Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher:
authorDr. Stephen Henson <steve@openssl.org>
Mon, 7 Feb 2011 18:04:27 +0000 (18:04 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 7 Feb 2011 18:04:27 +0000 (18:04 +0000)
the NULL value for the input buffer is sufficient to notice this case.

CHANGES
crypto/evp/evp_enc.c

diff --git a/CHANGES b/CHANGES
index 2b052dd..2375076 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -11,7 +11,7 @@
      do_cipher is subtly changed if this flag is set: the return value
      is the number of characters written to the output buffer (zero is
      no longer an error code) or a negative error code. Also if the
-     input buffer is NULL and length -1 finalisation should be performed.
+     input buffer is NULL and length 0 finalisation should be performed.
      [Steve Henson]
 
   *) If a candidate issuer certificate is already part of the constructed
index 3f8473b..c016d1e 100644 (file)
@@ -368,10 +368,10 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 
        if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
                {
-               i = ctx->cipher->do_cipher(ctx, out, NULL, -1);
+               i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
                if (i < 0)
                        return 0;
-               else
+               else 
                        *outl = i;
                return 1;
                }
@@ -483,7 +483,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 
        if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
                {
-               i = ctx->cipher->do_cipher(ctx, out, NULL, -1);
+               i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
                if (i < 0)
                        return 0;
                else