lib:crypto: Zero auth_tag array in encryption test

If samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt() does not fill the
array completely, we may be comparing uninitialised bytes.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/lib/crypto/tests/test_gnutls_aead_aes_256_cbc_hmac_sha512.c b/lib/crypto/tests/test_gnutls_aead_aes_256_cbc_hmac_sha512.c
index 51f125f42d66f0ef943f52a9f785e996d5878cf1..bc6a191cd902bea93688bab689701b38254034f3 100644 (file)
--- a/lib/crypto/tests/test_gnutls_aead_aes_256_cbc_hmac_sha512.c
+++ b/lib/crypto/tests/test_gnutls_aead_aes_256_cbc_hmac_sha512.c
@@ -187,7 +187,7 @@ static void torture_encrypt(void **state)
                .length = sizeof(salt_data),
        };
        DATA_BLOB ctext;
-       uint8_t auth_tag[64];
+       uint8_t auth_tag[64] = {0};
 
        assert_int_equal(iv.length, 16);