EVP_*Update: ensure that input NULL with length 0 isn't passed (130b7df2) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit 130b7df2 authored Apr 05, 2019 by

Richard Levitte

EVP_*Update: ensure that input NULL with length 0 isn't passed



Even with custome ciphers, the combination in == NULL && inl == 0
should not be passed down to the backend cipher function.  The reason
is that these are the values passed by EVP_*Final, and some of the
backend cipher functions do check for these to see if a "final" call
is made.

Fixes #8675

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8676)

(cherry picked from commit dcb982d7)

parent 5fba3afa

Hide whitespace changes

Inline Side-by-side

Please register or to comment