On Fri, Jun 01, 2007, Robin Bryce wrote: > Hi, > > In both openssl-0.9.8b and openssl trunk ssl3_send_server_key_exchange > passes the address of an uninitialised variable to RSA_sign as the > siglen parameter. In the presence of RSA_FLAG_SIGN_VER and an engine > implementation that provides an rsa_sign method this can cause > problems futher down the stack. > > For example opensc's PKCS11_sign[1] is, IMHO, forced to make some > undesirable assumptions about the memory it is passed. > > [1] http://www.opensc-project.org/libp11/browser/trunk/src/p11_ops.c at > line 83. > > As ssl3_send_server_key already computes the appropriate size in order > to allocate a buffer is there any reason why s3_srvr.c can not be > changed to pass this size information down the stack via RSA_sign ? >
The problem is that the RSA_sign() function has always worked like that since the SSLeay days and it is documented behaviour. The siglen parameter is effectively treated as an output parameter only and it cannot be assumed to be initialized. It is also a requirement that the buffer must contain RSA_size(key) bytes of memory. Even if we change the ssl library other applications following the docs are not guaranteed to initialize siglen. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
