From e9a10e361490504148c389ff2ec0a23d4174077a Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 8 Nov 2018 15:40:06 -0800
Subject: [PATCH] Scan-build fix for possible case where r and s aren't
 initalized for wc_ecc_verify_hash.

---
 wolfcrypt/src/ecc.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index d504ad3eb..ae33ee3d7 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -5165,10 +5165,10 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
     r = key->r;
     s = key->s;
 #else
-#ifndef WOLFSSL_SMALL_STACK
+    #ifndef WOLFSSL_SMALL_STACK
     r = r_lcl;
     s = s_lcl;
-#else
+    #else
     r = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC);
     if (r == NULL)
         return MEMORY_E;
@@ -5177,8 +5177,10 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
         XFREE(r, key->heap, DYNAMIC_TYPE_ECC);
         return MEMORY_E;
     }
-#endif
-#endif
+    #endif
+    XMEMSET(r, 0, sizeof(mp_int));
+    XMEMSET(s, 0, sizeof(mp_int));
+#endif /* WOLFSSL_ASYNC_CRYPT */
 
     switch(key->state) {
         case ECC_STATE_NONE: