The part of the code is on an android/ios common native libraries C++ code.
Linking is agains OpenSSL 1.1.1
with version 1.0.# or previous, we used to have EVP_CIPHER_CTX ctx (not as a pointer) and we used to have EVP_CipherInit_ex but removed it following various posts about decrypting with EVP and 1.1.1 version and also the official guide
In a method of decrypt password the following EVP sequence is used.
EVP_CIPHER_CTX *ctx;
ctx = EVP_CIPHER_CTX_new()
EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, NULL, NULL)
EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, ..., ...)
EVP_DecryptUpdate(ctx, decryptedPassword, ..., encrypted_data, length)
EVP_DecryptFinal_ex(ctx, ... , ...)
EVP_CIPHER_CTX_free(ctx);
Sporadically a crash appears with the backtrace being a single CipherInit reference as below.
#00 pc 0007253c /data/app/com.xxxxxx==/lib/arm/xxxxxxx.so (EVP_CipherInit_ex+48)
So the question is, should EVP_CipherInit_ex be used ?
Also how is it possible to have a crash there without even using it?
