s);
@ -620,7 +620,7 @@ void ge25519_reduce(ge25519 *r, const ge25519 *t){
} }
void ge25519_norm(ge25519 *r, const ge25519 * t){ void ge25519_norm(ge25519 *r, const ge25519 * t){
bignum25519 zinv; bignum25519 zinv = {0};
curve25519_recip(zinv, t->z); curve25519_recip(zinv, t->z);
curve25519_mul(r->x, t->x, zinv); curve25519_mul(r->x, t->x, zinv);
curve25519_mul(r->y, t->y, zinv); curve25519_mul(r->y, t->y, zinv);
@ -629,8 +629,8 @@ void ge25519_norm(ge25519 *r, const ge25519 * t){
} }
void ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q, unsigned char signbit) { void ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q, unsigned char signbit) {
ge25519_pniels P_ni; ge25519_pniels P_ni = {0};
ge25519_p1p1 P_11; ge25519_p1p1 P_11 = {0};
ge25519_full_to_pniels(&P_ni, q); ge25519_full_to_pniels(&P_ni, q);
ge25519_pnielsadd_p1p1(&P_11, p, &P_ni, signbit); ge25519_pnielsadd_p1p1(&P_11, p, &P_ni, signbit);
@ -639,7 +639,7 @@ void ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q, unsigned char s
void ge25519_fromfe_frombytes_vartime(ge25519 *r, const unsigned char *s){ void ge25519_fromfe_frombytes_vartime(ge25519 *r, const unsigned char *s){
bignum25519 u={0}, v={0}, w={0}, x={0}, y={0}, z={0}; bignum25519 u={0}, v={0}, w={0}, x={0}, y={0}, z={0};
unsigned char sign; unsigned char sign = 0;
curve25519_expand_reduce(u, s); curve25519_expand_reduce(u, s);

View File

@ -42,9 +42,9 @@ ed25519_hram(hash_512bits hram, const ed25519_signature RS, const ed25519_public
void void
ED25519_FN(ed25519_publickey) (const ed25519_secret_key sk, ed25519_public_key pk) { ED25519_FN(ed25519_publickey) (const ed25519_secret_key sk, ed25519_public_key pk) {
bignum256modm a; bignum256modm a = {0};
ge25519 ALIGN(16) A; ge25519 ALIGN(16) A;
hash_512bits extsk; hash_512bits extsk = {0};
/* A = aB */ /* A = aB */
ed25519_extsk(extsk, sk); ed25519_extsk(extsk, sk);
@ -57,9 +57,9 @@ ED25519_FN(ed25519_publickey) (const ed25519_secret_key sk, ed25519_public_key p
#if USE_CARDANO #if USE_CARDANO
void void
ED25519_FN(ed25519_publickey_ext) (const ed25519_secret_key sk, const ed25519_secret_key skext, ed25519_public_key pk) { ED25519_FN(ed25519_publickey_ext) (const ed25519_secret_key sk, const ed25519_secret_key skext, ed25519_public_key pk) {
bignum256modm a; bignum256modm a = {0};
ge25519 ALIGN(16) A; ge25519 ALIGN(16) A;
hash_512bits extsk; hash_512bits extsk = {0};
/* we don't stretch the key through hashing first since its already 64 bytes */ /* we don't stretch the key through hashing first since its already 64 bytes */
@ -73,8 +73,8 @@ ED25519_FN(ed25519_publickey_ext) (const ed25519_secret_key sk, const ed25519_se
void void
ED25519_FN(ed25519_cosi_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key nonce, const ed25519_public_key R, const ed25519_public_key pk, ed25519_cosi_signature sig) { ED25519_FN(ed25519_cosi_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key nonce, const ed25519_public_key R, const ed25519_public_key pk, ed25519_cosi_signature sig) {
bignum256modm r, S, a; bignum256modm r = {0}, S = {0}, a = {0};
hash_512bits extsk, extnonce, hram; hash_512bits extsk = {0}, extnonce = {0}, hram = {0};
ed25519_extsk(extsk, sk); ed25519_extsk(extsk, sk);
ed25519_extsk(extnonce, nonce); ed25519_extsk(extnonce, nonce);
@ -100,9 +100,9 @@ ED25519_FN(ed25519_cosi_sign) (const unsigned char *m, size_t mlen, const ed2551
void void
ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS) { ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS) {
ed25519_hash_context ctx; ed25519_hash_context ctx;
bignum256modm r, S, a; bignum256modm r = {0}, S = {0}, a = {0};
ge25519 ALIGN(16) R; ge25519 ALIGN(16) R = {0};
hash_512bits extsk, hashr, hram; hash_512bits extsk = {0}, hashr = {0}, hram = {0};
ed25519_extsk(extsk, sk); ed25519_extsk(extsk, sk);
@ -137,9 +137,9 @@ ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_sec
void void
ED25519_FN(ed25519_sign_ext) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key skext, const ed25519_public_key pk, ed25519_signature RS) { ED25519_FN(ed25519_sign_ext) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key skext, const ed25519_public_key pk, ed25519_signature RS) {
ed25519_hash_context ctx; ed25519_hash_context ctx;
bignum256modm r, S, a; bignum256modm r = {0}, S = {0}, a = {0};
ge25519 ALIGN(16) R; ge25519 ALIGN(16) R = {0};
hash_512bits extsk, hashr, hram; hash_512bits extsk = {0}, hashr = {0}, hram = {0};
/* we don't stretch the key through hashing first since its already 64 bytes */ /* we don't stretch the key through hashing first since its already 64 bytes */
@ -177,9 +177,9 @@ ED25519_FN(ed25519_sign_ext) (const unsigned char *m, size_t mlen, const ed25519
int int
ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS) { ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS) {
ge25519 ALIGN(16) R, A; ge25519 ALIGN(16) R, A;
hash_512bits hash; hash_512bits hash = {0};
bignum256modm hram, S; bignum256modm hram = {0}, S = {0};
unsigned char checkR[32]; unsigned char checkR[32] = {0};
if ((RS[63] & 224) || !ge25519_unpack_negative_vartime(&A, pk)) if ((RS[63] & 224) || !ge25519_unpack_negative_vartime(&A, pk))
return -1; return -1;
@ -203,9 +203,9 @@ ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed2551
int int
ED25519_FN(ed25519_scalarmult) (ed25519_public_key res, const ed25519_secret_key sk, const ed25519_public_key pk) { ED25519_FN(ed25519_scalarmult) (ed25519_public_key res, const ed25519_secret_key sk, const ed25519_public_key pk) {
bignum256modm a; bignum256modm a = {0};
ge25519 ALIGN(16) A, P; ge25519 ALIGN(16) A, P;
hash_512bits extsk; hash_512bits extsk = {0};
ed25519_extsk(extsk, sk); ed25519_extsk(extsk, sk);
expand256_modm(a, extsk, 32); expand256_modm(a, extsk, 32);
@ -228,9 +228,9 @@ ED25519_FN(ed25519_scalarmult) (ed25519_public_key res, const ed25519_secret_key
int int
ed25519_cosi_combine_publickeys(ed25519_public_key res, CONST ed25519_public_key *pks, size_t n) { ed25519_cosi_combine_publickeys(ed25519_public_key res, CONST ed25519_public_key *pks, size_t n) {
size_t i = 0; size_t i = 0;
ge25519 P; ge25519 P = {0};
ge25519_pniels sump; ge25519_pniels sump = {0};
ge25519_p1p1 sump1; ge25519_p1p1 sump1 = {0};
if (n == 1) { if (n == 1) {
memcpy(res, pks, sizeof(ed25519_public_key)); memcpy(res, pks, sizeof(ed25519_public_key));
@ -258,7 +258,7 @@ ed25519_cosi_combine_publickeys(ed25519_public_key res, CONST ed25519_public_key
void void
ed25519_cosi_combine_signatures(ed25519_signature res, const ed25519_public_key R, CONST ed25519_cosi_signature *sigs, size_t n) { ed25519_cosi_combine_signatures(ed25519_signature res, const ed25519_public_key R, CONST ed25519_cosi_signature *sigs, size_t n) {
bignum256modm s, t; bignum256modm s = {0}, t = {0};
size_t i = 0; size_t i = 0;
expand256_modm(s, sigs[i++], 32); expand256_modm(s, sigs[i++], 32);
@ -275,11 +275,11 @@ ed25519_cosi_combine_signatures(ed25519_signature res, const ed25519_public_key
*/ */
void void
curve25519_scalarmult_basepoint(curve25519_key pk, const curve25519_key e) { curve25519_scalarmult_basepoint(curve25519_key pk, const curve25519_key e) {
curve25519_key ec; curve25519_key ec = {0};
bignum256modm s; bignum256modm s = {0};
bignum25519 ALIGN(16) yplusz, zminusy; bignum25519 ALIGN(16) yplusz, zminusy;
ge25519 ALIGN(16) p; ge25519 ALIGN(16) p;
size_t i; size_t i = 0;
/* clamp */ /* clamp */
for (i = 0; i < 32; i++) ec[i] = e[i]; for (i = 0; i < 32; i++) ec[i] = e[i];
@ -302,8 +302,8 @@ curve25519_scalarmult_basepoint(curve25519_key pk, const curve25519_key e) {
void void
curve25519_scalarmult(curve25519_key mypublic, const curve25519_key secret, const curve25519_key basepoint) { curve25519_scalarmult(curve25519_key mypublic, const curve25519_key secret, const curve25519_key basepoint) {
curve25519_key e; curve25519_key e = {0};
size_t i; size_t i = 0;
for (i = 0;i < 32;++i) e[i] = secret[i]; for (i = 0;i < 32;++i) e[i] = secret[i];
e[0] &= 0xf8; e[0] &= 0xf8;

