In dsa_gen.c:
for (i = qsize-1; i >= 0; i--)
{
buf[i]++;
if (buf[i] != 0)
break;
}
i is a size_t, so the expression i >= 0 is always true. If the value
of seed is 0xFF...FF, the break will never be triggered either, and
it will modify memory after seed.
Test case:
int main()
{
DSA* dsa = DSA_new();
unsigned char seed[20] = { 0 };
memset(seed, 0xFF, 20);
DSA_generate_parameters_ex(dsa, 1024, seed, sizeof(seed), 0, 0, 0);
}
Under valgrind (after compiling with -DPURIFY) the error is visible:
==27347== 1 errors in context 1 of 1:
==27347== Conditional jump or move depends on uninitialised value(s)
==27347== at 0x40C583: dsa_builtin_paramgen (in
/home/jack/sources/openssl-SNAP-20070227/dsa_gen)
==27347== by 0x40CBD5: DSA_generate_parameters_ex (in
/home/jack/sources/openssl-SNAP-20070227/dsa_gen)
==27347== by 0x401764: main (dsa_gen.c:283)
Adding
seed[19] = 0xFE;
before the call to DSA_generate_parameters_ex allows the loop to exit
before it walks off the end, and no error shows up under valgrind.
-Jack
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
