From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Fri, 20 May 2022 16:13:50 +0000 (+0200)
Subject: Fix buffer overrun in creating key transport blob according to RFC 9189, 4.2.4.1
X-Git-Tag: v3.0.1~2
X-Git-Url: http://www.wagner.pp.ru/gitweb/?p=openssl-gost%2Fengine.git;a=commitdiff_plain;h=c6655a0b620a3e31f085cc906f8073fe81b2fad3

Fix buffer overrun in creating key transport blob according to RFC 9189, 4.2.4.1

Resolves: CVE-2022-29242
---

diff --git a/e_gost_err.c b/e_gost_err.c
index 51599ca..c6d221b 100644
--- a/e_gost_err.c
+++ b/e_gost_err.c
@@ -141,6 +141,7 @@ static ERR_STRING_DATA GOST_str_reasons[] = {
     {ERR_PACK(0, 0, GOST_R_ERROR_SETTING_PEER_KEY), "error setting peer key"},
     {ERR_PACK(0, 0, GOST_R_INCOMPATIBLE_ALGORITHMS), "incompatible algorithms"},
     {ERR_PACK(0, 0, GOST_R_INCOMPATIBLE_PEER_KEY), "incompatible peer key"},
+    {ERR_PACK(0, 0, GOST_R_INVALID_BUFFER_SIZE), "invalid buffer size"},
     {ERR_PACK(0, 0, GOST_R_INVALID_CIPHER), "invalid cipher"},
     {ERR_PACK(0, 0, GOST_R_INVALID_CIPHER_PARAMS), "invalid cipher params"},
     {ERR_PACK(0, 0, GOST_R_INVALID_CIPHER_PARAM_OID),
diff --git a/e_gost_err.h b/e_gost_err.h
index d69534f..6f6ea1b 100644
--- a/e_gost_err.h
+++ b/e_gost_err.h
@@ -115,6 +115,7 @@ void ERR_GOST_error(int function, int reason, char *file, int line);
 # define GOST_R_ERROR_SETTING_PEER_KEY                    139
 # define GOST_R_INCOMPATIBLE_ALGORITHMS                   108
 # define GOST_R_INCOMPATIBLE_PEER_KEY                     109
+# define GOST_R_INVALID_BUFFER_SIZE                       140
 # define GOST_R_INVALID_CIPHER                            134
 # define GOST_R_INVALID_CIPHER_PARAMS                     110
 # define GOST_R_INVALID_CIPHER_PARAM_OID                  111
diff --git a/gost_ec_keyx.c b/gost_ec_keyx.c
index 944db40..5e677dc 100644
--- a/gost_ec_keyx.c
+++ b/gost_ec_keyx.c
@@ -406,6 +406,7 @@ static int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
     int exp_len = 0, iv_len = 0;
     unsigned char *exp_buf = NULL;
     int key_is_ephemeral = 0;
+    int res_len = 0;
 
     switch (data->cipher_nid) {
     case NID_magma_ctr:
@@ -499,8 +500,26 @@ static int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
         goto err;
     }
 
-    if ((*out_len = i2d_PSKeyTransport_gost(pst, out ? &out : NULL)) > 0)
+    res_len = i2d_PSKeyTransport_gost(pst, NULL);
+    if (res_len <= 0) {
+        GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_ASN1_LIB);
+        goto err;
+    }
+
+    if (out == NULL) {
+        *out_len = res_len;
         ret = 1;
+    } else {
+        if ((size_t)res_len > *out_len) {
+            GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, GOST_R_INVALID_BUFFER_SIZE);
+            goto err;
+        }
+        if ((*out_len = i2d_PSKeyTransport_gost(pst, &out)) > 0)
+            ret = 1;
+        else
+            GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_ASN1_LIB);
+    }
+
  err:
     OPENSSL_cleanse(expkeys, sizeof(expkeys));
     if (key_is_ephemeral)