View File

@ -32,8 +32,8 @@ lt_modm(bignum256modm_element_t a, bignum256modm_element_t b) {
/* see HAC, Alg. 14.42 Step 4 */ /* see HAC, Alg. 14.42 Step 4 */
void reduce256_modm(bignum256modm r) { void reduce256_modm(bignum256modm r) {
bignum256modm t; bignum256modm t = {0};
bignum256modm_element_t b = 0, pb, mask; bignum256modm_element_t b = 0, pb = 0, mask = 0;
/* t = r - m */ /* t = r - m */
pb = 0; pb = 0;
@ -66,9 +66,9 @@ void reduce256_modm(bignum256modm r) {
Instead of passing in x, pre-process in to q1 and r1 for efficiency Instead of passing in x, pre-process in to q1 and r1 for efficiency
*/ */
void barrett_reduce256_modm(bignum256modm r, const bignum256modm q1, const bignum256modm r1) { void barrett_reduce256_modm(bignum256modm r, const bignum256modm q1, const bignum256modm r1) {
bignum256modm q3, r2; bignum256modm q3 = {0}, r2 = {0};
uint64_t c; uint64_t c = 0;
bignum256modm_element_t f, b, pb; bignum256modm_element_t f = 0, b = 0, pb = 0;
/* q1 = x >> 248 = 264 bits = 9 30 bit elements /* q1 = x >> 248 = 264 bits = 9 30 bit elements
q2 = mu * q1 q2 = mu * q1
@ -134,7 +134,7 @@ void barrett_reduce256_modm(bignum256modm r, const bignum256modm q1, const bignu
/* addition modulo m */ /* addition modulo m */
void add256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) { void add256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
bignum256modm_element_t c; bignum256modm_element_t c = 0;
c = x[0] + y[0]; r[0] = c & 0x3fffffff; c >>= 30; c = x[0] + y[0]; r[0] = c & 0x3fffffff; c >>= 30;
c += x[1] + y[1]; r[1] = c & 0x3fffffff; c >>= 30; c += x[1] + y[1]; r[1] = c & 0x3fffffff; c >>= 30;
@ -151,7 +151,7 @@ void add256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y)
/* -x modulo m */ /* -x modulo m */
void neg256_modm(bignum256modm r, const bignum256modm x) { void neg256_modm(bignum256modm r, const bignum256modm x) {
bignum256modm_element_t b = 0, pb; bignum256modm_element_t b = 0, pb = 0;
/* r = m - x */ /* r = m - x */
pb = 0; pb = 0;
@ -191,9 +191,9 @@ void sub256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y)
/* multiplication modulo m */ /* multiplication modulo m */
void mul256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) { void mul256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
bignum256modm r1, q1; bignum256modm r1 = {0}, q1 = {0};
uint64_t c; uint64_t c = 0;
bignum256modm_element_t f; bignum256modm_element_t f = 0;
/* r1 = (x mod 256^(32+1)) = x mod (2^8)(31+1) = x & ((1 << 264) - 1) /* r1 = (x mod 256^(32+1)) = x mod (2^8)(31+1) = x & ((1 << 264) - 1)
q1 = x >> 248 = 264 bits = 9 30 bit elements */ q1 = x >> 248 = 264 bits = 9 30 bit elements */
@ -237,8 +237,8 @@ void mul256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y)
void expand256_modm(bignum256modm out, const unsigned char *in, size_t len) { void expand256_modm(bignum256modm out, const unsigned char *in, size_t len) {
unsigned char work[64] = {0}; unsigned char work[64] = {0};
bignum256modm_element_t x[16]; bignum256modm_element_t x[16] = {0};
bignum256modm q1; bignum256modm q1 = {0};
memcpy(work, in, len); memcpy(work, in, len);
x[0] = U8TO32_LE(work + 0); x[0] = U8TO32_LE(work + 0);
@ -288,7 +288,7 @@ void expand256_modm(bignum256modm out, const unsigned char *in, size_t len) {
} }
void expand_raw256_modm(bignum256modm out, const unsigned char in[32]) { void expand_raw256_modm(bignum256modm out, const unsigned char in[32]) {
bignum256modm_element_t x[8]; bignum256modm_element_t x[8] = {0};
x[0] = U8TO32_LE(in + 0); x[0] = U8TO32_LE(in + 0);
x[1] = U8TO32_LE(in + 4); x[1] = U8TO32_LE(in + 4);
@ -312,7 +312,7 @@ void expand_raw256_modm(bignum256modm out, const unsigned char in[32]) {
int is_reduced256_modm(const bignum256modm in) int is_reduced256_modm(const bignum256modm in)
{ {
int i; int i = 0;
uint32_t res1 = 0; uint32_t res1 = 0;
uint32_t res2 = 0; uint32_t res2 = 0;
for (i = 8; i >= 0; i--) { for (i = 8; i >= 0; i--) {
@ -334,9 +334,9 @@ void contract256_modm(unsigned char out[32], const bignum256modm in) {
} }
void contract256_window4_modm(signed char r[64], const bignum256modm in) { void contract256_window4_modm(signed char r[64], const bignum256modm in) {
char carry; char carry = 0;
signed char *quads = r; signed char *quads = r;
bignum256modm_element_t i, j, v; bignum256modm_element_t i = 0, j = 0, v = 0;
for (i = 0; i < 8; i += 2) { for (i = 0; i < 8; i += 2) {
v = in[i]; v = in[i];
@ -369,10 +369,10 @@ void contract256_window4_modm(signed char r[64], const bignum256modm in) {
} }
void contract256_slidingwindow_modm(signed char r[256], const bignum256modm s, int windowsize) { void contract256_slidingwindow_modm(signed char r[256], const bignum256modm s, int windowsize) {
int i,j,k,b; int i = 0, j = 0, k = 0, b = 0;
int m = (1 << (windowsize - 1)) - 1, soplen = 256; int m = (1 << (windowsize - 1)) - 1, soplen = 256;
signed char *bits = r; signed char *bits = r;
bignum256modm_element_t v; bignum256modm_element_t v = 0;
/* first put the binary expansion into r */ /* first put the binary expansion into r */
for (i = 0; i < 8; i++) { for (i = 0; i < 8; i++) {

View File

@ -350,7 +350,7 @@ static const sph_u32 T1dn[] = {
}; };
#define DECL_STATE_SMALL \ #define DECL_STATE_SMALL \
sph_u32 H[16]; sph_u32 H[16] = {0};
#define READ_STATE_SMALL(sc) do { \ #define READ_STATE_SMALL(sc) do { \
memcpy(H, (sc)->state.narrow, sizeof H); \ memcpy(H, (sc)->state.narrow, sizeof H); \
@ -476,7 +476,7 @@ static const sph_u32 T1dn[] = {
} while (0) } while (0)
#define DECL_STATE_BIG \ #define DECL_STATE_BIG \
sph_u32 H[32]; sph_u32 H[32] = {0};
#define READ_STATE_BIG(sc) do { \ #define READ_STATE_BIG(sc) do { \
memcpy(H, (sc)->state.narrow, sizeof H); \ memcpy(H, (sc)->state.narrow, sizeof H); \
@ -675,7 +675,7 @@ static const sph_u32 T1dn[] = {
static void static void
groestl_big_init(sph_groestl_big_context *sc, unsigned out_size) groestl_big_init(sph_groestl_big_context *sc, unsigned out_size)
{ {
size_t u; size_t u = 0;
sc->ptr = 0; sc->ptr = 0;
for (u = 0; u < 31; u ++) for (u = 0; u < 31; u ++)
@ -688,8 +688,8 @@ groestl_big_init(sph_groestl_big_context *sc, unsigned out_size)
static void static void
groestl_big_core(sph_groestl_big_context *sc, const void *data, size_t len) groestl_big_core(sph_groestl_big_context *sc, const void *data, size_t len)
{ {
unsigned char *buf; unsigned char *buf = NULL;
size_t ptr; size_t ptr = 0;
DECL_STATE_BIG DECL_STATE_BIG
buf = sc->buf; buf = sc->buf;
@ -703,7 +703,7 @@ groestl_big_core(sph_groestl_big_context *sc, const void *data, size_t len)
READ_STATE_BIG(sc); READ_STATE_BIG(sc);
while (len > 0) { while (len > 0) {
size_t clen; size_t clen = 0;
clen = (sizeof sc->buf) - ptr; clen = (sizeof sc->buf) - ptr;
if (clen > len) if (clen > len)
@ -726,10 +726,10 @@ static void
groestl_big_close(sph_groestl_big_context *sc, groestl_big_close(sph_groestl_big_context *sc,
unsigned ub, unsigned n, void *dst, size_t out_len) unsigned ub, unsigned n, void *dst, size_t out_len)
{ {
unsigned char pad[136]; unsigned char pad[136] = {0};
size_t ptr, pad_len, u2; size_t ptr = 0, pad_len = 0, u2 = 0;
sph_u64 count; sph_u64 count = 0;
unsigned z; unsigned z = 0;
DECL_STATE_BIG DECL_STATE_BIG
ptr = sc->ptr; ptr = sc->ptr;
@ -774,7 +774,7 @@ groestl512_Final(void *cc, void *dst)
void void
groestl512_DoubleTrunc(void *cc, void *dst) groestl512_DoubleTrunc(void *cc, void *dst)
{ {
char buf[64]; char buf[64] = {0};
groestl512_Final(cc, buf); groestl512_Final(cc, buf);
groestl512_Update(cc, buf, sizeof(buf)); groestl512_Update(cc, buf, sizeof(buf));

