From: Rich Salz Date: Fri, 8 May 2015 16:23:56 +0000 (-0400) Subject: RT3841: memset() cipher_data when allocated X-Git-Tag: OpenSSL_1_1_0-pre1~1149 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=580139bd5b46c856b4c613fac6c27b011ec2e949;p=openssl RT3841: memset() cipher_data when allocated If an EVP implementation (such as an engine) fails out early, it's possible to call EVP_CIPHER_CTX_cleanup() which will call ctx->cipher->cleanup() before the cipher_data has been initialized via ctx->cipher->init(). Guarantee it's all-bytes-zero as soon as it is allocated. Reviewed-by: Matt Caswell --- diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 242874c5f6..aea7accf6f 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -165,6 +165,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); return 0; } + memset(ctx->cipher_data, 0, ctx->cipher->ctx_size); } else { ctx->cipher_data = NULL; }