Zero-fill IV by default.
authorRich Salz <rsalz@openssl.org>
Thu, 28 Jun 2018 22:13:54 +0000 (18:13 -0400)
committerRich Salz <rsalz@openssl.org>
Thu, 28 Jun 2018 22:13:54 +0000 (18:13 -0400)
Fixes uninitialized memory read reported by Nick Mathewson

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6603)

crypto/pem/pem_lib.c

index 7c82561..5c21a86 100644 (file)
@@ -488,6 +488,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
     char *dekinfostart, c;
 
     cipher->cipher = NULL;
+    memset(cipher->iv, 0, sizeof(cipher->iv));
     if ((header == NULL) || (*header == '\0') || (*header == '\n'))
         return 1;