View File

@ -139,7 +139,7 @@ void hasher_Final(Hasher *hasher, uint8_t hash[HASHER_DIGEST_LENGTH]) {
void hasher_Raw(HasherType type, const uint8_t *data, size_t length, void hasher_Raw(HasherType type, const uint8_t *data, size_t length,
uint8_t hash[HASHER_DIGEST_LENGTH]) { uint8_t hash[HASHER_DIGEST_LENGTH]) {
Hasher hasher; Hasher hasher = {0};
hasher_Init(&hasher, type); hasher_Init(&hasher, type);
hasher_Update(&hasher, data, length); hasher_Update(&hasher, data, length);

View File

@ -83,7 +83,7 @@ void hmac_sha256_prepare(const uint8_t *key, const uint32_t keylen,
/* compute o_key_pad and its digest */ /* compute o_key_pad and its digest */
for (int i = 0; i < SHA256_BLOCK_LENGTH / (int)sizeof(uint32_t); i++) { for (int i = 0; i < SHA256_BLOCK_LENGTH / (int)sizeof(uint32_t); i++) {
uint32_t data; uint32_t data = 0;
#if BYTE_ORDER == LITTLE_ENDIAN #if BYTE_ORDER == LITTLE_ENDIAN
REVERSE32(key_pad[i], data); REVERSE32(key_pad[i], data);
#else #else
@ -135,7 +135,7 @@ void hmac_sha512_Final(HMAC_SHA512_CTX *hctx, uint8_t *hmac) {
void hmac_sha512(const uint8_t *key, const uint32_t keylen, const uint8_t *msg, void hmac_sha512(const uint8_t *key, const uint32_t keylen, const uint8_t *msg,
const uint32_t msglen, uint8_t *hmac) { const uint32_t msglen, uint8_t *hmac) {
HMAC_SHA512_CTX hctx; HMAC_SHA512_CTX hctx = {0};
hmac_sha512_Init(&hctx, key, keylen); hmac_sha512_Init(&hctx, key, keylen);
hmac_sha512_Update(&hctx, msg, msglen); hmac_sha512_Update(&hctx, msg, msglen);
hmac_sha512_Final(&hctx, hmac); hmac_sha512_Final(&hctx, hmac);
@ -157,7 +157,7 @@ void hmac_sha512_prepare(const uint8_t *key, const uint32_t keylen,
/* compute o_key_pad and its digest */ /* compute o_key_pad and its digest */
for (int i = 0; i < SHA512_BLOCK_LENGTH / (int)sizeof(uint64_t); i++) { for (int i = 0; i < SHA512_BLOCK_LENGTH / (int)sizeof(uint64_t); i++) {
uint64_t data; uint64_t data = 0;
#if BYTE_ORDER == LITTLE_ENDIAN #if BYTE_ORDER == LITTLE_ENDIAN
REVERSE64(key_pad[i], data); REVERSE64(key_pad[i], data);
#else #else

View File

@ -38,7 +38,7 @@ static void update_k(HMAC_DRBG_CTX *ctx, uint8_t domain, const uint8_t *data1,
ctx->v[8] = 0x80000000; ctx->v[8] = 0x80000000;
ctx->v[15] = (SHA256_BLOCK_LENGTH + SHA256_DIGEST_LENGTH) * 8; ctx->v[15] = (SHA256_BLOCK_LENGTH + SHA256_DIGEST_LENGTH) * 8;
} else { } else {
SHA256_CTX sha_ctx; SHA256_CTX sha_ctx = {0};
memcpy(sha_ctx.state, ctx->idig, SHA256_DIGEST_LENGTH); memcpy(sha_ctx.state, ctx->idig, SHA256_DIGEST_LENGTH);
for (size_t i = 0; i < SHA256_DIGEST_LENGTH / sizeof(uint32_t); i++) { for (size_t i = 0; i < SHA256_DIGEST_LENGTH / sizeof(uint32_t); i++) {
#if BYTE_ORDER == LITTLE_ENDIAN #if BYTE_ORDER == LITTLE_ENDIAN
@ -86,7 +86,7 @@ static void update_v(HMAC_DRBG_CTX *ctx) {
void hmac_drbg_init(HMAC_DRBG_CTX *ctx, const uint8_t *entropy, void hmac_drbg_init(HMAC_DRBG_CTX *ctx, const uint8_t *entropy,
size_t entropy_len, const uint8_t *nonce, size_t entropy_len, const uint8_t *nonce,
size_t nonce_len) { size_t nonce_len) {
uint32_t h[SHA256_BLOCK_LENGTH / sizeof(uint32_t)]; uint32_t h[SHA256_BLOCK_LENGTH / sizeof(uint32_t)] = {0};
// Precompute the inner digest and outer digest of K = 0x00 ... 0x00. // Precompute the inner digest and outer digest of K = 0x00 ... 0x00.
memset(h, 0x36, sizeof(h)); memset(h, 0x36, sizeof(h));

View File

@ -106,7 +106,7 @@ bool decode_block(const char* block, size_t size, char* res)
if (digit < 0) if (digit < 0)
return false; // Invalid symbol return false; // Invalid symbol
uint64_t product_hi; uint64_t product_hi = 0;
uint64_t tmp = res_num + mul128(order, (uint64_t) digit, &product_hi); uint64_t tmp = res_num + mul128(order, (uint64_t) digit, &product_hi);
if (tmp < res_num || 0 != product_hi) if (tmp < res_num || 0 != product_hi)
return false; // Overflow return false; // Overflow
@ -199,7 +199,7 @@ int xmr_base58_addr_encode_check(uint64_t tag, const uint8_t *data, size_t binsz
} }
size_t b58size = b58sz; size_t b58size = b58sz;
uint8_t buf[binsz + 1 + HASHER_DIGEST_LENGTH]; uint8_t buf[(binsz + 1) + HASHER_DIGEST_LENGTH];
uint8_t *hash = buf + binsz + 1; uint8_t *hash = buf + binsz + 1;
buf[0] = (uint8_t) tag; buf[0] = (uint8_t) tag;
memcpy(buf + 1, data, binsz); memcpy(buf + 1, data, binsz);
@ -213,7 +213,7 @@ int xmr_base58_addr_decode_check(const char *addr, size_t sz, uint64_t *tag, voi
{ {
size_t buflen = 1 + 64 + addr_checksum_size; size_t buflen = 1 + 64 + addr_checksum_size;
uint8_t buf[buflen]; uint8_t buf[buflen];
uint8_t hash[HASHER_DIGEST_LENGTH]; uint8_t hash[HASHER_DIGEST_LENGTH] = {0};
if (!xmr_base58_decode(addr, sz, buf, &buflen)){ if (!xmr_base58_decode(addr, sz, buf, &buflen)){
return 0; return 0;

View File

@ -5,15 +5,15 @@
#include "range_proof.h" #include "range_proof.h"
static void xmr_hash_ge25519_to_scalar(bignum256modm r, const ge25519 *p) { static void xmr_hash_ge25519_to_scalar(bignum256modm r, const ge25519 *p) {
unsigned char buff[32]; unsigned char buff[32] = {0};
ge25519_pack(buff, p); ge25519_pack(buff, p);
xmr_hash_to_scalar(r, buff, sizeof(buff)); xmr_hash_to_scalar(r, buff, sizeof(buff));
} }
void xmr_gen_range_sig(xmr_range_sig_t *sig, ge25519 *C, bignum256modm mask, void xmr_gen_range_sig(xmr_range_sig_t *sig, ge25519 *C, bignum256modm mask,
xmr_amount amount, bignum256modm *last_mask) { xmr_amount amount, bignum256modm *last_mask) {
bignum256modm ai[64]; bignum256modm ai[64] = {0};
bignum256modm alpha[64]; bignum256modm alpha[64] = {0};
xmr_gen_range_sig_ex(sig, C, mask, amount, last_mask, ai, alpha); xmr_gen_range_sig_ex(sig, C, mask, amount, last_mask, ai, alpha);
} }
@ -25,16 +25,16 @@ void xmr_gen_range_sig_ex(xmr_range_sig_t *sig, ge25519 *C, bignum256modm mask,
bignum256modm si = {0}; bignum256modm si = {0};
bignum256modm c = {0}; bignum256modm c = {0};
bignum256modm ee = {0}; bignum256modm ee = {0};
unsigned char buff[32]; unsigned char buff[32] = {0};
Hasher kck; Hasher kck = {0};
xmr_hasher_init(&kck); xmr_hasher_init(&kck);
ge25519 C_acc; ge25519 C_acc = {0};
ge25519 C_h; ge25519 C_h = {0};
ge25519 C_tmp; ge25519 C_tmp = {0};
ge25519 L; ge25519 L = {0};
ge25519 Zero; ge25519 Zero = {0};
ge25519_set_neutral(&Zero); ge25519_set_neutral(&Zero);
ge25519_set_neutral(&C_acc); ge25519_set_neutral(&C_acc);

