RT3841: memset() cipher_data when allocated

If an EVP implementation (such as an engine) fails out early, it's possible to call EVP_CIPHER_CTX_cleanup() which will call ctx->cipher->cleanup() before the cipher_data has been initialized via ctx->cipher->init(). Guarantee it's all-bytes-zero as soon as it is allocated. Reviewed-by: N Matt Caswell <matt@openssl.org>

RT3841: memset() cipher_data when allocated
If an EVP implementation (such as an engine) fails out early, it's possible to call EVP_CIPHER_CTX_cleanup() which will call ctx->cipher->cleanup() before the cipher_data has been initialized via ctx->cipher->init(). Guarantee it's all-bytes-zero as soon as it is allocated. Reviewed-by: N Matt Caswell <matt@openssl.org>
580139bd · Rich Salz · Rich Salz · c490a551 · 580139bd
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

crypto/evp/evp_enc.c crypto/evp/evp_enc.c +1 -0

未找到文件。
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -165,6 +165,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
                return 0;
            }
+            memset(ctx->cipher_data, 0, ctx->cipher->ctx_size);
        } else {
            ctx->cipher_data = NULL;
        }