>>>>> On Sat, 2 Jun 2007 19:35:37 +0200, Stephen Henson said: > > On Fri, Jun 01, 2007, Robin Bryce wrote: > > > Hi, > > > > In both openssl-0.9.8b and openssl trunk ssl3_send_server_key_exchange > > passes the address of an uninitialised variable to RSA_sign as the > > siglen parameter. In the presence of RSA_FLAG_SIGN_VER and an engine > > implementation that provides an rsa_sign method this can cause > > problems futher down the stack. > > > > For example opensc's PKCS11_sign[1] is, IMHO, forced to make some > > undesirable assumptions about the memory it is passed. > > > > [1] http://www.opensc-project.org/libp11/browser/trunk/src/p11_ops.c at > > line 83. > > > > As ssl3_send_server_key already computes the appropriate size in order > > to allocate a buffer is there any reason why s3_srvr.c can not be > > changed to pass this size information down the stack via RSA_sign ? > > > > The problem is that the RSA_sign() function has always worked like that since > the SSLeay days and it is documented behaviour. The siglen parameter is > effectively treated as an output parameter only and it cannot be assumed to be > initialized. > > It is also a requirement that the buffer must contain RSA_size(key) bytes of > memory.
It looks like it is 2 bytes too short at the moment (it doesn't include the 2 bytes holding the key length). Here is a patch for that: --- openssl-SNAP-20070604-orig/ssl/s3_srvr.c Tue Apr 24 03:02:03 2007 +++ openssl-SNAP-20070604/ssl/s3_srvr.c Mon Jun 4 11:52:42 2007 @@ -1459,7 +1459,7 @@ al=SSL_AD_DECODE_ERROR; goto f_err; } - kn=EVP_PKEY_size(pkey); + kn=2+EVP_PKEY_size(pkey); } else { __Martin ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]