View File

@ -44,14 +44,14 @@ void xmr_hasher_copy(Hasher *dst, const Hasher *src) {
} }
void xmr_hash_to_scalar(bignum256modm r, const void *data, size_t length) { void xmr_hash_to_scalar(bignum256modm r, const void *data, size_t length) {
uint8_t hash[HASHER_DIGEST_LENGTH]; uint8_t hash[HASHER_DIGEST_LENGTH] = {0};
hasher_Raw(HASHER_SHA3K, data, length, hash); hasher_Raw(HASHER_SHA3K, data, length, hash);
expand256_modm(r, hash, HASHER_DIGEST_LENGTH); expand256_modm(r, hash, HASHER_DIGEST_LENGTH);
} }
void xmr_hash_to_ec(ge25519 *P, const void *data, size_t length) { void xmr_hash_to_ec(ge25519 *P, const void *data, size_t length) {
ge25519 point2; ge25519 point2 = {0};
uint8_t hash[HASHER_DIGEST_LENGTH]; uint8_t hash[HASHER_DIGEST_LENGTH] = {0};
hasher_Raw(HASHER_SHA3K, data, length, hash); hasher_Raw(HASHER_SHA3K, data, length, hash);
ge25519_fromfe_frombytes_vartime(&point2, hash); ge25519_fromfe_frombytes_vartime(&point2, hash);
@ -60,7 +60,7 @@ void xmr_hash_to_ec(ge25519 *P, const void *data, size_t length) {
void xmr_derivation_to_scalar(bignum256modm s, const ge25519 *p, void xmr_derivation_to_scalar(bignum256modm s, const ge25519 *p,
uint32_t output_index) { uint32_t output_index) {
uint8_t buff[32 + 8]; uint8_t buff[32 + 8] = {0};
ge25519_pack(buff, p); ge25519_pack(buff, p);
int written = xmr_write_varint(buff + 32, 8, output_index); int written = xmr_write_varint(buff + 32, 8, output_index);
xmr_hash_to_scalar(s, buff, 32u + written); xmr_hash_to_scalar(s, buff, 32u + written);
@ -68,7 +68,7 @@ void xmr_derivation_to_scalar(bignum256modm s, const ge25519 *p,
void xmr_generate_key_derivation(ge25519 *r, const ge25519 *A, void xmr_generate_key_derivation(ge25519 *r, const ge25519 *A,
const bignum256modm b) { const bignum256modm b) {
ge25519 bA; ge25519 bA = {0};
ge25519_scalarmult(&bA, A, b); ge25519_scalarmult(&bA, A, b);
ge25519_mul8(r, &bA); ge25519_mul8(r, &bA);
} }
@ -82,7 +82,7 @@ void xmr_derive_private_key(bignum256modm s, const ge25519 *deriv, uint32_t idx,
void xmr_derive_public_key(ge25519 *r, const ge25519 *deriv, uint32_t idx, void xmr_derive_public_key(ge25519 *r, const ge25519 *deriv, uint32_t idx,
const ge25519 *base) { const ge25519 *base) {
bignum256modm s = {0}; bignum256modm s = {0};
ge25519 p2; ge25519 p2 = {0};
xmr_derivation_to_scalar(s, deriv, idx); xmr_derivation_to_scalar(s, deriv, idx);
ge25519_scalarmult_base_niels(&p2, ge25519_niels_base_multiples, s); ge25519_scalarmult_base_niels(&p2, ge25519_niels_base_multiples, s);
@ -92,7 +92,7 @@ void xmr_derive_public_key(ge25519 *r, const ge25519 *deriv, uint32_t idx,
void xmr_add_keys2(ge25519 *r, const bignum256modm a, const bignum256modm b, void xmr_add_keys2(ge25519 *r, const bignum256modm a, const bignum256modm b,
const ge25519 *B) { const ge25519 *B) {
// aG + bB, G is basepoint // aG + bB, G is basepoint
ge25519 aG, bB; ge25519 aG = {0}, bB = {0};
ge25519_scalarmult_base_niels(&aG, ge25519_niels_base_multiples, a); ge25519_scalarmult_base_niels(&aG, ge25519_niels_base_multiples, a);
ge25519_scalarmult(&bB, B, b); ge25519_scalarmult(&bB, B, b);
ge25519_add(r, &aG, &bB, 0); ge25519_add(r, &aG, &bB, 0);
@ -107,7 +107,7 @@ void xmr_add_keys2_vartime(ge25519 *r, const bignum256modm a,
void xmr_add_keys3(ge25519 *r, const bignum256modm a, const ge25519 *A, void xmr_add_keys3(ge25519 *r, const bignum256modm a, const ge25519 *A,
const bignum256modm b, const ge25519 *B) { const bignum256modm b, const ge25519 *B) {
// aA + bB // aA + bB
ge25519 aA, bB; ge25519 aA = {0}, bB = {0};
ge25519_scalarmult(&aA, A, a); ge25519_scalarmult(&aA, A, a);
ge25519_scalarmult(&bB, B, b); ge25519_scalarmult(&bB, B, b);
ge25519_add(r, &aA, &bB, 0); ge25519_add(r, &aA, &bB, 0);
@ -122,10 +122,10 @@ void xmr_add_keys3_vartime(ge25519 *r, const bignum256modm a, const ge25519 *A,
void xmr_get_subaddress_secret_key(bignum256modm r, uint32_t major, void xmr_get_subaddress_secret_key(bignum256modm r, uint32_t major,
uint32_t minor, const bignum256modm m) { uint32_t minor, const bignum256modm m) {
const char prefix[] = "SubAddr"; const char prefix[] = "SubAddr";
unsigned char buff[32]; unsigned char buff[32] = {0};
contract256_modm(buff, m); contract256_modm(buff, m);
char data[sizeof(prefix) + sizeof(buff) + 2 * sizeof(uint32_t)]; char data[sizeof(prefix) + sizeof(buff) + 2 * sizeof(uint32_t)] = {0};
memcpy(data, prefix, sizeof(prefix)); memcpy(data, prefix, sizeof(prefix));
memcpy(data + sizeof(prefix), buff, sizeof(buff)); memcpy(data + sizeof(prefix), buff, sizeof(buff));
memcpy(data + sizeof(prefix) + sizeof(buff), &major, sizeof(uint32_t)); memcpy(data + sizeof(prefix) + sizeof(buff), &major, sizeof(uint32_t));

