Fix a crash in EVP_CIPHER_CTX_cleanup due to cipher_data may be NULL (f8b21b98) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/evp/e_aes.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -1268,6 +1268,8 @@ BLOCK_CIPHER_generic_pack(NID_aes, 128, 0)
		static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
		{
		EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);
		if (gctx == NULL)
		return 0;
		OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
		if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
		OPENSSL_free(gctx->iv);

+8 −1

Original line number	Diff line number	Diff line
		@@ -125,6 +125,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher,
		if (ctx->cipher->ctx_size) {
		ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
		if (ctx->cipher_data == NULL) {
		ctx->cipher = NULL;
		EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
		return 0;
		}
		@@ -136,6 +137,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher,
		ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
		if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
		if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
		ctx->cipher = NULL;
		EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
		return 0;
		}
		@@ -616,6 +618,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX out, const EVP_CIPHER_CTX in)
		if (in->cipher_data && in->cipher->ctx_size) {
		out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
		if (out->cipher_data == NULL) {
		out->cipher = NULL;
		EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
		return 0;
		}
		@@ -623,6 +626,10 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX out, const EVP_CIPHER_CTX in)
		}

		if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
		return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
		if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) {
		out->cipher = NULL;
		EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INITIALIZATION_ERROR);
		return 0;
		}
		return 1;
		}