From 166e365ed84dfabec3274baf8a9ef8aa4e677891 Mon Sep 17 00:00:00 2001
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sun, 1 Jan 2017 14:53:33 +0100
Subject: aes_gcm_cleanup() should check that gctx != NULL before calling
 OPENSSL_cleanse()

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2149)
---
 crypto/evp/e_aes.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'crypto')

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 7c62d327a1..47fcd82077 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1120,6 +1120,8 @@ BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS)
 static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
 {
     EVP_AES_GCM_CTX *gctx = c->cipher_data;
+    if (gctx == NULL)
+        return 0;
     OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
     if (gctx->iv != c->iv)
         OPENSSL_free(gctx->iv);
-- 
cgit v1.2.3