From f9850c776f81d596ffbd2761c85fe7a72d369bae Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 2 Aug 2022 15:19:02 +1200
Subject: lib:crypto: Zero auth_tag array in encryption test

If samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt() does not fill the
array completely, we may be comparing uninitialised bytes.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 lib/crypto/tests/test_gnutls_aead_aes_256_cbc_hmac_sha512.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/crypto')

diff --git a/lib/crypto/tests/test_gnutls_aead_aes_256_cbc_hmac_sha512.c b/lib/crypto/tests/test_gnutls_aead_aes_256_cbc_hmac_sha512.c
index 51f125f42d6..bc6a191cd90 100644
--- a/lib/crypto/tests/test_gnutls_aead_aes_256_cbc_hmac_sha512.c
+++ b/lib/crypto/tests/test_gnutls_aead_aes_256_cbc_hmac_sha512.c
@@ -187,7 +187,7 @@ static void torture_encrypt(void **state)
 		.length = sizeof(salt_data),
 	};
 	DATA_BLOB ctext;
-	uint8_t auth_tag[64];
+	uint8_t auth_tag[64] = {0};
 
 	assert_int_equal(iv.length, 16);
 
-- 
cgit v1.2.1