Commit 580139bd authored by Rich Salz's avatar Rich Salz Committed by Rich Salz
Browse files

RT3841: memset() cipher_data when allocated 



If an EVP implementation (such as an engine) fails out early, it's
possible to call EVP_CIPHER_CTX_cleanup() which will call
ctx->cipher->cleanup() before the cipher_data has been initialized
via ctx->cipher->init().  Guarantee it's all-bytes-zero as soon as
it is allocated.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent c490a551

crypto/evp/evp_enc.c

+1 −0
Original line number Diff line number Diff line
@@ -165,6 +165,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 
                EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);

                return 0;

            }

            memset(ctx->cipher_data, 0, ctx->cipher->ctx_size);

        } else {

            ctx->cipher_data = NULL;

        }