diff options
| author | Dmitry Belyavskiy <beldmit@gmail.com> | 2022-05-21 20:20:20 +0200 |
|---|---|---|
| committer | Dmitry Belyavskiy <beldmit@users.noreply.github.com> | 2022-05-23 09:45:14 +0200 |
| commit | b2b4d629f100eaee9f5942a106b1ccefe85b8808 (patch) | |
| tree | a2222a1ddb6bb6bf497db12634a97385bb949d7b /gost_ec_keyx.c | |
| parent | 7df766124f87768b43b9e8947c5a01e17545772c (diff) | |
| download | gost-engine-b2b4d629f100eaee9f5942a106b1ccefe85b8808.zip gost-engine-b2b4d629f100eaee9f5942a106b1ccefe85b8808.tar.gz gost-engine-b2b4d629f100eaee9f5942a106b1ccefe85b8808.tar.bz2 | |
On unpacking key blob output buffer size should be fixedv3.0.1
Related: CVE-2022-29242
Diffstat (limited to 'gost_ec_keyx.c')
| -rw-r--r-- | gost_ec_keyx.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/gost_ec_keyx.c b/gost_ec_keyx.c index 192b892..1dc0a29 100644 --- a/gost_ec_keyx.c +++ b/gost_ec_keyx.c @@ -589,10 +589,6 @@ static int pkey_GOST_ECcp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, EVP_PKEY *eph_key = NULL, *peerkey = NULL; int dgst_nid = NID_undef; - if (!key) { - *key_len = 32; - return 1; - } gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len); if (!gkt) { GOSTerr(GOST_F_PKEY_GOST_ECCP_DECRYPT, @@ -652,6 +648,7 @@ static int pkey_GOST_ECcp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, goto err; } + *key_len = 32; ret = 1; err: OPENSSL_cleanse(sharedKey, sizeof(sharedKey)); @@ -701,10 +698,6 @@ static int pkey_gost2018_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, return -1; break; } - if (!key) { - *key_len = 32; - return 1; - } pst = d2i_PSKeyTransport_gost(NULL, (const unsigned char **)&p, in_len); if (!pst) { @@ -731,7 +724,7 @@ static int pkey_gost2018_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, ret = 0; goto err; } - + if (data->shared_ukm_size == 0 && pst->ukm != NULL) { if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_SET_IV, ASN1_STRING_length(pst->ukm), (void *)ASN1_STRING_get0_data(pst->ukm)) < 0) { @@ -756,6 +749,7 @@ static int pkey_gost2018_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, goto err; } + *key_len = 32; ret = 1; err: OPENSSL_cleanse(expkeys, sizeof(expkeys)); @@ -768,6 +762,17 @@ int pkey_gost_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len, const unsigned char *in, size_t in_len) { struct gost_pmeth_data *gctx = EVP_PKEY_CTX_get_data(pctx); + + if (key == NULL) { + *key_len = 32; + return 1; + } + + if (key != NULL && *key_len < 32) { + GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, GOST_R_INVALID_BUFFER_SIZE); + return 0; + } + switch (gctx->cipher_nid) { case NID_id_Gost28147_89: |