From 580139bd5b46c856b4c613fac6c27b011ec2e949 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Fri, 8 May 2015 12:23:56 -0400 Subject: [PATCH 1/1] RT3841: memset() cipher_data when allocated If an EVP implementation (such as an engine) fails out early, it's possible to call EVP_CIPHER_CTX_cleanup() which will call ctx->cipher->cleanup() before the cipher_data has been initialized via ctx->cipher->init(). Guarantee it's all-bytes-zero as soon as it is allocated. Reviewed-by: Matt Caswell --- crypto/evp/evp_enc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 242874c5f6..aea7accf6f 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -165,6 +165,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); return 0; } + memset(ctx->cipher_data, 0, ctx->cipher->ctx_size); } else { ctx->cipher_data = NULL; } -- 2.34.1