The str member of EVP_AES_CCM_CTX structure stays uninitialized when aes
ccm is used with the vpaes backend causing it to crash when the str is
later called as it is non-NULL. The attached patch fixes the problem.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
diff -up openssl-1.0.1c/crypto/evp/e_aes.c.init-str openssl-1.0.1c/crypto/evp/e_aes.c
--- openssl-1.0.1c/crypto/evp/e_aes.c.init-str 2012-09-06 17:20:45.000000000 +0200
+++ openssl-1.0.1c/crypto/evp/e_aes.c 2012-09-06 17:18:30.000000000 +0200
@@ -1216,6 +1216,7 @@ static int aes_ccm_init_key(EVP_CIPHER_C
vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
&cctx->ks, (block128_f)vpaes_encrypt);
+ cctx->str = NULL;
cctx->key_set = 1;
break;
}