View File

@ -116,7 +116,7 @@ static inline bool nem_write_mosaic_bool(nem_transaction_ctx *ctx,
static inline bool nem_write_mosaic_u64(nem_transaction_ctx *ctx, static inline bool nem_write_mosaic_u64(nem_transaction_ctx *ctx,
const char *name, uint64_t value) { const char *name, uint64_t value) {
char buffer[21]; char buffer[21] = {0};
if (bn_format_uint64(value, NULL, NULL, 0, 0, false, buffer, if (bn_format_uint64(value, NULL, NULL, 0, 0, false, buffer,
sizeof(buffer)) == 0) { sizeof(buffer)) == 0) {
@ -128,7 +128,7 @@ static inline bool nem_write_mosaic_u64(nem_transaction_ctx *ctx,
void nem_get_address_raw(const ed25519_public_key public_key, uint8_t version, void nem_get_address_raw(const ed25519_public_key public_key, uint8_t version,
uint8_t *address) { uint8_t *address) {
uint8_t hash[SHA3_256_DIGEST_LENGTH]; uint8_t hash[SHA3_256_DIGEST_LENGTH] = {0};
/* 1. Perform 256-bit Sha3 on the public key */ /* 1. Perform 256-bit Sha3 on the public key */
keccak_256(public_key, sizeof(ed25519_public_key), hash); keccak_256(public_key, sizeof(ed25519_public_key), hash);
@ -151,7 +151,7 @@ void nem_get_address_raw(const ed25519_public_key public_key, uint8_t version,
bool nem_get_address(const ed25519_public_key public_key, uint8_t version, bool nem_get_address(const ed25519_public_key public_key, uint8_t version,
char *address) { char *address) {
uint8_t pubkeyhash[NEM_ADDRESS_SIZE_RAW]; uint8_t pubkeyhash[NEM_ADDRESS_SIZE_RAW] = {0};
nem_get_address_raw(public_key, version, pubkeyhash); nem_get_address_raw(public_key, version, pubkeyhash);
@ -167,7 +167,7 @@ bool nem_validate_address_raw(const uint8_t *address, uint8_t network) {
return false; return false;
} }
uint8_t hash[SHA3_256_DIGEST_LENGTH]; uint8_t hash[SHA3_256_DIGEST_LENGTH] = {0};
keccak_256(address, 1 + RIPEMD160_DIGEST_LENGTH, hash); keccak_256(address, 1 + RIPEMD160_DIGEST_LENGTH, hash);
bool valid = (memcmp(&address[1 + RIPEMD160_DIGEST_LENGTH], hash, 4) == 0); bool valid = (memcmp(&address[1 + RIPEMD160_DIGEST_LENGTH], hash, 4) == 0);
@ -177,7 +177,7 @@ bool nem_validate_address_raw(const uint8_t *address, uint8_t network) {
} }
bool nem_validate_address(const char *address, uint8_t network) { bool nem_validate_address(const char *address, uint8_t network) {
uint8_t pubkeyhash[NEM_ADDRESS_SIZE_RAW]; uint8_t pubkeyhash[NEM_ADDRESS_SIZE_RAW] = {0};
if (strlen(address) != NEM_ADDRESS_SIZE) { if (strlen(address) != NEM_ADDRESS_SIZE) {
return false; return false;
@ -314,10 +314,10 @@ bool nem_transaction_create_multisig_signature(
timestamp, signer, fee, deadline); timestamp, signer, fee, deadline);
if (!ret) return false; if (!ret) return false;
char address[NEM_ADDRESS_SIZE + 1]; char address[NEM_ADDRESS_SIZE + 1] = {0};
nem_get_address(inner->public_key, network, address); nem_get_address(inner->public_key, network, address);
uint8_t hash[SHA3_256_DIGEST_LENGTH]; uint8_t hash[SHA3_256_DIGEST_LENGTH] = {0};
keccak_256(inner->buffer, inner->offset, hash); keccak_256(inner->buffer, inner->offset, hash);
SERIALIZE_U32(sizeof(uint32_t) + SHA3_256_DIGEST_LENGTH); SERIALIZE_U32(sizeof(uint32_t) + SHA3_256_DIGEST_LENGTH);
@ -379,7 +379,7 @@ bool nem_transaction_create_mosaic_creation(
sizeof(uint32_t) + namespace_length + sizeof(uint32_t) + mosaic_length; sizeof(uint32_t) + namespace_length + sizeof(uint32_t) + mosaic_length;
// This length will be rewritten later on // This length will be rewritten later on
nem_transaction_ctx state; nem_transaction_ctx state = {0};
memcpy(&state, ctx, sizeof(state)); memcpy(&state, ctx, sizeof(state));
SERIALIZE_U32(0); SERIALIZE_U32(0);

View File

@ -30,7 +30,7 @@
void pbkdf2_hmac_sha256_Init(PBKDF2_HMAC_SHA256_CTX *pctx, const uint8_t *pass, void pbkdf2_hmac_sha256_Init(PBKDF2_HMAC_SHA256_CTX *pctx, const uint8_t *pass,
int passlen, const uint8_t *salt, int saltlen, int passlen, const uint8_t *salt, int saltlen,
uint32_t blocknr) { uint32_t blocknr) {
SHA256_CTX ctx; SHA256_CTX ctx = {0};
#if BYTE_ORDER == LITTLE_ENDIAN #if BYTE_ORDER == LITTLE_ENDIAN
REVERSE32(blocknr, blocknr); REVERSE32(blocknr, blocknr);
#endif #endif
@ -88,10 +88,10 @@ void pbkdf2_hmac_sha256(const uint8_t *pass, int passlen, const uint8_t *salt,
last_block_size = SHA256_DIGEST_LENGTH; last_block_size = SHA256_DIGEST_LENGTH;
} }
for (uint32_t blocknr = 1; blocknr <= blocks_count; blocknr++) { for (uint32_t blocknr = 1; blocknr <= blocks_count; blocknr++) {
PBKDF2_HMAC_SHA256_CTX pctx; PBKDF2_HMAC_SHA256_CTX pctx = {0};
pbkdf2_hmac_sha256_Init(&pctx, pass, passlen, salt, saltlen, blocknr); pbkdf2_hmac_sha256_Init(&pctx, pass, passlen, salt, saltlen, blocknr);
pbkdf2_hmac_sha256_Update(&pctx, iterations); pbkdf2_hmac_sha256_Update(&pctx, iterations);
uint8_t digest[SHA256_DIGEST_LENGTH]; uint8_t digest[SHA256_DIGEST_LENGTH] = {0};
pbkdf2_hmac_sha256_Final(&pctx, digest); pbkdf2_hmac_sha256_Final(&pctx, digest);
uint32_t key_offset = (blocknr - 1) * SHA256_DIGEST_LENGTH; uint32_t key_offset = (blocknr - 1) * SHA256_DIGEST_LENGTH;
if (blocknr < blocks_count) { if (blocknr < blocks_count) {
@ -105,7 +105,7 @@ void pbkdf2_hmac_sha256(const uint8_t *pass, int passlen, const uint8_t *salt,
void pbkdf2_hmac_sha512_Init(PBKDF2_HMAC_SHA512_CTX *pctx, const uint8_t *pass, void pbkdf2_hmac_sha512_Init(PBKDF2_HMAC_SHA512_CTX *pctx, const uint8_t *pass,
int passlen, const uint8_t *salt, int saltlen, int passlen, const uint8_t *salt, int saltlen,
uint32_t blocknr) { uint32_t blocknr) {
SHA512_CTX ctx; SHA512_CTX ctx = {0};
#if BYTE_ORDER == LITTLE_ENDIAN #if BYTE_ORDER == LITTLE_ENDIAN
REVERSE32(blocknr, blocknr); REVERSE32(blocknr, blocknr);
#endif #endif
@ -164,10 +164,10 @@ void pbkdf2_hmac_sha512(const uint8_t *pass, int passlen, const uint8_t *salt,
last_block_size = SHA512_DIGEST_LENGTH; last_block_size = SHA512_DIGEST_LENGTH;
} }
for (uint32_t blocknr = 1; blocknr <= blocks_count; blocknr++) { for (uint32_t blocknr = 1; blocknr <= blocks_count; blocknr++) {
PBKDF2_HMAC_SHA512_CTX pctx; PBKDF2_HMAC_SHA512_CTX pctx = {0};
pbkdf2_hmac_sha512_Init(&pctx, pass, passlen, salt, saltlen, blocknr); pbkdf2_hmac_sha512_Init(&pctx, pass, passlen, salt, saltlen, blocknr);
pbkdf2_hmac_sha512_Update(&pctx, iterations); pbkdf2_hmac_sha512_Update(&pctx, iterations);
uint8_t digest[SHA512_DIGEST_LENGTH]; uint8_t digest[SHA512_DIGEST_LENGTH] = {0};
pbkdf2_hmac_sha512_Final(&pctx, digest); pbkdf2_hmac_sha512_Final(&pctx, digest);
uint32_t key_offset = (blocknr - 1) * SHA512_DIGEST_LENGTH; uint32_t key_offset = (blocknr - 1) * SHA512_DIGEST_LENGTH;
if (blocknr < blocks_count) { if (blocknr < blocks_count) {

View File

@ -65,7 +65,7 @@ void __attribute__((weak)) random_buffer(uint8_t *buf, size_t len) {
} }
uint32_t random_uniform(uint32_t n) { uint32_t random_uniform(uint32_t n) {
uint32_t x, max = 0xFFFFFFFF - (0xFFFFFFFF % n); uint32_t x = 0, max = 0xFFFFFFFF - (0xFFFFFFFF % n);
while ((x = random32()) >= max) while ((x = random32()) >= max)
; ;
return x / (max / n); return x / (max / n);

View File

@ -39,7 +39,7 @@ void generate_rfc6979(uint8_t rnd[32], rfc6979_state *state) {
// generate K in a deterministic way, according to RFC6979 // generate K in a deterministic way, according to RFC6979
// http://tools.ietf.org/html/rfc6979 // http://tools.ietf.org/html/rfc6979
void generate_k_rfc6979(bignum256 *k, rfc6979_state *state) { void generate_k_rfc6979(bignum256 *k, rfc6979_state *state) {
uint8_t buf[32]; uint8_t buf[32] = {0};
generate_rfc6979(buf, state); generate_rfc6979(buf, state);
bn_read_be(buf, k); bn_read_be(buf, k);
memzero(buf, sizeof(buf)); memzero(buf, sizeof(buf));

