Bug ID: 6678135 memory corruption in pk11_DH_generate

Bug ID	6678135
Synopsis	memory corruption in pk11_DH_generate_key() in pkcs#11 engine
State	10-Fix Delivered (Fix available in build)
Category:Subcategory	solaris-crypto:openssl
Keywords	rtiq_reviewed
Responsible Engineer	Vladimir Kotal
Reported Against
Duplicate Of
Introduced In	solaris_10
Commit to Fix	snv_93
Fixed In	snv_93
Release Fixed	solaris_nevada(snv_93) , solaris_10u7(s10u7_01) (Bug ID:2165120)
Related Bugs	6680502 , 6729376
Submit Date	20-March-2008
Last Update Date	3-July-2008
Description	diffie-hellman parameter 'p' should be, according to PKCS#3 standard, greater than chosen secret key 'x'. So, after the diffie-hellman key pair is generated, pk11_DH_generate_key() reuse memory for 'p' to get the private and public key. However, it seems that the returned value for those parameters might be rounded up and we have, for my scenario, byte lengths like this: g param 1 byte p param 399 bytes x param 400 bytes x is not greater than p since x[0] is zero but libumem abort()s because x reaches the red zone. This makes debugging of other problems quite difficult.
Work Around	N/A
Comments	N/A

OpenSolaris