From: shashankmca80 <38880505+shashankmca80@users.noreply.github.com>
Date: Sat, 13 Jan 2024 12:46:25 +0000 (+0530)
Subject: Uninitialized array variable
X-Git-Tag: openssl-3.3.0-alpha1~279
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a0826b184eed2dccc56cdf80e3e0bc061cc89ddc;p=thirdparty%2Fopenssl.git

Uninitialized array variable

array"key" is uninitialized and it is being read directly in function SipHash_Init() as per the below statements making a way for the garbage values :
uint64_t k0 = U8TO64_LE(k);
uint64_t k1 = U8TO64_LE(k + 8);

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23298)
---

diff --git a/test/siphash_internal_test.c b/test/siphash_internal_test.c
index 76ae5ecabcb..3ab1677d2d0 100644
--- a/test/siphash_internal_test.c
+++ b/test/siphash_internal_test.c
@@ -257,7 +257,7 @@ static int test_siphash(int idx)
 static int test_siphash_basic(void)
 {
     SIPHASH siphash = { 0, };
-    unsigned char key[SIPHASH_KEY_SIZE];
+    static const unsigned char key[SIPHASH_KEY_SIZE] = {0};
     unsigned char output[SIPHASH_MAX_DIGEST_SIZE];
 
     /* Use invalid hash size */