View File

@ -74,7 +74,7 @@ void ripemd160_Init(RIPEMD160_CTX *ctx)
*/ */
void ripemd160_process( RIPEMD160_CTX *ctx, const uint8_t data[RIPEMD160_BLOCK_LENGTH] ) void ripemd160_process( RIPEMD160_CTX *ctx, const uint8_t data[RIPEMD160_BLOCK_LENGTH] )
{ {
uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16]; uint32_t A = 0, B = 0, C = 0, D = 0, E = 0, Ap = 0, Bp = 0, Cp = 0, Dp = 0, Ep = 0, X[16] = {0};
GET_UINT32_LE( X[ 0], data, 0 ); GET_UINT32_LE( X[ 0], data, 0 );
GET_UINT32_LE( X[ 1], data, 4 ); GET_UINT32_LE( X[ 1], data, 4 );
@ -255,8 +255,8 @@ void ripemd160_process( RIPEMD160_CTX *ctx, const uint8_t data[RIPEMD160_BLOCK_L
*/ */
void ripemd160_Update( RIPEMD160_CTX *ctx, const uint8_t *input, uint32_t ilen ) void ripemd160_Update( RIPEMD160_CTX *ctx, const uint8_t *input, uint32_t ilen )
{ {
uint32_t fill; uint32_t fill = 0;
uint32_t left; uint32_t left = 0;
if( ilen == 0 ) if( ilen == 0 )
return; return;
@ -305,9 +305,9 @@ static const uint8_t ripemd160_padding[RIPEMD160_BLOCK_LENGTH] =
*/ */
void ripemd160_Final( RIPEMD160_CTX *ctx, uint8_t output[RIPEMD160_DIGEST_LENGTH] ) void ripemd160_Final( RIPEMD160_CTX *ctx, uint8_t output[RIPEMD160_DIGEST_LENGTH] )
{ {
uint32_t last, padn; uint32_t last = 0; uint32_t padn = 0;
uint32_t high, low; uint32_t high = 0; uint32_t low = 0;
uint8_t msglen[8]; uint8_t msglen[8] = {0};
high = ( ctx->total[0] >> 29 ) high = ( ctx->total[0] >> 29 )
| ( ctx->total[1] << 3 ); | ( ctx->total[1] << 3 );
@ -336,7 +336,7 @@ void ripemd160_Final( RIPEMD160_CTX *ctx, uint8_t output[RIPEMD160_DIGEST_LENGTH
*/ */
void ripemd160(const uint8_t *msg, uint32_t msg_len, uint8_t hash[RIPEMD160_DIGEST_LENGTH]) void ripemd160(const uint8_t *msg, uint32_t msg_len, uint8_t hash[RIPEMD160_DIGEST_LENGTH])
{ {
RIPEMD160_CTX ctx; RIPEMD160_CTX ctx = {0};
ripemd160_Init( &ctx ); ripemd160_Init( &ctx );
ripemd160_Update( &ctx, msg, msg_len ); ripemd160_Update( &ctx, msg, msg_len );
ripemd160_Final( &ctx, hash ); ripemd160_Final( &ctx, hash );

View File

@ -26,7 +26,7 @@
int script_output_to_address(const uint8_t *script, int scriptlen, char *addr, int script_output_to_address(const uint8_t *script, int scriptlen, char *addr,
int addrsize) { int addrsize) {
uint8_t raw[35]; uint8_t raw[35] = {0};
// P2PKH // P2PKH
if (scriptlen == 25 && script[0] == 0x76 && script[1] == 0xA9 && if (scriptlen == 25 && script[0] == 0x76 && script[1] == 0xA9 &&

View File

@ -85,9 +85,9 @@ int bech32_encode(char *output, const char *hrp, const uint8_t *data, size_t dat
int bech32_decode(char* hrp, uint8_t *data, size_t *data_len, const char *input) { int bech32_decode(char* hrp, uint8_t *data, size_t *data_len, const char *input) {
uint32_t chk = 1; uint32_t chk = 1;
size_t i; size_t i = 0;
size_t input_len = strlen(input); size_t input_len = strlen(input);
size_t hrp_len; size_t hrp_len = 0;
int have_lower = 0, have_upper = 0; int have_lower = 0, have_upper = 0;
if (input_len < 8 || input_len > 90) { if (input_len < 8 || input_len > 90) {
return 0; return 0;
@ -163,7 +163,7 @@ static int convert_bits(uint8_t* out, size_t* outlen, int outbits, const uint8_t
} }
int segwit_addr_encode(char *output, const char *hrp, int witver, const uint8_t *witprog, size_t witprog_len) { int segwit_addr_encode(char *output, const char *hrp, int witver, const uint8_t *witprog, size_t witprog_len) {
uint8_t data[65]; uint8_t data[65] = {0};
size_t datalen = 0; size_t datalen = 0;
if (witver > 16) return 0; if (witver > 16) return 0;
if (witver == 0 && witprog_len != 20 && witprog_len != 32) return 0; if (witver == 0 && witprog_len != 20 && witprog_len != 32) return 0;
@ -175,9 +175,9 @@ int segwit_addr_encode(char *output, const char *hrp, int witver, const uint8_t
} }
int segwit_addr_decode(int* witver, uint8_t* witdata, size_t* witdata_len, const char* hrp, const char* addr) { int segwit_addr_decode(int* witver, uint8_t* witdata, size_t* witdata_len, const char* hrp, const char* addr) {
uint8_t data[84]; uint8_t data[84] = {0};
char hrp_actual[84]; char hrp_actual[84] = {0};
size_t data_len; size_t data_len = 0;
if (!bech32_decode(hrp_actual, data, &data_len, addr)) return 0; if (!bech32_decode(hrp_actual, data, &data_len, addr)) return 0;
if (data_len == 0 || data_len > 65) return 0; if (data_len == 0 || data_len > 65) return 0;
if (strncmp(hrp, hrp_actual, 84) != 0) return 0; if (strncmp(hrp, hrp_actual, 84) != 0) return 0;

