>>>>> On Sat, 2 Jun 2007 19:35:37 +0200, Stephen Henson said:
>
> On Fri, Jun 01, 2007, Robin Bryce wrote:
>
> > Hi,
> >
> > In both openssl-0.9.8b and openssl trunk ssl3_send_server_key_exchange
> > passes the address of an uninitialised variable to RSA_sign as the
> > siglen parameter. In the presence of RSA_FLAG_SIGN_VER and an engine
> > implementation that provides an rsa_sign method this can cause
> > problems futher down the stack.
> >
> > For example opensc's PKCS11_sign[1] is, IMHO, forced to make some
> > undesirable assumptions about the memory it is passed.
> >
> > [1] http://www.opensc-project.org/libp11.../src/p11_ops.c at
> > line 83.
> >
> > As ssl3_send_server_key already computes the appropriate size in order
> > to allocate a buffer is there any reason why s3_srvr.c can not be
> > changed to pass this size information down the stack via RSA_sign ?
> >

>
> The problem is that the RSA_sign() function has always worked like that since
> the SSLeay days and it is documented behaviour. The siglen parameter is
> effectively treated as an output parameter only and it cannot be assumed to be
> initialized.
>
> It is also a requirement that the buffer must contain RSA_size(key) bytes of
> memory.


It looks like it is 2 bytes too short at the moment (it doesn't include the 2
bytes holding the key length).

Here is a patch for that:

--- openssl-SNAP-20070604-orig/ssl/s3_srvr.c Tue Apr 24 03:02:03 2007
+++ openssl-SNAP-20070604/ssl/s3_srvr.c Mon Jun 4 11:52:42 2007
@@ -1459,7 +1459,7 @@
al=SSL_AD_DECODE_ERROR;
goto f_err;
}
- kn=EVP_PKEY_size(pkey);
+ kn=2+EVP_PKEY_size(pkey);
}
else
{

__Martin
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org