[openssl.org #3393] PATCH: EVP_SignInit.pod update

Mon, 09 Jun 2014 07:08:31 -0700 

Its not clear that the signature's buffer size, `s`, is not used as an
IN parameter.

Under the current docs, the only thing stated is "at most
EVP_PKEY_size(pkey) bytes will be written". Its kind of misleading
since it appears EVP_PKEY_size(pkey) WILL be written regardless of the
signature's buffer size.

The omission means the following will result in a buffer overflow in
some instances (which I experienced):

    EVP_MD_CTX_init(ctx);
    rc = EVP_SignInit(ctx, EVP_sha256());
    ...

    unsigned char signature[EVP_MAX_MD_SIZE];
    unsigned int size = (unsigned int)sizeof(signature);

    rc = EVP_SignFinal(ctx, signature, &size, pkey);
    ...

*****

diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod
index 620a623..14ecc77 100644
--- a/doc/crypto/EVP_SignInit.pod
+++ b/doc/crypto/EVP_SignInit.pod
@@ -30,9 +30,11 @@ signature context B<ctx>. This function can be
called several times on the
 same B<ctx> to include additional data.

 EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and
-places the signature in B<sig>. The number of bytes of data written (i.e. the
-length of the signature) will be written to the integer at B<s>, at most
-EVP_PKEY_size(pkey) bytes will be written.
+places the signature in B<sig>. B<sig> must be at least EVP_PKEY_size(pkey)
+bytes in size. B<s> is an OUT paramter, and not used as an IN parameter.
+The number of bytes of data written (i.e. the length of the signature)
+will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes
+will be written.

 EVP_SignInit() initializes a signing context B<ctx> to use the default
 implementation of digest B<type>.


diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod
index 620a623..14ecc77 100644
--- a/doc/crypto/EVP_SignInit.pod
+++ b/doc/crypto/EVP_SignInit.pod
@@ -30,9 +30,11 @@ signature context B<ctx>. This function can be called 
several times on the
 same B<ctx> to include additional data.
 
 EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and
-places the signature in B<sig>. The number of bytes of data written (i.e. the
-length of the signature) will be written to the integer at B<s>, at most
-EVP_PKEY_size(pkey) bytes will be written. 
+places the signature in B<sig>. B<sig> must be at least EVP_PKEY_size(pkey)
+bytes in size. B<s> is an OUT paramter, and not used as an IN parameter.
+The number of bytes of data written (i.e. the length of the signature)
+will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes
+will be written.
 
 EVP_SignInit() initializes a signing context B<ctx> to use the default
 implementation of digest B<type>.

Reply via email to