OpenSSL-SNAP-20010406 running under windows NT 4.0 SP6a. Visual C++ 6.0,
unknown patchlevel.
In ssl/s3_enc.c, line 88, in routine ssl3_generate_key_block(), the
variable buf is declared to be eight bytes. Unfortunately, it is not
declared large enough for an SSL keyblock when AES-256 is being used.
When AES-256 is used, the "num" parameter is 168 (in my testing),
meaning that buf should be at least 11 bytes.
This error causes a stack-smask in that function, throwing a runtime
exception under windows.
re-declaring buf to be 16 bytes fixes my crash, but causes an SSL
handshake error, leading me to suspect that something else is going on.
I do *not* see this error under Linux (Redhat 6.2); DHE-RSA-AES256-SHA
works fine there; perhaps something in the Linux stack frame layout
hides the bug.
I have worked around the problem by turing off AES support in my build
(which itself was challenging, since I had to patch one of the perl
scripts used to build under windows; I've attached that patch below.)
Here's the openssl version -a (after I rebuilt with no-aes,
unfortunately):
OpenSSL 0.9.7-dev 24 Sep 2000
built on: Sat Apr 7 21:22:36 2001
platform: VC-WIN32
options: bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int)
blowfish(idx)
compiler: cl /MDd /W3 /Zi /Yd /Od /nologo -DOPENSSL_SYSNAME_WIN32
-D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32
/Fdout32dll -DOPENSSL_NO_AES -DOPENSSL_NO_KRB5
OPENSSLDIR: "/usr/local/ssl"
I'll check to see if I can duplicate the problem under Linux or Solaris.
--
Harald Koch <[EMAIL PROTECTED]>
"It takes a child to raze a village."
-Michael T. Fry
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
