diff --git a/src/Compression/CompressionCodecEncrypted.cpp b/src/Compression/CompressionCodecEncrypted.cpp index 9b7340d8310e..7cda6b95fe54 100644 --- a/src/Compression/CompressionCodecEncrypted.cpp +++ b/src/Compression/CompressionCodecEncrypted.cpp @@ -166,6 +166,8 @@ size_t encrypt(std::string_view plaintext, char * ciphertext_and_tag, Encryption static_cast(plaintext.size())); ok == 0) throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR); + __msan_unpoison(ciphertext_and_tag, out_len); /// OpenSSL uses assembly which evades msan's analysis + ciphertext_len = out_len; if (int ok = EVP_EncryptFinal_ex(ctx, @@ -173,6 +175,8 @@ size_t encrypt(std::string_view plaintext, char * ciphertext_and_tag, Encryption reinterpret_cast(&out_len)); ok == 0) throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR); + __msan_unpoison(ciphertext_and_tag, out_len); /// OpenSSL uses assembly which evades msan's analysis + ciphertext_len += out_len; /// Get the tag @@ -235,12 +239,16 @@ size_t decrypt(std::string_view ciphertext, char * plaintext, EncryptionMethod m static_cast(ciphertext.size()) - tag_size); ok == 0) throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR); + __msan_unpoison(plaintext, out_len); /// OpenSSL uses assembly which evades msan's analysis + plaintext_len = out_len; if (int ok = EVP_DecryptFinal_ex(ctx, reinterpret_cast(plaintext) + out_len, reinterpret_cast(&out_len)); ok == 0) throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR); + + __msan_unpoison(plaintext, out_len); /// OpenSSL uses assembly which evades msan's analysis } catch (...) {