From: Dmitry Belyavskiy Date: Sun, 22 May 2022 16:00:29 +0000 (+0200) Subject: Use safe pattern for buffer size determining in case of GOST key exchange X-Git-Tag: openssl-3.2.0-alpha1~2620 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b5e89992e3ada1131beebb2a22722168b9389c2;p=thirdparty%2Fopenssl.git Use safe pattern for buffer size determining in case of GOST key exchange Related: CVE-2022-29242 Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18381) --- diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index dca4e84acc6..1f089603d26 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -3156,7 +3156,8 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt) { #ifndef OPENSSL_NO_GOST /* GOST 2018 key exchange message creation */ - unsigned char rnd_dgst[32], tmp[255]; + unsigned char rnd_dgst[32]; + unsigned char *encdata = NULL; EVP_PKEY_CTX *pkey_ctx = NULL; X509 *peer_cert; unsigned char *pms = NULL; @@ -3221,18 +3222,19 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt) goto err; } - msglen = 255; - if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); + if (EVP_PKEY_encrypt(pkey_ctx, NULL, &msglen, pms, pmslen) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } - if (!WPACKET_memcpy(pkt, tmp, msglen)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + if (!WPACKET_allocate_bytes(pkt, msglen, &encdata) + || EVP_PKEY_encrypt(pkey_ctx, encdata, &msglen, pms, pmslen) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } EVP_PKEY_CTX_free(pkey_ctx); + pkey_ctx = NULL; s->s3.tmp.pms = pms; s->s3.tmp.pmslen = pmslen;