From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 2 Aug 2022 03:19:02 +0000 (+1200)
Subject: lib:crypto: Zero auth_tag array in encryption test
X-Git-Tag: talloc-2.4.0~1095
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f9850c776f81d596ffbd2761c85fe7a72d369bae;p=thirdparty%2Fsamba.git

lib:crypto: Zero auth_tag array in encryption test

If samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt() does not fill the
array completely, we may be comparing uninitialised bytes.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/lib/crypto/tests/test_gnutls_aead_aes_256_cbc_hmac_sha512.c b/lib/crypto/tests/test_gnutls_aead_aes_256_cbc_hmac_sha512.c
index 51f125f42d6..bc6a191cd90 100644
--- a/lib/crypto/tests/test_gnutls_aead_aes_256_cbc_hmac_sha512.c
+++ b/lib/crypto/tests/test_gnutls_aead_aes_256_cbc_hmac_sha512.c
@@ -187,7 +187,7 @@ static void torture_encrypt(void **state)
 		.length = sizeof(salt_data),
 	};
 	DATA_BLOB ctext;
-	uint8_t auth_tag[64];
+	uint8_t auth_tag[64] = {0};
 
 	assert_int_equal(iv.length, 16);