I found a bug in s3_enc.c t1_enc.c and d1_enc.c. following function int ssl3_enc(SSL *s, int send) int tls1_enc(SSL *s, int send) int dtls1_enc(SSL *s, int send)
locat: EVP_Cipher(ds,rec->data,rec->input,l); openssl has not check the return value of EVP_Cipher, and the address of rec->data equals the address of rec->input. when user implements an openssl engine for do_cipher(both client and server), but just return error(no nothing,for other reason), openssl do_cipher just like memcpy, all data to be tansmitted will be not securiy. forxy 2008-10-27
I found a bug in s3_enc.c t1_enc.c and
d1_enc.c.
following function
int ssl3_enc(SSL *s, int send)
int tls1_enc(SSL *s, int send)
int dtls1_enc(SSL *s, int send)
locat:
EVP_Cipher(ds,rec->data,rec->input,l);
openssl has not check the return value of EVP_Cipher, and the address
of rec->data equals the address of rec->input.
when user implements an openssl engine for do_cipher(both client and
server), but just return error(no nothing,for other reason),
openssl do_cipher just like memcpy, all data to be tansmitted will be not
securiy.
forxy
2008-10-27