Why not just have bn_expand_internal call memset?
; git diff bn_lib.c
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index b1e224b..86d1d37 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -324,6 +324,9 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int
words)
BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
return(NULL);
}
+#ifdef PURIFY
+ memset(a, 0, sizeof(BN_ULONG)*words);
+#endif
#if 1
B=b->d;
/* Check if the previous number needs to be copied */
;
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: [email protected]; Twitter: RichSalz
