Summary says it all. RSA_PrivateKeyOp ends by returning "rv", but rv is never initialized unless "err" is non-zero. I have no idea how important this function is, but this can't be good.

Assigned the bug to Bob. Bob, how serious is this bug?

This is my code. I agree it looks confusing, but there is no bug. If you follow the success path, you find that the macro CHECK_SEC_OK must be called, wrapped around the actual private key op code. If you look at the definition of CHECK_SEC_OK at http://lxr.mozilla.org/mozilla/source/security/nss/lib/freebl/secmpi.h#39, you will see that it sets rv. I agree the use of the wrapping macro is confusing at first glance, but this is at best an enhancement, not a bug. -Ian

Ian, please propose a target milestone for this bug.

Comment on attachment 56155 [details] [diff] [review] "draft" patch to add function (need to decide where it is called, also). Note the #ifdef'ed error value. How do we want to trap this error? oops. wrong rsa bug ;)

I don't think this is a bug. As I noted before, the variable is initialized, just within a macro.

Actually, this compiler warning was fixed by relyea@netscape.com on Sep 20 15:14, rv is now initialized when declared. Reopening to be able to make "resolved fixed"

Fixed, see above.