libgcrypt allows to provide our own malloc implementation. This malloc is then used to provide an internal gcry_xcalloc
However I have identified one direct call of calloc instead of gcry_xcalloc
random-drbg.c -> drbg_sym_init
libgcrypt allows to provide our own malloc implementation. This malloc is then used to provide an internal gcry_xcalloc
However I have identified one direct call of calloc instead of gcry_xcalloc
random-drbg.c -> drbg_sym_init
rC libgcrypt | |||
rC5a20151213c2 random-drbg: do not use calloc for zero ctr |
Thanks. Indeed this should also use the x... wrappers. It is not severe because this value is only used as a fixed constant.
Thus we won't fix it in 1.8 but should do this 1.9.
I am currently considering improvement of finalizer of libgcrypt, so, this matters.
Looking code, it would be better not to allocate and free the constant,
but use compile time constant data in .text section; Something like: const unsigned char ctr_null[DBRG_CTR_NULL_LEN].