Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher:

the NULL value for the input buffer is sufficient to notice this case.

diff --git a/CHANGES b/CHANGES
index 2b052dd850cd016e0f7015629e04d804d4c2c46b..2375076ae67e7e5f92c0e340ad7b18742be68d13 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -11,7 +11,7 @@
      do_cipher is subtly changed if this flag is set: the return value
      is the number of characters written to the output buffer (zero is
      no longer an error code) or a negative error code. Also if the
-     input buffer is NULL and length -1 finalisation should be performed.
+     input buffer is NULL and length 0 finalisation should be performed.
      [Steve Henson]
 
   *) If a candidate issuer certificate is already part of the constructed

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 3f8473b348a653cb7a59e7921ca6893eb5b7dd13..c016d1ed627c075f5c8a0614a59fd79a2387c99c 100644 (file)
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -368,10 +368,10 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 
        if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
                {
-               i = ctx->cipher->do_cipher(ctx, out, NULL, -1);
+               i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
                if (i < 0)
                        return 0;
-               else
+               else 
                        *outl = i;
                return 1;
                }
@@ -483,7 +483,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 
        if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
                {
-               i = ctx->cipher->do_cipher(ctx, out, NULL, -1);
+               i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
                if (i < 0)
                        return 0;
                else