[openssl.org #1767] bug of EVP_Cipher when use openssl engine

forxy via RT Mon, 27 Oct 2008 06:38:33 -0700

I found a bug in s3_enc.c t1_enc.c and d1_enc.c.

following function
int ssl3_enc(SSL *s, int send) 
int tls1_enc(SSL *s, int send) 
int dtls1_enc(SSL *s, int send)


locat:
            EVP_Cipher(ds,rec->data,rec->input,l);

openssl has not check the return value of  EVP_Cipher, and the address of  
rec->data equals the address of rec->input.

when user implements an openssl engine for do_cipher(both client and server), 
but just return error(no nothing,for other reason)，
openssl do_cipher just like memcpy, all data to be tansmitted will be not 
securiy.




forxy
2008-10-27

I found a bug in s3_enc.c t1_enc.c and d1_enc.c.

following function

int ssl3_enc(SSL *s, int send)

int tls1_enc(SSL *s, int send)

int dtls1_enc(SSL *s, int send)

locat:

EVP_Cipher(ds,rec->data,rec->input,l);

openssl has not check the return value of EVP_Cipher, and the address of rec->data equals the address of rec->input.

when user implements an openssl engine for do_cipher(both client and server), but just return error(no nothing,for other reason)，

openssl do_cipher just like memcpy, all data to be tansmitted will be not securiy.

forxy

2008-10-27

[openssl.org #1767] bug of EVP_Cipher when use openssl engine

Reply via email to