Refactor initialization in curve25519_basepoint_spot_check

This is an attempt to work around what I think may be a bug in
OSS-Fuzz, which thinks that uninitialized data might be passed to
the curve25519 functions.

diff --git a/src/lib/crypt_ops/crypto_curve25519.c b/src/lib/crypt_ops/crypto_curve25519.c
index 6ad2587f489aaecce3d13970fd88461dcf9e3ac6..e6a39a8c083e9ece64c12a1facb164380009d500 100644 (file)
--- a/src/lib/crypt_ops/crypto_curve25519.c
+++ b/src/lib/crypt_ops/crypto_curve25519.c
@@ -291,12 +291,18 @@ curve25519_basepoint_spot_check(void)
   };
   const int loop_max=200;
   int save_use_ed = curve25519_use_ed;
-  unsigned char e1[32] = { 5 };
-  unsigned char e2[32] = { 5 };
+  unsigned char e1[32], e2[32];
   unsigned char x[32],y[32];
   int i;
   int r=0;
 
+  memset(x, 0, sizeof(x));
+  memset(y, 0, sizeof(y));
+  memset(e1, 0, sizeof(e1));
+  memset(e2, 0, sizeof(e2));
+  e1[0]=5;
+  e2[0]=5;
+
   /* Check the most basic possible sanity via the test secret/public key pair
    * used in "Cryptography in NaCl - 2. Secret keys and public keys".  This
    * may catch catastrophic failures on systems where Curve25519 is expensive,