[openssl-dev] [openssl.org #4560] BUG: openssl-1.0.2h, evp_enc.c, fips, use of uninitialized variable
Loic Etienne via RT
rt at openssl.org
Mon Jun 6 16:23:00 UTC 2016
crypto/evp/evp_enc.c, EVP_CipherInit_ex, line 172
const EVP_CIPHER *fcipher;
if (cipher)
fcipher = evp_get_fips_cipher(cipher);
if (fcipher)
cipher = fcipher;
return FIPS_cipherinit(ctx, cipher, key, iv, enc);
problem:
if (!cipher), fcipher is not initialized but used
possible fix:
const EVP_CIPHER *fcipher = evp_get_fips_cipher(cipher);
return FIPS_cipherinit(ctx, fcipher ? fcipher : cipher, key, iv, enc);
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4560
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list