In the function EVP_PBE_CipherInit there are missing checks for unavailable algorithms (such as when they are not compiled in or when OpenSSL_add_all_algorithms() is not called).
The attached patch adds the checks although probably new error codes should be added for these failures. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb
diff -up openssl-1.0.0-beta4/crypto/evp/evp_pbe.c.no-cipher openssl-1.0.0-beta4/crypto/evp/evp_pbe.c --- openssl-1.0.0-beta4/crypto/evp/evp_pbe.c.no-cipher 2008-11-05 19:38:57.000000000 +0100 +++ openssl-1.0.0-beta4/crypto/evp/evp_pbe.c 2009-12-14 22:54:27.000000000 +0100 @@ -174,12 +174,20 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_ if (cipher_nid == -1) cipher = NULL; else - cipher = EVP_get_cipherbynid(cipher_nid); + if ((cipher = EVP_get_cipherbynid(cipher_nid)) == NULL) + { + EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE); + return 0; + } if (md_nid == -1) md = NULL; else - md = EVP_get_digestbynid(md_nid); + if ((md = EVP_get_digestbynid(md_nid)) == NULL) + { + EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE); + return 0; + } if (!keygen(ctx, pass, passlen, param, cipher, md, en_de)) {