From 273a0218e65f1737cdbb0ef65a5ddebd601e6bef Mon Sep 17 00:00:00 2001
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Mon, 6 Feb 2017 13:37:42 +0100
Subject: Fix a crash in EVP_CIPHER_CTX_cleanup due to cipher_data may be NULL
 or EVP_CTRL_INIT/EVP_CTRL_COPY was not called or failed. If that happens in
 EVP_CipherInit_ex/EVP_CIPHER_CTX_copy set cipher = NULL, aes_gcm_cleanup
 should check that gctx != NULL before calling OPENSSL_cleanse.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2562)
---
 crypto/evp/e_aes.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'crypto/evp/e_aes.c')

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 2e5e4edaad..857a402f8f 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1268,6 +1268,8 @@ BLOCK_CIPHER_generic_pack(NID_aes, 128, 0)
 static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
 {
     EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);
+    if (gctx == NULL)
+        return 0;
     OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
     if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
         OPENSSL_free(gctx->iv);
-- 
cgit v1.2.3