From ac13dafdd889b51c3f91c7351674ca9935a551f1 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Fri, 20 May 2022 18:13:50 +0200 Subject: [PATCH] Fix buffer overrun in creating key transport blob according to RFC 9189, 4.2.4.1 Resolves: CVE-2022-29242 --- e_gost_err.c | 1 + e_gost_err.h | 1 + gost_ec_keyx.c | 21 ++++++++++++++++++++- 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/e_gost_err.c b/e_gost_err.c index 2a83207..e4903f2 100644 --- a/e_gost_err.c +++ b/e_gost_err.c @@ -150,6 +150,7 @@ static ERR_STRING_DATA GOST_str_reasons[] = { {ERR_PACK(0, 0, GOST_R_ERROR_SETTING_PEER_KEY), "error setting peer key"}, {ERR_PACK(0, 0, GOST_R_INCOMPATIBLE_ALGORITHMS), "incompatible algorithms"}, {ERR_PACK(0, 0, GOST_R_INCOMPATIBLE_PEER_KEY), "incompatible peer key"}, + {ERR_PACK(0, 0, GOST_R_INVALID_BUFFER_SIZE), "invalid buffer size"}, {ERR_PACK(0, 0, GOST_R_INVALID_CIPHER), "invalid cipher"}, {ERR_PACK(0, 0, GOST_R_INVALID_CIPHER_PARAMS), "invalid cipher params"}, {ERR_PACK(0, 0, GOST_R_INVALID_CIPHER_PARAM_OID), diff --git a/e_gost_err.h b/e_gost_err.h index 19f856c..59f4743 100644 --- a/e_gost_err.h +++ b/e_gost_err.h @@ -129,6 +129,7 @@ void ERR_GOST_error(int function, int reason, char *file, int line); # define GOST_R_ERROR_SETTING_PEER_KEY 139 # define GOST_R_INCOMPATIBLE_ALGORITHMS 108 # define GOST_R_INCOMPATIBLE_PEER_KEY 109 +# define GOST_R_INVALID_BUFFER_SIZE 140 # define GOST_R_INVALID_CIPHER 134 # define GOST_R_INVALID_CIPHER_PARAMS 110 # define GOST_R_INVALID_CIPHER_PARAM_OID 111 diff --git a/gost_ec_keyx.c b/gost_ec_keyx.c index 955858c..d5806eb 100644 --- a/gost_ec_keyx.c +++ b/gost_ec_keyx.c @@ -532,6 +532,7 @@ static int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, int exp_len = 0, iv_len = 0; unsigned char *exp_buf = NULL; int key_is_ephemeral = 0; + int res_len = 0; switch (data->cipher_nid) { case NID_magma_ctr: @@ -625,8 +626,26 @@ static int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, goto err; } - if ((*out_len = i2d_PSKeyTransport_gost(pst, out ? &out : NULL)) > 0) + res_len = i2d_PSKeyTransport_gost(pst, NULL); + if (res_len <= 0) { + GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_ASN1_LIB); + goto err; + } + + if (out == NULL) { + *out_len = res_len; ret = 1; + } else { + if ((size_t)res_len > *out_len) { + GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, GOST_R_INVALID_BUFFER_SIZE); + goto err; + } + if ((*out_len = i2d_PSKeyTransport_gost(pst, &out)) > 0) + ret = 1; + else + GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_ASN1_LIB); + } + err: OPENSSL_cleanse(expkeys, sizeof(expkeys)); if (key_is_ephemeral) -- 2.39.5