Hi...
There appears to be a simple, but fatal, bug in OpenSSL crypto/asn1/p5_pbev2.c
in OpenSSL-0.9.7 snapshots (at least in 20020513 and 20020318).
The routine PKCS5_pbe2_set() declares a local variable ctx. Its address is
passed
to the routine EVP_CipherInit_ex(), which will in turn crash
randomly when it is using the uninitialized field values of the ctx variable
through the pointer.
One possibe fix is to call EVP_CIPHER_CTX_init(&ctx)
before calling EVP_CipherInit_ex() in PKCS5_pbe2_set().
Thanks,
Juki
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
