aboutsummaryrefslogtreecommitdiff
path: root/src/libcrypto.c
diff options
context:
space:
mode:
authorJon Simons <jon@jonsimons.org>2017-07-19 17:53:14 -0400
committerAndreas Schneider <asn@cryptomilk.org>2017-07-20 17:02:44 +0200
commitc317d959112c3922056faf3a90fb4b1893e133f2 (patch)
tree457e2a25e7a928b6be2708569893c179847afbd1 /src/libcrypto.c
parent380390c4b6dca9bda52707807b3ee577f758b107 (diff)
downloadlibssh-c317d959112c3922056faf3a90fb4b1893e133f2.tar.gz
libssh-c317d959112c3922056faf3a90fb4b1893e133f2.tar.xz
libssh-c317d959112c3922056faf3a90fb4b1893e133f2.zip
libcrypto: add NULL-check for EVP_CIPHER_CTX_cleanup
On OpenSSL versions prior to 1.1.0, `EVP_CIPHER_CTX_cleanup` will dereference its argument regardless of whether it is NULL. This is not a problem on OpenSSL at or beyond 1.1.0, where `EVP_CIPHER_CTX_cleanup` (macro to `EVP_CIPHER_CTX_reset`) returns early upon NULL input. Move the call to `EVP_CIPHER_CTX_cleanup` under the existing NULL check in `evp_cipher_cleanup` to avoid the problem. Introduced with this build-break fix: * e66f370682927ca8bd7ae0e7544754c6f4ac4969 Found in manual testing in an environment with an older OpenSSL. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/libcrypto.c')
-rw-r--r--src/libcrypto.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libcrypto.c b/src/libcrypto.c
index 6a29c6e7..59c99568 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -553,8 +553,8 @@ static void evp_cipher_decrypt(struct ssh_cipher_struct *cipher,
}
static void evp_cipher_cleanup(struct ssh_cipher_struct *cipher) {
- EVP_CIPHER_CTX_cleanup(cipher->ctx);
if (cipher->ctx != NULL) {
+ EVP_CIPHER_CTX_cleanup(cipher->ctx);
EVP_CIPHER_CTX_free(cipher->ctx);
}
}