Zero out FIPS counters.
MSAN doesn't like the counters starting at whatever value malloc
found to be free.
Change-Id: I0968e61e0025db35b82291fde5d1e193aef77c1e
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46444
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/crypto/fipsmodule/self_check/fips.c b/crypto/fipsmodule/self_check/fips.c
index 09fffdd..d55c493 100644
--- a/crypto/fipsmodule/self_check/fips.c
+++ b/crypto/fipsmodule/self_check/fips.c
@@ -52,10 +52,13 @@
size_t *array =
CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS);
if (!array) {
- array = OPENSSL_malloc(sizeof(size_t) * (fips_counter_max + 1));
+ const size_t num_bytes = sizeof(size_t) * (fips_counter_max + 1);
+ array = OPENSSL_malloc(num_bytes);
if (!array) {
return;
}
+
+ OPENSSL_memset(array, 0, num_bytes);
if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS, array,
OPENSSL_free)) {
// |OPENSSL_free| has already been called by |CRYPTO_set_thread_local|.