View File

@ -321,10 +321,10 @@ void sha1_Init(SHA1_CTX* context) {
j++; j++;
void sha1_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) { void sha1_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) {
sha2_word32 a, b, c, d, e; sha2_word32 a = 0, b = 0, c = 0, d = 0, e = 0;
sha2_word32 T1; sha2_word32 T1 = 0;
sha2_word32 W1[16]; sha2_word32 W1[16] = {0};
int j; int j = 0;
/* Initialize registers with the prev. intermediate value */ /* Initialize registers with the prev. intermediate value */
a = state_in[0]; a = state_in[0];
@ -439,10 +439,10 @@ void sha1_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_w
#else /* SHA2_UNROLL_TRANSFORM */ #else /* SHA2_UNROLL_TRANSFORM */
void sha1_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) { void sha1_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) {
sha2_word32 a, b, c, d, e; sha2_word32 a = 0, b = 0, c = 0, d = 0, e = 0;
sha2_word32 T1; sha2_word32 T1 = 0;
sha2_word32 W1[16]; sha2_word32 W1[16] = {0};
int j; int j = 0;
/* Initialize registers with the prev. intermediate value */ /* Initialize registers with the prev. intermediate value */
a = state_in[0]; a = state_in[0];
@ -520,7 +520,7 @@ void sha1_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_w
#endif /* SHA2_UNROLL_TRANSFORM */ #endif /* SHA2_UNROLL_TRANSFORM */
void sha1_Update(SHA1_CTX* context, const sha2_byte *data, size_t len) { void sha1_Update(SHA1_CTX* context, const sha2_byte *data, size_t len) {
unsigned int freespace, usedspace; unsigned int freespace = 0, usedspace = 0;
if (len == 0) { if (len == 0) {
/* Calling with no data is valid - we do nothing */ /* Calling with no data is valid - we do nothing */
@ -578,7 +578,7 @@ void sha1_Update(SHA1_CTX* context, const sha2_byte *data, size_t len) {
} }
void sha1_Final(SHA1_CTX* context, sha2_byte digest[]) { void sha1_Final(SHA1_CTX* context, sha2_byte digest[]) {
unsigned int usedspace; unsigned int usedspace = 0;
/* If no digest buffer is passed, we don't bother doing this: */ /* If no digest buffer is passed, we don't bother doing this: */
if (digest != (sha2_byte*)0) { if (digest != (sha2_byte*)0) {
@ -632,8 +632,8 @@ void sha1_Final(SHA1_CTX* context, sha2_byte digest[]) {
} }
char *sha1_End(SHA1_CTX* context, char buffer[]) { char *sha1_End(SHA1_CTX* context, char buffer[]) {
sha2_byte digest[SHA1_DIGEST_LENGTH], *d = digest; sha2_byte digest[SHA1_DIGEST_LENGTH] = {0}, *d = digest;
int i; int i = 0;
if (buffer != (char*)0) { if (buffer != (char*)0) {
sha1_Final(context, digest); sha1_Final(context, digest);
@ -652,14 +652,14 @@ char *sha1_End(SHA1_CTX* context, char buffer[]) {
} }
void sha1_Raw(const sha2_byte* data, size_t len, uint8_t digest[SHA1_DIGEST_LENGTH]) { void sha1_Raw(const sha2_byte* data, size_t len, uint8_t digest[SHA1_DIGEST_LENGTH]) {
SHA1_CTX context; SHA1_CTX context = {0};
sha1_Init(&context); sha1_Init(&context);
sha1_Update(&context, data, len); sha1_Update(&context, data, len);
sha1_Final(&context, digest); sha1_Final(&context, digest);
} }
char* sha1_Data(const sha2_byte* data, size_t len, char digest[SHA1_DIGEST_STRING_LENGTH]) { char* sha1_Data(const sha2_byte* data, size_t len, char digest[SHA1_DIGEST_STRING_LENGTH]) {
SHA1_CTX context; SHA1_CTX context = {0};
sha1_Init(&context); sha1_Init(&context);
sha1_Update(&context, data, len); sha1_Update(&context, data, len);
@ -699,10 +699,10 @@ void sha256_Init(SHA256_CTX* context) {
j++ j++
void sha256_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) { void sha256_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) {
sha2_word32 a, b, c, d, e, f, g, h, s0, s1; sha2_word32 a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0, s0 = 0, s1 = 0;
sha2_word32 T1; sha2_word32 T1 = 0;
sha2_word32 W256[16]; sha2_word32 W256[16] = {0};
int j; int j = 0;
/* Initialize registers with the prev. intermediate value */ /* Initialize registers with the prev. intermediate value */
a = state_in[0]; a = state_in[0];
@ -756,9 +756,9 @@ void sha256_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2
#else /* SHA2_UNROLL_TRANSFORM */ #else /* SHA2_UNROLL_TRANSFORM */
void sha256_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) { void sha256_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) {
sha2_word32 a, b, c, d, e, f, g, h, s0, s1; sha2_word32 a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0, s0 = 0, s1 = 0;
sha2_word32 T1, T2, W256[16]; sha2_word32 T1 = 0, T2 = 0 , W256[16] = {0};
int j; int j = 0;
/* Initialize registers with the prev. intermediate value */ /* Initialize registers with the prev. intermediate value */
a = state_in[0]; a = state_in[0];
@ -827,7 +827,7 @@ void sha256_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2
#endif /* SHA2_UNROLL_TRANSFORM */ #endif /* SHA2_UNROLL_TRANSFORM */
void sha256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) { void sha256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
unsigned int freespace, usedspace; unsigned int freespace = 0, usedspace = 0;
if (len == 0) { if (len == 0) {
/* Calling with no data is valid - we do nothing */ /* Calling with no data is valid - we do nothing */
@ -885,7 +885,7 @@ void sha256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
} }
void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) { void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
unsigned int usedspace; unsigned int usedspace = 0;
/* If no digest buffer is passed, we don't bother doing this: */ /* If no digest buffer is passed, we don't bother doing this: */
if (digest != (sha2_byte*)0) { if (digest != (sha2_byte*)0) {
@ -939,8 +939,8 @@ void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
} }
char *sha256_End(SHA256_CTX* context, char buffer[]) { char *sha256_End(SHA256_CTX* context, char buffer[]) {
sha2_byte digest[SHA256_DIGEST_LENGTH], *d = digest; sha2_byte digest[SHA256_DIGEST_LENGTH] = {0}, *d = digest;
int i; int i = 0;
if (buffer != (char*)0) { if (buffer != (char*)0) {
sha256_Final(context, digest); sha256_Final(context, digest);
@ -959,14 +959,14 @@ char *sha256_End(SHA256_CTX* context, char buffer[]) {
} }
void sha256_Raw(const sha2_byte* data, size_t len, uint8_t digest[SHA256_DIGEST_LENGTH]) { void sha256_Raw(const sha2_byte* data, size_t len, uint8_t digest[SHA256_DIGEST_LENGTH]) {
SHA256_CTX context; SHA256_CTX context = {0};
sha256_Init(&context); sha256_Init(&context);
sha256_Update(&context, data, len); sha256_Update(&context, data, len);
sha256_Final(&context, digest); sha256_Final(&context, digest);
} }
char* sha256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) { char* sha256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) {
SHA256_CTX context; SHA256_CTX context = {0};
sha256_Init(&context); sha256_Init(&context);
sha256_Update(&context, data, len); sha256_Update(&context, data, len);
@ -1006,9 +1006,9 @@ void sha512_Init(SHA512_CTX* context) {
j++ j++
void sha512_Transform(const sha2_word64* state_in, const sha2_word64* data, sha2_word64* state_out) { void sha512_Transform(const sha2_word64* state_in, const sha2_word64* data, sha2_word64* state_out) {
sha2_word64 a, b, c, d, e, f, g, h, s0, s1; sha2_word64 a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0, s0 = 0, s1 = 0;
sha2_word64 T1, W512[16]; sha2_word64 T1 = 0, W512[16] = {0};
int j; int j = 0;
/* Initialize registers with the prev. intermediate value */ /* Initialize registers with the prev. intermediate value */
a = state_in[0]; a = state_in[0];
@ -1061,9 +1061,9 @@ void sha512_Transform(const sha2_word64* state_in, const sha2_word64* data, sha2
#else /* SHA2_UNROLL_TRANSFORM */ #else /* SHA2_UNROLL_TRANSFORM */
void sha512_Transform(const sha2_word64* state_in, const sha2_word64* data, sha2_word64* state_out) { void sha512_Transform(const sha2_word64* state_in, const sha2_word64* data, sha2_word64* state_out) {
sha2_word64 a, b, c, d, e, f, g, h, s0, s1; sha2_word64 a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0, s0 = 0, s1 = 0;
sha2_word64 T1, T2, W512[16]; sha2_word64 T1 = 0, T2 = 0, W512[16] = {0};
int j; int j = 0;
/* Initialize registers with the prev. intermediate value */ /* Initialize registers with the prev. intermediate value */
a = state_in[0]; a = state_in[0];
@ -1132,7 +1132,7 @@ void sha512_Transform(const sha2_word64* state_in, const sha2_word64* data, sha2
#endif /* SHA2_UNROLL_TRANSFORM */ #endif /* SHA2_UNROLL_TRANSFORM */
void sha512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) { void sha512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
unsigned int freespace, usedspace; unsigned int freespace = 0, usedspace = 0;
if (len == 0) { if (len == 0) {
/* Calling with no data is valid - we do nothing */ /* Calling with no data is valid - we do nothing */
@ -1190,7 +1190,7 @@ void sha512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
} }
static void sha512_Last(SHA512_CTX* context) { static void sha512_Last(SHA512_CTX* context) {
unsigned int usedspace; unsigned int usedspace = 0;
usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
/* Begin padding with a 1 bit: */ /* Begin padding with a 1 bit: */
@ -1248,8 +1248,8 @@ void sha512_Final(SHA512_CTX* context, sha2_byte digest[]) {
} }
char *sha512_End(SHA512_CTX* context, char buffer[]) { char *sha512_End(SHA512_CTX* context, char buffer[]) {
sha2_byte digest[SHA512_DIGEST_LENGTH], *d = digest; sha2_byte digest[SHA512_DIGEST_LENGTH] = {0}, *d = digest;
int i; int i = 0;
if (buffer != (char*)0) { if (buffer != (char*)0) {
sha512_Final(context, digest); sha512_Final(context, digest);
@ -1268,14 +1268,14 @@ char *sha512_End(SHA512_CTX* context, char buffer[]) {
} }
void sha512_Raw(const sha2_byte* data, size_t len, uint8_t digest[SHA512_DIGEST_LENGTH]) { void sha512_Raw(const sha2_byte* data, size_t len, uint8_t digest[SHA512_DIGEST_LENGTH]) {
SHA512_CTX context; SHA512_CTX context = {0};
sha512_Init(&context); sha512_Init(&context);
sha512_Update(&context, data, len); sha512_Update(&context, data, len);
sha512_Final(&context, digest); sha512_Final(&context, digest);
} }
char* sha512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) { char* sha512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) {
SHA512_CTX context; SHA512_CTX context = {0};
sha512_Init(&context); sha512_Init(&context);
sha512_Update(&context, data, len); sha512_Update(&context, data, len);

