From 63c82f8abb5ea2f984c0250e3432f715fdab4eef Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 11 Apr 2011 21:32:51 +0000 Subject: [PATCH] Update copyright year. Zero ciphertext and plaintext temporary buffers. Check FIPS_cipher() return value. --- fips/fips.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/fips/fips.c b/fips/fips.c index 7ca24924dd..7e5b651f97 100644 --- a/fips/fips.c +++ b/fips/fips.c @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,8 +70,8 @@ #define PATH_MAX 1024 #endif -static int fips_selftest_fail; -static int fips_mode; +static int fips_selftest_fail = 0; +static int fips_mode = 0; static int fips_started = 0; static int fips_is_owning_thread(void); @@ -511,9 +511,12 @@ int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE]; unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE]; OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE); + memset(pltmp, 0, FIPS_MAX_CIPHER_TEST_SIZE); + memset(citmp, 0, FIPS_MAX_CIPHER_TEST_SIZE); if (FIPS_cipherinit(ctx, cipher, key, iv, 1) <= 0) return 0; - FIPS_cipher(ctx, citmp, plaintext, len); + if (!FIPS_cipher(ctx, citmp, plaintext, len)) + return 0; if (memcmp(citmp, ciphertext, len)) return 0; if (FIPS_cipherinit(ctx, cipher, key, iv, 0) <= 0)