RT3841: memset() cipher_data when allocated

If an EVP implementation (such as an engine) fails out early, it's possible to call EVP_CIPHER_CTX_cleanup() which will call ctx->cipher->cleanup() before the cipher_data has been initialized via ctx->cipher->init(). Guarantee it's all-bytes-zero as soon as it is allocated. Reviewed-by: Matt Caswell <matt@openssl.org>
author: Rich Salz <rsalz@akamai.com> 2015-05-08 12:23:56 -0400
committer: Rich Salz <rsalz@openssl.org> 2015-05-13 13:05:07 -0400
commit: 580139bd5b46c856b4c613fac6c27b011ec2e949 (patch)
tree: f266748e990f1b3371b414c694a9bf044bfbfdf2 /crypto/evp/evp_enc.c
parent: c490a5512e988559a830c15b8efb1d0376f2e282 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 242874c5f6..aea7accf6f 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -165,6 +165,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                 EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
                 return 0;
             }
+            memset(ctx->cipher_data, 0, ctx->cipher->ctx_size);
         } else {
             ctx->cipher_data = NULL;
         }
author	Rich Salz <rsalz@akamai.com>	2015-05-08 12:23:56 -0400
committer	Rich Salz <rsalz@openssl.org>	2015-05-13 13:05:07 -0400
commit	580139bd5b46c856b4c613fac6c27b011ec2e949 (patch)
tree	f266748e990f1b3371b414c694a9bf044bfbfdf2 /crypto/evp/evp_enc.c
parent	c490a5512e988559a830c15b8efb1d0376f2e282 (diff)