On Thu, Jul 03, 2014 at 09:28:47PM +0100, Ben Laurie wrote:
> On 3 July 2014 20:06, Kurt Roeckx via RT <[email protected]> wrote:
> > On Thu, Jul 03, 2014 at 07:51:28PM +0200, Toralf Förster via RT wrote:
> >> I think cppcheck is right here in void DES_ofb64_encrypt(), line 84, 85
> >> and 96, or ?:
> >>
> > The line before that:
> >
> > dp=d;
> >> l2c(v0,dp);<--- Uninitialized variable: d
> >> l2c(v1,dp);<--- Uninitialized variable: d
> >> while (l--)
> >> {
> >> if (n == 0)
> >> {
> >> DES_encrypt1(ti,schedule,DES_ENCRYPT);
> >> dp=d;
> >> t=ti[0]; l2c(t,dp);
> >> t=ti[1]; l2c(t,dp);
> >> save++;
> >> }
> >> *(out++)= *(in++)^d[n];<--- Uninitialized variable: d
> >> n=(n+1)&0x07;
> >> }
> >
> > d is uninitialized, but it's being written to, not read from,
> > so I don't see a problem with this.
>
> What?
So l2c is:
#define l2c(l,c) (*((c)++)=(unsigned char)(((l))&0xff), \
*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
*((c)++)=(unsigned char)(((l)>>16L)&0xff), \
*((c)++)=(unsigned char)(((l)>>24L)&0xff))
It reads v0 and v1 and writes to d (dp). d being uninitialized
shouldn't be an issue. Or am I missing something?
Kurt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
