avoid uninitialized memory read

Submitted by: Nils Larsch

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index c323fa28922616463d91295bd32500eb5a3487f6..fe8bcda631f29ac1edbafb26fae2fd362b579dc1 100644 (file)
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -52,7 +52,6 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <string.h>
-#include <assert.h>
 #include <openssl/aes.h>
 #include "evp_locl.h"
 

diff --git a/crypto/md32_common.h b/crypto/md32_common.h
index 353d2b96add8be240fc99a65ee01f3be64debbb8..86e41bf6df7dbdddbbc8c4a556e338bb233c3f0f 100644 (file)
--- a/crypto/md32_common.h
+++ b/crypto/md32_common.h
@@ -1,6 +1,6 @@
 /* crypto/md32_common.h */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -456,7 +456,10 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len)
                                {
                                ew=(c->num>>2);
                                ec=(c->num&0x03);
-                               l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
+                               if (sc)
+                                       l=p[sw];
+                               HOST_p_c2l(data,l,sc);
+                               p[sw++]=l;
                                for (; sw < ew; sw++)
                                        {
                                        HOST_c2l(data,l); p[sw]=l;