[openssl-dev] [openssl.org #4002] Bug in branch master, file evp_pbe.c
Stuart, Harold via RT
rt at openssl.org
Tue Aug 11 00:09:52 UTC 2015
The Blue Coat Systems cryptography team is reviewing our usage of OpenSSL and has discovered the following minor bug. We do not believe that this bug is exploitable.
In branch master, file evp_pbe.c, observe the function EVP_Cipher_init. At line 175, we see the following:
if (cipher_nid == -1)
cipher = NULL;
At line 195, we see this:
if (!keygen(ctx, pass, passlen, param, cipher, md, en_de)) {
EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_KEYGEN_FAILURE);
return 0;
}
Note that cipher is passed to the keygen function. One of the possible functions for keygen is PKCS12_PBE_keyivgen (file p12_crpt.c), where we see this at line 94:
if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID,
iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR);
PBEPARAM_free(pbe);
return 0;
}
Note that cipher is being dereferenced, even though it can be NULL.
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list