avoid uninitialized memory read
authorBodo Möller <bodo@openssl.org>
Wed, 20 Nov 2002 14:14:45 +0000 (14:14 +0000)
committerBodo Möller <bodo@openssl.org>
Wed, 20 Nov 2002 14:14:45 +0000 (14:14 +0000)
Submitted by: Nils Larsch

crypto/evp/e_aes.c
crypto/md32_common.h

index c323fa28922616463d91295bd32500eb5a3487f6..fe8bcda631f29ac1edbafb26fae2fd362b579dc1 100644 (file)
@@ -52,7 +52,6 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <string.h>
-#include <assert.h>
 #include <openssl/aes.h>
 #include "evp_locl.h"
 
index 353d2b96add8be240fc99a65ee01f3be64debbb8..86e41bf6df7dbdddbbc8c4a556e338bb233c3f0f 100644 (file)
@@ -1,6 +1,6 @@
 /* crypto/md32_common.h */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -456,7 +456,10 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len)
                                {
                                ew=(c->num>>2);
                                ec=(c->num&0x03);
-                               l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
+                               if (sc)
+                                       l=p[sw];
+                               HOST_p_c2l(data,l,sc);
+                               p[sw++]=l;
                                for (; sw < ew; sw++)
                                        {
                                        HOST_c2l(data,l); p[sw]=l;