OpenSSL: Avoid use of an uninitialized array

Initialize the skip_buf[] array before using it with EVP_CipherUpdate()
to skip the initial segment of RC4 output. This does not change actual
behavior since the output of that call is not used and it is only there
for changing the internal state of the RC4 cipher. However, this avoids
uninitialized element issues reported in MISRA.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index c84ccb466f50da3b767b7778654f723dec5d0c51..2efe3ed942187197dcc00b343ee8ed254f924087 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -431,7 +431,7 @@ int rc4_skip(const u8 *key, size_t keylen, size_t skip,
        EVP_CIPHER_CTX *ctx;
        int outl;
        int res = -1;
-       unsigned char skip_buf[16];
+       unsigned char skip_buf[16] = { 0 };
 
        openssl_load_legacy_provider();