[openssl-commits] [openssl] OpenSSL_1_0_0-stable update

Matt Caswell matt at openssl.org
Thu Sep 17 21:41:26 UTC 2015

The branch OpenSSL_1_0_0-stable has been updated
       via  9203e92c4b601491eab8ca03f4e7cac530f84393 (commit)
      from  df32994cf0dbaefef8187b60785eb615735d7be1 (commit)

- Log -----------------------------------------------------------------
commit 9203e92c4b601491eab8ca03f4e7cac530f84393
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Sep 16 10:47:15 2015 +0100

    Make sure OPENSSL_cleanse checks for NULL
    In master we have the function OPENSSL_clear_free(x,y), which immediately
    returns if x == NULL. In <=1.0.2 this function does not exist so we have to
    OPENSSL_cleanse(x, y);
    However, previously, OPENSSL_cleanse did not check that if x == NULL, so
    the real equivalent check would have to be:
    if (x != NULL)
        OPENSSL_cleanse(x, y);
    It would be easy to get this wrong during cherry-picking to other branches
    and therefore, for safety, it is best to just ensure OPENSSL_cleanse also
    checks for NULL.
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 020d8fc83fe1a94232db1ee1166309e2458a8a18)


Summary of changes:
 crypto/mem_clr.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/crypto/mem_clr.c b/crypto/mem_clr.c
index 3df1f39..1a06636 100644
--- a/crypto/mem_clr.c
+++ b/crypto/mem_clr.c
@@ -66,6 +66,10 @@ void OPENSSL_cleanse(void *ptr, size_t len)
     unsigned char *p = ptr;
     size_t loop = len, ctr = cleanse_ctr;
+    if (ptr == NULL)
+        return;
     while (loop--) {
         *(p++) = (unsigned char)ctr;
         ctr += (17 + ((size_t)p & 0xF));

More information about the openssl-commits mailing list