Maybe kn-2 would be better, to match &(p[2])?
Oh, yuck - If the remaining memory beyond &(p[2]) is less than 'kn' then the buffer has been under allocated and we have a second bug don't we ? I don't know how big the buffer is to start with. 'kn' is the result of EVP_PKEY_size(pkey) and ssl3_send_server_key_exchange appears to be is making the (legitimate) assumption that size(rsa key) == size(signature). The RSA_sign and meth->rsa_sign api allow for greater flexibility but ssl3_send_server_key_exchange is ignoring this possibility. If this "has always worked" then wherever &(p[d]) points there *must* be at least 'kn' bytes of storage reserved AFAICT. Or what am I missing ? Cheers, Robin On 01/06/07, Martin Simmons <[EMAIL PROTECTED]> wrote:
>>>>> On Fri, 1 Jun 2007 16:21:35 +0100, Robin Bryce said: > > Hi, > > In both openssl-0.9.8b and openssl trunk ssl3_send_server_key_exchange > passes the address of an uninitialised variable to RSA_sign as the > siglen parameter. In the presence of RSA_FLAG_SIGN_VER and an engine > implementation that provides an rsa_sign method this can cause > problems futher down the stack. > > For example opensc's PKCS11_sign[1] is, IMHO, forced to make some > undesirable assumptions about the memory it is passed. > > [1] http://www.opensc-project.org/libp11/browser/trunk/src/p11_ops.c at line 83. > > As ssl3_send_server_key already computes the appropriate size in order > to allocate a buffer is there any reason why s3_srvr.c can not be > changed to pass this size information down the stack via RSA_sign ? > > I propose the following trivial patch is a "good thing". It just > copies the 'kn' variable, used for the buffer resize, into 'u' before > calling RSA_sign. > > This patch is against > http://cvs.openssl.org/getfile/openssl/ssl/s3_srvr.c?v=1.151 > > --- s3_srvr.c.orig 2007-06-01 16:04:43.000000000 +0100 > +++ s3_srvr.c 2007-06-01 16:04:21.000000000 +0100 > @@ -1539,6 +1539,7 @@ > q+=i; > j+=i; > } > + u = kn; > if (RSA_sign(NID_md5_sha1, md_buf, j, > &(p[2]), &u, pkey->pkey.rsa) <= 0) > { Maybe kn-2 would be better, to match &(p[2])? __Martin ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
