Hi,
In both openssl-0.9.8b and openssl trunk ssl3_send_server_key_exchange
passes the address of an uninitialised variable to RSA_sign as the
siglen parameter. In the presence of RSA_FLAG_SIGN_VER and an engine
implementation that provides an rsa_sign method this can cause
problems futher down th
> On Fri, 1 Jun 2007 16:21:35 +0100, Robin Bryce said:
>
> Hi,
>
> In both openssl-0.9.8b and openssl trunk ssl3_send_server_key_exchange
> passes the address of an uninitialised variable to RSA_sign as the
> siglen parameter. In the presence of RSA_FLAG_SIGN_VER and an engine
> implementatio
Maybe kn-2 would be better, to match &(p[2])?
Oh, yuck - If the remaining memory beyond &(p[2]) is less than 'kn'
then the buffer has been under allocated and we have a second bug
don't we ? I don't know how big the buffer is to start with.
'kn' is the result of EVP_PKEY_size(pkey) and
ssl3_sen
On Fri, Jun 01, 2007, Robin Bryce wrote:
> Hi,
>
> In both openssl-0.9.8b and openssl trunk ssl3_send_server_key_exchange
> passes the address of an uninitialised variable to RSA_sign as the
> siglen parameter. In the presence of RSA_FLAG_SIGN_VER and an engine
> implementation that provides an r
On 02/06/07, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
On Fri, Jun 01, 2007, Robin Bryce wrote:
> Hi,
>
> In both openssl-0.9.8b and openssl trunk ssl3_send_server_key_exchange
> passes the address of an uninitialised variable to RSA_sign as the
> siglen parameter.
The problem is that the R
> On Sat, 2 Jun 2007 19:35:37 +0200, Stephen Henson said:
>
> On Fri, Jun 01, 2007, Robin Bryce wrote:
>
> > Hi,
> >
> > In both openssl-0.9.8b and openssl trunk ssl3_send_server_key_exchange
> > passes the address of an uninitialised variable to RSA_sign as the
> > siglen parameter. In the
