diff options
Diffstat (limited to 'lib/state.c')
-rw-r--r-- | lib/state.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/lib/state.c b/lib/state.c index 0e1d155442..98900c171f 100644 --- a/lib/state.c +++ b/lib/state.c @@ -55,6 +55,9 @@ #include "ext/cert_types.h" #include "locks.h" #include "kx.h" +#ifdef HAVE_VALGRIND_MEMCHECK_H +#include <valgrind/memcheck.h> +#endif /* to be used by supplemental data support to disable TLS1.3 * when supplemental data have been globally registered */ @@ -564,10 +567,22 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags) UINT32_MAX; } - /* everything else not initialized here is initialized - * as NULL or 0. This is why calloc is used. + /* Everything else not initialized here is initialized as NULL + * or 0. This is why calloc is used. However, we want to + * ensure that certain portions of data are initialized at + * runtime before being used. Mark such regions with a + * valgrind client request as undefined. */ - +#ifdef HAVE_VALGRIND_MEMCHECK_H + if (RUNNING_ON_VALGRIND) { + if (flags & GNUTLS_CLIENT) + VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.client_random, + GNUTLS_RANDOM_SIZE); + if (flags & GNUTLS_SERVER) + VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.server_random, + GNUTLS_RANDOM_SIZE); + } +#endif handshake_internal_state_clear1(*session); #ifdef HAVE_WRITEV |