EVP_*Update: ensure that input NULL with length 0 isn't passed (dcb982d7) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit dcb982d7 authored Apr 05, 2019 by

Richard Levitte

EVP_*Update: ensure that input NULL with length 0 isn't passed



Even with custome ciphers, the combination in == NULL && inl == 0
should not be passed down to the backend cipher function.  The reason
is that these are the values passed by EVP_*Final, and some of the
backend cipher functions do check for these to see if a "final" call
is made.

Fixes #8675

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8676)

parent ccf45361

Hide whitespace changes

Inline Side-by-side

Please register or to comment