From: Dmitry Belyavskiy Date: Fri, 20 May 2022 16:13:50 +0000 (+0200) Subject: Fix buffer overrun in creating key transport blob according to RFC 9189, 4.2.4.1 X-Git-Tag: v3.0.1~2 X-Git-Url: http://wagner.pp.ru/gitweb/?a=commitdiff_plain;h=c6655a0b620a3e31f085cc906f8073fe81b2fad3;p=openssl-gost%2Fengine.git Fix buffer overrun in creating key transport blob according to RFC 9189, 4.2.4.1 Resolves: CVE-2022-29242 --- diff --git a/e_gost_err.c b/e_gost_err.c index 51599ca..c6d221b 100644 --- a/e_gost_err.c +++ b/e_gost_err.c @@ -141,6 +141,7 @@ static ERR_STRING_DATA GOST_str_reasons[] = { {ERR_PACK(0, 0, GOST_R_ERROR_SETTING_PEER_KEY), "error setting peer key"}, {ERR_PACK(0, 0, GOST_R_INCOMPATIBLE_ALGORITHMS), "incompatible algorithms"}, {ERR_PACK(0, 0, GOST_R_INCOMPATIBLE_PEER_KEY), "incompatible peer key"}, + {ERR_PACK(0, 0, GOST_R_INVALID_BUFFER_SIZE), "invalid buffer size"}, {ERR_PACK(0, 0, GOST_R_INVALID_CIPHER), "invalid cipher"}, {ERR_PACK(0, 0, GOST_R_INVALID_CIPHER_PARAMS), "invalid cipher params"}, {ERR_PACK(0, 0, GOST_R_INVALID_CIPHER_PARAM_OID), diff --git a/e_gost_err.h b/e_gost_err.h index d69534f..6f6ea1b 100644 --- a/e_gost_err.h +++ b/e_gost_err.h @@ -115,6 +115,7 @@ void ERR_GOST_error(int function, int reason, char *file, int line); # define GOST_R_ERROR_SETTING_PEER_KEY 139 # define GOST_R_INCOMPATIBLE_ALGORITHMS 108 # define GOST_R_INCOMPATIBLE_PEER_KEY 109 +# define GOST_R_INVALID_BUFFER_SIZE 140 # define GOST_R_INVALID_CIPHER 134 # define GOST_R_INVALID_CIPHER_PARAMS 110 # define GOST_R_INVALID_CIPHER_PARAM_OID 111 diff --git a/gost_ec_keyx.c b/gost_ec_keyx.c index 944db40..5e677dc 100644 --- a/gost_ec_keyx.c +++ b/gost_ec_keyx.c @@ -406,6 +406,7 @@ static int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, int exp_len = 0, iv_len = 0; unsigned char *exp_buf = NULL; int key_is_ephemeral = 0; + int res_len = 0; switch (data->cipher_nid) { case NID_magma_ctr: @@ -499,8 +500,26 @@ static int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, goto err; } - if ((*out_len = i2d_PSKeyTransport_gost(pst, out ? &out : NULL)) > 0) + res_len = i2d_PSKeyTransport_gost(pst, NULL); + if (res_len <= 0) { + GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_ASN1_LIB); + goto err; + } + + if (out == NULL) { + *out_len = res_len; ret = 1; + } else { + if ((size_t)res_len > *out_len) { + GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, GOST_R_INVALID_BUFFER_SIZE); + goto err; + } + if ((*out_len = i2d_PSKeyTransport_gost(pst, &out)) > 0) + ret = 1; + else + GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_ASN1_LIB); + } + err: OPENSSL_cleanse(expkeys, sizeof(expkeys)); if (key_is_ephemeral)