From 67187d3b796abef2836e2425c0c28f1bb48e5233 Mon Sep 17 00:00:00 2001
From: William Ahern <william@25thandClement.com>
Date: Thu, 17 Dec 2015 17:42:03 +0800
Subject: set empty key when creating cipher object to prevent SEGV if caller
 fails to initialize with a key before calling :update or :final.

closes issue #31.
---
 src/openssl.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/openssl.c b/src/openssl.c
index e91e270..01bf2c8 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -6450,13 +6450,19 @@ static const EVP_CIPHER *cipher_checktype(lua_State *L, int index) {
 static int cipher_new(lua_State *L) {
 	const EVP_CIPHER *type;
 	EVP_CIPHER_CTX *ctx;
+	unsigned char key[EVP_MAX_KEY_LENGTH] = { 0 };
 
 	type = cipher_checktype(L, 1);
 
 	ctx = prepudata(L, sizeof *ctx, CIPHER_CLASS, NULL);
 	EVP_CIPHER_CTX_init(ctx);
 
-	if (!EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, -1))
+	/*
+	 * NOTE: For some ciphers like AES calling :update or :final without
+	 * setting a key causes a SEGV. Set a dummy key here. Same solution
+	 * as used by Ruby OSSL.
+	 */
+	if (!EVP_CipherInit_ex(ctx, type, NULL, key, NULL, -1))
 		return auxL_error(L, auxL_EOPENSSL, "cipher.new");
 
 	return 1;
-- 
cgit v1.2.3-59-g8ed1b