Fix buffer overrun in creating key transport blob according to RFC 9189, 4.2.4.1

[openssl-gost/engine.git] / gost89.c

diff --git a/gost89.c b/gost89.c
index 953c6ec7788e96a45141dd6f0f03ea34ebdd9af0..08c90f33fb9567f7ecb5daa5badf386de06722af 100644 (file)
--- a/gost89.c
+++ b/gost89.c
@@ -472,6 +472,10 @@ void magma_key(gost_ctx * c, const byte * k)
     }
 }
 
+void magma_master_key(gost_ctx *c, const byte *k) {
+    memcpy(c->master_key, k, sizeof(c->master_key));
+}
+
 /* Retrieve 256-bit gost89 key from context */
 void gost_get_key(gost_ctx * c, byte * k)
 {
@@ -508,6 +512,7 @@ void gost_init(gost_ctx * c, const gost_subst_block * b)
 /* Cleans up key from context */
 void gost_destroy(gost_ctx * c)
 {
+    OPENSSL_cleanse(c->master_key, sizeof(c->master_key));
     OPENSSL_cleanse(c->key, sizeof(c->key));
     OPENSSL_cleanse(c->mask, sizeof(c->mask));
 }