View File

@ -96,8 +96,8 @@ void sha3_512_Init(SHA3_CTX *ctx)
/* Keccak theta() transformation */ /* Keccak theta() transformation */
static void keccak_theta(uint64_t *A) static void keccak_theta(uint64_t *A)
{ {
unsigned int x; unsigned int x = 0;
uint64_t C[5], D[5]; uint64_t C[5] = {0}, D[5] = {0};
for (x = 0; x < 5; x++) { for (x = 0; x < 5; x++) {
C[x] = A[x] ^ A[x + 5] ^ A[x + 10] ^ A[x + 15] ^ A[x + 20]; C[x] = A[x] ^ A[x + 5] ^ A[x + 10] ^ A[x + 15] ^ A[x + 20];
@ -120,7 +120,7 @@ static void keccak_theta(uint64_t *A)
/* Keccak pi() transformation */ /* Keccak pi() transformation */
static void keccak_pi(uint64_t *A) static void keccak_pi(uint64_t *A)
{ {
uint64_t A1; uint64_t A1 = 0;
A1 = A[1]; A1 = A[1];
A[ 1] = A[ 6]; A[ 1] = A[ 6];
A[ 6] = A[ 9]; A[ 6] = A[ 9];
@ -152,7 +152,7 @@ static void keccak_pi(uint64_t *A)
/* Keccak chi() transformation */ /* Keccak chi() transformation */
static void keccak_chi(uint64_t *A) static void keccak_chi(uint64_t *A)
{ {
int i; int i = 0;
for (i = 0; i < 25; i += 5) { for (i = 0; i < 25; i += 5) {
uint64_t A0 = A[0 + i], A1 = A[1 + i]; uint64_t A0 = A[0 + i], A1 = A[1 + i];
A[0 + i] ^= ~A1 & A[2 + i]; A[0 + i] ^= ~A1 & A[2 + i];
@ -165,7 +165,7 @@ static void keccak_chi(uint64_t *A)
static void sha3_permutation(uint64_t *state) static void sha3_permutation(uint64_t *state)
{ {
int round; int round = 0;
for (round = 0; round < NumberOfRounds; round++) for (round = 0; round < NumberOfRounds; round++)
{ {
keccak_theta(state); keccak_theta(state);
@ -287,7 +287,7 @@ void sha3_Update(SHA3_CTX *ctx, const unsigned char *msg, size_t size)
size -= left; size -= left;
} }
while (size >= block_size) { while (size >= block_size) {
uint64_t* aligned_message_block; uint64_t *aligned_message_block = NULL;
if (IS_ALIGNED_64(msg)) { if (IS_ALIGNED_64(msg)) {
/* the most common case is processing of an already aligned message /* the most common case is processing of an already aligned message
without copying it */ without copying it */
@ -365,7 +365,7 @@ void keccak_Final(SHA3_CTX *ctx, unsigned char* result)
void keccak_256(const unsigned char* data, size_t len, unsigned char* digest) void keccak_256(const unsigned char* data, size_t len, unsigned char* digest)
{ {
SHA3_CTX ctx; SHA3_CTX ctx = {0};
keccak_256_Init(&ctx); keccak_256_Init(&ctx);
keccak_Update(&ctx, data, len); keccak_Update(&ctx, data, len);
keccak_Final(&ctx, digest); keccak_Final(&ctx, digest);
@ -373,7 +373,7 @@ void keccak_256(const unsigned char* data, size_t len, unsigned char* digest)
void keccak_512(const unsigned char* data, size_t len, unsigned char* digest) void keccak_512(const unsigned char* data, size_t len, unsigned char* digest)
{ {
SHA3_CTX ctx; SHA3_CTX ctx = {0};
keccak_512_Init(&ctx); keccak_512_Init(&ctx);
keccak_Update(&ctx, data, len); keccak_Update(&ctx, data, len);
keccak_Final(&ctx, digest); keccak_Final(&ctx, digest);
@ -382,7 +382,7 @@ void keccak_512(const unsigned char* data, size_t len, unsigned char* digest)
void sha3_256(const unsigned char* data, size_t len, unsigned char* digest) void sha3_256(const unsigned char* data, size_t len, unsigned char* digest)
{ {
SHA3_CTX ctx; SHA3_CTX ctx = {0};
sha3_256_Init(&ctx); sha3_256_Init(&ctx);
sha3_Update(&ctx, data, len); sha3_Update(&ctx, data, len);
sha3_Final(&ctx, digest); sha3_Final(&ctx, digest);
@ -390,7 +390,7 @@ void sha3_256(const unsigned char* data, size_t len, unsigned char* digest)
void sha3_512(const unsigned char* data, size_t len, unsigned char* digest) void sha3_512(const unsigned char* data, size_t len, unsigned char* digest)
{ {
SHA3_CTX ctx; SHA3_CTX ctx = {0};
sha3_512_Init(&ctx); sha3_512_Init(&ctx);
sha3_Update(&ctx, data, len); sha3_Update(&ctx, data, len);
sha3_Final(&ctx, digest); sha3_Final(&ctx, digest);

View File

@ -41,8 +41,8 @@
#include "memzero.h" #include "memzero.h"
static void bitslice(uint32_t r[8], const uint8_t *x, size_t len) { static void bitslice(uint32_t r[8], const uint8_t *x, size_t len) {
size_t bit_idx, arr_idx; size_t bit_idx = 0, arr_idx = 0;
uint32_t cur; uint32_t cur = 0;
memset(r, 0, sizeof(uint32_t[8])); memset(r, 0, sizeof(uint32_t[8]));
for (arr_idx = 0; arr_idx < len; arr_idx++) { for (arr_idx = 0; arr_idx < len; arr_idx++) {
@ -54,8 +54,8 @@ static void bitslice(uint32_t r[8], const uint8_t *x, size_t len) {
} }
static void unbitslice(uint8_t *r, const uint32_t x[8], size_t len) { static void unbitslice(uint8_t *r, const uint32_t x[8], size_t len) {
size_t bit_idx, arr_idx; size_t bit_idx = 0, arr_idx = 0;
uint32_t cur; uint32_t cur = 0;
memset(r, 0, sizeof(uint8_t) * len); memset(r, 0, sizeof(uint8_t) * len);
for (bit_idx = 0; bit_idx < 8; bit_idx++) { for (bit_idx = 0; bit_idx < 8; bit_idx++) {
@ -67,7 +67,7 @@ static void unbitslice(uint8_t *r, const uint32_t x[8], size_t len) {
} }
static void bitslice_setall(uint32_t r[8], const uint8_t x) { static void bitslice_setall(uint32_t r[8], const uint8_t x) {
size_t idx; size_t idx = 0;
for (idx = 0; idx < 8; idx++) { for (idx = 0; idx < 8; idx++) {
r[idx] = -((x >> idx) & 1); r[idx] = -((x >> idx) & 1);
} }
@ -77,7 +77,7 @@ static void bitslice_setall(uint32_t r[8], const uint8_t x) {
* Add (XOR) `r` with `x` and store the result in `r`. * Add (XOR) `r` with `x` and store the result in `r`.
*/ */
static void gf256_add(uint32_t r[8], const uint32_t x[8]) { static void gf256_add(uint32_t r[8], const uint32_t x[8]) {
size_t idx; size_t idx = 0;
for (idx = 0; idx < 8; idx++) r[idx] ^= x[idx]; for (idx = 0; idx < 8; idx++) r[idx] ^= x[idx];
} }
@ -97,7 +97,7 @@ static void gf256_mul(uint32_t r[8], const uint32_t a[8], const uint32_t b[8]) {
* However, some compilers seem to fail in optimizing these kinds of * However, some compilers seem to fail in optimizing these kinds of
* loops. So we will just have to do this by hand. * loops. So we will just have to do this by hand.
*/ */
uint32_t a2[8]; uint32_t a2[8] = {0};
memcpy(a2, a, sizeof(uint32_t[8])); memcpy(a2, a, sizeof(uint32_t[8]));
r[0] = a2[0] & b[0]; /* add (assignment, because r is 0) */ r[0] = a2[0] & b[0]; /* add (assignment, because r is 0) */
@ -200,7 +200,7 @@ static void gf256_mul(uint32_t r[8], const uint32_t a[8], const uint32_t b[8]) {
* Square `x` in GF(2^8) and write the result to `r`. `r` and `x` may overlap. * Square `x` in GF(2^8) and write the result to `r`. `r` and `x` may overlap.
*/ */
static void gf256_square(uint32_t r[8], const uint32_t x[8]) { static void gf256_square(uint32_t r[8], const uint32_t x[8]) {
uint32_t r8, r10, r12, r14; uint32_t r8 = 0, r10 = 0, r12 = 0, r14 = 0;
/* Use the Freshman's Dream rule to square the polynomial /* Use the Freshman's Dream rule to square the polynomial
* Assignments are done from 7 downto 0, because this allows the user * Assignments are done from 7 downto 0, because this allows the user
* to execute this function in-place (e.g. `gf256_square(r, r);`). * to execute this function in-place (e.g. `gf256_square(r, r);`).
@ -242,7 +242,7 @@ static void gf256_square(uint32_t r[8], const uint32_t x[8]) {
* Invert `x` in GF(2^8) and write the result to `r` * Invert `x` in GF(2^8) and write the result to `r`
*/ */
static void gf256_inv(uint32_t r[8], uint32_t x[8]) { static void gf256_inv(uint32_t r[8], uint32_t x[8]) {
uint32_t y[8], z[8]; uint32_t y[8] = {0}, z[8] = {0};
gf256_square(y, x); // y = x^2 gf256_square(y, x); // y = x^2
gf256_square(y, y); // y = x^4 gf256_square(y, y); // y = x^4
@ -264,13 +264,13 @@ bool shamir_interpolate(uint8_t *result, uint8_t result_index,
const uint8_t *share_indices, const uint8_t *share_indices,
const uint8_t **share_values, uint8_t share_count, const uint8_t **share_values, uint8_t share_count,
size_t len) { size_t len) {
size_t i, j; size_t i = 0, j = 0;
uint32_t x[8]; uint32_t x[8] = {0};
uint32_t xs[share_count][8]; uint32_t xs[share_count][8];
uint32_t ys[share_count][8]; uint32_t ys[share_count][8];
uint32_t num[8] = {~0}; /* num is the numerator (=1) */ uint32_t num[8] = {~0}; /* num is the numerator (=1) */
uint32_t denom[8]; uint32_t denom[8] = {0};
uint32_t tmp[8]; uint32_t tmp[8] = {0};
uint32_t secret[8] = {0}; uint32_t secret[8] = {0};
bool ret = true; bool ret = true;