Dear All,
We found code which may be a bug at asn1_item_ex_combine_new
on crypto\asn1\tasn_new.c in OpenSSL0.9.8b.
(The lastest version also has same problem.)
Following:
----------------------------------------------------------------------------
static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine)
{
...
if (!combine) *pval = NULL;
...
}
----------------------------------------------------------------------------
For example, we declared on an application like a below:
typedef struct x_st {
...
long f;
} X;
ASN1_SEQUENCE(X) = {
...
ASN1_SIMPLE(X, f, LONG)
} ASN1_SEQUENCE_END(X)
When &f was given pval,
in the environment where bit length of long type is smaller than
bit length of a pointer type, the outside of declaration domain
(i.e. memory area behind variable of f) is cleared.
As such the environment, there are Windows XP x64 Editions.
Questions:
Q1. As countermeasure for the problem, is following method right?
typedef struct x_st {
...
ASN1_INTEGER *f;
} X;
ASN1_SEQUENCE(X) = {
...
ASN1_SIMPLE(X, f, ASN1_INTEGER)
} ASN1_SEQUENCE_END(X)
Q2. By the following definitions in crypto\ec\ec_asn1.c,
will not a part of k3 cause the problem?
typedef struct x9_62_pentanomial_st {
long k1;
long k2;
long k3;
} X9_62_PENTANOMIAL;
ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG),
ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG),
ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG)
} ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
Best regards,
--
Satoru Kanno
Security Business Unit
Mobile and Security Solution Business Group
NTT Software Corporation
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
