[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Wed May 13 17:05:19 UTC 2015
The branch master has been updated
via 580139bd5b46c856b4c613fac6c27b011ec2e949 (commit)
from c490a5512e988559a830c15b8efb1d0376f2e282 (commit)
- Log -----------------------------------------------------------------
commit 580139bd5b46c856b4c613fac6c27b011ec2e949
Author: Rich Salz <rsalz at akamai.com>
Date: Fri May 8 12:23:56 2015 -0400
RT3841: memset() cipher_data when allocated
If an EVP implementation (such as an engine) fails out early, it's
possible to call EVP_CIPHER_CTX_cleanup() which will call
ctx->cipher->cleanup() before the cipher_data has been initialized
via ctx->cipher->init(). Guarantee it's all-bytes-zero as soon as
it is allocated.
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/evp_enc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 242874c..aea7acc 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -165,6 +165,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
return 0;
}
+ memset(ctx->cipher_data, 0, ctx->cipher->ctx_size);
} else {
ctx->cipher_data = NULL;
}
More information about the openssl-commits
mailing list